The present disclosure describes a method, system, and non-transitory computer readable medium that includes instructions that permit users of different secure communication networks to exchange secure communications. A secure communication platform includes a user database that allows users from different secure communication networks to access keys for recipients outside of their network. Additionally, the secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender.

This application provides a key distribution and authentication method, system, and an apparatus. The method includes: a service center server distributes different keys to terminal devices, and then the terminal devices perform mutual authentication with the network authentication server based on respective keys and finally obtain communication keys for communication between the terminal devices and a functional network element. This provides a method for establishing a secure communication channel for the terminal device, having a broad application range.

A system for encryption includes a message management module (MMM); a restricted secret server (RSS) including a restricted secret server network interface (RSS-NI) connected to the MMM and including at least one very large key (VLK) module. The system uses Terakey™ an encryption system whose intrinsic security can be demonstrated from first principles, without making assumptions about the computational difficulty of mathematical problems, such as factoring large integers or computing logarithms in finite groups. It employs a key that is much larger than the anticipated volume of message traffic. The large size of the key also reduces the risk of side channel attacks and facilitates realistic security measures to maintain a secure chain of custody for the key.

A device that incorporates the subject disclosure may perform, for example, receiving a derived encryption key from a remote management server without receiving a master key from which the derived encryption key was generated, applying a one-way function to the derived encryption key and a nonce to generate a temporary encryption key, obtaining data for transmission to a recipient device, encrypting the data using the temporary encryption key to generate encrypted data, and providing the encrypted data over a network to the recipient device. Other embodiments are disclosed.

Computing readable media, apparatuses, and methods for secure time of flight measurements are disclosed. An apparatus comprising processing circuitry is disclosed. The processing circuitry configured to encode a fine time measurement (FTM) request. The processing circuitry further configured to decode a FTM response from the responder, where the FTM response is to be received at the wireless device at a time t2, and generate a symmetric key from a private encryption key of the wireless device and the public encryption key of the responder. The processing circuitry further configured to transmit an acknowledgement to the FTM response, the acknowledgement is transmitted at time t3, and decode an encrypted FTM frame from the responder with the symmetric key, the decrypted FTM message comprising a time t1 when the FTM response was to be transmitted and a time t4 when the acknowledgement to the FTM response was to be received.

A method and apparatus for deriving an encryption key for use between two stations in a wireless network using information intrinsic to one of the stations, without exchanging pairwise transient keys.

One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

A method for use in a front-end network communications device, arranged to operate as an access point, for establishing a data connection between a mobile communications terminal and one or more data communications networks comprises receiving, from the mobile communications terminal, a service provider request comprising a MAC address of the mobile communications terminal; sending, to a master server, request information pertaining to the service provider request; receiving, from the master server, a policy message comprising a visibility policy, said visibility policy containing rules for controlling the visibility of at least one of the one or more data communications networks; determining a subset of communications networks that should be visible to the mobile communications terminal based on said rules; and enforcing said visibility policy by allowing said mobile communications terminal to connect only to said subset of data communications networks.

A first base station for handling cell release for dual connectivity in a communication system comprising a user equipment (UE) connecting to the first base station and a second base station, the first base station comprises a processing means configured to execute the instructions of determining to release a cell of the second base station which communicates with the UE; transmitting a cell release request message to the second base station, for initiating a release of the cell of the second base station from the UE; receiving a cell release response message transmitted by the second base station in response to the cell release request message; transmitting a RRC message to the UE, to indicate the UE to release the cell of the second base station, after receiving the cell release response message; and receiving a RRC response message transmitted by the UE in response to the RRC message.

A capability for controlling access by a mobile device to venue-related items associated with a venue is presented. A server may be configured to detect a presence of the mobile device at the venue and send a venue token toward the mobile device based on detection of the presence of the mobile device at the venue, where the venue token includes an indication of a venue-related item that the mobile device is permitted to access independent of a location of the mobile device. A mobile device may be configured to receive a venue token based on a presence of the mobile device at the venue where the venue token includes an indication of a venue-related item that the mobile device is permitted to access independent of a location of the mobile device, and send a request for the venue-related item toward a server based on the venue token.