The disclosed technology relates to broadcasting encrypted data to multiple receiver devices, where some receiver devices have long-term access to the encrypted data and some receiver devices have a temporary access to the encrypted data. Receivers having long-term access are part of a “member group” because these member group devices have a master key and the master key enables the member group devices to derive the necessary information to decrypt the encrypted broadcast. In contrast, devices with temporary access possess only a guest key and not master key, without a master key the devices need to receive the guest key from another device to decrypt the broadcast. Access to the encrypted stream can also be based on broadcasting multiple or single diversifiers, where a diversifier can include group identification information to assist in restricting access to the encrypted stream.

Method, apparatus and system for communicating between a machine to machine, M2M, device 110 and a device management, DM, server 420 over SMS, comprising: obtaining key material, the key material configured to protect data communicated between the M2M device 110 and the DM server 420. Protecting data to be communicated using the key material. Communicating the protected data between the M2M device 110 and the DM server 420 over SMS.

Embodiments of the present disclosure relate to data processing technologies, and disclose a fingerprint data processing method and a processing apparatus. In some embodiments, the fingerprint data processing method includes: receiving a first ciphertext that carries fingerprint data; decrypting the first ciphertext to obtain the fingerprint data; identifying the fingerprint data and generating an identification result; encrypting the identification result and generating a second ciphertext that carries the identification result; and sending the second ciphertext. Some embodiments of the present disclosure further provide a fingerprint data processing apparatus. With some embodiments of the present disclosure, the fingerprint data can be transmitted in a ciphertext form, thereby ensuring the confidentiality of the fingerprint data, and improving the security of the fingerprint data.

This invention is directed to an encryption communication system for preventing leakage of a common key and improving the confidentiality of communication information. The encryption communication system uses a pair of a first private portion and a first public portion and a pair of a second private portion and a second public portion in a key predistribution system (KPS) The encryption communication system comprises a ciphertext generator that generates a ciphertext by generating, in a first security chip (TPM) of a first communication apparatus, a first common key by the first private portion held in the first security chip using the second public portion transmitted from a second communication apparatus as a communication partner, and encrypting a plaintext using the first common key in the first security chip, and a decryptor that generates a plaintext by generating, in a second security chip of the second communication apparatus, a second common key by the second private portion held in the second security chip using the first public portion transmitted from the first communication apparatus as a communication partner, and decrypting the ciphertext received from the first communication apparatus using the second common key in the second security chip.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes in idle mode. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, along with a key change indication indicating that the NAS key has changed. The target AMF sends the key change indication to the user equipment.

A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.

The present disclosure describes a method, system, and non-transitory computer readable medium that includes instructions that permit users of different secure communication networks to exchange secure communications. A secure communication platform includes a user database that allows users from different secure communication networks to access keys for recipients outside of their network. Additionally, the secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender.

An authentication method and system for mutual authentication between a first entity and a third entity via a second entity, based on an authentication protocol used by the first entity and the third entity. The second entity forwards mutual authentication messages between the first entity and the third entity. An apparatus is configured to perform an authentication method for a mutual authentication between a first entity and a third entity via a second entity, based on an authentication protocol used by the first entity and the third entity, the second entity forwards mutual authentication messages between the first entity and the third entity

Aspects of the disclosure relate to providing derived keys for connectionless network protocols. The derived key may be provided by receiving, at a host, a remote procedure call (RPC) sent by a remote host in response a request by an application executing on the remote host. The host may generate a derived key from a region key, the region key being associated with an application-specific memory region on the host. The host may transmit the derived key to the remote host.

Secure subscription based vehicle data services are provided. In one embodiment, a device comprises: a non-volatile memory comprising an embedded public key (EPK) that comprises a public key of a public-private key pair associated with a data service system not onboard the vehicle; a protocol that initiates a communication session that includes a session validation sequence that causes a processor to transmit a session request message and validate an authenticity of a session reply request using the EPK; the protocol includes a session initiation sequence that causes the processor to: transmit an initiation request message to the data service system that includes a key derivation key, and apply the key derivation key to a key derivation function to generate a message authentication key. The processor authenticates uplink messages exchanged with a host data service using the message authentication key.