In some aspects, a key establishment protocol is executed to generate a shared secret. A first entity calculates a first image curve E.sub.B representing an image of an elliptic curve E under a first isogeny .sub.B; calculates the shared secret based on the first image curve E.sub.B; receives a second image curve E.sub.A and a first pair of elliptic curve points {.sub.A(P.sub.B), .sub.A(Q.sub.B)} and from a second entity; obtains a basis {R, S}; calculates a third image curve E.sub.BA representing an image of the second image curve E.sub.A under a second isogeny .sub.B; calculates a third pair of elliptic curve points {.sub.B(R), .sub.B(S)}; and sends the third image curve E.sub.BA and the third pair of elliptic curve points {.sub.B(R), .sub.B(S)} to the second entity, wherein the third image curve E.sub.BA and the third pair of elliptic curve points {.sub.B(R), .sub.B(S)} enable the second entity to compute the shared secret.

A method for security handling in a mobility of a terminal device, where the method includes: a target access and mobility management function (AMF) entity receiving a first message for registering a terminal device; the target AMF entity sending a second message to a source AMF entity after receiving the first message; the source AMF entity deriving a first key based on a key between the source AMF entity and the terminal device; the source AMF entity sending the first key to the target AMF entity; the target AMF entity determining to use the first key based on security related information after receiving the first key; and the target AMF entity determining a communication key between the target AMF entity and the terminal device based on the first key after determining to use the first key.

A first computing system establishes a cryptographically protected communication session with a second computing system by proposing a hybrid cryptographic scheme. In response to the proposed hybrid cryptographic scheme, a second computing system transmits cryptographic materials to the first computing system, and the first computing system transmits cryptographic materials to the second computing system. Using the cryptographic materials, two or more cryptographic keys are derived. One cryptographic key is used to perform an inner cryptographic operation on one or more data items, and another cryptographic key is used to perform an outer cryptographic operation on the one or more data items that have been cryptographically protected by the inner cryptographic operation.

A system and a method of counter management and security key update for device-to-device (D2D) communication are provided. The method includes creating by a user equipment, a new packet data convergence protocol (PDCP) entity for a service group wherein a service group is identified by a destination identifier (ID), determining if any PDCP entity of the service group exists or not, generating a new proximity service (ProSe) traffic key (PTK) from a ProSe group key (PGK) corresponding to the service group associated with the new PDCP entity, initializing a new packet counter associated with the service group to zero if the new PDCP entity is a first PDCP entity associated with the service group, generating a ProSe encryption key (PEK) from the PTK and encrypting data packets mapped to the new PDCP entity using the PEK and a packet counter associated with the service group.

One embodiment provides a method, including: accessing, on a mobile end user device, a media file; processing, using a processor of the mobile end user device, the media file to characterize the media file; detecting, using the processor, at least one privacy-sensitive characteristic of the media file; and setting an indicator, using the processor, denoting the media file as privacy-sensitive prior to permitting the media file to be stored on a cloud account device. Other embodiments are described and claimed.

This invention is directed to a computerized system for encryption and transmission of digital information comprising: an encryption server in communications with a sender computer device and a recipient computer device; and, a set of encryption server computer readable instructions included on the encryption server that, when executed by a processor, preform the steps of: receiving an original information set from the sender computer device, generating a sender key, encrypting a portion of the original information set with the sender key, generating an key pair having a public and private key pair, encrypting the sender key with the public key of the key pair, encrypting the private key of the key pair with a master key, generating a hyperlink to the encrypted portion of the original information set, transmitting the hyperlink to the recipient computer device.

Arrangements for dynamically authenticating multiple devices in a key network are provided. In some examples, registration information associated with a plurality of devices in a key network may be received. The registration information may include device attributes. Device keys including cross reference data may be generated and transmitted to the plurality of devices. A reference key including one or more starting points for executing one or more hop sequences based on generated hop counts in the reference key may be generated. A first authentication code may also be generated and a hash value of the first authentication code may be stored. Upon receiving a request for authentication, the reference key may be transmitted to the requesting device. The hop sequence(s) may then be executed by one or more of the computing devices in the key network to generate a comparison authentication code. The comparison authentication code may be compared to the first authentication code to determine whether the device(s) may be authenticated.

An application code updating apparatus is disclosed. The apparatus comprises a processor to receive application deployment code defining an application to be deployed in a cloud-computing environment; determine, from the application deployment code, an identity of a cloud-based repository from which to retrieve the application; obtain, from a database, an authentication credential for the identified repository; generate, based on the authentication credential, an access token to provide access to the repository; and update the application deployment code to include the generated access token. A method and a machine-readable medium are also disclosed.

The present invention provides a security key change method and a user equipment (UE). The method performed by the UE includes: receiving a key change command message from a master eNodeB (MeNB), wherein the key change command message comprises an indication that a change of a security key between the UE and a secondary eNodeB (SeNB), and the UE is configured with a dual connectivity between the MeNB and the SeNB; updating a security key between the UE and the SeNB; performing random access to the SeNB; and sending a key change complete message to the MeNB.

Systems and methods for securing audio content in an audio system include a first operating environment executing an audio application and facilitate communications with a server, and a trusted audio processing environment having audio input/output circuitry, a digital signal processor, a tamperproof memory storing a root key serving as a hardware root-of-trust, a key derivation component configured to derive an encryption key or decryption key from the root key and seeding information associated with a server and/or the audio application, an encryption component configured to encrypt the processed audio signal producing an encrypted audio output signal which is accessible to the first operating environment which may transmit the encrypted audio output signal to the server for further processing. A decryption component is configured to decrypt protected audio content received from the server.