The disclosure relates to methods for establishing a secure communication link between a mobile station and a secondary base station in a mobile communication system. The disclosure is also providing mobile communication system for performing these methods, and computer readable media the instructions of which cause the mobile communication system to perform the methods described herein. Specifically, the disclosure suggests that in response to the detected or signaled potential security breach, the master base station increments a freshness counter for re-initializing the communication between the mobile station and the secondary base station; and the mobile station and the secondary base station re-initialize the communication there between. The re-initialization is performed under the control of the master base station and further includes deriving a same security key based on said incremented freshness counter, and establishing the secure communication link utilizing the same, derived security key.

Arrangements for dynamically authenticating multiple devices in a key network are provided. In some examples, registration information associated with a plurality of devices in a key network may be received. The registration information may include device attributes. Device keys including cross reference data may be generated and transmitted to the plurality of devices. A reference key including one or more starting points for executing one or more hop sequences based on generated hop counts in the reference key may be generated. A first authentication code may also be generated and a hash value of the first authentication code may be stored. Upon receiving a request for authentication, the reference key may be transmitted to the requesting device. The hop sequence(s) may then be executed by one or more of the computing devices in the key network to generate a comparison authentication code. The comparison authentication code may be compared to the first authentication code to determine whether the device(s) may be authenticated.

Methods, systems and devices for generating an authentication key are provided. Two or more communications devices can generate an authentication key by monitoring a physical stimulus that is experienced by both devices (e.g., a common physical stimulus). Each device can then use an identical, predetermined algorithm to generate a common authentication key based on the stimulus. The devices can use the common authentication key to establish a secure network.

Embodiments of the disclosure provide a private key generation method and a device. The method includes: receiving, by a first terminal from a second terminal, a first half session key parameter corresponding to the second terminal and an identifier of the second terminal; sending, by the first terminal, the first half session key parameter corresponding to the second terminal and the identifier of the second terminal to an IKMS entity; sending, by the first terminal to the second terminal, the second half session key parameter corresponding to the second terminal and the encrypted private key corresponding to the second terminal that are sent by the IKMS entity, where the second half session key parameter corresponding to the second terminal is used to decrypt the encrypted private key corresponding to the second terminal. This can prevent a private key from being stolen, and prevent communication information between groups from being stolen.

A method and system is provided that simplifies the key management by allowing personalization data protected for one chip model to be used to provision device with another chip model with different global hardware root keys. The solution minimizes the changes needed to be performed on the device during provisioning and remains secure.

A first device may transmit, to a peer device, a first digital certificate containing a first unique identifier associated with the first device and receive, from the peer device, a second digital certificate containing a second unique identifier associated with the peer device. The first device and the peer device may independently generate a symmetric key using a cryptographic hash function based on respectively determining that a certificate authority signed the first digital certificate and the second digital certificate. For example, the first device and the peer device may independently generate the symmetric key using the cryptographic hash function based on the first unique identifier, the second unique identifier, and one or more random numbers. Accordingly, the first device and the peer device may use the symmetric key to establish a secure communication session over an Ethernet link.

The disclosure relates to methods for establishing a secure communication link between a mobile station and a secondary base station in a mobile communication system. The disclosure is also providing mobile communication system for performing these methods, and computer readable media the instructions of which cause the mobile communication system to perform the methods described herein. Specifically, the disclosure suggests that in response to the detected or signaled potential security breach, the master base station increments a freshness counter for re-initializing the communication between the mobile station and the secondary base station; and the mobile station and the secondary base station re-initialize the communication there between. The re-initialization is performed under the control of the master base station and further includes deriving a same security key based on said incremented freshness counter, and establishing the secure communication link utilizing the same, derived security key.

In one embodiment, a client device includes an interface, a memory to store at least one part of a blockchain, and a processor to generate a client message indicating use of blockchain mode to establish a secure connection between the client device and a server, send the client message to the server on the interface, receive, from the server on the interface, a server message indicating use of the blockchain mode, and securely communicate with the server, on the interface, using at least one cryptographic key generated from information including cryptographic key generation information stored in the blockchain. Related apparatus and methods are also described.

A method for determining a key for securing communication between a user apparatus and an application server. An authentication server of a mobile communication network and the user apparatus generate a secret master key during an authentication procedure. The user apparatus sends the authentication server a request for a key to communicate with the application server and receives a random variable. The authentication server and the user apparatus calculate the requested key by using a key derivation function applied to at least the random variable, a user identifier and an application server identifier using the master key.

Encrypted vehicle data service exchanges are provided. In one embodiment, a vehicle communication manager comprises memory storing an embedded public key (EPK) for a data service; a processor executing a vehicle data service protocol to initiate a session with the data service. The protocol causes the processor to: transmit a session request to the data service and receive a session reply, the reply indicates if the manager is authorized for encrypted service, the processor validates authenticity of the session reply using the EPK; determine whether to enable message encryption, and transmit an initialization request indicating whether encryption is elected; generate a key derivation key (KDK) and transmit the KDK to the data service; receive an initiation response confirming whether message encryption is elected; and when elected generate at least one Message Encryption Key (MEK) from the KDK; encrypt data service uplink and downlink messages using the at least one MEK.