A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.

A message is received which indicates a request for a client-specific service address for service or content provided by a service provider. In response to the request, a client-specific service address may be generated and sent to the client. The address may be used as a destination address in one or more subsequent client requests for service or content. A first portion of the address comprises an IPv6 service prefix assigned to a service network of the service provider. A second portion of the address comprises semantic information having a first portion of encrypted private information and a second portion of unencrypted service information. The encrypted private information may be generated by encrypting private information based on a cryptographic key, where the cryptographic key is derived based on a secret key associated with the service provider and an IP client prefix assigned to the client.

Embodiments disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

Embodiments of the present disclosure disclose a key processing method in dual connectivity mode and a device, which ensure communication security of UE in dual connectivity mode. The method according to the embodiments of the present disclosure includes: of a first base station and a second base station that have a communication connection to a terminal each, receiving, by the second base station, first request information sent by the first base station, where the first request information is used to request the second base station to generate a key used for communication with the terminal, and generating, by the second base station based on a security key carried in the first request information, the key used for communication with the terminal.

The present disclosure relates to a communication method and system for converging a 5th-generation (5G) communication system for supporting higher data rates beyond a 4th-generation (4G) system with a technology for internet of things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method of a terminal according to the present disclosure includes: transmitting connection request messages for network slices, which are networks constructed for each service, to a network; receiving response messages including identifiers of the network slices from a base station; and generating security contexts for each network slice based on at least one of the identifiers of the network slices and tokens generated during an authentication process with a third party.

An electronic device and a program management method therefor are provided. The electronic device includes a communication interface, a memory, at least one processor, and a secure circuitry. The secure circuitry is configured to provide a first public key stored in the secure circuitry to the at least one processor. The at least one processor is configured to transmit the first public key to an external device and receive an encrypted secure program encrypted based on the first public key and a second public key generated by the external device, from the external device. The at least one processor is further configured to transmit the second public key and the encrypted secure program to the secure circuitry. The secure circuitry is configured to decrypt the encrypted secure program based on the second public key and a first private key which is symmetrical to the first public key.

Systems and methods for secure electronic data transfer utilizing an ephemeral key for encryption and decryption of data.

The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). The various embodiments of the present invention disclose a method of secured transmission and reception of discovery message in device to device (D2D) communication system. According to one embodiment, a transmitting user equipment (UE) receives a ProSe group key (PGK) from a Prose function to perform a D2D communication in a D2D public safety group. The transmitting UE then derives a ProSe traffic key (PTK) using the PGK for transmitting data packets in the D2D communication. Using the PTK, the transmitting UE further derives a Prose integrity protection key (PIK) for securing a discovery message to discover one or more receiving UEs. The transmitting UE transmits the integrity protected discovery message using the derived PIK to the receiving UE. In turn, the receiving UE transmits a response message in a secure manner by deriving a PIK using PGK configured for the receiving UE. The various embodiments of the present invention disclose a method of a terminal. According to one embodiment, the method comprises of deriving a first traffic key and a second traffic key based on a group key, deriving a first security key for securing a discovery message based on the first traffic key and a second security key for securing data packets based on the second traffic key, and transmitting the discovery message generated based on the first security key.

One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

In order for supporting separate ciphering at an MeNB (20) and an SeNB (30), the MeNB (20) derives separate first and second keys (KUPenc-M, KUPenc-S) from a third key (KeNB). The first key (KUPenc-M) is used for confidentially protecting first traffic transmitted over U-Plane between the MeNB (20) and a UE (10). The first key (KUPenc-M) may be the same as current KUPenc or a new key. The second key (KUPenc-S) is used for confidentially protecting second traffic transmitted over the U-Plane between the UE (10) and the SeNB (30). The MeNB (20) sends the second key (KUPenc-S) to the SeNB (30). The UE (10) negotiates with the MeNB (20), and derives the second key (KUPenc-S) based on a result of the negotiation.