A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.

Methods, systems, and devices for wireless communication are described. In one method, a source access node (AN) of a local area network (LAN) may receive, over a first connection, a set of fast transition (FT) parameters pertaining to authentication. The source AN may cache the set of FT parameters, and forward the set of FT parameters to a target AN of the LAN during a handover procedure. The source AN may receive, from the target AN, a set of security parameters associated with secure communication between the wireless device and the target AN, the set of security parameters based at least in part on the set of FT parameters. The source AN may subsequently transmit to the wireless device, over the first connection, a command to perform a handover to the target AN, the command including the set of security parameters.

Method, apparatus and system for communicating between a machine to machine, M2M, device 110 and a device management, DM, server 420 over SMS, comprising: obtaining key material, the key material configured to protect data communicated between the M2M device 110 and the DM server 420. Protecting data to be communicated using the key material. Communicating the protected data between the M2M device 110 and the DM server 420 over SMS.

A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.

A method for encrypted data synchronization, wherein the method includes providing at least one data entity (100) including data content (110), accompanying metadata (120) including an entity key (140) usable for encrypting the data content (110), and synchronization metadata (130) usable for synchronizing the at least one data entity (100) between at least two first devices (400), wherein at least the entity key (140) of the accompanying metadata (120) and the synchronization metadata (130) are encrypted using a second key.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes in idle mode. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, along with a key change indication indicating that the NAS key has changed. The target AMF sends the key change indication to the user equipment.

An embodiment of this application provides a communications method. The method includes: generating, by an first base station, a radio resource control release message on which encryption and integrity protection are performed by using a new key; and sending, by the first base station, the radio resource control release message to a second base station, thereby improving security of communication between the serving device and the terminal and reducing signaling overheads for performing key negotiation over an air interface.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.

Methods, systems, and devices for wireless communication are described. In one method, a wireless device may securely communicate with a local area network (LAN), via a first connection with a source access node (AN), based on a first security key. The wireless device may perform a handover from the source AN to a target AN. The wireless device may derive a second security key based on the first security key, and securely communicate with the LAN, via a second connection with the target AN, based on the second security key and a restriction policy for the second security key. The wireless device may perform an authentication procedure to obtain a third security key, which may not be subject to the restriction policy, and securely communicate with the LAN, via the second connection with the target AN, based on the third security key.