One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

A distributed storage network includes a method of receiving data and a corresponding task, selecting one or more storage units for the task based on a capability level associated with each of the storage units, identifying a plurality of data groups of the data, determining a chunk size based on the plurality of data groups, determining processing parameters of the data based on the chunk size, generating a set of chunksets from the plurality of data groups in accordance with the chunk size and processing parameters and encoding the set of chunksets in accordance with the processing parameters to produce slice groupings. The method further includes determining task partitioning based on the storage units and the processing parameters, partitioning the task based on the task partitioning to produce partial tasks and sending the slice groupings and corresponding partial tasks to the storage units.

Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

Space-efficient methods of defining a key allocation scheme within a broadcast encryption system are provided. In some embodiments, a descriptor is received. The descriptor includes a plurality of subset definitions and a plurality of pointers. A data segment is resolved from each of the plurality of pointers. The resulting data segments are assembled into a plurality of variant definitions. A media key block is generated from the plurality of subset definitions and the plurality of variant definitions.

A method and device for providing a key for IoT communication are disclosed. The method includes an embodiment whereby an IoT device modulates a light signal carrying a security code to generate a modulated light signal, emits the modulated light signal to a personal electronic device, derives a security key from the security code, and performs authentication with a control device based on the security key.

The disclosure provides for one or more devices and associated system that securitize and conceal data transmitted to and/or data received from the devices that utilize one or more master keys comprising at least one device that conceals and reveals such that the data and/or associated data files utilize both master keys and one or more key selectors, wherein the master keys and key selectors produce a specific set of one or more keys that conceal the data and/or associated data files such that one or more key selectors coincide with at least one value that directly corresponds with created cipher data and/or cipher data files. The key selectors can also be concealed and revealed as required. Produced concealed data and concealed data files can only be concealed and revealed with one or more master keys and one or more key selectors.

Embodiments described herein provide for system and methods to enable the secure streaming of real-time location data between electronic devices. One embodiment provides for a non-transitory machine-readable medium storing instructions to perform operations comprising creating record to specify a location streaming relationship between a first device registered with a first user account and a second device registered with a second online account, the record including a secret key. The record is stored to an online datastore and shared between the first user account and the second online account. The location data stream can be encrypted using the secret key stored in the record.

Methods and apparatus to provide extended object notation data are disclosed. An example apparatus includes a data handler having a first input to receive object data and a first output to output an object notation key-value pair for the object data; a string processor having a second input coupled to the first output and a second output to convey the object notation key-value pair without string literals; and a hashing and encryption handler having a third input coupled to the second output and a third output to convey the key-value pair signed with a private key, to convey the key-value pair encrypted with a public key, and to convey an indication that the encrypted key-value pair is encrypted in a key of the encrypted key-value pair.

Techniques for key distribution are provided. A first symmetric key is generated for a first downstream site, and a second symmetric key is generated for a second downstream site. The first symmetric key is transmitted to the first downstream site, and the second symmetric key is transmitted to the second downstream site. Upon receiving an indication that the first symmetric key was successfully deployed at the first downstream site, the first symmetric key is deployed on a first network node of an upstream site. Finally, upon determining that the second symmetric key was not successfully deployed at the second downstream site, techniques include refraining from deploying the second symmetric key to a second network node of the upstream site, where the second network node continues to communicate with the second downstream site using an original symmetric key.

Provided are a method and an apparatus for supporting security of user traffic when a central unit (CU)-control plane (CP) and a CU-user plane (UP) of a gNB are separated in a wireless communication system. According to an embodiment of the present invention, the CU-CP of the gNB selects an encryption algorithm, generates a user plane security key for the CU-UP on the basis of the encryption algorithm, and transmits the user plane security key for the CU-UP to the CU-CP. The CU-UP applies the received user plane security key. The CU-CP is a logical node constituting the gNB that hosts a radio resource control (RRC) and a packet data convergence protocol (PDCP)-C protocol, and the CU-UP is a logical node constituting the gNB that hosts a PDCP-U protocol.