A system and method for electronic payment that involves generating and then using a temporary token based on a legacy PAN (Primary Account Number) to conduct an electronic transaction. The token is generated by transforming the PAN using specific inputs such that the original PAN can be recovered by manipulating the token in various ways as disclosed herein. One potential manipulation that may be used is encryption/decryption. The token is transmitted to a portable electronic device such that the portable electronic device may present the token to a point-of-sale device. The POS communicates the token to a server which validates the token by, among other things, recovering the PAN. If the PAN is recovered as expected a validation message is returned to the POS device.

Techniques are described for wireless communication. A method for wireless communication at a user equipment (UE) includes performing an extensible authentication protocol (EAP) procedure with an authentication server via an authenticator. The EAP procedure is based at least in part on a set of authentication credentials exchanged between the UE and the authentication server. The method also includes deriving, as part of performing the EAP procedure, a master session key (MSK) and an extended master session key (EMSK) that are based at least in part on the authentication credentials and a first set of parameters; determining a network type associated with the authenticator; and performing, based at least in part on the determined network type, at least one authentication procedure with the authenticator. The at least one authentication procedure is based on an association of the MSK or the EMSK with the determined network type.

A method for accessing communication networks includes receiving by a device an identification of a communication network; determining whether the identification corresponds to a registered communication network; if the identification corresponds to a registered communication network, generating a password for accessing the communication network by applying a cryptographic function parameterized with a secret value associated with the communication network to the identification; and automatically establishing a connection of the device to the communication network using the generated password. Furthermore, methods for managing access to communication networks and providing communication networks are disclosed. A corresponding client device, service infrastructure and service provider infrastructure are also detailed.

Methods, apparatus, and systems for authenticating a user taking into account measurement values of characteristics of the purported environment of the user are described. Specifically, in a preferred embodiment, a device is used that comprises a sensor for making said measurement of the location dependent physical property; a memory component for storing a secret value; and a data processing component for generating an electronic signature over said measurement by cryptographically combining said measurement with a secret key comprised in or derived from said secret value.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.

A system and a method of counter management and security key update for device-to-device (D2D) communication are provided. The method includes creating by a user equipment, a new packet data convergence protocol (PDCP) entity for a service group wherein a service group is identified by a destination identifier (ID), determining if any PDCP entity of the service group exists or not, generating a new proximity service (ProSe) traffic key (PTK) from a ProSe group key (PGK) corresponding to the service group associated with the new PDCP entity, initializing a new packet counter associated with the service group to zero if the new PDCP entity is a first PDCP entity associated with the service group, generating a ProSe encryption key (PEK) from the PTK and encrypting data packets mapped to the new PDCP entity using the PEK and a packet counter associated with the service group.

Systems and methods are provided for securing data using a mobile device. The method may include determining securing global positioning data values of the mobile device; measuring a securing direction of the mobile device relative to a magnetic north direction; capturing a securing password by the mobile device; and securing the data against unauthorized access using the determined global positioning data values, the securing password, and the securing direction as a combined password.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes in idle mode. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, along with a key change indication indicating that the NAS key has changed. The target AMF sends the key change indication to the user equipment.

The present disclosure relates to a 5G or pre-5G communication system for supporting a higher data transfer rate beyond a 4G communication system such as LTD. A method of a terminal connected to another base station (BS) for a second communication system in a wireless environment, the method comprising receiving, via the another BS from a BS for the first communication system, a radio resource control (RRC) connection reconfiguration message comprising information regarding a first key, generating a secure key for a security of the first communication system based on the first key, an identifier (ID) for indicating an algorithm for applying to the first key, a distinguisher for indicating a function of the algorithm indicated by the ID, and transmitting, to the BS, a signal based on the generated secure key.