A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a

Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.

A method is provided for establishing a secure communication session in a communication system. The method includes providing a handshake layer functional block and providing a record layer functional block separate from the handshake layer functional block. Functionality of the record layer functional block is not duplicated in the handshake layer functional block. The record layer functional block of a first communication peer generates an ephemeral key pair. A public key of the ephemeral key pair is transmitted to the handshake layer functional block of a second communication peer via the handshake layer functional block of the first communication peer. A session key is generated from the public key of the second communication peer and a private key of the first communication peer. Messages communicated between the first communication peer and the second communication peer are protected using the session key.

A method is provided for establishing a secure communication session in a communications system. The method includes providing a handshake layer functional block and providing a record layer functional block separate from the handshake layer functional block. A first ephemeral key pair is generated by the record layer functional block of a first communication peer. A public key of the first ephemeral key pair is transmitted to a second communication peer. The handshake layer functional block of the first communication peer generates a second ephemeral key pair. A public key of the second ephemeral key pair is transmitted to the second communication peer. The second communication peer generates a third ephemeral key pair. A handshake key is generated from the public key of the second communication peer and a private key of the handshake layer block of the first communication peer. A session key is generated from the public key of the second communication peer and a private key of the record layer block of the first communication peer

In one example, the present disclosure describes a device, computer-readable medium, and method for multi-phase protection of digital content. For instance, in one example, a method includes receiving a request for digital content from a client device, initiating a digital content protection process comprising a plurality of phases, where each phase of the plurality of phases includes verifying credentials provided by the client device, delivering a plurality of seeds to the client device, wherein each individual seed of the plurality of seeds is delivered to the client device upon a successful completion of one phase of the plurality of phases, encrypting the digital content, using an encryption key derived using the plurality of seeds, to generate encrypted content, and delivering the encrypted content to the client device.

The embodiments herein provide a method and system for creating a secure connection for a User Equipment (UE) in a wireless network including a UE, carrier aggregated with at least one first serving frequency served by a first eNB and at least one second serving frequency served by a second eNB. A unique non-repetitive security base key associated with the second eNB is generated using a freshness parameter and security key associated with the first eNB. The use of a different freshness parameter for each security base key derivation avoids key stream repetition. Further, a user plane encryption key is derived based on the generated unique non-repetitive security base key associated with the second eNB for encrypting data transfer over at least one data radio bearer.

A method including configuring, by an infrastructure device, a transmitting device to determine an encryption key that is determined based at least in part on seed information associated with the transmitting device and a receiving device, and to encrypt one or more content messages to be transmitted during a first time interval by utilizing the encryption key; and configuring, by the infrastructure device, the receiving device to determine a decryption key that is determined based at least in part on the seed information associated with the transmitting device and the receiving device, and to decrypt one or more encrypted content messages received during the first time interval by utilizing the decryption key. Various other aspects are contemplated.

By using certain natural sources as data input, absolute randomness can be reached. This invention focuses on the use of randomly captured photograph from one natural source (Wind Movements) as one working process example, to generate absolutely random, scalable (0, 1)-bit-string as high-safety encryption key. This invention's absolute random and automatic encryption can be best used for all digital data communications, and for digital devices privacy.

Additionally, this invention provides one specific asymmetric encoding rule, which enables solid implementation of encryption by using the absolute randomly generated encryption key so that any digital data on any digital device can be very safely encrypted.

A communication device (2) generates a cryptographic key (20K) as a function of information (20B) bound to an intermediate communication network (20) via which the communication device (2) authenticates a subscription to a subscribed communication network (10). Here, the communication device (2) is served by a serving communication network (30) that differs from the intermediate communication network (20). The communication device (2) protects communication for the communication device (2) based on the generated cryptographic key (20K).

A server and a device can conduct mutually authenticated post-quantum cryptography (PQC) key encapsulation mechanisms (KEM) that also support forward secrecy. The device can store a trusted server public key (PK.server) and the server can store a trusted device public key (PK. device). The device can generate (i) a first KEM ciphertext and (ii) a first key with PK.server and encrypt an ephemeral public key (ePK. device) using the first key. The server can generate (i) a second KEM ciphertext and (ii) a second key with ePK. device. The server can generate (i) a third KEM ciphertext and (ii) a third key with PK.device. The server can encrypt an ephemeral public key (ePK. server) using the first, second, and third keys. The device can generate (i) a fourth KEM ciphertext and (ii) a fourth key with ePK. server. The device can encrypt application data using at least the first, second, third, and fourth keys.

Methods and systems are configured to store user data and control access to the user data, wherein the data is stored remotely from the user (such as external to a user's computing device) and the user's data is maintained anonymously. Content is stored in association with a user identifier and access by third parties is controlled by linked third party identifiers.