A computer-implemented method for establishing a secure communication tunnel between a device and a server is provided. The method comprises the server receiving a session request from the device to establish a secure tunnel. A handshake procedure is carried out to set up an encryption/decryption key for the secure tunnel. The handshake procedure uses a first communication channel from the server to the device. The method also includes sending a component of the handshake procedure to the device via a second communication channel. This component is required by the device to continue the handshake procedure or to commencing use of the secure tunnel established by the handshake procedure.

The disclosure provides for one or more devices and associated system that securitize and conceal data transmitted to and/or data received from the devices that utilize one or more master keys comprising at least one device that conceals and reveals such that the data and/or associated data files utilize both master keys and one or more key selectors, wherein the master keys and key selectors produce a specific set of one or more keys that conceal the data and/or associated data files such that one or more key selectors coincide with at least one value that directly corresponds with created cipher data and/or cipher data files. The key selectors can also be concealed and revealed as required. Produced concealed data and concealed data files can only be concealed and revealed with one or more master keys and one or more key selectors.

In a method for security handling in a mobility of a terminal device; a target access and mobility management function (AMF) entity receives a first message for registering a terminal device, sends a second message to a source AMF entity after receiving the first message. The source AMF entity derives a first key based on a key between the source AMF entity and the terminal device, sends the first key to the target AMF entity. The target AMF entity determines to use the first key based on security related information after receiving the first key and determines a communication key between the target AMF entity and the terminal device based on the first key after determining to use the first key.

A system and method for securing communication across an in-vehicle bus, includes establishing a connection between a gateway in a vehicle and the in-vehicle bus; generating a session key at the gateway within the vehicle; transmitting a public key certificate and ephemeral key to the gateway and an electronic control unit of the vehicle; generating a shared secret at the gateway and the electronic control unit, respectively; encrypting the session key with the shared secret at the gateway; receiving the encrypted session key through the in-vehicle bus at the electronic control unit; and decrypting the encrypted session key based on the shared secret generated at the electronic control unit.

The disclosure relates to methods for establishing a secure communication link between a mobile station and a secondary base station in a mobile communication system. The disclosure is also providing mobile communication system for performing these methods, and computer readable media the instructions of which cause the mobile communication system to perform the methods described herein. Specifically, the disclosure suggests that in response to the detected or signaled potential security breach, the master base station increments a freshness counter for re-initializing the communication between the mobile station and the secondary base station; and the mobile station and the secondary base station re-initialize the communication there between. The re-initialization is performed under the control of the master base station and further includes deriving a same security key based on said incremented freshness counter, and establishing the secure communication link utilizing the same, derived security key.

One feature pertains to a method operational at a device. The method includes performing key agreement with a core network device, and generating an authentication session key based in part on a secret key shared with a home subscriber server (HSS), where the authentication session key is known to the core network device. The method further includes generating a mobility session key based in part on the authentication session key, where the mobility session key is known to a mobility management entity (MME) served by the core network device and serving the device. The method also includes cryptographically securing data sent from the device to a wireless communication network using the mobility session key.

A security system is disclosed in which a device-specific key value is provided to a security processing device, and then used to derive additional derived keys for use in secured communications. In response to identifying a compromise of the derived keys, the system can be instructed to derive new or replacement derived keys for use in the secured communications. In some embodiments, the security system can be used in a video reception device, to decrypt encrypted video content.

Some embodiments provide a method for establishing a secured session with backward security between a first device and a second device. In some embodiments, the method establishes a communication session between the first and second devices using shared keys stored at the first and second devices. The method exchanges encrypted data between the first and second devices as a part of the communication session. The method, upon completion of the communication session, modifies the shared key at the first device in a predictable way. The shared key is modified at the second device in the same predictable way. The method then stores the modified shared key at the first device. The modified shared key cannot be used to decrypt any portion of the encrypted data of the current and previous communication sessions.

This document describes a system and method for controlling access to encrypted vehicular data. The system described in this document employs a hierarchical access control method that allows select encrypted vehicular data stored in a cloud server to be accessed by an authorized user in a hierarchical manner whereby the authorized user is then able to decrypt the select encrypted data and all child data associated with the select encrypted data.

Anonymizing systems and methods comprising a native configurations database including a set of configurations, a key management database including a plurality of private keys, a processor in communication with the native configurations database and the key management database, and a memory coupled to the processor. The set of configurations includes one or more textual descriptions and one or more ranges, wherein each range includes a contiguous sequence comprised of IP addresses, port numbers, or IP addresses and port numbers. The processor is configured to retrieve the set of configurations from the native configurations database, wherein the set of configurations includes a plurality of objects; retrieve a private key from the key management database; assign a unique cryptographically secure identity to each object; and anonymize the plurality of objects based on the cryptographically secure identities and the private key. The present system prevents retrieving the textual descriptions and the ranges of the configuration files of the native configuration database from the anonymized configuration database