A UE, a device and a Direct Communication Element. The UE is configured to establish a UE shared key with a Bootstrapping Server Function (BSF) using a Generic Bootstrapping Architecture (GBA) procedure, to discover the device through a discovery procedure after establishing the UE shared key, and to derive a direct communication key from at least the UE shared key. The device is configured to receive a transaction identifier associated with the UE shared key from the UE, to send the transaction identifier to the Direct Communication Element, and to receive the direct communication key from the Direct Communication Element. The Direct Communication Element is configured to receive the transaction identifier from the device, to obtain a shared session key from the BSF; to derive the direct communication key, and to send the direct communication key to the device.

In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device.

A cryptographic infrastructure, which provides a method for generating private keys of variable length from a cryptographic table and a public key. This infrastructure provides an approximation of the one-time pad scheme. The cryptographic table is shared between a message sender and a message recipient by a secure transfer. After sharing the cryptographic table, no new private keys need to be sentthe private keys are independently generated by each party from the data contained within the shared cryptographic tables, using the public key. After public keys are exchanged, private keys may be generated and used to encrypt and decrypt messages and perform authentication cycles, establishing a secure communication environment between the sender and the recipient.

A method of generating a key for D2D communication between a first user equipment and a second user equipment in a first radio access node is disclosed. In an exemplary embodiment, the method may comprise: receiving a request for D2D key generation from the first user equipment which is served by the first radio access node; determining whether the second user equipment is served by the first radio access node; when it is determined that the second user equipment is served by the first radio access node, generating a first random number and a second random number; generating a first D2D key based on the first random number and a second D2D key based on the second random number; sending the first D2D key and the second random number to the second user equipment; and sending the second D2D key and the first random number to the first user equipment; and when it is determined that the second user equipment is not served by the first radio access node, determining a second radio access node which serves the second user equipment; generating a first random number; generating a first D2D key based on the first random number; sending the first D2D key to the second radio access node; receiving a second D2D key from the second radio access node; and sending the second D2D key and the first random number to the first user equipment.

A method for activating a mobile terminal token, comprising: a cloud authentication server generates a seed generation factor according to an activation request, and acquires a server seed secret key and saves the same according to the seed generation factor, and generates an activation code according to the seed generation factor, and generates an activation verification code and transmits the same to a mobile terminal, and encrypts the activation code using the activation verification code to acquire an encrypted activation code, and a cloud authentication management platform generates a two-dimensional code image according to the received encrypted activation code and transmits the same to a client for displaying, and the mobile terminal token acquires the encrypted activation code according to the acquired two-dimensional code image, and decrypts the encrypted activation code using the acquired activation verification code to obtain an activation code, and acquires the seed generation factor from the activation code, and acquires a token seed secret key according to the seed generation factor and saves the same. The present invention can activate the token when the mobile terminal is without network, ensuring the accuracy of the seed, thus improving the token security.

In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.

Methods, apparatuses, and computer readable media for location measurement reporting in a wireless network are disclosed. An apparatus of a responder station is disclosed, the apparatus comprising processing circuitry configured to derive bits from a temporary key, and generate a first sequence and a second sequence using the bits, wherein the first sequence and second sequence comprise one or more symbols. The processing circuitry is further configured to concatenate the first sequence and the second sequence to form a new first sequence comprising the first sequence and the second sequence, and concatenate a modified first sequence and a modified second sequence to form a new second sequence. The processing circuitry may be configured to repeat a number of times the concatenate the first sequence through the concatenate the modified first sequence.

One feature pertains to a method operational at a device. The method includes performing key agreement with a core network device, and generating an authentication session key based in part on a secret key shared with a home subscriber server (HSS), where the authentication session key is known to the core network device. The method further includes generating a mobility session key based in part on the authentication session key, where the mobility session key is known to a mobility management entity (MME) served by the core network device and serving the device. The method also includes cryptographically securing data sent from the device to a wireless communication network using the mobility session key.

The disclosure relates to a security method in a radio access network system. A shared secret key is stored in both a user device and a core network system. A further secret key is received from the core network system, wherein the further secret key has been derived using the shared secret key stored in the core network system. One or more values are provided over the radio interface to the user device to derive the further secret key in the user device from at least the shared secret key stored in the user device and one or more of the one or more values provided over the radio interface. An authentication procedure and/or a key agreement procedure is performed for the user device over the wireless radio interface using the received further secret key in the radio access network system and the derived further secret key in the user device.

The invention relates to a method of sharing of a reference key (AppKey) between a connected object (1) and at least one server (2), the method comprising the steps of: application (102) by the object (1) of a function (f) to at least one datum (DevEUI, AppEUI, DevNonce) and to a key (KSE) specific to a secure element of the object (1) to generate the reference key, transmission (108) to the server (2) of a join request of the object (1) to a network of connected objects, comprising the datum, the key (KSE) of the secure element (4) not being transmitted to the server (2), obtaining, by the server (2), of the key (KSE) of the secure element (4) on the basis of the request, application (208) by the server (2) of the function (f) to the datum and to the key (KSE) obtained by the server (2), so as to obtain the reference key.