Systems and methods for secure electronic data transfer utilizing an ephemeral key for encryption and decryption of data.

Method and system for securely communicating with a machine to machine, M2M, device comprising sharing a secret or data derived from the secret between the M2M device and a server. Establishing a connection between the M2M device and the server. Using the shared secret or data derived from the shared secret to establish cryptographic material on both the M2M device and the server. Securing communication between the M2M device and the server with a cryptographic protocol using the established cryptographic material. The cryptographic material is unrecoverable from the shared secret or data derived from the shared secret alone.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.

A device may provide an upload request to upload a file. The device may receive, based on the upload request, a unique identifier associated with the device. The device may obtain a file key for encrypting the file and a security key for encrypting the file key. The security key may be obtained based on the unique identifier. The device may encrypt the file, using the file key, to create an encrypted file. The device may encrypt the file key, using the security key, to create an encrypted file key. The device may provide the encrypted file and the encrypted file key for storage by a storage device.

The disclosure relates to a security method in a radio access network system. A shared secret key is stored in both a user device and a core network system. A further secret key is received from the core network system, wherein the further secret key has been derived using the shared secret key stored in the core network system. One or more values are provided over the radio interface to the user device to derive the further secret key in the user device from at least the shared secret key stored in the user device and one or more of the one or more values provided over the radio interface. An authentication procedure and/or a key agreement procedure is performed for the user device over the wireless radio interface using the received further secret key in the radio access network system and the derived further secret key in the user device.

A system for generating symmetric cryptographic keys for communications between hosts. Hosts use associated devices to generate secret keys. Each key is generated based on a static seed and a dynamic seed. The dynamic seed is created from sensor data or auxiliary data. The secret key allows host machines to encrypt, or decrypt, plaintext messages sent to, or received from, other host machines.

In a method for cryptographically processing data which are exchanged between a first unit and a control unit, a derived key is used in this process, which is derived from a secret key and an identifier. The exchanged data are encrypted using the derived key, and the exchanged data are encrypted in a tool chain, which provides the identifier.

A system for generating symmetric cryptographic keys for communications between hosts. Hosts use associated devices to generate secret keys. Each key is generated based on a static seed and a dynamic seed. The dynamic seed is created from sensor data or auxiliary data. The secret key allows host machines to encrypt, or decrypt, plaintext messages sent to, or received from, other host machines.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes in idle mode. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, along with a key change indication indicating that the NAS key has changed. The target AMF sends the key change indication to the user equipment.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.