The invention relates to methods for establishing a secure communication link between a mobile station and a secondary base station in a mobile communication system. The invention is also providing mobile communication system for performing these methods, and computer readable media the instructions of which cause the mobile communication system to perform the methods described herein. Specifically, the invention suggests that in response to the detected or signaled potential security breach, the master base station increments a freshness counter for re-initializing the communication between the mobile station and the secondary base station; and the mobile station and the secondary base station re-initialize the communication there between. The re-initialization is performed under the control of the master base station and further includes deriving a same security key based on said incremented freshness counter, and establishing the secure communication link utilizing the same, derived security key.

A communication method includes receiving by a SGSN a context request message from a mobility management entity (MME), obtaining by the SGSN an authentication vector-related key, and calculating by the SGSN a root key according to the authentication vector-related key. In addition, the method further includes sending by the SGSN a context response message including the root key to the MME, wherein the MME derives a NAS protection key according to the root key.

An electronic device includes: a processor configured to obtain a first authentication key based on first data and a first authentication message, verify the first authentication message based on the first authentication key, obtain a second authentication key based on second data and a second authentication message, and verify the second authentication message based on the second authentication key; and a memory configured to store the first data, the first authentication message, the first authentication key, the second data, the second authentication message, and the second authentication key, wherein the second authentication message and the second authentication key are different from the first authentication message and the first authentication key, respectively, and the first authentication key and the second authentication key are associated with a first end device and a second end device, respectively.

Provisioning an integrated circuit with confidential data, by receiving in the integrated circuit encrypted confidential data, the encrypted confidential data having been encrypted with a transport key, deriving in the integrated circuit the transport key by applying a key derivation function to a customer identifier, the customer identifier having been previously stored in the integrated circuit, decrypting in the integrated circuit the encrypted confidential data with the transport key to obtain decrypted confidential data, deriving in the integrated circuit a product key by applying a key derivation function to an integrated circuit identifier, the integrated circuit identifier having been previously stored in the integrated circuit, encrypting in the integrated circuit the decrypted confidential data with the product key to obtain re-encrypted confidential data, and storing the re-encrypted confidential data in a confidential data memory of the integrated circuit.

A reader device may generate a first identifier. The reader device may transmit the first identifier to a mobile device. The reader device may receive encrypted data and unencrypted data from the mobile device in which the encrypted data includes a second identifier. The reader device may evaluate whether the first identifier and the second identifier correspond to one another.

A method for managing throughput in a distributed storage network includes encoding data to produce a plurality of sets of encoded data slices. According to the method, one or more write slice requests are generated corresponding to one or more sets of encoded data slices, and write slice requests are then output to a set of distributed storage and task execution units. For each distributed storage and task execution unit, a data ingest rate is generated and a write threshold number of distributed storage and task execution units is determined. A transmit data rate is determined and write slice requests are determined, followed by the generation write slice requests to the distributed storage and task execution units. A write threshold number of write slice requests is then input to the distributed storage and task execution units.

The invention relates to a method and system for key distribution and encryption/decryption. An encryption key (K.sub.enc) is derived in a terminal. The encryption key is applied by the terminal for encrypting at least a part of data included in an application message for an application server transmitted over a network. The terminal and the network both have access to a first key (K.sub.1). The terminal and the server both have access to a second key (K.sub.2). The encryption key is derived at the terminal using the first key and the second key. The first key or the derivative thereof is received at the server. The encryption key for decrypting the application message encrypted by the terminal is derived in the server using the shared second key and the received first key of the derivative thereof.

A system and method for provisioning multiple devices including a commissioning device, one or more endpoints, and a server. The system and method includes the following. The commissioning device accepts user-input network credentials of a wireless network from a user. The commissioning device searches for one or more endpoints unconnected to the wireless network. The commissioning device then verifies the ownership of the one or more endpoints. In response to a positive verification, the commissioning device securely the network credentials to the one or more endpoints. After receiving the network credentials, the one or more endpoints verify the integrity and authenticity of the communication from the commissioning device. After the one or more endpoints verifies the communication, the one or more endpoints access the wireless network based on the securely transferred wireless credentials.

Provided is a method for securely exchanging information during application startup. A processor may send a request for a passphrase to one or more remote devices using a first out-of-band message. The processor may receive, from at least one of the remote devices, a response that includes the passphrase. The response may be a second out-of-band message. The processor may decrypt application startup data that is stored in a first configuration file for the application using the received passphrase. The application startup data may be necessary for the application to execute. The processor may then execute the application using the decrypted application startup data.

Provided is a method for securely exchanging information during application startup. A processor may send a request for a passphrase to one or more remote devices using a first out-of-band message. The processor may receive, from at least one of the remote devices, a response that includes the passphrase. The response may be a second out-of-band message. The processor may decrypt application startup data that is stored in a first configuration file for the application using the received passphrase. The application startup data may be necessary for the application to execute. The processor may then execute the application using the decrypted application startup data.