The present invention provides a method of route optimization involving a first mobile device associated with a first home gateway. One embodiment of the method is implemented in a first mobility forwarding entity and includes registering the first mobile device at the first mobility forwarding entity. The first mobile device is registered using a session key included in a registration message transmitted by the first mobile device. The embodiment also includes establishing a secure route between the first mobility forwarding entity and a terminating node using the session key. The secure route bypasses the first home gateway.

A method, computer program and a server node (100) in a communications network (50) for reduction of undesired energy consumption of the server node (100), the method comprising: receiving a request message from a client (120), the request message containing message fields comprising at least a message ID field and an integrity indication field containing a first integrity indication, determining a relation key by performing a calculation by usage of a master key commonly known by the server node (100) and an authorization engine (110) and at least data comprised in the message ID field, calculating a second integrity indication based on a subset of the message fields by usage of the relation key, wherein the subset excludes at least one message field that is predictable by a trusted client (120), verifying the subset of the message fields by comparing the first and second integrity indications, and determining the message to be authorized when the comparison indicates equality, and wherein when the message is not authorized, suppressing reception of the message.

In embodiments of mesh network commissioning, a commissioning device establishes a secure commissioning communication session between the commissioning device and a border router of a mesh network to securely establish network communication sessions for joining one or more joining devices to the mesh network. The commissioning device can activate joining for the mesh network, and receive a request from a joining device to join the mesh network. The commissioning device can establish a secure joiner communication session between the commissioning device and the joining device, authenticate the joining device using an encrypted device identifier, and join the joining device to the mesh network.

Embodiments of a wireless device and methods for rekeying with reduced packet loss in a wireless network are generally described herein. In sonic embodiments, during rekeying operations a new key for reception may be installed early (i.e., prior to receipt of a rekeying confirmation message). The use of the new key for transmission may be delayed until after receipt of the rekeying confirmation message. The early installation of the new key for reception may allow both the new key and old key to be active at the same time for use decrypting received packets to reduce packet loss during rekeying operations. The rekeying confirmation message may be the fourth message of a four-way handshake for rekeying. In some embodiments, two key identifiers may be alternated between four-way handshakes to prevent deletion of the old key.

A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.

Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator receives a mobile device identifier and accesses a secret key associated with the mobile device. A message authentication code function is evaluated based on the secret key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, a mobile device accesses a secret key in response to receiving the challenge value from the wireless network operator. A message authentication code function is evaluated based on the secret key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

A system for encrypting data and transferring or storing data securely may include a computing device including an encryptor configured to generate an encryption key from a network resource and encrypt data using the encryption key to generate encrypted data, and a decryptor configured to generate a decryption key from the network resource and decrypt the encrypted data to generate the non-encrypted data.

A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.

Performing cryptographic operations such as encryption and decryption may be computationally expensive. In some contexts, initialization vectors and keystreams operable to perform encryption operations are generated and stored in a repository, and later retrieved for use in performing encryption operations. Multiple devices in a distributed system can each generate and store a subset of a larger set of keystreams.

According to a first aspect of the present disclosure, a method is conceived for securing data communicated in a network, the method comprising: receiving, by a destination node in the network, at least one message transmitted by a source node in the network; generating, by said destination node, a session key by executing a one-way function that takes at least a part of a last received message and an initial key as input parameters; using, by said destination node, the session key for encrypting or decrypting said data. Furthermore, according to a second aspect of the present disclosure, a corresponding computer program product is conceived. Furthermore, according to a third aspect of the present disclosure, a corresponding system is conceived.