A client establishes a network session with a server. The network session is used to establish an encrypted communications session. The client establishes another network session with another server, such as after terminating the first network session. The client resumes the encrypted communications session over the network session with the other server. The other server is configured to receive encrypted communications from the client and forward them to the appropriate server.

A communication method includes receiving by a SGSN a context request message from a mobility management entity (MME), obtaining by the SGSN an authentication vector-related key, and calculating by the SGSN a root key according to the authentication vector-related key. In addition, the method further includes sending by the SGSN a context response message including the root key to the MME, wherein the MME derives a NAS protection key according to the root key.

A device may receive, via a first optical supervisory channel, a first timing signal from a first network node. The first timing signal may be generated by a first clock, of the first network node, and may be used to synchronize the first clock, of the first network node, and a second clock of a second network node. The device may determine a parameter value based on the first timing signal, and may determine whether the parameter value satisfies a threshold value. The device may selectively transmit, via a second optical supervisory channel, a second timing signal to the second network node based on determining whether the parameter value satisfies the threshold value. The second timing signal may be used to synchronize the second clock, of the second network node, with the first clock of the first network node.

Provided is a method for securely exchanging information during application startup. A processor may send a request for a passphrase to one or more remote devices using a first out-of-band message. The processor may receive, from at least one of the remote devices, a response that includes the passphrase. The response may be a second out-of-band message. The processor may decrypt application startup data that is stored in a first configuration file for the application using the received passphrase. The application startup data may be necessary for the application to execute. The processor may then execute the application using the decrypted application startup data.

The embodiments herein provide a method and system for creating a secure connection for a User Equipment (UE) in a wireless network including a UE, carrier aggregated with at least one first serving frequency served by a first eNB and at least one second serving frequency served by a second eNB. A unique non-repetitive security base key associated with the second eNB is generated using a freshness parameter and security key associated with the first eNB. The use of a different freshness parameter for each security base key derivation avoids key stream repetition. Further, a user plane encryption key is derived based on the generated unique non-repetitive security base key associated with the second eNB for encrypting data transfer over at least one data radio bearer.

In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device.

In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.

A system is configured for detecting a point of sale, receiving a personal identification number (PIN), generating a PIN based key using a message digest of the PIN, decrypting a data encryption key (DEK) using the PIN based key, and generating a DEK based dynamic key using the PIN based key. The system may also decrypt a session key using the DEK based dynamic key, generate a cryptogram from the session key, and send the cryptogram to the point of sale.

In embodiments of mesh network commissioning, a commissioning device of a mesh network can determine steering data for the mesh network, where the steering data is an indication of a device identifier associated with a device that is allowed to join the mesh network. The commissioning device can then propagate the steering data from the commissioning device for the mesh network to one or more routers in the mesh network, and the steering data indicates that a commissioner is active on the mesh network. The commissioning device propagating the steering data enables the one or more routers to transmit the steering data in a beacon message, and the steering data is effective to enable the device associated with the device identifier to identify that the device is allowed to join the mesh network.

A method and apparatus for applying security information in a wireless communication system is provided. A user equipment (UE) obtains first security information and second security information, applies the first security information to a first set of radio bearers (RBs) which is served by a master eNodeB (MeNB), and applies the second security information to a second set of RBs which is served by a secondary eNodeB (SeNB).