Methods and apparatus to provide extended object notation data are disclosed. An example apparatus includes a data handler having a first input to receive object data and a first output to output an object notation key-value pair for the object data; a string processor having a second input coupled to the first output and a second output to convey the object notation key-value pair without string literals; and a hashing and encryption handler having a third input coupled to the second output and a third output to convey the key-value pair signed with a private key, to convey the key-value pair encrypted with a public key, and to convey an indication that the encrypted key-value pair is encrypted in a key of the encrypted key-value pair.

A data management apparatus (10) is for managing data shared by a plurality of users. The data management apparatus (10) includes: an encryption processing unit (11) that encrypts the shared data; a coordinate acquisition unit (12) that, when one of the plurality of users has transmitted coordinates that have been pre-allocated thereto together with a request for decryption of the shared data, requests each of remaining users to transmit coordinates that have been pre-allocated thereto; and a decryption processing unit (13) that, when each of the remaining users has transmitted the coordinates that have been pre-allocated thereto, calculates a function from the coordinates transmitted by one user and the coordinates transmitted by the remaining users, and decrypts the encrypted shared data using a value obtained from the calculated function as a decryption key.

One feature pertains to a method operational at a device. The method includes performing authentication and key agreement with a session key management entity (SKME) device. The method also includes generating an authentication session key based in part on a secret key shared with a home subscriber server, the authentication session key being known to the SKME device. The method further includes generating a mobility session key based in part on the authentication session key, the mobility session key being known to a mobility management entity serving the device. Data sent from the device to a wireless communication network is cryptographically secured using the mobility session key.

A method and apparatus for applying security information in a wireless communication system is provided. A user equipment (UE) obtains first security information and second security information, applies the first security information to a first set of radio bearers (RBs) which is served by a master eNodeB (MeNB), and applies the second security information to a second set of RBs which is served by a secondary eNodeB (SeNB).

System and methods are provided for admission in a network comprising at least one node providing network controller (NC) functionality. A first node in the network, which is capable of generating SALTs, may assume NC functionality, and may distribute the SALT to at least one other node within the network. The first node may receive from the at least one other node, during admission to the network, a request for a dynamic encryption key, with the request being encrypted using a static encryption key unique to the at least one other node, and the static encryption key being determined based on the SALT. The first node may then send a response comprising one or more dynamic encryption keys to the at least one node, for use in network communications, wherein the response is encrypted using a static encryption key

An Internet of things (IoT) system, including a distributed system of virtual machines, includes at least one IoT platform system control engine, that includes a platform system control engine secure system space and a IoT platform system control engine user defined space, at least one network node device that includes a network node device secure system space and an IoT network node device user defined space, and at least one edge device that includes an edge device secure system space and an edge device user defined space, where the secure system space of the control engine, the network node device, and the edge device are each configured to be secured to prevent unauthorized access, and the user defined spaces of the platform system control engine, the network node device and the edge device each define a respective virtual machine.

A method and device for providing a key for IoT communication are disclosed. The method includes an embodiment whereby an IoT device modulates a light signal carrying a security code to generate a modulated light signal, emits the modulated light signal to a personal electronic device, derives a security key from the security code, and performs authentication with a control device based on the security key.

A method and device for providing a key for IoT communication are disclosed. The method includes an embodiment whereby an IoT device transmits a security code to a personal electronic device, derives a first security key and a second security key from the security code, protects outgoing communication with a control device based on the first security key, and protects outgoing communication with the personal electronic device based on the second security key.

Methods, systems, and devices for wireless communication are described. In one method, a wireless device may establish a connection with an access node (AN) of a local area network (LAN). The wireless device may also determine to perform an authentication. The wireless device may further receive an indication, as part of the authentication, of a protocol end point for the authentication as being a non-access stratum (NAS) layer or a radio resource control (RRC) layer. In another method, an AN may establish a connection with a wireless device. The AN may determine the wireless device determined to perform an authentication with an authenticator included in the AN. The AN may further indicate, as part of the authentication, a protocol end point for the authentication as being the NAS layer or the RRC layer.

Methods, systems, and devices for wireless communication are described. In one method, a wireless device may securely communicate with a local area network (LAN), via a first connection with a source access node (AN), based on a first security key. The wireless device may perform a handover from the source AN to a target AN. The wireless device may derive a second security key based on the first security key, and securely communicate with the LAN, via a second connection with the target AN, based on the second security key and a restriction policy for the second security key. The wireless device may perform an authentication procedure to obtain a third security key, which may not be subject to the restriction policy, and securely communicate with the LAN, via the second connection with the target AN, based on the third security key.