Methods, systems, and devices for wireless communication are described. In one method, a source access node (AN) of a local area network (LAN) may receive, over a first connection, a set of fast transition (FT) parameters pertaining to authentication. The source AN may cache the set of FT parameters, and forward the set of FT parameters to a target AN of the LAN during a handover procedure. The source AN may receive, from the target AN, a set of security parameters associated with secure communication between the wireless device and the target AN, the set of security parameters based at least in part on the set of FT parameters. The source AN may subsequently transmit to the wireless device, over the first connection, a command to perform a handover to the target AN, the command including the set of security parameters.

The embodiments of the present invention provide a secure establishment method, system and device of a wireless local area network. The method includes: acquiring, by a UE, a first key; the first key is a shared key of the UE and a network element equipment in a mobile communication network accessed by the UE when implementing air interface security, or is derived according to the shared key; deriving, by the UE, according to the first key and a derivation parameter to acquire a derivation key; establishing, by the UE, according to the derivation key, a secure connection with a WLAN node acquiring a derivation key, wherein the derivation key acquired by the WLAN node is the same as the derivation key acquired by the UE.

A device may provide an upload request to upload a file. The device may receive, based on the upload request, a unique identifier associated with the device. The device may obtain a file key for encrypting the file and a security key for encrypting the file key. The security key may be obtained based on the unique identifier. The device may encrypt the file, using the file key, to create an encrypted file. The device may encrypt the file key, using the security key, to create an encrypted file key. The device may provide the encrypted file and the encrypted file key for storage by a storage device.

A fast-accessing method may comprise: establishing a first security connection between a first network node and a user equipment; obtaining first information from a second network node, wherein the first information comprises at least one of system information of the second network node and an identifier of a security algorithm selected by the second network node for the user equipment; providing second information to the second network node, in response to an indication of the second network node from the user equipment, wherein the second information comprises security information related to the user equipment; and sending the first information to the user equipment for establishing a second security connection between the user equipment and the second network node.

A method is provided for securely transmitting a digital message that is transmitted by means of an electronic letter service. A user of the service has a computer with a functioning browser and an Internet connection, and the electronic letter service makes use of a TrustCenter. The user creates a password using his/her browser. A user password verifier is cryptographically derived from the password. The user password verifier is transmitted to the electronic letter service and stored on a storage medium. A user secret is generated from the password by means of a cryptographic derivation. The user secret constitutes the symmetrical key for the encryption of a user-specific user master secret. The user secret is encrypted using the public key of the TrustCenter and the encrypted user secret is transmitted to the electronic letter service, from where it is then forwarded to the TrustCenter.

Embodiments provide a mobile communications device that includes a processor configured to communicate with a transceiver and a memory. The transceiver is configured to exchange control signals with a network node. The memory contains instructions that when executed by the processor configure the processor to operate the transceiver to exchange the control signals. The instructions further configure the processor to pass a first proper subset of the control signals to a remote device without operating according to the control signals, and to operate according to control signals in a second proper subset of the control signals. The processor is thereby configured to operate on behalf of a remote communication device to support communication between the remote communication device and the network node.

Embodiments of a wireless device and methods for rekeying with reduced packet loss in a wireless network are generally described herein. In some embodiments, during rekeying operations a new key for reception may be installed early (i.e., prior to receipt of a rekeying confirmation message). The use of the new key for transmission may be delayed until after receipt of the rekeying confirmation message. The early installation of the new key for reception may allow both the new key and old key to be active at the same time for use decrypting received packets to reduce packet loss during rekeying operations. The rekeying confirmation message may be the fourth message of a four-way handshake for rekeying. In some embodiments, two key identifiers may be alternated between four-way handshakes to prevent deletion of the old key.

The present disclosure relates to a communication method and system for converging a 5th-generation (5G) communication system for supporting higher data rates beyond a 4th-generation (4G) system with a technology for internet of things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method of a terminal according to the present disclosure includes: transmitting connection request messages for network slices, which are networks constructed for each service, to a network; receiving response messages including identifiers of the network slices from a base station; and generating security contexts for each network slice based on at least one of the identifiers of the network slices and tokens generated during an authentication process with a third party.

A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include first authentication information and second authentication information. The authentication computing device may authenticate the requesting computing device by decrypting the second authentication information and validating a credential associated with the first authentication information.

A method performed by a UE. The method incudes generating a SUCI comprising: i) an encrypted part in which a Mobile Subscription Identification Number of a SUPI is encrypted and ii) a clear-text part comprising: a) a Mobile Country Code of the SUPI, b) a Mobile Network Code of the SUPI, c) a public key identifier for a public key of a home network of the user equipment, and d) an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the Mobile Subscription Identification Number in the SUCI. The method also includes transmitting the SUCI to an authentication server in the home network for forwarding of the SUCI to a de-concealing server capable of decrypting the Mobile Subscription Identification Number.