Systems and methods are described for securely and efficiently processing electronic content. In one embodiment, a first application running on a first computing system establishes a secure channel with a second computing system, the secure channel being secured by one or more cryptographic session keys. The first application obtains a license from the second computing system via the secure channel, the license being encrypted using at least one of the one or more cryptographic session keys, the license comprising a content decryption key, the content decryption key being further encrypted using at least one of the one or more cryptographic session keys or one or more keys derived therefrom. The first application invokes a second application to decrypt the license using at least one of the one or more cryptographic session keys, and further invokes the second application to decrypt the content decryption key using at least one of the one or more cryptographic session keys or one or more keys derived therefrom, and to decrypt a piece of content using the content decryption key. The first application then provides access to the decrypted piece of content in accordance with the license.

A method is disclosed for establishing a secure communication session using composite key cryptography. The method comprises generating a first plurality of secret keys all of which are known only to a first communicating party and each one of which is shared with exactly one of a plurality of stewards, and generating a second plurality of secret keys all of which are known only to a second communicating party and each one of which is shared with exactly one of the plurality of stewards. The first and second communicating parties each send information to the other through different stewards, each communication leg being encrypted using a secret key known only to the respective communicating party and steward. These communications are usable to distribute cryptographic seeds to the communicating parties for use in generating a temporary session key that can be used to encrypt direct communications between the parties.

The disclosure relates to a security method in a radio access network system. A shared secret key is stored in both a user device and a core network system. A further secret key is received from the core network system, wherein the further secret key has been derived using the shared secret key stored in the core network system. One or more values are provided over the radio interface to the user device to derive the further secret key in the user device from at least the shared secret key stored in the user device and one or more of the one or more values provided over the radio interface. An authentication procedure and/or a key agreement procedure is performed for the user device over the wireless radio interface using the received further secret key in the radio access network system and the derived further secret key in the user device.

Method, network element, user equipment (UE) and system are disclosed for securing device-to-device (D2D) communication in a wireless network. The wireless network has a first UE in an idle mode, a second UE in a connected mode, and a network element. The method comprises: encrypting the second UE's identification (ID) by using a first key which is known to the network element and the first UE and which is unknown to the second UE; sending the encrypted second UE's ID from the network element to the first UE via the second UE; and verifying the second UE's ID by using the encrypted second UE's ID. According to some embodiments, the method further comprises: deriving a D2D key for D2D communication between the first and second UEs, based on a random number and a second key which is known to the network element and the first UE; encrypting the D2D key based at least in part on a third key which is shared between the network element and the second UE and which is unknown to any other UE in the wireless network; and sending the encrypted D2D key from the network element to the second UE.

Presented herein is a system to set up a secure connection between nodes on two enterprise networks across a public network. The system includes a network element associated with each enterprise network. The first network element transmits a map request to a mapping server. The map request includes a destination address on the second enterprise network and a peer introduction request. The first network element includes a first key generation material in the peer introduction request. The second network element is configured to receive the map request forwarded from the mapping server, generate a map reply corresponding to the map request, and transmit the map reply to the first network element. The map reply includes a peer introduction reply with a second key generation material. The first network generates a secure key by inserting the second key generation material into a first key derivation function.

Methods for contention-based transmission with contention-free feedback for reduced latency in LTE Advanced networks and an enhanced PUCCH are generally disclosed herein. User equipment (UE) may transmit a contention sequence on a physical uplink control channel (PUCCH) to an enhanced-Node B (eNB) and may concurrently transmit data requesting uplink resources on a physical uplink shared channel (PUSCH) to the eNB. The contention sequence is transmitted on the PUCCH in accordance with a format that is assigned by the eNB. The contention sequence is either randomly selected by the UE or assigned by the eNB. When the contention sequence and data are not successfully received by the eNB, the UE may fall back to a more conventional random access channel (RACH) procedure for uplink resource allocation.

A device includes storage hardware to store a secret value and processing hardware coupled to the storage hardware. The processing hardware is to receive an encrypted data segment with a validator and derive a decryption key using the secret value and a plurality of entropy distribution operations. The processing hardware is further to verify, using the received validator, that the encrypted data segment has not been modified. The processing hardware is further to decrypt the encrypted data segment using the decryption key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.

A method includes receiving, at a first wireless device, from a second wireless device, content and an identification of the second wireless device, over a peer-to-peer wireless communication link. The received content is rendered and verification information containing the identification of the second wireless device and an identification of the received content is generated at the first wireless device. The verification information is then encrypted at the first wireless device using an encryption key. Apparatus and a computer program product counterparts to the method are also disclosed.

A computing device includes a secure storage hardware to store a secret value and processing hardware comprising at least one of a cache or a memory. During a secure boot process the processing hardware loads untrusted data into at least one of the cache or the memory of the processing hardware, the untrusted data comprising an encrypted data segment and a validator, retrieves the secret value from the secure storage hardware, derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, verifies, using the validator, whether the encrypted data segment has been modified, and decrypts the encrypted data segment using a first decryption key derived from the initial key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.

Disclosed is a method for secure transmission of small data of a machine type communication (MTC) device group, comprising a process wherein an MTC device and an MTC-Interworking Function (MTC-IWF) generate a shared key KIWF on the basis of a GBA procedure, the MTC device and a bootstrapping server (BSF) performing AKA authentication: a home subscriber server (HSS) determines whether the MTC device belongs to the MTC device group and whether said device has small data transmission and reception capabilities; if said device belongs to said group and has said capabilities, an AKA authentication vector generated on the basis of the MTC device group key is sent to said BSF; the BSF carries out AKA authentication with the MTC device on the basis of the received AKA authentication vector. Also disclosed is a system for secure transmission of small data of an MTC device group.