Method and system for communicating securely with a user equipment, UE, using generic bootstrapping architecture, GBA, the system comprising a bootstrapping server function, BSF. A proxy server configured to receive messages from a user equipment, UE, in a first format. Convert the received messages from the first format to a second format. Transmit the received UE messages to a bootstrapping server function, BSF, in the second format. Receive messages from the BSF, in a third format. Convert the messages received from the BSF from the third format to a fourth format. Transmit the received BSF messages to the UE in the fourth format.

A method for accessing communication networks includes receiving by a device an identification of a communication network; determining whether the identification corresponds to a registered communication network; if the identification corresponds to a registered communication network, generating a password for accessing the communication network by applying a cryptographic function parameterized with a secret value associated with the communication network to the identification; and automatically establishing a connection of the device to the communication network using the generated password. Furthermore, methods for managing access to communication networks and providing communication networks are disclosed. A corresponding client device, service infrastructure and service provider infrastructure are also detailed.

The invention relates to a method for generating an identifier for identifying a pair, wherein the pair comprises a cryptographic device and a computer system (1, 2, . . . , i, . . . I), wherein the cryptographic device has a first secret key, wherein a second secret key (118.i) is associated with the computer system, wherein a blocking system (120) for accessing the second secret key of the computer system is provided, wherein the blocking system has a third secret key, and wherein the following steps are carried out for generating the identifier: generating a second public key (116.i) from the second secret key and a third public key (128) associated with the third secret key by means of the blocking system, transmitting the second public key (116.i) to the computer system (i), and generating the identifier from the first secret key and the second public key, using the cryptographic device.

A system that incorporates the subject disclosure may perform, for example, providing an upload request to a mobile communication device to cause a secure device processor of the mobile communication device to perform a modification of data according to a data protection key to generate modified data and to perform an encryption of the modified data according to an upload transport key to generate encrypted modified data where the secure device processor is separate from and in communication with a secure element of the mobile communication device, and where the secure element receives master keys from a remote management server and stores the master keys to enable the upload transport key and the data protection key to be generated by the secure element without providing the master keys to the secure device processor. Other embodiments are disclosed.

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

A communication device of handling communication with a network including a cellular network and a wireless local area network (WLAN) comprises instructions of receiving a radio resource control (RRC) message configuring cellular-WLAN aggregation (CWA) to the communication device from a base station (BS) of the cellular network; deriving a first pairwise master key (PMK) according to the RRC message; deriving a first encryption key for encrypting first data transmitted to the WLAN or decrypting second data received from the WLAN from the first PMK; releasing the CWA during connecting to the WLAN; performing an extensible authentication protocol (EAP) authentication and key agreement (AKA) procedure with the WLAN to derive a second PMK, when releasing the CWA; and deriving a second encryption key for encrypting third data transmitted to the WLAN or decrypting fourth data received from the WLAN from the second PMK.

A method begins by a dispersed storage (DS) processing module receiving encoded data slices and decoding encoded data slices to reproduce a secure data segment, followed by de-combining the secure data segment to reproduce encrypted data and a masked key. The method continues by performing a deterministic function on the encrypted data to produce transformed data, de-masking the masked key based on the transformed data to produce a master key and de-aggregating the encrypted data to reproduce encrypted data sub-segments. A sub-key is generated based on the master key and a decode threshold number of sub-keys are output to a corresponding number of distributed storage and task execution units, followed by decrypting the encrypted data sub-segment utilizing a corresponding sub-key for each encrypted data sub-segment and de-partitioning the decode threshold number of data sub-segments to re-produce a data segment.

A method for managing throughput in a distributed storage network includes encoding data to produce a plurality of sets of encoded data slices. According to the method, one or more write slice requests are generated corresponding to one or more sets of encoded data slices, and write slice requests are then output to a set of distributed storage and task execution units. For each distributed storage and task execution unit, a data ingest rate is generated and a write threshold number of distributed storage and task execution units is determined. A transmit data rate is determined and write slice requests are determined, followed by the generation write slice requests to the distributed storage and task execution units. A write threshold number of write slice requests is then input to the distributed storage and task execution units.

A method, apparatus, article of manufacture, and a memory structure for providing a security infrastructure that permits the programming of limited hardware resources that can accept newly downloaded applications and securely support a very large number of services offered by content providers each have the potential to utilize their own independent CAS/DRM system. The CE device owner can consume content from a variety of sources and enable switching among different and existing CAS/DRM security profiles as required by the content provider applications loaded in CE devices.

In an aspect, a network supporting client devices includes one or more network nodes implementing network functions. Such network functions enable a client device to apply a security context to communications with the network when the client device is not in a connected mode. The client device obtains a user plane key shared with a user plane network function implemented at a first network node and/or a control plane key shared with a control plane network function implemented at a second network node. The client device protects a data packet with the user plane key or a control packet with the control plane key. The data packet includes first destination information indicating the first network node and the control packet includes second destination information indicating the second network node. The client device transmits the data packet or control packet.