The present disclosure relates to a key generation method, a master eNodeB, a secondary eNodeB, and UE. The key generation method includes: determining a key parameter corresponding to a data radio bearer DRB; sending the key parameter to UE corresponding to the DRB, so that the UE generates a user plane key according to the key parameter and a basic key generated by the UE; receiving a basic key generated by a master eNodeB and sent by the master eNodeB; and generating the user plane key according to the key parameter and the basic key generated by the master eNodeB.

An MME negotiates security in case of idle state mobility for a UE from a first network to a LTE network. The UE sends its security capabilities including non-access stratum (NAS) security capabilities supported by the UE to the LTE network. The MME selects a NAS security algorithm, in accordance with the NAS security capabilities of the UE, and sends the selected NAS security algorithm to the UE, sharing the NAS security algorithm between the UE and the LTE network when the UE moves from the first network to the LTE network. The MME also derives, in accordance with the selected NAS security algorithm, a NAS protection key from an authentication vector-related key so as to security communication between the UE and the LTE network.

Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes in idle mode. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, along with a key change indication indicating that the NAS key has changed. The target AMF sends the key change indication to the user equipment.

The technology disclosed relates to method and system of monitoring and controlling exfiltration of enterprise data stored on the cloud computing service (CCS). The method and system includes using a cross-application monitor to detect a could service application programming interface (API) in use and a function or activity being performed via the CCS API. The method and system determines the function or activity by parsing a data stream based on the CCS API and identifies a content of the enterprise data subject to content control by the application of a content inspection rule data subject to content control. The method and system selects a security action being applied to the enterprise data to prevent exfiltration based on the classification of the inspected data and policies applicable to the content subject to content control.

A method performed by a UE. The method incudes generating a SUCI comprising: i) an encrypted part in which a Mobile Subscription Identification Number of a SUPI is encrypted and ii) a clear-text part comprising: a) a Mobile Country Code of the SUPI, b) a Mobile Network Code of the SUPI, c) a public key identifier for a public key of a home network of the user equipment, and d) an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the Mobile Subscription Identification Number in the SUCI. The method also includes transmitting the SUCI to an authentication server in the home network for forwarding of the SUCI to a de-concealing server capable of decrypting the Mobile Subscription Identification Number.

Anonymizing systems and methods comprising a native configurations database including a set of configurations, a key management database including a plurality of private keys, a processor in communication with the native configurations database and the key management database, and a memory coupled to the processor. The set of configurations includes one or more textual descriptions and one or more ranges, wherein each range includes a contiguous sequence comprised of IP addresses, port numbers, or IP addresses and port numbers. The processor is configured to retrieve the set of configurations from the native configurations database, wherein the set of configurations includes a plurality of objects; retrieve a private key from the key management database; assign a unique cryptographically secure identity to each object; and anonymize the plurality of objects based on the cryptographically secure identities and the private key. The present system prevents retrieving the textual descriptions and the ranges of the configuration files of the native configuration database from the anonymized configuration database

The technology disclosed relates to method and system of monitoring and controlling exfiltration of enterprise data stored on the cloud computing service (CCS). The method and system includes using a cross-application monitor to detect a could service application programming interface (API) in use and a function or activity being performed via the CCS API. The method and system determines the function or activity by parsing a data stream based on the CCS API and identifies a content of the enterprise data subject to content control by the application of a content inspection rule data subject to content control. The method and system selects a security action being applied to the enterprise data to prevent exfiltration based on the classification of the inspected data and policies applicable to the content subject to content control.

A method for execution by a storage network begins by receiving data for storage by the storage network and continues by determining data preparation tasks for the data. The method continues by indexing the data in accordance with the data preparation tasks to generate a data index and processing the data in accordance with the data index to produce indexed data. The method then continues by determining distribution criteria for the data based on the data index and distributing the data and the data index to a set of distributed storage units in accordance with the distribution criteria, Finally, the method establishes criteria for analyzing found data of the data in the storage network.

This disclosure generally relates to encrypted communication between terminal devices and service applications via a communication network. Such encrypted communication may be based on various hierarchical levels of encryption keys that are generated and managed by the communication network. Such encrypted communication and key management may be provided by the communication network to the terminal devices as a service that can be subscribed to. The various levels of encryption keys may be managed to improve flexibility of the communication network and to reduce potential security breaches.