A pseudonym credential configuration method and apparatus are provided. The method includes: receiving an identifier of a terminal device and information about N to-be-requested pseudonym credentials from the terminal device, sending N second request messages to a pseudonym credential generation server, and storing a tag of each second request message in association with the identifier of the terminal device in the registration server, so that the registration server can obtain, based on the tag, the identifier that is of the terminal device and that is associated with the tag; and generating N pseudonym credentials. The pseudonym credential generated in this application may enable a behavior investigation server to learn of a real identity of the terminal device.

A communication method and a communications apparatus are provided. The method includes: when receiving a first PDU session establishment request sent by a UE, encrypting, by an access and management network element (AMF), user information in the request, to obtain encrypted user information; and sending, by the AMF, a second PDU session establishment request to an SMF in response to the first PDU session establishment request, where the second PDU session establishment request carries the encrypted user information. In this manner, after the UE accesses a core network, an AMF entity may encrypt user information of the UE. The interaction information between NF entities, for example, the AMF entity and an SMF entity, carries the encrypted user information, which helps prevent user privacy leakage.

A communication method and a communications apparatus are provided. The method includes: when receiving a first PDU session establishment request sent by a UE, encrypting, by an access and management network element (AMF), user information in the request, to obtain encrypted user information; and sending, by the AMF, a second PDU session establishment request to an SMF in response to the first PDU session establishment request, where the second PDU session establishment request carries the encrypted user information. In this manner, after the UE accesses a core network, an AMF entity may encrypt user information of the UE. The interaction information between NF entities, for example, the AMF entity and an SMF entity, carries the encrypted user information, which helps prevent user privacy leakage.

Encryption key exchange processes are disclosed. A disclosed method includes initiating communication between a portable communication device including a token and a first limited use encryption key, and an access device. After communication is initiated, the portable communication device receives a second limited use key from a remote server via the access device. The portable communication device then replaces the first limited use key with the second limited use key. The second limited use key is thereafter used to create access data such as cryptograms that can be used to conduct access transactions.

Encryption key exchange processes are disclosed. A disclosed method includes initiating communication between a portable communication device including a token and a first limited use encryption key, and an access device. After communication is initiated, the portable communication device receives a second limited use key from a remote server via the access device. The portable communication device then replaces the first limited use key with the second limited use key. The second limited use key is thereafter used to create access data such as cryptograms that can be used to conduct access transactions.

Various examples are provided related to identification of protected information elements associated with unique entities in data files present in data file collections associated with enterprise IT networks. The unique entities can be associated with one or more entity identifications in one or more data files. Computer-generated identification of entity identifications and protected information elements can be conducted, in part, by at least some human review. Information generated accordingly to the disclosed methodology can be used to generate plans for a time and number of human reviewers needed to review data files. Information generated from the processes herein can be configured as user notifications, reports, dashboards, machine learning for subsequent data file analyses, and notifications of unique entities having protected information elements present in one or more data files.

A method of providing a user interface on a mobile communication device to control smart devices in an environment. The method comprises discovering a plurality of smart devices in an environment by a client application executing on a mobile communication device by initiating wireless communication between the mobile communication device and the plurality of smart devices, wherein the client application learns an electronic model identity of each of the discovered smart devices, communicating with a data store by the client application to look-up control interfaces of the discovered smart devices based on the electronic model identities of the smart devices, looking-up predefined environmental preferences associated with the mobile communication device in the data store by the client application, transmitting control commands by the client application to the plurality of smart devices based in part on the looked-up predefined environmental preferences.

A method of providing a user interface on a mobile communication device to control smart devices in an environment. The method comprises discovering a plurality of smart devices in an environment by a client application executing on a mobile communication device by initiating wireless communication between the mobile communication device and the plurality of smart devices, wherein the client application learns an electronic model identity of each of the discovered smart devices, communicating with a data store by the client application to look-up control interfaces of the discovered smart devices based on the electronic model identities of the smart devices, looking-up predefined environmental preferences associated with the mobile communication device in the data store by the client application, transmitting control commands by the client application to the plurality of smart devices based in part on the looked-up predefined environmental preferences.

A security management system including a first TEE and a common TEE is provided. The first TEE is a secured environment for data associated with a first entity. The common TEE is a seemed environment for data associated with any one of a plurality of entities. First anonymization parameters are shared between the first TEE and the common TEE The first anonymization parameters arc based at least in part on at least one privacy requirement of the first entity and at least one utility requirement of the security management system. The security management system includes processing circuitry configured to: anonymize first data associated with the first entity based at least in part on the first anonymization parameters, analyze at least the anonymized first data for performing data investigation, and generate analysis results based at least in part on the analysis of at least the anonymized first data.

A security management system including a first TEE and a common TEE is provided. The first TEE is a secured environment for data associated with a first entity. The common TEE is a seemed environment for data associated with any one of a plurality of entities. First anonymization parameters are shared between the first TEE and the common TEE The first anonymization parameters arc based at least in part on at least one privacy requirement of the first entity and at least one utility requirement of the security management system. The security management system includes processing circuitry configured to: anonymize first data associated with the first entity based at least in part on the first anonymization parameters, analyze at least the anonymized first data for performing data investigation, and generate analysis results based at least in part on the analysis of at least the anonymized first data.