The disclosed technology provides systems and methods for accelerating communication for low latency, high reliability, and secure machine control systems through encryption bypass. Machine controllers, e.g., drone, robot, or autonomous-vehicle controllers, establish a hardware-based trust relationship with the controlled machines allowing for the communication of unencrypted low-latency control and data messages, for example, via ultra-reliable low latency (URLLC) cellular network slices. The machines can relay non-mission-critical communications via encrypted communication using different network slices. The machines can also use distributed ledgers to store and access events and records used to create and/or maintain the trust relationship, and archive data for subsequent use.

The disclosed technology provides systems and methods for accelerating communication for low latency, high reliability, and secure machine control systems through encryption bypass. Machine controllers, e.g., drone, robot, or autonomous-vehicle controllers, establish a hardware-based trust relationship with the controlled machines allowing for the communication of unencrypted low-latency control and data messages, for example, via ultra-reliable low latency (URLLC) cellular network slices. The machines can relay non-mission-critical communications via encrypted communication using different network slices. The machines can also use distributed ledgers to store and access events and records used to create and/or maintain the trust relationship, and archive data for subsequent use.

An electronic device includes a first communication device operable across a first medium of communication and a second communication device operable across a second medium of communication that is different from the first medium of communication. One or more processors operable with the first communication device and the second communication device obtain a client certificate digest from a prospective client device using the first communication device. Thereafter, the one or more processors receive a client certificate from a remote electronic device using the second communication device. The one or more processors then verifying that the prospective client device and the remote electronic device are the same device prior to establishing a secure communication session.

Systems, methods, and apparatus related to transferring encrypted data over a wireless network. In one approach, an encryptor includes a host interface configured to transmit data and commands with a local computing device, a wireless communication interface configured to transmit data and commands over a radio access network, a storage interface configured to interface a local storage medium to store data, and at least one processing device configured to perform operations comprising: encrypting first data from the local computing device to be written into the local storage medium upon receiving a first command from the local computing device; decrypting the encrypted first data from the local storage medium to be read by the local computing device upon receiving a second command from the local computing device; and transmitting the encrypted first data through the wireless communication interface to the radio access network upon receiving a third command.

A user equipment is configured for concealment of a mission-critical push-to-talk (MCPTT) group identity in multimedia broadcast multicast services (MBMS). The UE is configured in particular to receive an indication of an MCPTT group pseudonym (7) which is a pseudonym for an MCPTT group identity (11) that identifies an MCPTT group of which the UE is a member. The UE may for example receive this indication from a group management server (GMS) or an MCPTT server. The UE in some embodiments may determine whether received control signalling (e.g., an MBMS subchannel control message) is for the MCPTT group of which the UE is a member, by determining whether the control signaling includes the MCPTT group pseudonym (7).

A user equipment is configured for concealment of a mission-critical push-to-talk (MCPTT) group identity in multimedia broadcast multicast services (MBMS). The UE is configured in particular to receive an indication of an MCPTT group pseudonym (7) which is a pseudonym for an MCPTT group identity (11) that identifies an MCPTT group of which the UE is a member. The UE may for example receive this indication from a group management server (GMS) or an MCPTT server. The UE in some embodiments may determine whether received control signalling (e.g., an MBMS subchannel control message) is for the MCPTT group of which the UE is a member, by determining whether the control signaling includes the MCPTT group pseudonym (7).

A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

Embodiments are disclosed for encrypting media access control (MAC) Header fields for Wireless LAN (WLAN) privacy enhancement. For example, a transceiver of a station (STA) or an access point (AP) can set a real time Media Access Control (MAC) header bit in a payload of an aggregated MAC Protocol Data Unit (A-MPDU) subframe to an actual value of a power management (PM) field of a MAC header of the A-MPDU subframe. The transceiver can encrypt the payload, set the PM field to an over the air (OTA) PM value, and transmit the A-MPDU subframe over the air. The OTA PM value can include all zeros, a predetermined value, or a randomized value The transceiver can also set static MAC header bits in the payload of the A-MPDU subframe to corresponding actual values of an aggregated MAC service data unit (A-MSDU) present field of the A-MPDU subframe.

Embodiments are disclosed for encrypting media access control (MAC) Header fields for Wireless LAN (WLAN) privacy enhancement. For example, a transceiver of a station (STA) or an access point (AP) can set a real time Media Access Control (MAC) header bit in a payload of an aggregated MAC Protocol Data Unit (A-MPDU) subframe to an actual value of a power management (PM) field of a MAC header of the A-MPDU subframe. The transceiver can encrypt the payload, set the PM field to an over the air (OTA) PM value, and transmit the A-MPDU subframe over the air. The OTA PM value can include all zeros, a predetermined value, or a randomized value The transceiver can also set static MAC header bits in the payload of the A-MPDU subframe to corresponding actual values of an aggregated MAC service data unit (A-MSDU) present field of the A-MPDU subframe.

Systems and methods for securely pairing a transmitting device with a receiving device are described. The systems and methods may communicate with a first device via a first communication method over a wireless communication network. The systems and methods may transmit, to the first device via a second communication method, a first sensory pattern representing a first key. In addition, the system and methods may communicate with the first device via the first communication method using the first key.