Systems and methods for securely pairing a transmitting device with a receiving device are described. The systems and methods may communicate with a first device via a first communication method over a wireless communication network. The systems and methods may transmit, to the first device via a second communication method, a first sensory pattern representing a first key. In addition, the system and methods may communicate with the first device via the first communication method using the first key.

A method and apparatus for data transfer in RRC_INACTIVE state is provided. Method for data transfer in RRC_INACTIVE state includes transmitting a UECapabilityInformation, receiving a RRCRelease, receiving a system information, initiating a second resume procedure and performing buffer status reporting based on a first information and a second information if second resume procedure is ongoing. The first information is predefined and the second information is included in the system information.

A method for improving data transmission security at a user equipment comprises receiving, from a source network node, a connection release message including instructions for computing a hash value for data to be included in a connection request message; computing the hash value based on the instructions included in the connection release message; calculating a token based on the hash value, and sending, to a target network node, the connection request message including the token. The method may further forward the data from the target network node directly to a gateway after the token has been verified. The method may reduce a signaling overhead by having a fixed-size hash value for data. Furthermore, the method may improve a transmission security by including the token in an RRC message, in which the token is calculated based on the hash value representing the data.

This application provides an RRC connection resume method and apparatus. In the method, when a terminal moves to a target base station, the target base station may reselect, based on a capability and a requirement of the target base station, a first encryption algorithm and a first integrity protection algorithm that are used when the target base station communicates with the terminal, and send the first encryption algorithm and the first integrity protection algorithm to the terminal. On one hand, a security algorithm used for communication between the terminal and the target base station is flexibly selected. On the other hand, because the base station connected to the terminal changes, communication security can be improved by using a new encryption algorithm and integrity protection algorithm.

A device may include a processor configured to obtain a quantum key generated using quantum random numbers received from a quantum random number generator. The processor may be further configured to obtain a digital signature for a uniform resource locator (URL) associated with the obtained quantum key, wherein the digital signature is received from a security device configured to provide the quantum key to a user equipment (UE) device; receive a request from an application server to function as a proxy for a secure session with the UE device; authenticate the secure session with the UE device using the quantum key and the digital signature; and proxy the secure session between the UE device and the application server.

A device may include a processor configured to obtain a quantum key generated using quantum random numbers received from a quantum random number generator. The processor may be further configured to obtain a digital signature for a uniform resource locator (URL) associated with the obtained quantum key, wherein the digital signature is received from a security device configured to provide the quantum key to a user equipment (UE) device; receive a request from an application server to function as a proxy for a secure session with the UE device; authenticate the secure session with the UE device using the quantum key and the digital signature; and proxy the secure session between the UE device and the application server.

A method of authenticating a secondary communication device based on authentication of a primary mobile communication device is disclosed. Trust is established with the primary mobile communication device by a device authentication server (DAS). The DAS receives an authorization code request from a secondary application operating on the secondary communication device, and transmits an authorization code to the secondary communication device. The DAS receives the authorization code from a primary application operating on the primary mobile communication device. The DAS authorizes the secondary application based on the trust with the primary mobile communication device and the authorization code from the primary application. The DAS transmits a secondary token to the secondary application at the secondary communication device to allow initialization of a communication session from the secondary application on behalf of the primary mobile communication device.

Techniques for security management in communication systems are provided. For example, a method comprises maintaining a list of networks that support access for a set of restricted local operator services, checking whether a set of conditions for triggering access to the set of restricted local operator services is satisfied, receiving a request for access to the set of restricted local operator services, and initiating, upon satisfaction of the set of conditions, a search of the list of networks to find a network for access to the set of restricted local operator services.

A device can (i) operate a primary platform (PP) within a tamper resistant element (TRE) and (ii) receive encrypted firmware images for operating within the primary platform. The TRE can store in nonvolatile memory of the TRE (i) a PP static private key (SK-static.PP), (ii) a server public key (PK.IDS1), and (iii) a set of cryptographic parameters. The TRE can generate a one-time PKI key pair of SK-OT1.PP and PK-OT1.PP and send the public key PK-OT1.PP to a server. The TRE can receive a one-time public key from the server comprising PK-OT1.IDS1. The TRE can derive a ciphering key using an elliptic curve Diffie Hellman key exchange and the SK-static.PP, SK-OT1.PP, PK.IDS1, and PK-OT1.IDS1 keys. The TRE can decrypt the encrypted firmware using the derived ciphering key. The primary platform can comprise a smart secure platform (SSP) and the decrypted firmware can comprise a virtualized image for the primary platform.

A method (500) for toggling multi-network connectivity of a mobile device (110) includes, for the mobile device simultaneously connected to one or more carrier-mediated wireless networks (120) associated with a network operator (70), executing a graphical user interface that renders a status graphic (320) indicating the mobile device is currently connected to at least one carrier-mediated wireless network associated with the network operator, and an interactive graphic (330) for selecting between disabling and enabling connections (122) between the mobile device and carrier-mediated wireless networks associated with the network operator. The method includes receiving a user input indication (312) indicating selection of the interactive graphic and in response, disconnecting the mobile device from each of the carrier-mediated wireless networks associated with the network operator and updating the status graphic to indicate that the mobile device is not currently connected to any carrier-mediated wireless networks associated with the network operator.