An embodiment of the invention is directed to a method comprising receiving, at a server computer, information for a portable device that includes a mobile device identifier and storing, by the server computer, the information for the portable device that includes the mobile device identifier in a database associated with the server computer. The method further comprising receiving, by the server computer, transaction data from an access device for a transaction conducted at the access device, determining, by the server computer, from the transaction data that the transaction is associated with the portable device, determining, by the server computer, a location of the access device, determining, by the server computer, a location of a mobile device associated with the mobile device identifier, determining, by the server computer, that the location of the mobile device matches the location of the access device, and marking, by the server computer, the stored information for the portable device as authentication verified.

A communication method and apparatus, the method including receiving, by a first access network device, a first message from a terminal in a radio resource control (RRC) inactive state, where the first message requests to resume an RRC connection or to perform a radio access network-based notification area update (RNAU), and sending, by the first access network device, a first request message to a second access network device, where the first request message includes a cell radio network temporary identifier allocated by the first access network device for the terminal, and the second access network device is an access network device that retains a context of the terminal, and there is a control plane link of the terminal between the second access network device and a core network.

A connection resume request method includes generating, by a terminal, a new access stratum key; sending, by the terminal to a target base station, a connection resume request message requesting to resume a radio resource control (RRC) connection; receiving, by the terminal, a connection resume rejection message from the target base station, wherein the connection resume rejection message indicates that the resuming of the RRC connection is rejected; and resuming, by the terminal, the new access stratum key to a previous access stratum key, wherein the previous access stratum key is an access stratum key that is used, before the apparatus enters an inactive state, by the terminal and the source base station.

A connection resume request method includes generating, by a terminal, a new access stratum key; sending, by the terminal to a target base station, a connection resume request message requesting to resume a radio resource control (RRC) connection; receiving, by the terminal, a connection resume rejection message from the target base station, wherein the connection resume rejection message indicates that the resuming of the RRC connection is rejected; and resuming, by the terminal, the new access stratum key to a previous access stratum key, wherein the previous access stratum key is an access stratum key that is used, before the apparatus enters an inactive state, by the terminal and the source base station.

A communication terminal (10) includes control means for generating a subscription concealed identifier (SUCI) including a subscription permanent identifier (SUPI) concealed using a predetermined protection scheme, and a protection scheme identifier identifying the protection scheme, and transmission means for sending the SUCI to a first network apparatus during a registration procedure, the SUCI being sent for a second network apparatus to de-conceal the SUPI from the SUCI based on the protection scheme used to generate the SUCI.

A communication terminal (10) includes control means for generating a subscription concealed identifier (SUCI) including a subscription permanent identifier (SUPI) concealed using a predetermined protection scheme, and a protection scheme identifier identifying the protection scheme, and transmission means for sending the SUCI to a first network apparatus during a registration procedure, the SUCI being sent for a second network apparatus to de-conceal the SUPI from the SUCI based on the protection scheme used to generate the SUCI.

An electronic device is provided. The electronic device includes a communication module, a memory storing instructions, and at least one processor operably connected to the communication module and the memory, wherein the at least one processor is, by executing the instructions, configured to receive a request for execution of an application programming interface (API) from an application while driving the application, identify a policy for the execution-requested API based on data received from a decentralized network through the communication module, and determine whether to execute the execution-requested API, based on the identified policy for the API.

An over-the-air updating method, an update server, a terminal, and an internet of things system are provided. The over-the-air updating method is applied to an update server in an internet of things system which further includes a terminal. The update server is communicatively connected to the terminal. The method includes: generating an encryption public key and an encryption private key which match each other; sending the encryption public key to the terminal; generating an update key, and encrypting the update key with the encryption private key; sending the encrypted update key to the terminal, for the terminal decrypts the encrypted update key with the encryption public key; encrypting update data with the update key; sending the encrypted update data to the terminal, for the terminal decrypts the update data with the decrypted update key, and performing data updating with the update data.

Secure conditional transfer of cryptographic data allows transfer of cryptographically-based data from one party to another while mitigating failure of a counterparty to perform. A first party uses a first device to send a proposal to a second party's device. If the proposal is accepted, it is signed by the second device. A secure channel is established between the devices that also attests to their compliance during processing. Transaction identifiers associated with the proposal and other information are exchanged. Once exchanged, the first device creates and sends first transfer data (that may be signed) to the second device. The second device receives and determines the first transfer data is valid. In response, the second device creates and sends second transfer data (that may be signed) to the first device. If a communication or other failure prevents reciprocation by the second party, others may verify the transaction and confirm the failure.

Described embodiments provide systems and methods for policy-based authentication, where the policy may designate locations and/or forms of proof of locations, for use in authentication. Some embodiments include or utilize a database storing authentication policies. In an example system, an authentication server in communication with the database is configured to receive a request from a device needing authentication. The request may include a credential. The authentication server is configured to retrieve, from the database storing authentication policies, an authentication policy corresponding to the device, the retrieved authentication policy specifying a location parameter. The authentication server is configured to receive location data from the device and resolve the authentication request using the credential and the received location data pursuant to the retrieved authentication policy.