Described embodiments provide systems and methods for policy-based authentication, where the policy may designate locations and/or forms of proof of locations, for use in authentication. Some embodiments include or utilize a database storing authentication policies. In an example system, an authentication server in communication with the database is configured to receive a request from a device needing authentication. The request may include a credential. The authentication server is configured to retrieve, from the database storing authentication policies, an authentication policy corresponding to the device, the retrieved authentication policy specifying a location parameter. The authentication server is configured to receive location data from the device and resolve the authentication request using the credential and the received location data pursuant to the retrieved authentication policy.

Method and device used for wireless communications, including receiving a second media access control packet data unit (MAC PDU) group, a MAC Header of any MAC PDU in the second MAC PDU group comprising information corresponding to a first portion of a first old identifier (ID); the second MAC PDU group comprising a first packet data convergence protocol (PDCP) PDU, and a header of the first PDCP PDU comprising a first key ID; the first key ID being used to identify a first key, and the first key being used to generate a key for a security algorithm applied to the first PDCP PDU; transmitting a first MAC PDU group comprising a second PDCP PDU, the second PDCP PDU comprising information corresponding to a first portion of the first PDCP PDU; by determining a first key ID and a second key ID, reliability is improved, and risks during communications are avoided.

Method and device used for wireless communications, including receiving a second media access control packet data unit (MAC PDU) group, a MAC Header of any MAC PDU in the second MAC PDU group comprising information corresponding to a first portion of a first old identifier (ID); the second MAC PDU group comprising a first packet data convergence protocol (PDCP) PDU, and a header of the first PDCP PDU comprising a first key ID; the first key ID being used to identify a first key, and the first key being used to generate a key for a security algorithm applied to the first PDCP PDU; transmitting a first MAC PDU group comprising a second PDCP PDU, the second PDCP PDU comprising information corresponding to a first portion of the first PDCP PDU; by determining a first key ID and a second key ID, reliability is improved, and risks during communications are avoided.

A sending security edge proxy SEPP receives a first message sent by a first network function to a second network function. The first message has a plurality of first message parts including: a request line or a response line; at least one header; and payload. Second message parts are formed from the features and optional sub-features of the first message parts. A security structure defines a required security measure individually for each second message part. The SEPP applies, according to the security structure definition, to each second message part by encrypting; integrity protecting; or modification tracking with integrity protecting; and forms a second message that contains the second message parts; and sends the second message towards the second network function. Corresponding methods, structures, computer programs and a system are disclosed for intermediate nodes and receiving SEPP.

The present invention provides a user equipment, a method executed by a user equipment, a base station, a method executed by a base station, a mobile control entity, and a method executed by a mobile control entity. The method executed by a user equipment comprises: receiving a paging message from a base station; and determining whether to perform a downlink early data transmission (EDT) preparation operation based on downlink EDT indication information when the user equipment UE initiates an RRC connection establishment procedure or an RRC connection resume procedure based on the paging message.

Systems, devices, methods, and computer readable media are provided in various embodiments having regard to authentication using secure tokens, in accordance with various embodiments. An individual's personal information is encapsulated into transformed digitally signed tokens, which can then be stored in a secure data storage (e.g., a “personal information bank”). The digitally signed tokens can include blended characteristics of the individual (e.g., 2D/3D facial representation, speech patterns) that are combined with digital signatures obtained from cryptographic keys (e.g., private keys) associated with corroborating trusted entities (e.g., a government, a bank) or organizations of which the individual purports to be a member of (e.g., a dog-walking service).

Systems and methods are described for a cyber-physical vehicle management system generated by an Integrated Secure Device Manager (ISDM) Authority configured to manage licensing and approval of Cyber-Physical Vehicle (CPV)s, a public/private key pair and a unique ID for the Authority, create a self-signed Authority token signed by the private key, send the Authority token to a plurality of ISDM Node device configured to verify Module device authenticity and in communication with the Authority, store, by each Node, the Authority token, and mark, by each Node, the Authority token as trusted.

The present disclosure relates to a global resource locator tag and methods of using the same. A semiconductor chip can include a processor and a micro sized timing device. The semiconductor chip can generate a timing signal. The global resource locator tag can include a blockchain and a memory in logical communication with the processor. The processor can determine a cryptographic hash of a previous block of events in the blockchain. The processor can determine an respective inventory status of nearby labels. The processor can compile a data set with the respective inventory status of each of the nearby labels and the cryptographic hash of the previous block. The processor can record a next event of the events in a next block of the blockchain. The next event can include the data set.

Systems and methods are described for securely monitoring a shipping container for an environmental anomaly using elements of a wireless node network of sensor-based ID nodes disposed within the container and a command node associated with the container. The method has the command node identifying which of the ID nodes are confirmed as trusted sensors based upon a security credential specific to each of the ID nodes; monitoring only the confirmed ID nodes for sensor data broadcast those ID nodes; detecting the anomaly based upon the sensor data from at least one of the confirmed ID nodes; automatically generating an alert notification related to the detected environmental anomaly for the shipping container; and transmitting the alert notification to the external transceiver to initiate a mediation response related to the detected environmental anomaly.

Apparatuses, systems, and methods for a wireless device to perform methods for improvements to security checks in a fifth generation (5G) New Radio (NR) network, including mechanisms to avoid redundant access stratum (AS) security checks. The wireless device may determine that an on-demand system information block (SIB) request is pending transmission and may buffer the on-demand SIB in response to determining that a connection establishment procedure will be initiated within a specified time period. The wireless device may then perform a unified security procedure for the on-demand SIB request and the connection establishment procedure, including confirming connection security. Further, in response to confirming connection security, the wireless device may use an on-demand SIB received from the network without confirming a corresponding on-demand SIB signature.