A computer system for verifying vehicle software configuration may be provided. The computer system may include a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to: (1) transmit, to a vehicle computing system, an authentication request including a hash algorithm specification; (2) receive, from the vehicle computing system, a current configuration hash value and a vehicle identifier; (3) retrieve a trusted data block from a memory based upon the vehicle identifier, the trusted data block including a stored configuration hash value and a smart contract code segment; (4) execute the smart contract code segment, the smart contract code segment including a failsafe code segment; and/or (5) transmit the authentication response to the vehicle computing system, and cause the vehicle computing system to execute the failsafe code segment.

The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). The various embodiments of the present invention disclose a method of secured transmission and reception of discovery message in device to device (D2D) communication system. According to one embodiment, a transmitting user equipment (UE) receives a ProSe group key (PGK) from a Prose function to perform a D2D communication in a D2D public safety group. The transmitting UE then derives a ProSe traffic key (PTK) using the PGK for transmitting data packets in the D2D communication. Using the PTK, the transmitting UE further derives a Prose integrity protection key (PIK) for securing a discovery message to discover one or more receiving UEs. The transmitting UE transmits the integrity protected discovery message using the derived PIK to the receiving UE. In turn, the receiving UE transmits a response message in a secure manner by deriving a PIK using PGK configured for the receiving UE. The various embodiments of the present invention disclose a method of a terminal. According to one embodiment, the method comprises of deriving a first traffic key and a second traffic key based on a group key, deriving a first security key for securing a discovery message based on the first traffic key and a second security key for securing data packets based on the second traffic key, and transmitting the discovery message generated based on the first security key.

The present disclosure provides an authentication method for a satellite-based navigation system that in some implementations includes: obtaining, by an authentication server, a plurality of message authentication bundles from a plurality of reference receiver stations, each message authentication bundle comprising at least one hash for authenticating a corresponding SNS message received by a respective reference receiver station from at least one satellite of the SNS; inserting, by the authentication server at least a subset of the hashes of the obtained message authentication bundles into a probabilistic data structure (PDS), which forms at least a part of a validation filter for authenticating a corresponding subset of SNS messages; and distributing the validation filter to at least one receiver-side device. The disclosure further provides authentication methods performed by a reference receiver station and a receiver-side device, respectively, as well as devices and systems for authenticating SNS messages.

A secure executable container executed by an endpoint device determines physical attributes associated with the endpoint device reaching destination endpoint devices within a secure data network, and determines destination endpoint attributes for each of the destination endpoint devices. The secure executable container selects one or more of the destination endpoint devices for establishment of a corresponding secure peer-to-peer connection based on the physical attributes relative to the destination endpoint attributes of the one or more destination endpoint devices, each secure peer-to-peer connection bypassing a core network device in the secure data network. The secure executable container selects remaining destination endpoint devices for respective secure hybrid peer-to-peer connections via the core network device, based on the physical attributes relative to the respective destination endpoint attributes of the remaining ones of the destination endpoint devices.

A secure executable container executed by an endpoint device determines physical attributes associated with the endpoint device reaching destination endpoint devices within a secure data network, and determines destination endpoint attributes for each of the destination endpoint devices. The secure executable container selects one or more of the destination endpoint devices for establishment of a corresponding secure peer-to-peer connection based on the physical attributes relative to the destination endpoint attributes of the one or more destination endpoint devices, each secure peer-to-peer connection bypassing a core network device in the secure data network. The secure executable container selects remaining destination endpoint devices for respective secure hybrid peer-to-peer connections via the core network device, based on the physical attributes relative to the respective destination endpoint attributes of the remaining ones of the destination endpoint devices.

This application provides a key configuration method. A session management network element receives a request for end-to-end communication and obtains a security policy, where the security policy is determined based on at least one of: a user security requirement that is of the user equipment and that is preconfigured on a home subscriber server, a service security requirement from the user equipment, a security capability requirement supported by the user equipment, a security capability requirement from a carrier network, and a security requirement of a device on the other end of the end-to-end communication. The session management network element obtains a protection key used for protecting the end-to-end communication. The session management network element sends the security policy to the devices on two ends of the end-to-end communication.

This application provides a key configuration method. A session management network element receives a request for end-to-end communication and obtains a security policy, where the security policy is determined based on at least one of: a user security requirement that is of the user equipment and that is preconfigured on a home subscriber server, a service security requirement from the user equipment, a security capability requirement supported by the user equipment, a security capability requirement from a carrier network, and a security requirement of a device on the other end of the end-to-end communication. The session management network element obtains a protection key used for protecting the end-to-end communication. The session management network element sends the security policy to the devices on two ends of the end-to-end communication.

A method for re-establishing a Radio Resource Control (RRC) connection between a UE and a target eNB. The method is performed by the UE. The method includes the UE receiving an RRC Connection Reestablishment message from the target eNB, the RRC Connection Reestablishment message including a DL authentication token which has been generated by an MME and has had a Non Access Stratum integrity key as input. The method also includes the UE authenticating the received DL authentication token.

A method for re-establishing a Radio Resource Control (RRC) connection between a UE and a target eNB. The method is performed by the UE. The method includes the UE receiving an RRC Connection Reestablishment message from the target eNB, the RRC Connection Reestablishment message including a DL authentication token which has been generated by an MME and has had a Non Access Stratum integrity key as input. The method also includes the UE authenticating the received DL authentication token.

A session management function of a 5G system receives information that a secondary authentication is to be done for a given user equipment for authorising user equipment to use a data network; and responsively to the received information, communicates with the data network and receives from the data network an indication; and allows a 5G access to the user equipment so that the user equipment can communicate with the data network according to the indication either without cryptographic protection or with cryptographic protection depending on the indication.