Apparatuses, methods, and systems are disclosed for supporting TNGF reauthentication. One apparatus includes a network interface that communicates with a remote unit (i.e., UE) and with a mobile communication network. The apparatus includes a processor that receives a first EAP message containing a NAI from the UE. Here, the NAI indicates that the UE requests to reauthenticate with a source gateway function. The processor receives a UE context of the UE and derives a first EAP challenge packet using the UE context. Via the network interface, the processor sends the first EAP challenge packet to the UE. Here, the first EAP challenge packet is used to authenticate the target TNGF with the UE.

Apparatuses, methods, and systems are disclosed for supporting TNGF reauthentication. One apparatus includes a network interface that communicates with a remote unit (i.e., UE) and with a mobile communication network. The apparatus includes a processor that receives a first EAP message containing a NAI from the UE. Here, the NAI indicates that the UE requests to reauthenticate with a source gateway function. The processor receives a UE context of the UE and derives a first EAP challenge packet using the UE context. Via the network interface, the processor sends the first EAP challenge packet to the UE. Here, the first EAP challenge packet is used to authenticate the target TNGF with the UE.

Systems, methods, and related technologies for segmentation management are described. In certain aspects, an entity communicatively coupled to a network is selected and one or more characteristics of the entity may be determined. A segmentation policy may be selected based on the one or more characteristics of the entity and one or more tags to be assigned to the entity based on the segmentation policy may be determined. A zone for the entity based on the one or more tags may be determined and one or more enforcement points associated with the zone for the entity may be determined. One or more enforcement actions may then be assigned to the one or more enforcement points based on the zone associated with the entity.

A method and apparatus for resuming only signaling radio bearers (SRBs) in a wireless communication system is provided. A wireless device triggers a signaling while the wireless device is in a radio resource control (RRC) inactive state, and resumes only SRB and transmits a message 3 (MSG3) of a random access procedure to a network when an early data transmission (EDT) triggering condition for transmission via the MSG3 is fulfilled. The MSG3 includes the signaling.

Systems and techniques for an adaptive authentication system are described herein. In an example, an adaptive authentication system is adapted to receive a request at a first entity from a second entity for secure data of a user, where the second entity is remote from the first entity. The adaptive authentication system may be further adapted to transmit a prompt to a user device associated with the user for authentication of the user and authentication of the request. The adaptive authentication system may be further adapted to receive a response to the prompt and authenticate the user and the request based on the response. The adaptive authentication system may be further adapted to transmit the secure data of the user to the second entity.

To make a payment, a smartphone presents artwork for a payment card (e.g., a Visa card) that has been selected by a user from a virtual wallet of such cards. Encoded in the displayed artwork is payment information that has been encrypted with a context-dependent session key. A cooperating system (e.g., a retailer's point of sale system) uses a camera to capture an image of the artwork, and independently creates the session key from its own context sensor(s), enabling decryption of the payment information. Such technology provides a superior transaction security model at a fraction of the cost of competing chip card payment systems (which require, e.g., expensive physical cards, and single-purpose reader hardware). A great variety of other features and arrangements are also detailed.

A method performed by a security system of a 5G network to protect against cyberattacks on a personalized basis. The security system can identify a cybersecurity threat to a wireless device based on contextual information relating to the wireless device, a user preference, or a call detail record. The security system can determine a one-time fee to charge the user in exchange for protecting the wireless device against the cybersecurity threat, generate an on-demand coupon to protect the wireless device against the cybersecurity threat, and send the on-demand coupon to the wireless device based at least in part on the contextual information relating to the wireless device and the user preference. When the security system receives an indication that the on-demand coupon was redeemed, responds by deploying a network asset to protect the wireless device against the cybersecurity threat.

A method performed by a security system of a 5G network to protect against cyberattacks on a personalized basis. The security system can identify a cybersecurity threat to a wireless device based on contextual information relating to the wireless device, a user preference, or a call detail record. The security system can determine a one-time fee to charge the user in exchange for protecting the wireless device against the cybersecurity threat, generate an on-demand coupon to protect the wireless device against the cybersecurity threat, and send the on-demand coupon to the wireless device based at least in part on the contextual information relating to the wireless device and the user preference. When the security system receives an indication that the on-demand coupon was redeemed, responds by deploying a network asset to protect the wireless device against the cybersecurity threat.

A communication system including a host computer is provided herein. The host computer may include processing circuitry configured to provide user data and a communication interface configured to forward the user data to a cellular network for transmission to a user equipment (UE). The cellular network comprises a base station having a radio interface and base station processing circuitry. The base station processing circuitry configured to store a previously active security context for the UE, receive from the UE an RRCResumeRequest message including a security token, generate a temporary security context for the UE, use the temporary security context to verify the security token, send an RRC message to the UE, if no response to the RRC message is received from the UE, discard the temporary security context and retrieve the previously active security context. Thereafter, the base station transmits the user data for a host application.

A communication system including a host computer is provided herein. The host computer may include processing circuitry configured to provide user data and a communication interface configured to forward the user data to a cellular network for transmission to a user equipment (UE). The cellular network comprises a base station having a radio interface and base station processing circuitry. The base station processing circuitry configured to store a previously active security context for the UE, receive from the UE an RRCResumeRequest message including a security token, generate a temporary security context for the UE, use the temporary security context to verify the security token, send an RRC message to the UE, if no response to the RRC message is received from the UE, discard the temporary security context and retrieve the previously active security context. Thereafter, the base station transmits the user data for a host application.