Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

A method of operating a second network access node comprises configuring the second network access node to act as a secondary network access node for a dual connectivity mode for a terminal device in which a first network access node acts as a master network access node. The method further comprises establishing, while acting as a secondary network access node for the dual connectivity mode, that the second network access node should switch to acting as a master network access node, deriving a new master network access node security key for use by the second network access node when switched to acting as a master network access node for the dual connectivity mode, and configuring the second network access node to act a master network access node for the dual connectivity mode using the new master network access node security key.

A method of operating a second network access node comprises configuring the second network access node to act as a secondary network access node for a dual connectivity mode for a terminal device in which a first network access node acts as a master network access node. The method further comprises establishing, while acting as a secondary network access node for the dual connectivity mode, that the second network access node should switch to acting as a master network access node, deriving a new master network access node security key for use by the second network access node when switched to acting as a master network access node for the dual connectivity mode, and configuring the second network access node to act a master network access node for the dual connectivity mode using the new master network access node security key.

A method for security handling in a mobility of a terminal device, where the method includes: a target access and mobility management function (AMF) entity receiving a first message for registering a terminal device; the target AMF entity sending a second message to a source AMF entity after receiving the first message; the source AMF entity deriving a first key based on a key between the source AMF entity and the terminal device; the source AMF entity sending the first key to the target AMF entity; the target AMF entity determining to use the first key based on security related information after receiving the first key; and the target AMF entity determining a communication key between the target AMF entity and the terminal device based on the first key after determining to use the first key.

A method for security handling in a mobility of a terminal device, where the method includes: a target access and mobility management function (AMF) entity receiving a first message for registering a terminal device; the target AMF entity sending a second message to a source AMF entity after receiving the first message; the source AMF entity deriving a first key based on a key between the source AMF entity and the terminal device; the source AMF entity sending the first key to the target AMF entity; the target AMF entity determining to use the first key based on security related information after receiving the first key; and the target AMF entity determining a communication key between the target AMF entity and the terminal device based on the first key after determining to use the first key.

An illustrative example embodiment of a controller associated with a container includes a processor and memory. The controller is configured to generate a derived key based on global positioning system information corresponding to a location of the controller. The controller uses the derived key to authenticate a user device.

An illustrative example embodiment of a controller associated with a container includes a processor and memory. The controller is configured to generate a derived key based on global positioning system information corresponding to a location of the controller. The controller uses the derived key to authenticate a user device.

This disclosure relates to a data storage device. A data port transmits data between a host computer system and the data storage device over a data channel. The device repeatedly broadcasts advertising packets over a wireless communication channel different from the data channel. Each advertising packet comprises a random value and a message authentication code calculated based on the random value and an identity key. The identity key is readable by a device to be connected and in proximity of the data storage device out of band of the data channel and the communication channel. The identity key enables the device to be connected to verify the message authentication code based on the random value and the identity key to thereby authenticate the data storage device.

This disclosure relates to a data storage device. A data port transmits data between a host computer system and the data storage device over a data channel. The device repeatedly broadcasts advertising packets over a wireless communication channel different from the data channel. Each advertising packet comprises a random value and a message authentication code calculated based on the random value and an identity key. The identity key is readable by a device to be connected and in proximity of the data storage device out of band of the data channel and the communication channel. The identity key enables the device to be connected to verify the message authentication code based on the random value and the identity key to thereby authenticate the data storage device.

A telecommunications network includes a serving network and a home network. In some examples the serving network receives, from the home network, identity data associated with a network terminal. The serving network determines a tied key using a tying key derivation function (TKDF) based on the identity data, then prepares an authentication request based on the tied key and sends the request to the terminal. In some examples, the home network receives the identity data from the access network and determines a tied key using a TKDF. The home network then determines a confirmation message based on the first tied key. In some examples, the serving network receives the identity data from the home network, and receives a network-slice selector associated with the network terminal. The serving network determines a tied key using a TKDF based on the identity data and the network-slice selector.