In response to a UE in a wireless network leaving a multicast group to which the user equipment belonged or switching between multiple access nodes belonging to the multicast group, sending by an access node a rekeying token for UE(s) in the multicast group to use to access data for the multicast group. The access node generates key(s) based at least on the rekeying token. The access node multicasts traffic to the UE(s) in the multicast group using the key(s). In response to an other UE in a wireless network leaving a multicast group to which a UE belongs or switching by the UE between multiple access nodes belonging to the multicast group, receiving, at the UE from an access node, a rekeying token to use. The UE generates key(s) based at least on the rekeying token and receives multicast traffic using the key(s).

In response to a UE in a wireless network leaving a multicast group to which the user equipment belonged or switching between multiple access nodes belonging to the multicast group, sending by an access node a rekeying token for UE(s) in the multicast group to use to access data for the multicast group. The access node generates key(s) based at least on the rekeying token. The access node multicasts traffic to the UE(s) in the multicast group using the key(s). In response to an other UE in a wireless network leaving a multicast group to which a UE belongs or switching by the UE between multiple access nodes belonging to the multicast group, receiving, at the UE from an access node, a rekeying token to use. The UE generates key(s) based at least on the rekeying token and receives multicast traffic using the key(s).

An electronic device may include at least one wireless communication module configured to transmit and receive a wireless signal; a memory electrically configured to store instructions; and at least one processor operatively connected to the at least one wireless communication module and the memory, the at least one processor being configured to execute the instructions to: based on an attempt to connect to an access point (AP), identify whether a pairwise master key security association (PMKSA) for the AP, generated based on to a previous connection of the electronic device to the AP, is present, and based on identifying that the PMKSA is present, determine whether to reuse a pairwise master key (PMK) stored in the PMKSA by comparing a lifetime of the PMK with a margin time in which a use of the PMK is guaranteed.

A method includes receiving, by a mobility management entity (MME), a redirection request message from an access and mobility management function (AMF) node, where the redirection request message includes key-related information. The method also includes generating, by the MME, an encryption key and an integrity protection key based on the key-related information. The redirection request message is used to request to hand over a voice service from a packet switched (PS) domain to a circuit switched (CS) domain.

A method includes receiving, by a mobility management entity (MME), a redirection request message from an access and mobility management function (AMF) node, where the redirection request message includes key-related information. The method also includes generating, by the MME, an encryption key and an integrity protection key based on the key-related information. The redirection request message is used to request to hand over a voice service from a packet switched (PS) domain to a circuit switched (CS) domain.

Method, apparatus and systems are provided for key derivation. A target base station receives multiple keys derived by a source base station, where the keys correspond to cells of the target base station. The target base station selects a key corresponding to the target cell after obtaining information regarding a target cell that a user equipment (UE) is to access. An apparatus for key derivation and a communications system are also provided.

Connectionless data transfer is disclosed. Authentication of a device and network node may be performed when data is sent from the device to an application server of an application service provider via a selected network. The transfer of data may take place in an absence of an existing device context between the network node interacting with the device and the core network through which the data travels. State management overhead and signaling overhead may be reduced by use of the exemplary aspects disclosed herein. For example, the device does not need to perform an authentication and key agreement (AKA) procedure to transfer the data and an existing (or pre-existing) device context need not be maintained at the core network.

A method for signing up a user to a service for controlling at least one functionality in a vehicle (10) by means of a user terminal (20) comprises the following steps: —communicating a user identifier and an identifier associated with the vehicle (10) to a server (50); —having the server (50) authenticate an electronics unit (11) of the vehicle (10); —in the event of successful authentication, registering the user identifier and the identifier associated with the vehicle (10) in association with one another in the server (50).

Device to device (D2D) communication can be performed with packet data convergence protocol (PDCP) based encapsulation without internet protocol (IP) addressing. The non-IP D2D PDCP-encapsulated communication can further include two forms of secure data transfer. A first non-IP D2D PDCP-encapsulated communication can be a negotiated non-IP D2D PDCP-encapsulated communication. A second non-IP D2D PDCP-encapsulated communication can be a non-negotiated non-IP D2D communication. The non-negotiated non-IP D2D PDCP-encapsulated communication can include a common key management server (KMS) version and a distributed KMS version. The encapsulated communication can be used with various protocols, including a PC5 protocol (such as the PC5 Signaling Protocol) and wireless access in vehicular environments (WAVE) protocols.

A connectionless system for handing off data, content or information includes a proximity detection component that allows devices to detect other local devices within range. Devices within range may use advertisement and scanning to exchange communications so that one device can handoff data, content, or information to another device without having to connect, e.g., pair, with the other device(s).