The embodiments provide cryptography that is performed in each of two communicating devices and is based on information known only to the devices. The information is determined in each of the devices at the time of communications. Each of the devices determines the information without communicating key information related to the encryption key with each other. Channel characteristic reciprocity between the two devices allows creation of identical keys in each device. Each of the devices sends a first setup signal to the other device, receives a second setup signal from the other device, where the second setup signal may be a looped back version of the first setup signal, samples the second setup generates sampling results, creates a key based on the sampling results, and utilizes the key to exchange one or more secure data signals with the other device.

The embodiments provide a cryptography key for two communicating devices that is based on information known only to the devices. The information may only be determined by the devices. Each device determines the information without communicating key information related to the encryption key with the other. Channel characteristic reciprocity between the devices allows creation of identical keys in each device. Each device sends a signal to the other device at the same power level based on the distance between the devices. The power level may be set to result in a target receive power level at the other device. Each device samples the received signal, generates sampling results, creates a key based on the sampling results and a threshold power level, and utilizes the key. The threshold power level may be based on the target receive power level, or a median power determined from the sampling results.

Disclosed herein are a health device, a gateway device, and a method for securing a protocol using the health device and the gateway device. The method includes performing, by the health device and the gateway device, authentication and key exchange based on security session information; sending, by any one of the health device and the gateway device, an application message protected based on the security session information; and receiving, by a remaining one of the health device and the gateway device, the protected application message.

A network device or system can operate to enable a security pass-through with a user equipment (UE) and further define various virtual functions between a physical access point (pAP) and a virtual AP (vAP) based on one or more communication link parameters (e.g., latency). The security pass-through can be an interface connection that passes through a computer premise equipment (CPE) or wireless residential gateway (GW) without the CPE or GW modifying or affecting the data traffic such as by authentication or security protocol. The SP network device can receive traffic data from a UE through or via the security pass-through from a UE of a community Wi-Fi network at a home, residence, or entity network.

A network device or system can operate to enable a security pass-through with a user equipment (UE) and further define various virtual functions between a physical access point (pAP) and a virtual AP (vAP) based on one or more communication link parameters (e.g., latency). The security pass-through can be an interface connection that passes through a computer premise equipment (CPE) or wireless residential gateway (GW) without the CPE or GW modifying or affecting the data traffic such as by authentication or security protocol. The SP network device can receive traffic data from a UE through or via the security pass-through from a UE of a community Wi-Fi network at a home, residence, or entity network.

A radio station (2) transmits configuration information (501) to a radio terminal (1). The configuration information (501) indicates, on a cell-by-cell basis, at least one specific cell on which the radio terminal (1) is allowed to perform at least one of data transmission and data reception on a radio bearer used for uplink transmission or downlink transmission or both via a common Packet Data Convergence Protocol (PDCP) layer (402). As a result, in a radio architecture that provides tight interworking of two different Radio Access Technologies (RATs), it is for example possible to allow an eNB to indicate, to a radio terminal (UE), a specific cell on which the UE should perform uplink transmission.

A radio station (2) transmits configuration information (501) to a radio terminal (1). The configuration information (501) indicates, on a cell-by-cell basis, at least one specific cell on which the radio terminal (1) is allowed to perform at least one of data transmission and data reception on a radio bearer used for uplink transmission or downlink transmission or both via a common Packet Data Convergence Protocol (PDCP) layer (402). As a result, in a radio architecture that provides tight interworking of two different Radio Access Technologies (RATs), it is for example possible to allow an eNB to indicate, to a radio terminal (UE), a specific cell on which the UE should perform uplink transmission.

A key generation method includes determining, by an access and mobility management function node, key-related information. The method also includes sending, by the access and mobility management function node, a redirection request message to a mobility management entity. The redirection request message includes the key-related information, and the redirection request message is used to request to hand over a voice service from a packet switched (PS) domain to a circuit switched (CS) domain. The method further includes receiving, by the mobility management entity, the redirection request message. The method additionally includes generating, by the mobility management entity, an encryption key and an integrity protection key for the voice service based on the key-related information.

A key generation method includes determining, by an access and mobility management function node, key-related information. The method also includes sending, by the access and mobility management function node, a redirection request message to a mobility management entity. The redirection request message includes the key-related information, and the redirection request message is used to request to hand over a voice service from a packet switched (PS) domain to a circuit switched (CS) domain. The method further includes receiving, by the mobility management entity, the redirection request message. The method additionally includes generating, by the mobility management entity, an encryption key and an integrity protection key for the voice service based on the key-related information.

According to some embodiments, a security management entity is provided. The security management entity includes processing circuitry configured to: generate a key having a plurality of key parts, anonymize at least a first data instance at least in part by using the key with threshold cryptography, transmit a respective key part to each one of the plurality of trusted entities, store at least one key part where the stored at least one key part is different from the transmitted respective key parts, receive a message from a first trusted entity of the plurality of trusted entities for investigating the anonymized first data instance where the message includes one of the transmitted respective key parts, and deanonymize the first data instance using the stored at least one key part and the one of the transmitted respective key parts associated with the first trusted entity.