According to some embodiments, a security management entity is provided. The security management entity includes processing circuitry configured to: generate a key having a plurality of key parts, anonymize at least a first data instance at least in part by using the key with threshold cryptography, transmit a respective key part to each one of the plurality of trusted entities, store at least one key part where the stored at least one key part is different from the transmitted respective key parts, receive a message from a first trusted entity of the plurality of trusted entities for investigating the anonymized first data instance where the message includes one of the transmitted respective key parts, and deanonymize the first data instance using the stored at least one key part and the one of the transmitted respective key parts associated with the first trusted entity.

In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.

Systems and methods for connecting a private device to a public device based on various connection parameters. For example, a media guidance application may receive a communication requesting to use the public device from a private device that is implementing a private interface application (e.g., Netflix™ a streaming media application). In response, the media guidance application may generate an authorization key that is unique to the private device and comprises connection parameters. The media guidance application may transmit the authorization key to the private interface application to initiate a session between the public device and the private device. Whenever a command is received from the private device, the media guidance application may verify the authorization key and determine whether the connection parameters are satisfied. In response to verifying the authorization key and the connection parameters, the public device may execute the received command.

An access control system and methods according to at least one embodiment leverage wireless access credentials to allow a user to securely gain access to a secured area using his or her mobile device. As such, a credentialed mobile device may permit access to the secured area without requiring a real-time connection to a credential management system and/or an administrative system.

An access control system and methods according to at least one embodiment leverage wireless access credentials to allow a user to securely gain access to a secured area using his or her mobile device. As such, a credentialed mobile device may permit access to the secured area without requiring a real-time connection to a credential management system and/or an administrative system.

A communication method and a communications apparatus, where the method includes: after receiving an RRC resume request message from a UE, determining, by a target access network device, a first user plane security protection method between the target access network device and the UE based on a context information obtaining response from a source access network device; determining a first user plane security key between the target access network device and the UE; when receiving first uplink user plane data from the UE, performing user plane security deprotection on the first uplink user plane data based on the first user plane security key and the first user plane security protection method, to obtain uplink user plane data; and sending the uplink user plane data.

A communication method and a communications apparatus, where the method includes: after receiving an RRC resume request message from a UE, determining, by a target access network device, a first user plane security protection method between the target access network device and the UE based on a context information obtaining response from a source access network device; determining a first user plane security key between the target access network device and the UE; when receiving first uplink user plane data from the UE, performing user plane security deprotection on the first uplink user plane data based on the first user plane security key and the first user plane security protection method, to obtain uplink user plane data; and sending the uplink user plane data.

Methods and apparatus for enhancement of authentication. A method performed by a communication device may comprise sending a first request to a communication equipment, wherein the request comprises a communication device identifier of the communication device. The method may further comprise receiving a first response from the communication equipment, the first response comprising one or more parameters. The method may further comprise generating a first key and a second key based on the received response; The method may further comprise sending a second request to the communication equipment, the second request comprising the first key and a message based on the second key.