Methods and apparatus for enhancement of authentication. A method performed by a communication device may comprise sending a first request to a communication equipment, wherein the request comprises a communication device identifier of the communication device. The method may further comprise receiving a first response from the communication equipment, the first response comprising one or more parameters. The method may further comprise generating a first key and a second key based on the received response; The method may further comprise sending a second request to the communication equipment, the second request comprising the first key and a message based on the second key.

A key derivation method, an apparatus, and a system. The method includes: user equipment (UE) receives an authentication success message from a mobility management function network element, generates a master session key (MSK) and an extended master session key (EMSK) based on the authentication success message; and determines whether an authentication device is located outside a 3rd generation partnership project (3GPP) network, to determine whether to obtain Kausf based on the EMSK or the MSK. Therefore, the UE can be compatible with a key derivation manner used when the authentication device is located outside the 3GPP network and a key derivation manner used when the authentication device is located inside the 3GPP network.

A key derivation method, an apparatus, and a system. The method includes: user equipment (UE) receives an authentication success message from a mobility management function network element, generates a master session key (MSK) and an extended master session key (EMSK) based on the authentication success message; and determines whether an authentication device is located outside a 3rd generation partnership project (3GPP) network, to determine whether to obtain Kausf based on the EMSK or the MSK. Therefore, the UE can be compatible with a key derivation manner used when the authentication device is located outside the 3GPP network and a key derivation manner used when the authentication device is located inside the 3GPP network.

The apparatus includes at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to duplicate base station computation of an identifier value for a user equipment, and search for one or more control channel transmissions incorporating an identifier value matching the identifier value.

An apparatus is disclosed for storing a private key on an IoT device for encrypted communication with an external user device and includes a proximity-based communication interface, encryption circuitry and IoT functional circuitry. The encryption circuitry includes a memory having a dedicated memory location allocated for storage of encryption keys utilized in the encrypting/decrypting operations, an encryption engine for performing the encryption/decryption operation with at least one of the stored encryption keys in association with the operation of the IoT functional circuitry, an input/output interface for interfacing with the proximity-based communication interface to allow information to be exchanged with a user device in a dedicated private key transfer operation, an internal system interface for interfacing with the IoT functional circuitry for transfer of information therebetween, memory control circuitry for controlling storage of a received private key from the input/output interface for storage in the dedicated memory location in the memory, in a Write-only memory storage operation relative to the private key received from the input/output interface over the proximity-based communication interface, the memory control circuitry inhibiting any Read operation of the dedicated memory location in the memory through the input/output interface. The IoT functional circuitry includes a controller for controlling the operation of the input/output interface and the memory control circuitry in a private key transfer operation to interface with the external user device to control the encryption circuitry for transfer of a private key from the user device through the proximity-based communication interface for storage in the dedicated memory location in the memory, the controller interfacing with the encryption circuitry via the internal system interface, and operational circuitry for interfacing with the user device over a peer to peer communication link and encrypting/decrypting information therebetween with the encryption engine in the encryption circuitry.

Encryption key exchange processes are disclosed. A disclosed method includes initiating communication between a portable communication device including a token and a first limited use encryption key, and an access device. After communication is initiated, the portable communication device receives a second limited use key from a remote server via the access device. The portable communication device then replaces the first limited use key with the second limited use key. The second limited use key is thereafter used to create access data such as cryptograms that can be used to conduct access transactions.

Encryption key exchange processes are disclosed. A disclosed method includes initiating communication between a portable communication device including a token and a first limited use encryption key, and an access device. After communication is initiated, the portable communication device receives a second limited use key from a remote server via the access device. The portable communication device then replaces the first limited use key with the second limited use key. The second limited use key is thereafter used to create access data such as cryptograms that can be used to conduct access transactions.

An electronic device includes a first communication device operable across a first medium of communication and a second communication device operable across a second medium of communication that is different from the first medium of communication. One or more processors operable with the first communication device and the second communication device obtain a client certificate digest from a prospective client device using the first communication device. Thereafter, the one or more processors receive a client certificate from a remote electronic device using the second communication device. The one or more processors then verifying that the prospective client device and the remote electronic device are the same device prior to establishing a secure communication session.

An electronic device includes a first communication device operable across a first medium of communication and a second communication device operable across a second medium of communication that is different from the first medium of communication. One or more processors operable with the first communication device and the second communication device obtain a client certificate digest from a prospective client device using the first communication device. Thereafter, the one or more processors receive a client certificate from a remote electronic device using the second communication device. The one or more processors then verifying that the prospective client device and the remote electronic device are the same device prior to establishing a secure communication session.

The present disclosure relates to the technical field of communication security, and provides a data transmission method applicable to a control plane function entity, including: determining target user plane data which needs to be subjected to security protection between a target user equipment and a user plane function entity; and sending a notification message to a Radio Access Network function entity and the target user equipment, with the notification message configured to instruct that the security protection is performed on the target user plane data between the target user equipment and the user plane function entity. The present disclosure further provides a data transmission system, an electronic device, and a computer-readable storage medium.