Access credentials for a user of each of the plurality of stations connecting to the Wi-Fi network are forwarded to a RADIUS server. In response to the forwarded access credentials, priority-token values derived from the access credentials of the connecting users for storage in association with a MAC address of each of the plurality of stations, are received from the RADIUS and stored. Priority-token values responsive to detecting multiple users of at least two different priorities needing to access the Wi-Fi network. Available subcarriers are allocated based on the priority-token values for data transmissions.

Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a device may transmit, via a broadcast, a first frame that indicates one or more of a device credential or a payload. The device may receive, from the access point, a second frame that indicates one or more of the payload or an access point credential. The device may associate with the access point based at least in part on the access point credential. The device may perform a communication, to a cloud computing system via the access point, after the device has been associated with the access point. Numerous other aspects are described.

This application provides a communication method and apparatus. The method includes: a terminal sending first network information of a second network to a first network, where the first network information includes first indication information of the second network, and the first indication information indicating that the terminal requests to access the second network. The terminal performs onboarding delivery authentication of the second network through the first network. After onboarding delivery authentication of the second network succeeds, the terminal receives configuration information of the first network through the first network, and obtains a credential of the second network through the first network from an online sign-up server in the second network.

This application provides a key management method, a device, and a system. The method includes: A terminal device sends a first application session establishment request message to a first application function network element, where the establishment request message carries identification information of a first key, and the first key is an authentication and key management for applications AKMA key. The terminal device receives a first authentication request message in a procedure of the re-authentication. The terminal device sends a response message for the first authentication request message in the procedure of the re-authentication. The terminal device receives a response message for the establishment request message. The terminal device derives a communication key between the terminal device and the first application function network element by using the first key.

In embodiments of systems and methods for synchronous content presentation, a user equipment (UE) may generate a freshness parameter, generate a unique session key based on a first session key and the freshness parameter, and send the freshness parameter to a Network Application Function (NAF) of a network device in a configuration that will enable the NAF to generate the unique session key. The network device may receive the freshness parameter, receive from a Key Server Function (KSF) the first session key, and generate based on the freshness parameter and the first session key the unique session key. The UE and the network device may then conduct secure communications using the unique session key without exchanging the unique session key between the two devices.

This disclosure generally relates to encrypted communication between terminal devices and service applications via a communication network. Such encrypted communication may be based on various hierarchical levels of encryption keys that are generated and managed by the communication network. Such encrypted communication and key management may be provided by the communication network to the terminal devices as a service that can be subscribed to. The various levels of encryption keys may be managed to improve flexibility of the communication network and to reduce potential security breaches.

A secure element (SE) for processing a digital key includes a communication interface for communicating with a host, a memory for storing programs and data for processing the digital key, and a processor for executing the programs stored in the memory to receive a digital key processing request from a target device, determine whether a service is providable to the target device, by using a service-provider-specific service performance manager, process the digital key by using a digital key manager based on digital key processing information stored in the memory, upon determining that a service is providable to the target device, issue a digital key processing certificate by using the service-provider-specific service performance manager based on authentication information stored in the memory, and transmit the digital key processing certificate to at least one of a service provider and the target device.

A method for integrating third-party encryption managers with cloud services includes receiving, at data processing hardware, an operation request requesting a cryptographic operation on data comprising an encryption operation or a decryption operation. When the operation is an encryption operation, the method includes transmitting a data encryption key associated with the data to a remote entity. The remote entity encrypts the data encryption key with a key encryption key and transmits the encrypted data encryption key to the data processing hardware. When the operation is a decryption operation, the method includes transmitting the encrypted data encryption key to the remote entity which causes the remote entity to decrypt the encrypted data encryption key with the key encryption key and transmit the decrypted data encryption key and transmit to the data processing hardware.

It is often necessary to securely transfer data, such as authenticators or authorization tokens, between programs running on the same end-user device. The teachings hereof enable the pairing of two programs executing on a given end-user device and then the transfer of data from one program to the other. In an embodiment, a first program connects to a server and sends encrypted data elements. A second program intercepts the connection and/or the encrypted data elements. The second program tunnels the encrypted data elements (which remain opaque to the second program at this point) to a server, using an encapsulating protocol. This enables the server to receive the data elements sent by the first program, decrypt them, and provide them to the second program via return message using control fields of the encapsulating protocol. Once set up, the tunneling arrangement enables bidirectional data transfer.

Selecting a provisioning profile from a group of distinct provisioning profiles that have been stored in a mobile device for bootstrapping of the mobile device is presented herein. A system generates a group of a defined number of different provisioning profiles; stores the group of the defined number of different provisioning profiles in a data storage device that is part of a network; sends the group of the defined number of different provisioning profiles to a device manufacturer device corresponding to a device manufacturer to facilitate storage of the group of the defined number of different provisioning profiles in mobile devices including the mobile device; and based on a selection of a provisioning profile from the group of the defined number of different provisioning profiles that has been stored in the mobile device, enables an access, by the mobile device, of a network service of the network.