Techniques are disclosed for encrypting internet-of-things (IoT) data of an IoT network only once at its inception until its final consumption without intervening encryption/decryption stages/cycles. The present encrypt-decrypt-once design thus eliminates potential exposure of the IoT data in its plaintext form of a traditional approach employing intervening encryption/decryption cycles. The present design is also efficient and reduces the burden on IoT resources by eliminating the need for encrypting and decrypting the data multiple times. To accomplish these objectives, a number of schemes for device enrollment, authentication, key distribution, key derivation, encryption and encoding are disclosed. The devices employ authenticated encryption because it provides confidentiality, integrity, and authenticity assurances on the encrypted data. The final consumption of the IoT data may be at a designated gateway or a corporate system.

A method for automatically configuring a new electronic device for connecting to a wireless access point of a communication network; initially the audio channel for communication between the new electronic device and one or more electronic devices already connected to the network is established; secondly, the configuration parameters for connecting to the wireless access point are transmitted by this audio channel to the new electronic device, the latter then being able to configure itself correctly in order to connect to the wireless access point of the network.

A method for automatically configuring a new electronic device for connecting to a wireless access point of a communication network; initially the audio channel for communication between the new electronic device and one or more electronic devices already connected to the network is established; secondly, the configuration parameters for connecting to the wireless access point are transmitted by this audio channel to the new electronic device, the latter then being able to configure itself correctly in order to connect to the wireless access point of the network.

Technologies for key management of internet-of-things (IoT) devices include an IoT device, an authority center server, and a group management server. The IoT device is configured to authenticate with an authority center server via an offline communication channel, receive a group member private key as a function of the authentication with the authority center server, and authenticate with a group management server via a secure online communication channel using the group member private key. The IoT device is further configured to receive a group shared key as a function of the authentication with the group management server, encrypt secret data with the group shared key, and transmit the encrypted secret data to the group management server. Other embodiments are described herein.

A method and apparatus at a small cell access point for offloading a wireless device in a macro cell, the method establishing a radio link signaling connection between a base station of the macro cell and the access point; and offloading the wireless device using control signaling over the signaling connection. Further, a method at the wireless device, the method receiving a message identifying a set of candidate small cell access points; selecting at least one access point from amongst the set of candidate small cell access points; reporting the selected at least one access point; receiving a preparatory message preparing the wireless device for a target small cell access point, wherein the target small cell access point is included in the selected at least one access point; and associating the wireless device with the target small cell access point.

Systems and methods are disclosed for registering a host computing device at a server and registering a lock device at the server via an application running on a mobile computing device, each being provided host keys from the server that allow communication between the host computing device the lock device. Further, the lock device can only be registered with the server if a current registered device count is less than a maximum registered device threshold.

The present disclosure relates to connection reestablishment methods and apparatus. In one example method, when a handover fails, a terminal reverts back to a source configuration, and obtains a selected cell. The terminal sends a connection reestablishment request to a selected radio access network device. The terminal receives a first message from the selected radio access network device, where the first message includes indication information used to indicate to derive an access network key based on a core network key. The terminal obtains a first core network key based on the indication information, and derives a first access network key based on the first core network key. The terminal communicates with the selected radio access network device by using the first access network key.

A method for authentication, operational in a device configured to communicate with a Long-Term Evolution (LTE) network, is described. The method includes receiving a first message from the LTE network that indicates the LTE network supports establishment of an LTE security context based on executing certificate-based authentication in lieu of subscriber identity module (SIM)-based authentication. The method also includes communicating one or more messages with the LTE network to execute certificate-based authentication. The method further includes establishing the LTE security context based on keys derived from the certificate-based authentication.

A client application component of a device may provide a request to an authentication component of the device for an authentication token, in order to authenticate an application with a server. The authentication component may generate the authentication token to be one-way encrypted, based on a server token and a data string associated with security information corresponding to the application, and device information that identifies the device. The client application component may receive the authentication token from the authentication component. The client application component may generate, based on the authentication token, a client token and transmit the client token to the server to authenticate the client application.

A client application component of a device may provide a request to an authentication component of the device for an authentication token, in order to authenticate an application with a server. The authentication component may generate the authentication token to be one-way encrypted, based on a server token and a data string associated with security information corresponding to the application, and device information that identifies the device. The client application component may receive the authentication token from the authentication component. The client application component may generate, based on the authentication token, a client token and transmit the client token to the server to authenticate the client application.