Methods and apparatus for enhancement of authentication. A method performed by a communication device may comprise sending a first request to a communication equipment, wherein the request comprises a communication device identifier of the communication device. The method may further comprise receiving a first response from the communication equipment, the first response comprising one or more parameters. The method may further comprise generating a first key and a second key based on the received response; The method may further comprise sending a second request to the communication equipment, the second request comprising the first key and a message based on the second key.

An association control method and a related apparatus are provided and are applied to short-range communication. The method includes: determining that an identity of a second node is trusted; sending a first authentication request to the second node, where the first authentication request includes first identity authentication information generated based on a shared key; receiving a first authentication response from the second node, where the first authentication response includes second identity authentication information; performing verification on the second identity authentication information based on the shared key; and updating a first authentication failure counter if the verification fails. This can prevent a node from establishing an association with an unauthorized attacker, and protect data security of the node.

An association control method and a related apparatus are provided and are applied to short-range communication. The method includes: determining that an identity of a second node is trusted; sending a first authentication request to the second node, where the first authentication request includes first identity authentication information generated based on a shared key; receiving a first authentication response from the second node, where the first authentication response includes second identity authentication information; performing verification on the second identity authentication information based on the shared key; and updating a first authentication failure counter if the verification fails. This can prevent a node from establishing an association with an unauthorized attacker, and protect data security of the node.

Disclosed embodiments are related to various Radio Equipment implementations based on the European Union Radio Equipment Directive. Embodiments include implementations for safety and health, electromagnetic compatibility, and the efficient use of the radio spectrum, and cyber security including, inter alia, privacy protection and protection against fraud. Furthermore, additional aspects cover interoperability, access to emergency services, and compliance regarding the combination of Radio Equipment and software. Other embodiments may be described and/or claimed.

Disclosed embodiments are related to various Radio Equipment implementations based on the European Union Radio Equipment Directive. Embodiments include implementations for safety and health, electromagnetic compatibility, and the efficient use of the radio spectrum, and cyber security including, inter alia, privacy protection and protection against fraud. Furthermore, additional aspects cover interoperability, access to emergency services, and compliance regarding the combination of Radio Equipment and software. Other embodiments may be described and/or claimed.

The present disclosure provides a provisioning method and a terminal device. The provisioning method is applied to the terminal device, including: the security module establishes a secure channel with the certificate authority CA server through one or more session keys shared by the security module and the CA server; and obtains one or more digital certificates from the CA server; wherein, the security module is to implement Universal Subscriber Identity Module (USIM) functions.

The present disclosure provides a provisioning method and a terminal device. The provisioning method is applied to the terminal device, including: the security module establishes a secure channel with the certificate authority CA server through one or more session keys shared by the security module and the CA server; and obtains one or more digital certificates from the CA server; wherein, the security module is to implement Universal Subscriber Identity Module (USIM) functions.

A method provisions keys in a network of connected objects, including a plurality of such objects as well as a programming station. The nodes of the network could communicate over a main channel and over a secure auxiliary channel, distinct from the main channel. After a first phase of authentication and mutual identification with the nodes of the network, a terminal including a secure hardware element, broadcasts, in a second phase, a set of secret keys to each node, via the auxiliary channel, the set of secret keys including a first secret key intended to authenticate the nodes belonging to the network and a second secret key, intended to encrypt the exchanges over the main channel. In a third phase, the programming station performs a discovery of the nodes of the network.

A method provisions keys in a network of connected objects, including a plurality of such objects as well as a programming station. The nodes of the network could communicate over a main channel and over a secure auxiliary channel, distinct from the main channel. After a first phase of authentication and mutual identification with the nodes of the network, a terminal including a secure hardware element, broadcasts, in a second phase, a set of secret keys to each node, via the auxiliary channel, the set of secret keys including a first secret key intended to authenticate the nodes belonging to the network and a second secret key, intended to encrypt the exchanges over the main channel. In a third phase, the programming station performs a discovery of the nodes of the network.

An apparatus is disclosed for storing a private key on an IoT device for encrypted communication with an external user device and includes a proximity-based communication interface, encryption circuitry and IoT functional circuitry. The encryption circuitry includes a memory having a dedicated memory location allocated for storage of encryption keys utilized in the encrypting/decrypting operations, an encryption engine for performing the encryption/decryption operation with at least one of the stored encryption keys in association with the operation of the IoT functional circuitry, an input/output interface for interfacing with the proximity-based communication interface to allow information to be exchanged with a user device in a dedicated private key transfer operation, an internal system interface for interfacing with the IoT functional circuitry for transfer of information therebetween, memory control circuitry for controlling storage of a received private key from the input/output interface for storage in the dedicated memory location in the memory, in a Write-only memory storage operation relative to the private key received from the input/output interface over the proximity-based communication interface, the memory control circuitry inhibiting any Read operation of the dedicated memory location in the memory through the input/output interface. The IoT functional circuitry includes a controller for controlling the operation of the input/output interface and the memory control circuitry in a private key transfer operation to interface with the external user device to control the encryption circuitry for transfer of a private key from the user device through the proximity-based communication interface for storage in the dedicated memory location in the memory, the controller interfacing with the encryption circuitry via the internal system interface, and operational circuitry for interfacing with the user device over a peer to peer communication link and encrypting/decrypting information therebetween with the encryption engine in the encryption circuitry.