A method and an apparatus for establishing secure communication. The method includes: a terminal device receives a first message from a first network element, where the first message includes an identifier of a second network element and first indication information, and the first indication information indicates a candidate authentication mechanism associated with the second network element. The terminal device establishes a communication connection with the second network element based on the candidate authentication mechanism. The terminal device may obtain an authentication mechanism of the dynamically configured second network element, to meet a requirement for establishing a secure communication connection through authentication in an MEC architecture.

A security system used by an organization maintains a PKI used for issuing digital certificates (hereinafter for brevity also referred to simply as “certificates”) and provides the PKI to the organization as a network service. In order to simplify the use of the PKI for purposes such as obtaining certificates, the security system additionally provides a mechanism for using a designated flow protocol to interface with whichever MDMs the organization uses. This mechanism permits administrators or other users to provision certificates to their organization's client devices with just a few actions within a user interface.

A security system used by an organization maintains a PKI used for issuing digital certificates (hereinafter for brevity also referred to simply as “certificates”) and provides the PKI to the organization as a network service. In order to simplify the use of the PKI for purposes such as obtaining certificates, the security system additionally provides a mechanism for using a designated flow protocol to interface with whichever MDMs the organization uses. This mechanism permits administrators or other users to provision certificates to their organization's client devices with just a few actions within a user interface.

A method includes receiving, by an embedded universal integrated circuit card (eUICC), first information from a local profile assistant (LPA), where the first information includes a first certificate issuer (CI) public key identifier, and the first CI public key identifier is a CI public key identifier that the eUICC does not have. The method further includes sending, by the eUICC, second information to an OPS, where the second information includes the first CI public key identifier. The method further includes receiving, by the eUICC, a patch package from the OPS, where the patch package includes at least a first CI public key corresponding to the first CI public key identifier. The method further includes updating, by the eUICC, a CI public key of the eUICC by using the first CI public key.

A method includes receiving, by an embedded universal integrated circuit card (eUICC), first information from a local profile assistant (LPA), where the first information includes a first certificate issuer (CI) public key identifier, and the first CI public key identifier is a CI public key identifier that the eUICC does not have. The method further includes sending, by the eUICC, second information to an OPS, where the second information includes the first CI public key identifier. The method further includes receiving, by the eUICC, a patch package from the OPS, where the patch package includes at least a first CI public key corresponding to the first CI public key identifier. The method further includes updating, by the eUICC, a CI public key of the eUICC by using the first CI public key.

In a wireless communication terminal, a control circuit is configured to cause a wireless communicator to wirelessly connect to a first AP on the basis of authentication information of the first AP stored on a memory and is configured to execute authentication processing with the first AP on the basis of the authentication information of the first AP stored on the memory without executing setup processing when the control circuit selects a first mode. The control circuit is configured to start the setup processing with a second AP by using the wireless communicator when the control circuit selects the second mode. The control circuit is configured to cause the wireless communicator to wirelessly connect to the second AP and is configured to execute the authentication processing with the second AP on the basis of authentication information received from the second AP by the wireless communicator.

Techniques for enabling a system to verify operations or transactions as being associated with a user account are described. A system receives message data associated with an unverified operation or an unverified transaction. The system generates first audio data that includes a representation of a first digital signature based on at least a first verification code. The system sends a message including second message data with an ability to output the first audio data responsive to first device playing the first audio data within earshot of the second device. The system receives, from a second device, second audio data that represents the first audio data. The system determines that the second audio data includes an audio representation of a second digital signature based on at least the first verification code. The system verifies the unverified operation and associates the operation with the user account to indicate that the operation is a verified operation.

A method for securing electronic transactions includes associating a mobile electronic device with a first user. A first computer system retrievably stores registration data relating to the first user, including a device identifier that is unique to the mobile electronic device. A security application that supports in-application push notifications is installed on the mobile electronic device. The first computer system sends a push notification to the mobile electronic device, the push notification prompting the first user to provide a confirmation reply via a user interface of the security application for activating the mobile electronic device as a security token. The mobile electronic device is activated as a security token for the first user in response to receiving at the first computer system, from the mobile electronic device, the confirmation reply from the first user.

A method for securing electronic transactions includes associating a mobile electronic device with a first user. A first computer system retrievably stores registration data relating to the first user, including a device identifier that is unique to the mobile electronic device. A security application that supports in-application push notifications is installed on the mobile electronic device. The first computer system sends a push notification to the mobile electronic device, the push notification prompting the first user to provide a confirmation reply via a user interface of the security application for activating the mobile electronic device as a security token. The mobile electronic device is activated as a security token for the first user in response to receiving at the first computer system, from the mobile electronic device, the confirmation reply from the first user.

Various embodiments are generally directed to improving card security by providing a user a contactless card with no sensitive card information, such as card number, card verification value, and expiration date, printed thereon, and displaying the sensitive card information relative to the card in augmented reality (AR) based on successful NFC-based user authentication. According to examples, the NFC-based user authentication may be performed by one-tapping or single tapping the contactless card to user mobile device. One or more portions of the sensitive card information may be obfuscated to further enhance card security. Moreover, the user can interact with AR elements including the sensitive card information to perform various actions.