Methods and devices are provided for uploading driving data to a blockchain network. The method is executed at a vehicle node in the blockchain network and includes: packing driving data of the vehicle node within a predetermined time interval every predetermined time interval to obtain a vehicle data packet of the vehicle, and storing the vehicle data packet locally in the vehicle node; broadcasting the vehicle data packet to other vehicle nodes located nearby and in the blockchain network for the other vehicle nodes to receive and store; receiving and storing other vehicle data packets broadcast by the other vehicle nodes located nearby and in the blockchain network; and when connecting to a fixed node that belongs to the blockchain network, synchronizing the vehicle data packet and the other vehicle data packets as stored to the fixed node, wherein the fixed node participates in the consensus of the blockchain network.

Methods, apparatus, and systems for session key generation for AV operation are disclosed. In an embodiment, a vehicle service subscriber system generates an entropy. The vehicle service subscriber system is associated with a vehicle service subscriber. The vehicle service subscriber system transmits a synchronization message to a vehicle service provider system associated with at least one vehicle. The synchronization message includes the entropy. The vehicle service subscriber system receives a salt from the vehicle service provider system. The vehicle service subscriber system verifies that the salt was generated using the entropy. The vehicle service subscriber system calculates session keys using the salt. The vehicle service subscriber system receives a protected message from the vehicle service provider system. The vehicle service subscriber system authenticates the protected message using the session keys. The protected message is used to provide a ride involving the at least one vehicle.

A method of communicating over a plurality of network slices concurrently. The method comprises building a distributed ledger by a network slice registrar function (NSRF) application executing on a computer, where the distributed ledger records an association between a first network slice allocated to a user equipment (UE) and a second network slice allocated to the UE, providing information about the association of the UE to the first network slice and the second network slice by the NSRF application to a network slice selector function (NSSF), establishing a first communication link between the UE and a first call end point via the first network slice by a first user plane function (UPF) and establishing a second communication link between the UE and a second call end point via the second network slice by a second UPF based on the information provided by the NSRF application to the NSSF.

Techniques are provided for ad-hoc authenticated group discovery and data sharing in a mesh network. A group of devices is created without leaving a security gap due to the open communication needed to establish the discovery of the devices forming the group. The group can be authenticated autonomously following network discovery of the devices. Instead of requiring global pre-assigned keys for authentication, the devices in the group are authenticated with signatures and certificate passing thereby providing strong security. The efficiency of data sharing between the devices of the network, such as a mesh network, can also be increased. One or more devices may act as a bridge device between devices of a same group that are not in direct wireless communication with each other to reduce re-broadcasts within the mesh network.

Techniques are provided for ad-hoc authenticated group discovery and data sharing in a mesh network. A group of devices is created without leaving a security gap due to the open communication needed to establish the discovery of the devices forming the group. The group can be authenticated autonomously following network discovery of the devices. Instead of requiring global pre-assigned keys for authentication, the devices in the group are authenticated with signatures and certificate passing thereby providing strong security. The efficiency of data sharing between the devices of the network, such as a mesh network, can also be increased. One or more devices may act as a bridge device between devices of a same group that are not in direct wireless communication with each other to reduce re-broadcasts within the mesh network.

Secure pairing of computing devices, such as a field tool and a battery-powered device (BPD), may include generating by the BPD a challenge message including a randomly-generated challenge, and receiving at the field tool a challenge message from the BPD via a Bluetooth low-energy (BLE) advertisement message. The challenge message can include a randomly-generated challenge and can be issued in a scannable undirected advertising message. The challenge key can be calculated via a secure hash algorithm (SHA) to obtain a response solution. The response solution can be sent by the field tool to the advertising device in response to the challenge message. The response solution can be verified by the BPD using a cryptographic message authentication code such as an HMAC, and the BPD sends a confirmation message to the field tool indicating that the response solution is verified as correct.

Secure pairing of computing devices, such as a field tool and a battery-powered device (BPD), may include generating by the BPD a challenge message including a randomly-generated challenge, and receiving at the field tool a challenge message from the BPD via a Bluetooth low-energy (BLE) advertisement message. The challenge message can include a randomly-generated challenge and can be issued in a scannable undirected advertising message. The challenge key can be calculated via a secure hash algorithm (SHA) to obtain a response solution. The response solution can be sent by the field tool to the advertising device in response to the challenge message. The response solution can be verified by the BPD using a cryptographic message authentication code such as an HMAC, and the BPD sends a confirmation message to the field tool indicating that the response solution is verified as correct.

At a high level, embodiments of the invention relate to augmenting video data with presence data derived from one or more proximity tags. More specifically, embodiments of the invention generate forensically authenticated recordings linking video imagery to the presence of specific objects in or near the recording. One embodiment of the invention includes video recording system comprising a camera, a wireless proximity tag reader, a storage memory and control circuitry operable to receive image data from the camera receive a proximity tag identifier identifying a proximity tag from the proximity tag reader, and store an encoded frame containing the image data and the proximity tag identity in the storage memory.

At a high level, embodiments of the invention relate to augmenting video data with presence data derived from one or more proximity tags. More specifically, embodiments of the invention generate forensically authenticated recordings linking video imagery to the presence of specific objects in or near the recording. One embodiment of the invention includes video recording system comprising a camera, a wireless proximity tag reader, a storage memory and control circuitry operable to receive image data from the camera receive a proximity tag identifier identifying a proximity tag from the proximity tag reader, and store an encoded frame containing the image data and the proximity tag identity in the storage memory.

A message protection method and an apparatus are disclosed. The method includes: When a terminal prepares to hand over from a first-standard system to a second-standard system, the terminal may not have a security context of the second-standard system after handover. Therefore, in the method of the present disclosure, the terminal performs integrity protection on a registration request message and a location update request message by using an integrity key in a security context of the first-standard system before handover. Both the registration request message and the location update request message are messages for triggering handover. Therefore, in the method, security protection is implemented on the message for triggering handover, thereby helping improve communication security.