A message protection method and an apparatus are disclosed. The method includes: When a terminal prepares to hand over from a first-standard system to a second-standard system, the terminal may not have a security context of the second-standard system after handover. Therefore, in the method of the present disclosure, the terminal performs integrity protection on a registration request message and a location update request message by using an integrity key in a security context of the first-standard system before handover. Both the registration request message and the location update request message are messages for triggering handover. Therefore, in the method, security protection is implemented on the message for triggering handover, thereby helping improve communication security.

A terminal device may obtain a public key and target identification information from a communication device, search for the communication device via a wireless interface of the terminal device, based on the target identification information and a result of the search for the communication device, determine whether the communication device is to establish a wireless connection with an external device or with the terminal device, in a case where it is determined that the communication device is to establish the wireless connection with the external device, send first connection information to the communication device, in a case where it is determined that the communication device is to establish the wireless connection with the terminal device, send second connection information different from the first connection information to the communication device, establish the wireless connection with the communication device via the wireless interface by using the second connection information.

Methods and apparatus to establish secure low energy wireless communications in a process control system are disclosed. An example field device includes a Bluetooth Low Energy (BLE) interface to receive a first initialization message from a remote device over an unpaired BLE connection. The first initialization message includes a plaintext message containing authentication content. The authentication content is generated based on a private authentication token available to the remote device using middleware. The field device also includes a BLE message analyzer to validate the plaintext message based on the authentication content using the authentication token stored by the field device.

Embodiments include devices and methods for providing secure communications between a first computing device and a second computing device are disclosed. A processor of the first computing device may determine in a first application software first security key establishment information. The processor may provide the first security key establishment information to a communication layer of the first computing device for transmission to the second computing device. The processor may receive, in the first application software from the communication layer of the first computing device, second security key establishment information received from the second computing device. The processor may determine a first security key by the first application software based at least in part on the second security key establishment information. The processor may provide the first security key to the communication layer for protecting messages from the first application software to the second computing device.

Embodiments include devices and methods for providing secure communications between a first computing device and a second computing device are disclosed. A processor of the first computing device may determine in a first application software first security key establishment information. The processor may provide the first security key establishment information to a communication layer of the first computing device for transmission to the second computing device. The processor may receive, in the first application software from the communication layer of the first computing device, second security key establishment information received from the second computing device. The processor may determine a first security key by the first application software based at least in part on the second security key establishment information. The processor may provide the first security key to the communication layer for protecting messages from the first application software to the second computing device.

Systems, methods, and software for inter-PLMN communications. In one embodiment, a roaming hub receives a message from a sending entity across an N32 interface, and determines whether the message includes an HTTP custom header that indicates a PLMN that is validated. When the message as received does not include the HTTP custom header, the roaming hub adds the HTTP custom header to the message that indicates the PLMN of the sending entity, integrity protects the HTTP custom header, and forwards the message toward a receiving entity.

According to an example aspect of the present invention, there is provided a method including determining at least one possible downlink control information for the user equipment to schedule the data transmission, checking a scrambled version of the at least one possible downlink control information to determine whether the scrambled version of the at least one possible downlink control information defines valid downlink control information, transmitting the scrambled version of the at least one possible downlink control information and scheduling the data transmission based on the at least one possible downlink control information and if it is determined that the scrambled version of the at least one possible downlink control information defines valid downlink control information, scheduling the jamming transmission based on the scrambled version of the at least one possible downlink control information.

Methods and apparatuses are described herein for proximity-based services (ProSe) service-based discovery. For example, a service utilizing-wireless transmit/receive unit (SU-WTRU) may be provisioned with a type of discovery on a per-service basis and a security credential on a per-service basis. The SU-WTRU may transmit (315) a PC5 discovery message with the type of discovery and a first security element that is generated based on the security credential. The WTRU may then receive (325), from a service providing-wireless transmit/receive unit (SP-WTRU), a PC5 discovery response message that includes a second security element and a service identity associated with a service that the SP-WTRU provides. On a condition that the second security element is verified based on the provisioned security credential, the SU-WTRU may authorize (330) the SP-WTRU to establish a PC5 communication link with the SP-WTRU.

The present disclosure relates to a method performed by a core network node for enabling handling of data packets in a wireless communication system. The core network node identifies a potentially malicious service data flow associated with a communication device. The core network node assigns, to the potentially malicious service data flow, an identifier value to an identifier. The identifier value indicates that data packets associated with the potentially malicious service data flow should be handled according to a packet handling rule for potentially malicious data packets. The core network node provides an identifier comprising the identifier value towards the communication device towards at least one of an access node that serves the communication device in the access network, and a second core network node that processes data packets to and from the communication device.

The present disclosure relates to a method performed by a core network node for enabling handling of data packets in a wireless communication system. The core network node identifies a potentially malicious service data flow associated with a communication device. The core network node assigns, to the potentially malicious service data flow, an identifier value to an identifier. The identifier value indicates that data packets associated with the potentially malicious service data flow should be handled according to a packet handling rule for potentially malicious data packets. The core network node provides an identifier comprising the identifier value towards the communication device towards at least one of an access node that serves the communication device in the access network, and a second core network node that processes data packets to and from the communication device.