Apparatuses, methods, and systems are disclosed for integrity protection for a packet data unit. One method includes determining a first portion of a packet data unit, wherein the packet data unit includes the first portion and a second portion. The method includes applying an integrity protection function to the first portion of the packet data unit to result in an integrity protection indicator without applying the integrity protection function to the second portion of the packet data unit. The method includes transmitting the packet data unit with the integrity protection indicator.

Apparatuses, methods, and systems are disclosed for integrity protection for a packet data unit. One method includes determining a first portion of a packet data unit, wherein the packet data unit includes the first portion and a second portion. The method includes applying an integrity protection function to the first portion of the packet data unit to result in an integrity protection indicator without applying the integrity protection function to the second portion of the packet data unit. The method includes transmitting the packet data unit with the integrity protection indicator.

Techniques for security management in communication systems are provided. For example, a method comprises maintaining a list of networks that support access for a set of restricted local operator services, checking whether a set of conditions for triggering access to the set of restricted local operator services is satisfied, receiving a request for access to the set of restricted local operator services, and initiating, upon satisfaction of the set of conditions, a search of the list of networks to find a network for access to the set of restricted local operator services.

A data packet verification method and a device improve network security. The method includes: receiving a data packet of a terminal device, where the data packet carries a first token and a service identifier, and the service identifier is used to indicate a type of a service to which the data packet belongs; obtaining first input information based on the data packet, and generating a second token based on the first input information, where the first input information includes an identifier of the terminal device and the service identifier carried in the data packet; and sending the data packet when the first token is the same as the second token.

In some embodiments, a method includes: generating, by a session controlling Internet platform, a personalized Universal Resource Locator link (PURL), including: where the PURL is: communicatively coupled to the permission controlling schema and configured to be utilized to establish a peer-to-peer communication session between a sender computing device and a recipient computing device; where the PURL includes: a domain name associated with the session controlling Internet platform hosting a permission controlling schema, and at least one first identity linked to the recipient computing device; transmitting, by the session controlling Internet platform, the PURL to the recipient computing device; receiving, by the session controlling Internet platform, after the transmitting the PURL to the recipient computing device, a mobile originating communication, having data including: a multi-part multi-functional address signaling sequence, including: a MICRO band part, corresponding to a MICRO band parameter and a MACRO band part.

Technical problems and their solution are disclosed regarding the location of mobile devices requesting services near a site from a server. Embodiments adapt and/or configure the transmitting device near the site, the mobile device communicating with the transmitting device using a short haul wireless communications protocol to deliver a token based upon a key shared with the server but invisible to the mobile device. The server can determine the proximity of the mobile device to the site to control actuation of the requested service or disable the service request, and possibly flushing the service request from the server. Solutions are disclosed for traffic intersections involving one or more traffic lights, elevators in buildings, fire alarms in buildings and valet parking facilities.

Disclosed here is a system and method to determine which wireless telecommunication network functionalities are impaired when using end-to-end encryption and to ameliorate the impairment of the functionality. The system receives a request from a sender device to communicate with a receiver device, where the request indicates whether the sender device is capable of an end-to-end encryption. The system determines whether the receiver device is capable of the end-to-end encryption, and whether the receiver device is associated with a functionality provided by a wireless telecommunication network that is impaired when the end-to-end encryption is used. Upon determining that the receiver device is not capable of the end-to-end encryption or that the receiver device is associated with the functionality that is impaired, the system performs an action to ameliorate the impairment to the functionality.

Disclosed here is a system and method to determine which wireless telecommunication network functionalities are impaired when using end-to-end encryption and to ameliorate the impairment of the functionality. The system receives a request from a sender device to communicate with a receiver device, where the request indicates whether the sender device is capable of an end-to-end encryption. The system determines whether the receiver device is capable of the end-to-end encryption, and whether the receiver device is associated with a functionality provided by a wireless telecommunication network that is impaired when the end-to-end encryption is used. Upon determining that the receiver device is not capable of the end-to-end encryption or that the receiver device is associated with the functionality that is impaired, the system performs an action to ameliorate the impairment to the functionality.

A network node configured to perform a process that includes receiving a PDU Session Establishment Request message for establishing a PDU session, wherein the PDU Session Establishment Request message was transmitted by a UE and includes a PDU session ID. The process also includes communicating a Session Management (SM) Request comprising the PDU Session Establishment Request to an SMF. The process also includes receiving from the SMF a message that includes: i) the PDU Session ID identifying the PDU session, ii) a PDU Session Establishment Accept message, and iii) a user plane (UP) security policy for the PDU session, wherein the UP security policy for the PDU session indicates: i) whether UP confidentiality protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session, and/or ii) whether UP integrity protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session.

Methods and apparatuses are disclosed for updating a wait timer as a result of receiving one of a release message and a suspend message and/or configuring a wireless device (WD) to update a wait timer by determining the one of the release message and the suspend message to be communicated to the WD.