A security implementation method includes obtaining, by a first device, a security policy of a session and at least one key, and sending, by the first device, protected data to a second device, where the protected data is obtained by protecting security of session data of the session using the at least one key based on the security policy of the session, and the second device is configured to restore the protected data using the at least one key based on the security policy to obtain the session data, where when the first device is a terminal device, the second device is an access network node or a user plane node, or when the first device is an access network node or a user plane node, the second device is a terminal device.

A security implementation method includes obtaining, by a first device, a security policy of a session and at least one key, and sending, by the first device, protected data to a second device, where the protected data is obtained by protecting security of session data of the session using the at least one key based on the security policy of the session, and the second device is configured to restore the protected data using the at least one key based on the security policy to obtain the session data, where when the first device is a terminal device, the second device is an access network node or a user plane node, or when the first device is an access network node or a user plane node, the second device is a terminal device.

A communication system for resuming a connection comprises a user equipment (UE) and network nodes. A first network node is configured to prepopulate a UE context, and send, to a second network node, the UE context. The second network node is configured to receive, from the first network node, the UE context, and send, to a UE, a resume request message including a freshness parameter and the UE context. The UE is configured to receive, from the second network node, a resume request message including the freshness parameter and the UE context, generate an authentication token based on the freshness parameter and the UE context, and send, to the second network node, a resume response message including the authentication token. The communication system provides a freshness parameter and a prepopulated UE context to secure and facilitate resume procedure against replay attacks.

A communication system for resuming a connection comprises a user equipment (UE) and network nodes. A first network node is configured to prepopulate a UE context, and send, to a second network node, the UE context. The second network node is configured to receive, from the first network node, the UE context, and send, to a UE, a resume request message including a freshness parameter and the UE context. The UE is configured to receive, from the second network node, a resume request message including the freshness parameter and the UE context, generate an authentication token based on the freshness parameter and the UE context, and send, to the second network node, a resume response message including the authentication token. The communication system provides a freshness parameter and a prepopulated UE context to secure and facilitate resume procedure against replay attacks.

A system includes processing circuitry; and a memory device including instructions embodied thereon, wherein the instructions, which when executed by the processing circuitry, configure the processing circuitry to perform operations comprising: accessing input data, at an aggregator node, the input data including sensor data from a plurality of sensor nodes, each sensor data having a respective signature; validating the sensor data by using respective cryptographic hash functions on the sensor data and evaluating the respective result using the respective signature; performing an aggregation function on the sensor data to produce aggregate data; executing a hash function on the aggregate data to produce a hash value for the aggregate data; bundling the sensor data, respective signatures of the sensor data, aggregate data, and hash value for the aggregate data in a data structure; and exposing the data structure to subscriber nodes on the IoT network.

A system includes processing circuitry; and a memory device including instructions embodied thereon, wherein the instructions, which when executed by the processing circuitry, configure the processing circuitry to perform operations comprising: accessing input data, at an aggregator node, the input data including sensor data from a plurality of sensor nodes, each sensor data having a respective signature; validating the sensor data by using respective cryptographic hash functions on the sensor data and evaluating the respective result using the respective signature; performing an aggregation function on the sensor data to produce aggregate data; executing a hash function on the aggregate data to produce a hash value for the aggregate data; bundling the sensor data, respective signatures of the sensor data, aggregate data, and hash value for the aggregate data in a data structure; and exposing the data structure to subscriber nodes on the IoT network.

A method for secure path discovery in a mesh network at a destination device is disclosed. The method includes receiving a path discovery request from an originator device and selecting a path selection in response to the path discovery request. The method also includes transmitting the path selection to the originator device and receiving a random seed from a provisioner device. The method also includes generating an authentication code based on the random seed, transmitting an authentication code message to an originator device and receiving communications from the originator device only if the originator device receives a verification response message from the provisioner device which confirms that the destination device has been verified.

A method for secure path discovery in a mesh network at a destination device is disclosed. The method includes receiving a path discovery request from an originator device and selecting a path selection in response to the path discovery request. The method also includes transmitting the path selection to the originator device and receiving a random seed from a provisioner device. The method also includes generating an authentication code based on the random seed, transmitting an authentication code message to an originator device and receiving communications from the originator device only if the originator device receives a verification response message from the provisioner device which confirms that the destination device has been verified.

Technologies for systems, methods and computer-readable storage media for reducing the time to complete authentication during inter-technology handovers by reusing security context between 5G and Wi-Fi. Assuming, that the administrative domain for Wi-Fi and 5G match (and belongs to an enterprise for instance), using an already established security context in one technology to do fast authentication in the other technology during handover. Specifically, if UE is on Wi-Fi and handing over to 5G, use its Wi-Fi security context to do fast security setup in 5G, which includes a corresponding method for use when the UE goes from 5G to Wi-Fi.

Technologies for systems, methods and computer-readable storage media for reducing the time to complete authentication during inter-technology handovers by reusing security context between 5G and Wi-Fi. Assuming, that the administrative domain for Wi-Fi and 5G match (and belongs to an enterprise for instance), using an already established security context in one technology to do fast authentication in the other technology during handover. Specifically, if UE is on Wi-Fi and handing over to 5G, use its Wi-Fi security context to do fast security setup in 5G, which includes a corresponding method for use when the UE goes from 5G to Wi-Fi.