An identity information processing method, a device, and a system, the method including obtaining, by a first network element, a first parameter, where the first parameter is associated with a domain to which a network slice belongs, and determining, by the first network element, according to the first parameter, whether the network slice is managed by an operator.

Relationship discovery can include receiving at a first mobile device a pair of ultrasonic signals conveyed at different frequencies from a second mobile device. The pair of ultrasonic signals can convey, respectively, a second user's contact information in an encrypted form and a key indicator. A contact number can be selected from a first user's contact list electronically stored on the first mobile device. The contact number can be selected based on the key indicator. A mutual contact can be identified in response to decrypting the second user's contact information using the contact number as a decryption key.

Relationship discovery can include receiving at a first mobile device a pair of ultrasonic signals conveyed at different frequencies from a second mobile device. The pair of ultrasonic signals can convey, respectively, a second user's contact information in an encrypted form and a key indicator. A contact number can be selected from a first user's contact list electronically stored on the first mobile device. The contact number can be selected based on the key indicator. A mutual contact can be identified in response to decrypting the second user's contact information using the contact number as a decryption key.

Certain embodiments of this disclosure describe techniques for detecting a spoofed network device and preventing the serving of content, such as advertisements, to the spoofed network device. In certain embodiments, a network security system is provided. The network security system can include hardware and/or software programmed to prevent the provision of content to a spoofed client device. The network security system can provide a mechanism for certifying to content providers, such as advertisers, whether or not a client is a legitimate mobile device or a spoofed device. Accordingly, content providers can prevent the delivery of content to fraudulent devices instead of relying on imprecise solutions that detect fraudulent activity after it has occurred.

A method and device for applying a different security policy, per service traffic, to a protocol data unit (PDU) session in a wireless communication system. The method comprises receiving, by a session management function (SMF) managing a session for a user equipment (UE), first configuration information about a first user plane security policy of the UE from a unified data management (UDM) managing subscription information about the UE, receiving, by the SMF, second configuration information about a second user plane security policy to be applied to a specific service data flow from a policy and control function (PCF) managing a policy and charging control (PCC) rule, and determining a user plane security policy to be applied to the UE based on one selected from the first user plane security policy and the second user plane security policy according to priority.

A method and device for applying a different security policy, per service traffic, to a protocol data unit (PDU) session in a wireless communication system. The method comprises receiving, by a session management function (SMF) managing a session for a user equipment (UE), first configuration information about a first user plane security policy of the UE from a unified data management (UDM) managing subscription information about the UE, receiving, by the SMF, second configuration information about a second user plane security policy to be applied to a specific service data flow from a policy and control function (PCF) managing a policy and charging control (PCC) rule, and determining a user plane security policy to be applied to the UE based on one selected from the first user plane security policy and the second user plane security policy according to priority.

To improve the network experience in a network, a unique device identifier (UDID) can be generated by a UDID generation module of a client device. The UDID generation module utilizes one or more device parameters as well as a service set identifier (SSID) as input(s) to the UDID generation module. The UDID can be reported to an access point device of the network so that the access point device can track, monitor, control, etc. the client device within the network, for example, when media access control randomization (rMAC) is utilized by the network to protect the privacy of the client device or a user of the client device. The same UDID is generated each time the client device joins the network so that the client device need not store the UDID.

An embodiment of this application provides a communications method. The method includes: generating, by an first base station, a radio resource control release message on which encryption and integrity protection are performed by using a new key; and sending, by the first base station, the radio resource control release message to a second base station, thereby improving security of communication between the serving device and the terminal and reducing signaling overheads for performing key negotiation over an air interface.

An embodiment of this application provides a communications method. The method includes: generating, by an first base station, a radio resource control release message on which encryption and integrity protection are performed by using a new key; and sending, by the first base station, the radio resource control release message to a second base station, thereby improving security of communication between the serving device and the terminal and reducing signaling overheads for performing key negotiation over an air interface.

Methods and systems for dynamic wireless network configuration are provided. Aspects include receiving, by an application on a user device, a token, deriving, by the application, a unique identifier and passcode based at least in part on the token, and controlling remote access to a first computer system based on the unique identifier and passcode.