Embodiments of the present application disclose a method for providing a terminal identifier to a terminal. During operation, a security server receives a registration information set from the terminal, in which the registration information set includes multiple pieces of equipment information from the terminal. The security server then generates a terminal identifier based on the multiple pieces of equipment information in the registration information set. The security server then returns the terminal identifier to the terminal.

Systems, methods, and instrumentalities are disclosed that provide for a gateway outside of a network domain to provide services to a plurality of devices. For example, the gateway may act as a management entity or as a proxy for the network domain. As a management entity, the gateway may perform a security function relating to each of the plurality of devices. The gateway may perform the security function without the network domain participating or having knowledge of the particular devices. As a proxy for the network, the gateway may receive a command from the network domain to perform a security function relating to each of a plurality of devices. The network may know the identity of each of the plurality of devices. The gateway may perform the security function for each of the plurality of devices and aggregate related information before sending the information to the network domain.

Device to device (D2D) communication can be performed with packet data convergence protocol (PDCP) based encapsulation without internet protocol (IP) addressing. The non-IP D2D PDCP-encapsulated communication can further include two forms of secure data transfer. A first non-IP D2D PDCP-encapsulated communication can be a negotiated non-IP D2D PDCP-encapsulated communication. A second non-IP D2D PDCP-encapsulated communication can be a non-negotiated non-IP D2D communication. The non-negotiated non-IP D2D PDCP-encapsulated communication can include a common key management server (KMS) version and a distributed KMS version. The encapsulated communication can be used with various protocols, including a PC5 protocol (such as the PC5 Signaling Protocol) and wireless access in vehicular environments (WAVE) protocols.

A connectionless system for handing off data, content or information includes a proximity detection component that allows devices to detect other local devices within range. Devices within range may use advertisement and scanning to exchange communications so that one device can handoff data, content, or information to another device without having to connect, e.g., pair, with the other device(s).

A wireless communication network serves a wireless user device with a wireless communication service from a wireless network slice that includes a Virtual Network Function (VNF). The VNF maintains hardware-trust with a distributed ledger. The distributed ledger maintains hardware-trust with the VNF. The VNF delivers the wireless communication service to the wireless user device from the wireless network slice. The VNF generates slice data that characterizes the service delivery. When the VNF maintains the hardware-trust with the distributed ledger, the VNF transfers the slice data to the distributed ledger. When the distributed ledger maintains the hardware-trust with the VNF, the distributed ledger stores the slice data.

A wireless communication network serves a wireless user device with a wireless communication service from a wireless network slice that includes a Virtual Network Function (VNF). The VNF maintains hardware-trust with a distributed ledger. The distributed ledger maintains hardware-trust with the VNF. The VNF delivers the wireless communication service to the wireless user device from the wireless network slice. The VNF generates slice data that characterizes the service delivery. When the VNF maintains the hardware-trust with the distributed ledger, the VNF transfers the slice data to the distributed ledger. When the distributed ledger maintains the hardware-trust with the VNF, the distributed ledger stores the slice data.

The embodiments provide cryptography that is performed in each of two communicating devices and is based on information known only to the devices. The information is determined in each of the devices at the time of communications. Each of the devices determines the information without communicating key information related to the encryption key with each other. Channel characteristic reciprocity between the two devices allows creation of identical keys in each device. Each of the devices sends a first setup signal to the other device, receives a second setup signal from the other device, where the second setup signal may be a looped back version of the first setup signal, samples the second setup generates sampling results, creates a key based on the sampling results, and utilizes the key to exchange one or more secure data signals with the other device.

According to some embodiments, a security management entity is provided. The security management entity includes processing circuitry configured to: generate a key having a plurality of key parts, anonymize at least a first data instance at least in part by using the key with threshold cryptography, transmit a respective key part to each one of the plurality of trusted entities, store at least one key part where the stored at least one key part is different from the transmitted respective key parts, receive a message from a first trusted entity of the plurality of trusted entities for investigating the anonymized first data instance where the message includes one of the transmitted respective key parts, and deanonymize the first data instance using the stored at least one key part and the one of the transmitted respective key parts associated with the first trusted entity.

According to some embodiments, a security management entity is provided. The security management entity includes processing circuitry configured to: generate a key having a plurality of key parts, anonymize at least a first data instance at least in part by using the key with threshold cryptography, transmit a respective key part to each one of the plurality of trusted entities, store at least one key part where the stored at least one key part is different from the transmitted respective key parts, receive a message from a first trusted entity of the plurality of trusted entities for investigating the anonymized first data instance where the message includes one of the transmitted respective key parts, and deanonymize the first data instance using the stored at least one key part and the one of the transmitted respective key parts associated with the first trusted entity.

A communication method and a communications apparatus, where the method includes: after receiving an RRC resume request message from a UE, determining, by a target access network device, a first user plane security protection method between the target access network device and the UE based on a context information obtaining response from a source access network device; determining a first user plane security key between the target access network device and the UE; when receiving first uplink user plane data from the UE, performing user plane security deprotection on the first uplink user plane data based on the first user plane security key and the first user plane security protection method, to obtain uplink user plane data; and sending the uplink user plane data.