A wireless infrastructure that communicates with a DHCP server and a wireless client that rotates its MAC address performs a method including: upon receiving, from the wireless client, a first request with a first MAC address, creating a session context including the first MAC address and a stable identifier, and relaying the first request to the DHCP server; relaying, from the DHCP server to the wireless client, a first DHCP reply that includes an Internet Protocol (IP) address bound to the stable identifier; upon receiving, from the wireless client, a second request with the IP address and a second MAC address, merging the second MAC address and the IP address into the session context, and relaying, to the DHCP server, the second request including the stable identifier; and relaying, from the DHCP server to the wireless client, a second DHCP reply including the IP address bound to the stable identifier.

A networked system for authenticating devices that comprise constrained devices connected in a network either directly to cloud based and/or dedicated servers or though gateways to cloud based and/or dedicated servers.

Methods, apparatus, and systems to establish a secure communication in a wireless network are described. In one example aspect, a wireless communication method includes generating, by a first function entity, a first identifier configured to be used to establish a secure communication for a first device, using at least a mobile country code, a mobile network code, and a random number, and transmitting the first identifier to the first device.

A software defined network controller receives from a radio access network access point an attach request generated by a user equipment that includes a user equipment identification and an IP address for the radio access network access point. The controller assigns a temporary identification to the user equipment and sends a modified attach request including the temporary identification, and application server identification and an application server IP address to the radio access network access point. The controller configures a forwarding table associated with the radio access network access point so that the access point forwarding table matches the user equipment identification, the application server identification and the application server IP address. The controller configures a service edge creation environment function forwarding table so that the forwarding table matches the user equipment identification mapped to the radio access network access point IP address.

A method for batch handover authentication and key agreement oriented to a heterogeneous network generally includes the following steps: A, system establishment and participant registration: users participating in authentication register on the LTE-A network to obtain their respective identity information; B, access authentication: when a large number of users request access to the WLAN, the target network WLAN is discovered by using the ANDSF, and the leader sends a complete group authentication message to the AAA server of the WLAN to request identity authentication; if the authentication succeeds, the AAA server of the WLAN returns an identity authentication response; C, if the authentication fails, the continued execution of the protocol is terminated. The method effectively realizes batch authentication of users during handover from the LTE-A network to the WLAN, and thus has high authentication efficiency, small signaling overheads, and high security.

A method for batch handover authentication and key agreement oriented to a heterogeneous network generally includes the following steps: A, system establishment and participant registration: users participating in authentication register on the LTE-A network to obtain their respective identity information; B, access authentication: when a large number of users request access to the WLAN, the target network WLAN is discovered by using the ANDSF, and the leader sends a complete group authentication message to the AAA server of the WLAN to request identity authentication; if the authentication succeeds, the AAA server of the WLAN returns an identity authentication response; C, if the authentication fails, the continued execution of the protocol is terminated. The method effectively realizes batch authentication of users during handover from the LTE-A network to the WLAN, and thus has high authentication efficiency, small signaling overheads, and high security.

An apparatus and a method for reallocation of global unique temporary identifier (GUTI) in 5G networks are disclosed. The method includes receiving, at a user equipment, a first message from a network, the first message including a first global unique temporary identifier and additional information, at least the first global unique temporary identifier being as-signed to the user equipment; receiving a first data transmission including the first global unique temporary identifier from the network; in response to receiving the first data transmission, deriving, at the user equipment, a second global unique temporary identifier based on the first global unique temporary identifier and the additional information; and receiving a second data transmission including the second global unique temporary identifier from the network.

A method performed by a first network entity in a network comprising a user equipment (UE) and the first network entity s provided. The method may include: transmitting, to the UE allocated with a current temporary identity, a paging message; receiving a request associated with resuming a connection for the UE; and allocating a new temporary identity for the UE based on the received request.

A wireless device detection system can include processors, memory devices, and sensors to receive temporary identifiers transmitted between a base station and a mobile wireless device. The memory devices include instructions that cause the processors to build a cumulative distribution function for survival probability based on delta times between multiple access events for each of multiple temporary identifiers received from the sensors. In response to a new access event, the processors add a corresponding temporary identifier to a streaming list and assign a survival probability value, based on the cumulative distribution function, to a latest access event for each temporary identifier contained in the streaming list. The processors remove temporary identifiers from the streaming list that have a survival probability value less than a threshold value, compare the number of temporary identifiers contained in the streaming list to a number of devices known to be present, and calculate the probability that a device corresponding to each of the temporary identifiers contained in the streaming list is present.

A wireless device detection system can include processors, memory devices, and sensors to receive temporary identifiers transmitted between a base station and a mobile wireless device. The memory devices include instructions that cause the processors to build a cumulative distribution function for survival probability based on delta times between multiple access events for each of multiple temporary identifiers received from the sensors. In response to a new access event, the processors add a corresponding temporary identifier to a streaming list and assign a survival probability value, based on the cumulative distribution function, to a latest access event for each temporary identifier contained in the streaming list. The processors remove temporary identifiers from the streaming list that have a survival probability value less than a threshold value, compare the number of temporary identifiers contained in the streaming list to a number of devices known to be present, and calculate the probability that a device corresponding to each of the temporary identifiers contained in the streaming list is present.