Techniques for trusted roaming between identity federation based networks. A first wireless access point (AP) receives a roaming request from a wireless station (STA), to roam from the first AP to a second AP. The first AP is associated with a first access network provider (ANP), the second AP is associated with a second ANP, and the first ANP is different from the second ANP. Authentication information relating to the STA is transmitted from the first ANP to the second ANP using a trusted connection. The trusted connection was previously established between the first ANP and the second ANP based on a query to an identity federation to which both the first and second ANP belong. The STA is de-associated from the first AP. The STA is re-associated at the second AP using the transmitted authentication information

The AMF re-allocation procedure for an Initiating AMF that has reroute capability via an Access Network (AN) is optimized in scenarios where a wireless device, such as a User Equipment (UE), already shares a 5G security context with-in a Last Serving AMF that is different from the Initiating AMF, and where the Initiating AMF and the Last Serving AMF can communicate with each other via an interface.

Disclosed are a method for modification in dual-connection mode and a device, for use in solving the problem that the communication performance of a terminal is easily reduced after establishment or modification in the current dual-connection architecture. The method for modification in dual-connection mode provided in the present application comprises: an MN determines an SN for flow transfer, the MN sending to the SN a transfer instruction carrying the indication information of the PDU session to which the flow belongs, so that the SN determines, according to the received transfer instruction, whether to receive the flow transferred by the MN, wherein the indication information of the PDU session is used for indicating whether the MN transfers part or all of the flow under a PDU session. The method effectively improves the communication performance of a terminal in a communication process.

A secure communication method and a secure communications apparatus related to the field of communications technologies and applied to a terminal. The terminal has a first security context and a second security context, the first security context is used by the terminal to communicate with a first network, the second security context is used by the terminal to communicate with a second network, and the first security context and the second security context include different first information.

Aspects of the subject disclosure may include, for example, authenticating, by a federated blockchain controller, a user equipment located within a cell coverage area of a network that includes heterogeneous cells. The federated blockchain controller can provide encryption data to the user equipment and corresponding authentication information to one or more multi-access edge computing (MEC) devices associated with the heterogeneous cells to enable secure and efficient handovers for the user equipment amongst the heterogeneous cells, without a need for additional handover reauthentication procedures. Other embodiments are disclosed.

This disclosure describes systems, methods, and devices related to multi-link devices (MLDs). A MLD may identify a first security key received from a first access point MLD (A-MLD); identify a second security key received from the first A-MLD; transmit, from a first physical location, a first packet to the first A-MLD, the first packet including the first security key; identify a first subset of N packets, the first subset received from the first A-MLD; transmit, from a second physical location, a second packet to the second A-MLD, the second packet including the second security key; identify a second subset of the N packets, the second subset received from the second A-MLD; determine that a third packet of the N packets was not received; and transmit, to the first A-MLD or the second A-MLD, an indication that the third packet was not received.

This application provides a data processing method and apparatus, and a computer storage medium. When a PDCP entity over a UM DRB is re-established, or when a cell handover occurs and the PDCP entity over a UM DRB uses a key used before the handover, the PDCP entity determines a first SDU, where the first SDU is an SDU that is associated with a sequence number by the PDCP entity but whose corresponding data has not been transmitted through an air interface; and delivers a PDU corresponding to the first SDU to an RLC entity. Data corresponding to the first SDU is redelivered, to avoid a data packet loss caused by preprocessing of the PDCP entity.

Embodiments herein relate e.g. to a method performed by a network node (15,13) for handling data of a wireless device (10) in a communication network (1). The network node (15,13) receives an indication from the wireless device (10), which indication indicates a presence of the wireless device at a second radio access network node (13) holding no context for the wireless device (10). The network node (15,13) identifies a first radio access network node (12) holding context for the wireless device (10) and any buffered data destined for the wireless device (10). The network node (15,13) retrieves from the identified first radio access network node (12), data buffered for the wireless device (10), and forwards the retrieved data to the wireless device (10).

A method for re-establishing a Radio Resource Control (RRC) connection between a UE and a target eNB. The method is performed by the UE. The method includes the UE receiving an RRC Connection Reestablishment message from the target eNB, the RRC Connection Reestablishment message including a DL authentication token which has been generated by an MME and has had a Non Access Stratum integrity key as input. The method also includes the UE authenticating the received DL authentication token.

A method and apparatus provides for receiving a first connection reconfiguration message to configure at least one split bearer with a first logicalchannelidentity, terminated in the second cell group. A first security key for communication with the first cell group and a second security key for communication with the second cell group are applied. A second connection reconfiguration message is received, the second connection reconfiguration message including a counter having a count value for deriving a third security key for communication with the second cell group, wherein the third security key that was derived for communication with the second cell group is based on the count value of the received counter. The third security key is applied for communication with the second cell group, while continuing to use the first security key and the first MAC entity for communication with the first cell group, where continuing to use the first MAC entity includes not resetting the first MAC entity.