A method, system and computer program product for controlling the delivery of voice communications. A profile is created for the user of a mobile device that specifies the thresholds for switching between a cellular network and a wireless network to conduct voice communications as well as stores a list of contacts and associated security levels. If the signal strength of the cellular radio signal is below a threshold, then the mobile device detects one or more wireless networks that are in the area of the user of the mobile device. The profile of the user of the mobile device is then checked to determine if the mobile device is authorized to switch to one of the detected wireless networks to deliver voice communications based on a security level associated with the party communicating with the user. In this manner, the user is able to control the delivery of voice communications.

Embodiments provide for session continuity while a mobile device moves. In some embodiments the UE is served by a serving cluster including a plurality of ANs with redundant links, with each redundant link including a UPGW. This allows a session to be maintained (for example, the UE can maintain the same IP address) as it moves, even though the ANs (and the corresponding UPGWs may change as the UE moves). A session manager (SM) can be utilized to establish a session and configure UPGWs as needed. In some embodiments a branching point can be utilized. In some embodiments the SM configures the branching point.

This application discloses a method of using NH and NCC pairs to resolve security issues. It includes: an MME sends a sequence including multiple NH and NCC pairs to S1GW that is calculated to correspond to a UE. After the S1GW receives a UE handover message or a UE bearer switch message from a base station, the S1GW may choose a next unused NH and NCC pair from the sequence sent by the MME and send it to a target base station. In using this application, part of the bearer switch of the UE or the switch of the UE can be terminated at the S1GW or HeNB GW, which reduces impact on the core network and cuts down on the use of system resources.

A method comprising receiving a handover request message indicating a request for handover of a wireless communications device from a source infrastructure equipment to a target infrastructure equipment, receiving an indication from the source infrastructure equipment as to whether or not user plane data is being transmitted to or received from the wireless access network via the source infrastructure equipment using an integrity protection scheme, determining whether or not the integrity protection scheme for the user plane data is supported by the target infrastructure equipment, transmitting a handover command to the source infrastructure equipment to indicate to the source infrastructure equipment that the source infrastructure equipment should handover the wireless communications device to indicate to the source infrastructure equipment, and providing an indication as to whether or not the integrity protection scheme can be used for transmitting or receiving user plane data via the target infrastructure equipment.

Data forwarding may be useful in many communication systems. Thus, for example, data forwarding support may be useful in dual connectivity in, for example, the third generation partnership project (3GPP) and more particularly to dual connectivity with enabled downlink (DL) data back forwarding. A method can include receiving, by a first network node, an indication indicating that for at least one split bearer, data received prior to the indication is to be forwarded to a second network node. The indication can also indicate that the at least one split bearer should be kept or maintained at the first network node. The method can also include, in response to the received indication, forwarding the data for the at least one split bearer received prior to the

Embodiments of the invention relate to the communications field, and provide a key generation method, device, and system. The method includes: after receiving a first command, obtaining, by UE located in a first-standard network, a type identifier of a second-standard network that needs to provide a service to the UE, where the first command is a service request response message, or a handover command, or any message in an air interface secure activation process; determining, by the UE, an access key according to the type identifier of the second-standard network, a key of the first-standard network, and a NAS count of the first-standard network by using a preset key derivation algorithm; and generating, by the UE, an AS key of the second-standard network according to the access key. The present invention can resolve problems of relatively long total communication latency and relatively high communication load of a heterogeneous network.

According to an example aspect of the present invention, there is provided a method comprising: generating a certificate comprising an identifier of a base station, a public key of the base station, and a public key of a terminal; signing the certificate by a signature based on a private key belonging to the public key of the base station; sending the signed certificate to the terminal using an established security association; monitoring whether the base station receives a request for local authentication of the terminal, wherein the request comprises an encrypted certificate unit and a base station identifier; checking whether the base station identifier is the identifier of the base station and, if it is, decrypting the encrypted certificate unit using the private key; and using the public key of the terminal for a communication with the terminal if the certificate unit comprises the signed certificate.

Certain aspects of the present disclosure relate to methods and apparatus for optimizing delivery of a data to and/or from a UE in a connected but inactive state.

A key management is provided that enables security activation before handing over a user equipment from a source 5G wireless communication system, i.e., a Next Generation System (NGS), to a target 4G wireless communication system, i.e., a Evolved Packet System (EPS)/Long Term Evolution (LTE). The key management achieves backward security, i.e., prevents the target 4G wireless communication system from getting knowledge of 5G security information used in the source 5G wireless communication system.

There is provided a solution for managing security contexts at idle mode mobility of a wireless communication device between different wireless communication systems including a first wireless communication system and a second wireless communication system. The first wireless communication system is a 5G/NGS system and the second wireless communication system is a 4G/EPS system. The solution is based on obtaining (S1) a 5G/NGS security context, and mapping (S2) the 5G/NGS security context to a 4G/EPS security context.