Embodiments of a device and method are disclosed. In an embodiment, a method of communications involves from a wireless sensor deployed at a customer site, connecting to a wireless access point (AP) deployed at the customer site and based on a private key stored in the wireless sensor, performing mutual authentication between the wireless sensor and an authentication server connected to the wireless AP.

Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.

A user equipment is configured to receive an extensible authentication protocol (EAP) request from a session management function (SMF) that serves as an EAP authenticator for secondary authentication of the user equipment. The secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment. The user equipment is also configured to, responsive to the EAP request, transmit an EAP response to the SMF.

A method of managing and verifying a certificate of a terminal is provided. The method includes obtaining certificate information that is usable when downloading and installing a specific bundle corresponding to at least one of a secondary platform bundle family identifier or a secondary platform bundle family custodian identifier, transmitting, to a secondary platform bundle manager, the certificate information corresponding to the at least one of the secondary platform bundle family identifier or the secondary platform bundle family custodian identifier of the specific bundle, and receiving, from the secondary platform bundle manager, at least one of a certificate of the secondary platform bundle manager, certificate information to be used by a smart secure platform (SSP), the secondary platform bundle family identifier, or the secondary platform bundle family custodian identifier.

This disclosure generally relates to encrypted communication between terminal devices and service applications via a communication network. Such encrypted communication may be based on various hierarchical levels of encryption keys that are generated and managed by the communication network. Such encrypted communication and key management may be provided by the communication network to the terminal devices as a service that can be subscribed to. The various levels of encryption keys may be managed to improve flexibility of the communication network and to reduce potential security breaches.

An online service provisioning process is provided during which the service provider's knowledge about the user to whom the service is delivered does not increase. This is accomplished by presenting user attribute information to the service provider as obfuscated objects that can be independently verified and which are privacy preserving.

Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.

A key agreement system, method, and apparatus are provided. The method includes: generating, by a first device, a private-public key pair, sending a public key in the private-public key pair to a second device, and receiving a ciphertext and a commitment value; obtaining, by the first device, a first result, obtaining an original key based on a private key in the private-public key pair and the ciphertext, determining a second bit string based on some bits in the original key, calculating a second result based on the second bit string and the first result, and sending the second result to the second device; and receiving, by the first device, an opening value, performing authentication on the second device based on the opening value and the commitment value to obtain an authentication result, and generating a session key used to communicate with the second device.

Systems, apparatuses, methods, and computer program products are disclosed for session authentication. An example method includes determining, by decoding circuitry, a set of optical path lengths to use for measurement. The example method further includes receiving, by the decoding circuitry, a set of time-bin qubits. The example method further measuring, by the decoding circuitry and based on the determined set of optical path lengths, the set of time-bin qubits to generate a set of bits. The example method further includes generating, by session authentication circuitry, a session key based on the generated set of bits.

An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.