A method for secure pairing between a sensor and a concentrator using a mobile terminal includes generating and emitting a confirmation code by the concentrator; converting by the sensor of the confirmation code into a sequence of light signals executed by at least one light-emitting diode; converting by the mobile terminal of the sequence of light signals into a sequence code; sending the sequence code to the concentrator; comparing, by the concentrator, the sequence code and the generated confirmation code: if the sequence code does not match the generated confirmation code, generating a warning; if the sequence code matches the generated confirmation code, pairing and exchanging information between the sensor and the concentrator.

An apparatus is disclosed for storing a private key on an IoT device for encrypted communication with an external user device and includes a proximity-based communication interface, encryption circuitry and IoT functional circuitry. The encryption circuitry includes a memory having a dedicated memory location allocated for storage of encryption keys utilized in the encrypting/decrypting operations, an encryption engine for performing the encryption/decryption operation with at least one of the stored encryption keys in association with the operation of the IoT functional circuitry, an input/output interface for interfacing with the proximity-based communication interface to allow information to be exchanged with a user device in a dedicated private key transfer operation, an internal system interface for interfacing with the IoT functional circuitry for transfer of information therebetween, memory control circuitry for controlling storage of a received private key from the input/output interface for storage in the dedicated memory location in the memory, in a Write-only memory storage operation relative to the private key received from the input/output interface over the proximity-based communication interface, the memory control circuitry inhibiting any Read operation of the dedicated memory location in the memory through the input/output interface. The IoT functional circuitry includes a controller for controlling the operation of the input/output interface and the memory control circuitry in a private key transfer operation to interface with the external user device to control the encryption circuitry for transfer of a private key from the user device through the proximity-based communication interface for storage in the dedicated memory location in the memory, the controller interfacing with the encryption circuitry via the internal system interface, and operational circuitry for interfacing with the user device over a peer to peer communication link and encrypting/decrypting information therebetween with the encryption engine in the encryption circuitry.

Techniques are described herein that are capable of registering a user device with a cloud-based management service using an intermediate cloud storage. For instance, the intermediate cloud storage may store an encrypted data blob including information that identifies the user device. The intermediate cloud storage or a registration system may decrypt the encrypted data blob so that the registration system may use the decrypted data blob to register the user device with the cloud-based management service. For instance, the registration system may retrieve the encrypted or decrypted data blob from the intermediate cloud storage by providing a requisite secret to the intermediate cloud storage. The requisite secret may be provided to the registration system by the user device (e.g., via a matrix barcode, such as a QR code).

A personal digital ID device provides a digital identifier to a service for a predetermined duration in response to user interaction. The user interaction may include a button press. The personal digital ID device may be in the form of a bracelet, a key fob, or other form factor. The service may be provided by a mobile device, in the cloud, or elsewhere.

Methods for operating a device and for managing bootstrapping of devices are disclosed. The method (100) for operating a device comprises computing (102) a derivative of a secret shared between the device and a server entity of a network, generating (104) a temporary bootstrap URI by combining at least a part of the computed derivative with a static bootstrap URI for the network, and sending (106) a bootstrap request to the temporary bootstrap URI. The method for managing bootstrapping of devices comprises generating temporary bootstrap URIs corresponding to devices operable to connect to a network, and updating a network DNS registry to map the generated temporary bootstrap URIs to the IP address of at least one of a bootstrap server instance reachable via the network and/or a bootstrap load balancer. Also disclosed are a device, a bootstrap load balancer, a bootstrap server, and a computer program.

A method for operating a motor vehicle multimedia system involves establishing a first mobile network connection between a cloud server external to the motor vehicle and a multimedia device internal to the motor vehicle and establishing a second mobile network connection between the cloud server and a mobile device. A user setting for the mobile device from the user is transferred from the mobile device to the cloud server using the second mobile network connection and the user setting is stored at the cloud server so that the multimedia device can directly access this user setting by just using the first mobile network connection. The multimedia device and the mobile device are synchronized by the cloud server and an offline work with the mobile device or the multimedia device is stored and after a connection from the mobile device or the multimedia device to the cloud server the mobile device and the multimedia device are synchronized.

An electronic device is disclosed, which is connectable with a CAN bus or other broadcast network. The electronic device programmed to compute expected periods and period variability metrics for historical accumulations of messages for different message headers and to identify periodic message headers based on the period variability metrics, and is further programmed to detect a temporal anomaly as a deviation of a period of a most recent set of two or more messages with a periodic message header from the expected period for the periodic message header, and to generate an alert indicating the detected temporal anomaly. The electronic device may be further programmed to maintain a state machine for a vehicle (or other platform) including the CAN bus and perform state-aware anomaly detection.

A network device of a network may generate a network information container including information to be sent to a communication device. The network is a home network of the communication device that is served by a visited network. The network information container may be integrity protected and/or cipher protected. The network device may send, to the communication device via the visited network, a message including the network information container and a credential indicator indicating a type of credential used to protect the network information container. The type of credential may be a 3GPP or non-3GPP credential. The communication device may verify the network information container using one or more security parameters based on the type of credential, and obtain the information in the network information container when the verification succeeds, or discard the network information container when the verification fails.

A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

Examples described herein relate to techniques for authenticating a client device by obtaining device-type information during an initial phase of authentication process. According to some examples, identifying a client device intending to connect to a network and sending an identity-request thereto. Receiving an identity-response from the client device along with device-type information. Identifying a device category from a set of device categories corresponding to identified device-type information. Selecting a device policy applicable to the identified device-type information. Authenticating the client device to enable access to the network and applying the selected device policy to the client device.