A network node selectively encrypts messages between a user plane node and a control plane node in a network system. The user plane node and the control plane node negotiate a connection and indicate an encryption level for the connection. The encryption level is selected from an Information Element (IE) level, a message level, or a feature level. The user plane node and the control plane node selectively encrypt at least a portion of the messages between the user plane node and the control plane node based on the encryption level for the connection.

A network node selectively encrypts messages between a user plane node and a control plane node in a network system. The user plane node and the control plane node negotiate a connection and indicate an encryption level for the connection. The encryption level is selected from an Information Element (IE) level, a message level, or a feature level. The user plane node and the control plane node selectively encrypt at least a portion of the messages between the user plane node and the control plane node based on the encryption level for the connection.

Communication devices and methods for multi-link secured retransmissions are provided. One exemplary embodiment provides a multi-link device (MLD) configured to operate with a first plurality of affiliated STAs, comprising: circuitry, which in operation, sets up a robust security network association (RSNA) with a second MLD that is configured to operate with a second plurality of affiliated STAs, wherein two or more links have been established between STAs of the first plurality of affiliated STAs and corresponding STAs of the second plurality of affiliated STAs, wherein the circuitry constructs an Additional Authentication Data (AAD) and a Nonce that are used for cryptographical encapsulation of a MAC protocol data unit (MPDU) to form an encapsulated MPDU, wherein the AAD includes an Address 1 (A1) field, an Address 2 (A2) field, an Address 3 (A3) field and a Sequence Control (SC) field, and the Nonce includes an Address 2 (A2) field, wherein the SC field of the AAD is based on a SC field of the MPDU, and transmitter, which in operation, transmits the encapsulated MPDU to the second MLD on a first link as an initial transmission, and upon failure of the initial transmission, retransmits the encapsulated MPDU on a second link without reperforming the cryptographical encapsulation.

Communication devices and methods for multi-link secured retransmissions are provided. One exemplary embodiment provides a multi-link device (MLD) configured to operate with a first plurality of affiliated STAs, comprising: circuitry, which in operation, sets up a robust security network association (RSNA) with a second MLD that is configured to operate with a second plurality of affiliated STAs, wherein two or more links have been established between STAs of the first plurality of affiliated STAs and corresponding STAs of the second plurality of affiliated STAs, wherein the circuitry constructs an Additional Authentication Data (AAD) and a Nonce that are used for cryptographical encapsulation of a MAC protocol data unit (MPDU) to form an encapsulated MPDU, wherein the AAD includes an Address 1 (A1) field, an Address 2 (A2) field, an Address 3 (A3) field and a Sequence Control (SC) field, and the Nonce includes an Address 2 (A2) field, wherein the SC field of the AAD is based on a SC field of the MPDU, and transmitter, which in operation, transmits the encapsulated MPDU to the second MLD on a first link as an initial transmission, and upon failure of the initial transmission, retransmits the encapsulated MPDU on a second link without reperforming the cryptographical encapsulation.

Systems and methods for configuring industrial devices through a secured wireless side channel may include a compute device. The compute device may have primary communication circuitry configured to communicate through a network and side channel communication circuitry configured to communicate through a wireless side channel that is different from the network. The compute device may additionally include circuitry configured to obtain, via the wireless side channel, configuration data indicative of a configuration for one or more operations of an industrial device of an industrial process plant. Additionally the circuitry may be configured to configure, in response to obtaining the configuration data, the one or more operations of the industrial device.

Secure communication in a geographic incident area is disclosed. Computer-implemented methods are also disclosed, one of which is for restricting access to a resource and includes generating a key and splitting it into N key parts (where N is an integer greater than two). The method also includes encrypting the N key parts. The method also includes transmitting, over a network, to a device: the N encrypted key parts; and identifying information for N secret objects expected to be visible within the area. Each of the N encrypted key parts is decryptable based on at least one video analytics-discernable object attribute for each respective secret object of the N secret objects. The method also includes allowing an additional entity to access the resource only by presentation of a complete key formed from decrypted versions of less than all of the N key parts.

An electronic device for receiving data packets in a Bluetooth environment is provided. The electronic device includes a wireless communication circuitry configured to support a Bluetooth protocol. The wireless communication circuitry is configured to establish a first link with a first external electronic device, synchronize a secret key generation scheme with the first external electronic device based on information obtained while establishing the first link, receive page information transmitted from a second external electronic device, based on Bluetooth address information of the first external electronic device, the Bluetooth address information being obtained while establishing the first link, generate a link key used for a second link between the first external electronic device and the second external electronic device, based on the synchronized secret key generation scheme, and receive an encrypted data packet transmitted over the second link from the second external electronic device using the generated link key.

Embodiments of communication systems are disclosed for protecting communication between an implanted device ID and an external device ED. For example, a one way Transcutaneous energy transfer TET link may be used to secure two way communication over a radio channel. Optionally, the TET link may be protected from intrusion by a malicious party. For example, the TET link may be over a medium that decays very quickly over distance. In some embodiments, the TET link is used to pass an encryption key and/or to verify communications over the two-way radio channel. The TET channel may be authenticated. For example, authentication may include a minimum energy and/or power transfer.

Embodiments of communication systems are disclosed for protecting communication between an implanted device ID and an external device ED. For example, a one way Transcutaneous energy transfer TET link may be used to secure two way communication over a radio channel. Optionally, the TET link may be protected from intrusion by a malicious party. For example, the TET link may be over a medium that decays very quickly over distance. In some embodiments, the TET link is used to pass an encryption key and/or to verify communications over the two-way radio channel. The TET channel may be authenticated. For example, authentication may include a minimum energy and/or power transfer.

The disclosure relates generally to wireless communication, and more particularly to selective relay of data packets. A method includes listening to a host device in one or more listening time slots of a host piconet, identifying one or more bitmap portions of a bitmap, wherein the identified one or more bitmap portions corresponds to the one or more listening time slots of the host piconet, determining whether a data packet having a data packet payload is effectively received from the host device during the one or more listening time slots, and populating the bitmap with one or more corresponding signifiers.