Aspects of this description provide for a computer program product comprising computer executable instructions. In at least some examples, the instructions are executable by a controller to cause the controller to broadcast, in a data frame, a scan request to a node, the scan request including a certificate of the controller and a public authentication key of the controller, receive, in the data frame, a scan response from the node, the scan response including a certificate of the node and a public authentication key of the node, and perform pairing between the controller and the node based on the public authentication key of the node and a private authentication key of the controller.

Aspects of this description provide for a computer program product comprising computer executable instructions. In at least some examples, the instructions are executable by a controller to cause the controller to broadcast, in a data frame, a scan request to a node, the scan request including a certificate of the controller and a public authentication key of the controller, receive, in the data frame, a scan response from the node, the scan response including a certificate of the node and a public authentication key of the node, and perform pairing between the controller and the node based on the public authentication key of the node and a private authentication key of the controller.

A base station for a mobile telecommunications system, comprising circuitry configured to: obtain time-sensitive network information or enhanced positioning assistance information; encrypt the time-sensitive network information or the enhanced positioning assistance information for including the encrypted time-sensitive network information or the encrypted enhanced positioning assistance information in system information; and transmit the system information to a user equipment in a cell, wherein the encryption is performed if the cell hosts and shares functionalities of a non-public cell and a public cell.

A base station for a mobile telecommunications system, comprising circuitry configured to: obtain time-sensitive network information or enhanced positioning assistance information; encrypt the time-sensitive network information or the enhanced positioning assistance information for including the encrypted time-sensitive network information or the encrypted enhanced positioning assistance information in system information; and transmit the system information to a user equipment in a cell, wherein the encryption is performed if the cell hosts and shares functionalities of a non-public cell and a public cell.

Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

A method for security handling in a mobility of a terminal device, where the method includes: a target access and mobility management function (AMF) entity receiving a first message for registering a terminal device; the target AMF entity sending a second message to a source AMF entity after receiving the first message; the source AMF entity deriving a first key based on a key between the source AMF entity and the terminal device; the source AMF entity sending the first key to the target AMF entity; the target AMF entity determining to use the first key based on security related information after receiving the first key; and the target AMF entity determining a communication key between the target AMF entity and the terminal device based on the first key after determining to use the first key.

A method for security handling in a mobility of a terminal device, where the method includes: a target access and mobility management function (AMF) entity receiving a first message for registering a terminal device; the target AMF entity sending a second message to a source AMF entity after receiving the first message; the source AMF entity deriving a first key based on a key between the source AMF entity and the terminal device; the source AMF entity sending the first key to the target AMF entity; the target AMF entity determining to use the first key based on security related information after receiving the first key; and the target AMF entity determining a communication key between the target AMF entity and the terminal device based on the first key after determining to use the first key.

An application gateway including application service programming positioned at a user premises can provide voice controlled and managed services to a user and one or more endpoint devices associated with the application gateway. The application gateway can be controlled remotely by the application service provider through a service management center and configured to execute an application service provided from the application service provider. The application gateway can execute the application service at the user premises upon voice command by a user and independent of application services executing on the application service provider's network. An application service logic manager can communicate with an application service enforcement manager to verify that the request conforms with the policy and usage rules associated with the application service in order to authorize execution of the application service on the application gateway, either directly or through endpoint devices.

An application gateway including application service programming positioned at a user premises can provide voice controlled and managed services to a user and one or more endpoint devices associated with the application gateway. The application gateway can be controlled remotely by the application service provider through a service management center and configured to execute an application service provided from the application service provider. The application gateway can execute the application service at the user premises upon voice command by a user and independent of application services executing on the application service provider's network. An application service logic manager can communicate with an application service enforcement manager to verify that the request conforms with the policy and usage rules associated with the application service in order to authorize execution of the application service on the application gateway, either directly or through endpoint devices.