Communication devices and methods for multi-link secured retransmissions are provided. One exemplary embodiment provides a multi-link device (MLD) configured to operate with a first plurality of affiliated STAs, comprising: circuitry, which in operation, sets up a robust security network association (RSNA) with a second MLD that is configured to operate with a second plurality of affiliated STAs, wherein two or more links have been established between STAs of the first plurality of affiliated STAs and corresponding STAs of the second plurality of affiliated STAs, wherein the circuitry constructs an Additional Authentication Data (AAD) and a Nonce that are used for cryptographical encapsulation of a MAC protocol data unit (MPDU) to form an encapsulated MPDU, wherein the AAD includes an Address 1 (A1) field, an Address 2 (A2) field, an Address 3 (A3) field and a Sequence Control (SC) field, and the Nonce includes an Address 2 (A2) field, wherein the SC field of the AAD is based on a SC field of the MPDU, and transmitter, which in operation, transmits the encapsulated MPDU to the second MLD on a first link as an initial transmission, and upon failure of the initial transmission, retransmits the encapsulated MPDU on a second link without reperforming the cryptographical encapsulation.

Communication devices and methods for multi-link secured retransmissions are provided. One exemplary embodiment provides a multi-link device (MLD) configured to operate with a first plurality of affiliated STAs, comprising: circuitry, which in operation, sets up a robust security network association (RSNA) with a second MLD that is configured to operate with a second plurality of affiliated STAs, wherein two or more links have been established between STAs of the first plurality of affiliated STAs and corresponding STAs of the second plurality of affiliated STAs, wherein the circuitry constructs an Additional Authentication Data (AAD) and a Nonce that are used for cryptographical encapsulation of a MAC protocol data unit (MPDU) to form an encapsulated MPDU, wherein the AAD includes an Address 1 (A1) field, an Address 2 (A2) field, an Address 3 (A3) field and a Sequence Control (SC) field, and the Nonce includes an Address 2 (A2) field, wherein the SC field of the AAD is based on a SC field of the MPDU, and transmitter, which in operation, transmits the encapsulated MPDU to the second MLD on a first link as an initial transmission, and upon failure of the initial transmission, retransmits the encapsulated MPDU on a second link without reperforming the cryptographical encapsulation.

A technique for processing Bluetooth Mesh packets that comprise erroneous cyclic redundancy check (CRC) values. The disclosed mesh node receives packets, each of which comprising a Protocol Data Unit (PDU) and a cyclic redundancy check (CRC) field. The PDU comprises an AD Data field with multiple octets; the AD Data field itself comprises a Network Identifier (NID) field. After determining the value of the CRC field in a first packet to be invalid, and subject to further checks, the mesh node selects a selected set of one or more NID values, based on the validity of the value of the NID field in the first packet. The mesh node then processes at least some of the multiple octets in the AD Data field in the first packet in accordance with a set of network keys that hash to the one or more NID values in the selected set.

A method, apparatus and computer program product may be provided for signaling-based remote provisioning and updating of protection policy information in a SEPP of a visited network. A method may include obtaining, at a home network node (hSEPP), protection policy information from a local repository in a home network or via configuration. The hSEPP is a network node at a boundary of the home netowork, and the home network is a public land mobile network (hPLMN). The method includes distributing, via a signaling interface, the protection policy information to a visited network node (vSEPP) within a visited network (vPLMN). The vSEPP is a network node at a boundary of a second network. The protection policy information includes information regarding protection of signaling messages addressed for network functions (NFs) hosted in the hPLMN and is configured for enabling the vSEPP to selectively protect outgoing messages to hSEPP in the home network.

A method, apparatus and computer program product may be provided for signaling-based remote provisioning and updating of protection policy information in a SEPP of a visited network. A method may include obtaining, at a home network node (hSEPP), protection policy information from a local repository in a home network or via configuration. The hSEPP is a network node at a boundary of the home netowork, and the home network is a public land mobile network (hPLMN). The method includes distributing, via a signaling interface, the protection policy information to a visited network node (vSEPP) within a visited network (vPLMN). The vSEPP is a network node at a boundary of a second network. The protection policy information includes information regarding protection of signaling messages addressed for network functions (NFs) hosted in the hPLMN and is configured for enabling the vSEPP to selectively protect outgoing messages to hSEPP in the home network.

A telecommunications network includes a serving network and a home network. In some examples the serving network receives, from the home network, identity data associated with a network terminal. The serving network determines a tied key using a tying key derivation function (TKDF) based on the identity data, then prepares an authentication request based on the tied key and sends the request to the terminal. In some examples, the home network receives the identity data from the access network and determines a tied key using a TKDF. The home network then determines a confirmation message based on the first tied key. In some examples, the serving network receives the identity data from the home network, and receives a network-slice selector associated with the network terminal. The serving network determines a tied key using a TKDF based on the identity data and the network-slice selector.

A telecommunications network includes a serving network and a home network. In some examples the serving network receives, from the home network, identity data associated with a network terminal. The serving network determines a tied key using a tying key derivation function (TKDF) based on the identity data, then prepares an authentication request based on the tied key and sends the request to the terminal. In some examples, the home network receives the identity data from the access network and determines a tied key using a TKDF. The home network then determines a confirmation message based on the first tied key. In some examples, the serving network receives the identity data from the home network, and receives a network-slice selector associated with the network terminal. The serving network determines a tied key using a TKDF based on the identity data and the network-slice selector.

A terminal apparatus is provided. The terminal apparatus includes a receiver configured to receive a first message from a base station apparatus, and a processing unit configured to modify first data radio bearer configuration configured for the terminal apparatus, based on the first message. A first PDCP entity is reconfigured as a packet data convergence protocol (PDCP) entity for the first data radio bearer. A first secrecy key for a source and a second secrecy key for a target are configured for the first PDCP entity as secrecy keys for the first data radio bearer. In a case that the first message includes first information and second information, the second secrecy key for the target of the first PDCP entity is configured based on the second information. In a case that the first message does not include the first information, the first secrecy key for the source is applied to the second secrecy key for the target of the first PDCP entity.

A terminal apparatus is provided. The terminal apparatus includes a receiver configured to receive a first message from a base station apparatus, and a processing unit configured to modify first data radio bearer configuration configured for the terminal apparatus, based on the first message. A first PDCP entity is reconfigured as a packet data convergence protocol (PDCP) entity for the first data radio bearer. A first secrecy key for a source and a second secrecy key for a target are configured for the first PDCP entity as secrecy keys for the first data radio bearer. In a case that the first message includes first information and second information, the second secrecy key for the target of the first PDCP entity is configured based on the second information. In a case that the first message does not include the first information, the first secrecy key for the source is applied to the second secrecy key for the target of the first PDCP entity.

A management electronic device includes a processing circuit configured to: obtain a spectrum in an N-th round of spectrum trading and acquire the interference received by the management electronic device when an electronic device uses the traded spectrum; receive the interference received by another electronic device as determined by another electronic device related to spectrum trading; determine competition rights parameters of the management electronic device and the other electronic device, respectively, the competition rights parameters representing the credibility of the electronic devices and the magnitude of competitiveness when competing for management rights in an N+1-th round of spectrum trading; and select a new management electronic device on the basis of at least one among the interference and the competition rights parameters, the new management electronic device having management rights in the N+1-th round of spectrum trading, instead of the management electronic device having management rights.