Abstract: A device level lock policy, which applies to all smart secure platform (SSP) applications of a mobile device, is used to determine whether a particular SSP application can be activated. A tamper resistant hardware secure element (SE) includes a primary platform with a low level operating system (OS) and one or more SSP applications within one or more secondary platform bundles that include secondary platforms with high level OSs specific to the secondary platform bundles. The low level OS enforces the device level lock policy for all secondary platform bundles by verifying whether a lock policy for the SSP application is consistent with the device level lock policy. When verification succeeds, activation is allowed, and when verification fails, activation is disallowed. Subscription identifiers are not provided in unencrypted form to processing circuitry of the mobile device external to the tamper resistant hardware SE to provide subscriber identity privacy protection.

Abstract: Techniques to protect subscriber identity in messages communicated between a user equipment (UE) and a cellular wireless network entity by using multiple ephemeral asymmetric keys are disclosed. The UE determines multiple ephemeral UE public and secret key pairs, while the cellular wireless network entity provides a network public key to the UE. The network public key may be updated over time. Multiple encryption keys based on the multiple ephemeral UE secret keys and the public network key are derived and used to encrypt a subscription permanent identifier (SUPI) to generate multiple subscription concealed identifiers (SUCIs). Each SUCI is used only once for messages communicated to a cellular wireless network and discarded after use. New SUCI are generated when the network public key is updated.

Abstract: This application pertains to encryption/decryption methods and related apparatuses. A communication device receives an initial layer-3 message. The initial layer-3 message includes an indication indicating that a part of the initial layer-3 message is encrypted. The communication device generates a keystream, and decrypts the encrypted part of the initial layer-3 message by performing an exclusive OR operation on the keystream and the initial layer-3 message.

Abstract: This disclosure relates to techniques for a wireless device to perform radio resource control procedures with improved security. The wireless device may establish a radio resource control connection with a cellular base station. A capability enquiry may be received from the cellular base station. The wireless device may determine how much capability information to provide in response to the capability enquiry based at least in part on whether access stratum security has been established, either in the current radio resource connection, or in a previous radio resource connection, between the wireless device and the cellular base station when the capability enquiry is received.

Abstract: In order to provide confidentiality protection, an encryption method, a decryption method, and related apparatuses are provided. An encryption device generates a first initial layer-3 message. The first initial layer-3 message includes a first part and a second part. The device generates a keystream for encrypting the first initial layer-3 message. The device performs an exclusive OR operation on the keystream and the first initial layer-3 message to generate a second initial layer-3 message. The second initial layer-3 message includes an encrypted first part of the first initial layer-3 message, an unencrypted second part of the first initial layer-3 message, and an encryption indication indicating that the first part of the first initial layer-3 message is encrypted. The device transmits the second initial layer-3 message to a network device. Small data comprised in the second initial layer-3 message is protected by the encryption.

Abstract: Apparatuses, systems, and methods for generating and utilizing improved initialization vectors (IVs) when performing encryption and authentication in wireless communications. In some scenarios, a wireless communication device may generate one or more pseudorandom multi-bit values, e.g., using a respective plurality of key derivation functions (KDFs). A first portion of each value may be used as a respective key for encryption or authentication of traffic on the user plane or the control plane. A second portion of each value may be used as a nonce value in a respective IV for use with a respective key for encryption or authentication of traffic on the user plane or the control plane. In some scenarios, the nonce values may instead be generated as part of an additional pseudorandom value (e.g., by executing an additional KDF), from which all of the IVs may be drawn.

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.

Abstract: A preparation device has a chamber, molten metal containers, a rotatable base in the chamber and having a deposition substrate, laser sets generating a dual-pulse laser, a base controller and a data collection control unit. The containers communicate with the chamber and each has a pulse pressurization apparatus pressing the molten metal into the chamber. The laser sets correspond to the containers such that beams of an emitted dual-pulse laser bombard the pulsed droplets, plasmas are generated and are sputtered and deposited on the substrate forming a multi-element alloy thin film. The unit collects base temperature and displacement information, and controls the pressurization frequency of the pulse pressurization apparatus, and the emission frequency and energy of the dual-pulse laser of the laser sets controlling the frequency and energy of the dual-pulse laser bombarding the corresponding pulsed droplets. The base controller controls the base temperature, rotation and movement.

Abstract: Embodiments of the present invention provide an SeNB key update method, including: establishing, by an MeNB, an RRC connection to UE, and determining a first SeNB and a second SeNB that are connected to the UE; calculating, by the MeNB, a key S-KeNB1 of the first SeNB and a key S-KeNB2 of the second SeNB, and sending an SeNB addition request to the first SeNB and the second SeNB; receiving, by the MeNB, a first request acknowledgment message fed back by the first SeNB, and receiving a second request acknowledgment message fed back by the second SeNB; and sending, by the MeNB, an RRC reconfiguration request to the UE according to the first request acknowledgment message and the second request acknowledgment message, where the RRC reconfiguration request includes key update information of the first SeNB and key update information of the second SeNB.

Abstract: In order to provide confidentiality protection, an encryption method, a decryption method, and related apparatuses are provided. An encryption device generates a first initial layer-3 message. The first initial layer-3 message includes a first part and a second part. The device generates a keystream for encrypting the first initial layer-3 message. The device performs an exclusive OR operation on the keystream and the first initial layer-3 message to generate a second initial layer-3 message. The second initial layer-3 message includes an encrypted first part of the first initial layer-3 message, an unencrypted second part of the first initial layer-3 message, and an encryption indication indicating that the first part of the first initial layer-3 message is encrypted. The device transmits the second initial layer-3 message to a network device. Small data comprised in the second initial layer-3 message is protected by the encryption.

Abstract: The present application discloses, among others, a message protection method performed by user equipment (UE). In one method an authentication and key agreement request message sent by an SGSN is received using a GMM/SM protocol layer of the UE. A first algorithm identifier on the GMM/SM protocol layer of the UE is obtained according to the authentication and key agreement request message, and a first key is generated. A first message authentication code on the GMM/SM protocol layer is verified according to the first key and a first algorithm. If the UE determines that the verification of the first message authentication code succeeds, an authentication and key agreement response message is generated on the GMM/SM protocol layer of the UE according to the first key and the first algorithm. The authentication and key agreement response message is sent to the SGSN by using the GMM/SM protocol layer of the UE.

Abstract: Embodiments of the present application provide an encryption method, a decryption method, and a related apparatus. The encryption method includes: generating a keystream, where the keystream is used to encrypt a part of data to be encrypted in an initial layer-3 message, and the part of data to be encrypted includes small data; generating, by performing an exclusive OR operation on the keystream and the initial layer-3 message, an initial layer-3 message in which the part of data is encrypted; and sending the initial layer-3 message in which the part of data is encrypted, where the initial layer-3 message includes an added encryption indication, and the encryption indication is used to indicate that the part of data to be encrypted in the initial layer-3 message is encrypted.

Abstract: Embodiments provide an MTC device communication method, device, and system. A second network element receives, a query message sent by a first network element after the first network element identifies that a type of a received short message is a preset-type short message. The query message comprises an identifier of a receiver of the short message and an identifier of a sender of the short message. The second network element checks whether the sender is authorized to send the preset-type short message to the receiver. The second network element sends a message to the first network element indicating whether or not to send the short message to the receiver.

Abstract: A GPRS system key enhancement method, an SGSN device, UE, and a GPRS system are provided. The method includes: receiving, by the SGSN, a request message sent by the UE; acquiring, by the SGSN, an authentication vector including a first ciphering key and a first integrity key from the HLR/HSS; when the SGSN determines that the UE is UE of a first type, selecting a ciphering algorithm and an integrity algorithm for the UE, and sending the selected ciphering algorithm and the selected integrity algorithm to the UE; and computing, by the SGSN, a second ciphering key and a second integrity key according to the first ciphering key and the first integrity key.

Abstract: Embodiments of the present invention provide a method and a related device for generating a group key. The method includes: obtaining a group ID of a group where a machine type communication MTC device is located; obtaining a group communication root key corresponding to the group ID; generating a group key corresponding to the group ID according to the group communication root key; and sending the group key encrypted by using an access stratum key of the MTC device to the MTC device, so that the MTC device obtains the group key through decryption according to the access stratum key of the MTC device. According to the foregoing technical solutions, a base station may allocate, to an MTC device, a group key corresponding to a group where the MTC device is located.

Abstract: The present invention discloses a method for transferring a context and a mobility management entity. When S1 handover occurs on an RN, the method includes: acquiring, by a source MME to which a UE is attached, an indicator for transferring a context of the UE, where the UE is a UE served by the RN when the S1 handover occurs; and transferring, by the source MME to which the UE is attached, the context of the UE to a target MME according to the indicator for transferring the context of the UE, so that the target MME acquires security information of the UE according to the context of the UE, where the target MME is an MME to which the UE needs to be attached in the handover process.

Abstract: Embodiments of the present invention relate to the field of communications, and provide a decoding method and a decoder, which are used to reduce decoding complexity. The method includes: receiving a to-be-decoded signal; performing region decision on the to-be-decoded signal according to a region decision rule formed by S region decision formulas, to acquire a region decision result; acquiring N constellation points according to the decision result, where the N constellation points are separately constellation points that are in the N subsets and that are closest to the to-be-decoded signal; acquiring N non-encoded bits corresponding to the N constellation points, and branch metrics between the to-be-decoded signal and the N constellation points; and performing Viterbi decoding based on the branch metrics and the N non-encoded bits, and outputting a decoding result corresponding to the to-be-decoded signal. The present invention is applicable to a signal decoding scenario.

Abstract: Embodiments provide an MTC device communication method, device, and system. A second network element receives, a query message sent by a first network element after the first network element identifies that a type of a received short message is a preset-type short message. The query message comprises an identifier of a receiver of the short message and an identifier of a sender of the short message. The second network element checks whether the sender is authorized to send the preset-type short message to the receiver. The second network element sends a message to the first network element indicating whether or not to send the short message to the receiver.

Abstract: Embodiments of the present invention provide an MTC device communication method, device, and system. A second network element receives, a query message sent by a first network element after the first network element identifies that a type of a received short message is a preset-type short message. The query message comprises an identifier of a receiver of the short message and an identifier of a sender of the short message. The second network element checks whether the sender is authorized to send the preset-type short message to the receiver. The second network element sends a message to the first network element indicating whether or not to send the short message to the receiver.

Abstract: Disclosed is an excimer laser composite cavity, comprising a laser discharge cavity, a laser output module, a line-width narrowing module, and a laser amplification module. The laser discharge cavity contains work gas for generating laser when it is activated by an excitation source. The laser discharge cavity, the laser output module, and the line-width narrowing module constitute a line-width narrowing cavity configured to narrow down a line-width of the laser generated by the work gas. The laser discharge cavity, the laser output module, and the laser amplification module constitute an amplification cavity configured to amplify power of the laser with the line-width having been narrowed down by the line-width narrowing cavity.