Abstract: The present application describes power tier management for a battery of a light electric vehicle. In examples, a power tier of a battery may have an associated threshold power and time to exert a battery energy over the time of the power tier. Power tiers may be adjusted to lengthen or shorten an overall battery life and remaining battery life of the battery of the light electric vehicle. In an aspect, a processor may control or limit power to specific components and/or functions of the light electric vehicle to stay within or enter a determined power tier. Information may be received and processed by the processor to determine and apply one or more power tiers.

Abstract: The present application describes power tier management for a battery of a light electric vehicle. In examples, a power tier of a battery may have an associated threshold power and time to exert a battery energy over the time of the power tier. Power tiers may be adjusted to lengthen or shorten an overall battery life and remaining battery life of the battery of the light electric vehicle. In an aspect, a processor may control or limit power to specific components and/or functions of the light electric vehicle to stay within or enter a determined power tier. Information may be received and processed by the processor to determine and apply one or more power tiers.

Abstract: A method of authorizing a gateway device to communicate with a registration server on behalf of an end node device is presented. The method entails a server at the cloud receiving a registration request from the gateway device, generating a bootstrapping authorization blob (BAB) in response to the registration request, and transmitting the BAB to the gateway device. The BAB defines functions that the gateway device is authorized to perform, and may be a flag vector containing a list of flags, each of the flags indicating authorization for a specific function. The method presented herein provides a secure and reliable way for end node devices 40 to communicate with the cloud without the elaborate interfaces required by conventional standards such as LWM2M.

Abstract: A system and method for identity (ID)-based key management are provided. The ID-based key management system includes an authentication server configured to authenticate a terminal through key exchange based on an ID and a password of a user of the terminal, set up a secure channel with the terminal, and provide a private key based on the ID of the user to the terminal through the secure channel, and a private-key generator configured to generate the private key corresponding to the ID of the terminal user according to a request of the authentication server.

Abstract: A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device.

Abstract: A cloud storage system includes an encryption server configured to encrypt a plurality of data by using encryption keys having a hierarchy, the hierarchy of encryption keys corresponding to a relationship among the plurality of encrypted data, and a cloud storage server configured to store the plurality of encrypted data.

Abstract: A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device.

Abstract: A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device.

Abstract: A cloud storage system includes an encryption server configured to encrypt a plurality of data by using encryption keys having a hierarchy, the hierarchy of encryption keys corresponding to a relationship among the plurality of encrypted data, and a cloud storage server configured to store the plurality of encrypted data.

Abstract: A system and method for identity (ID)-based key management are provided. The ID-based key management system includes an authentication server configured to authenticate a terminal through key exchange based on an ID and a password of a user of the terminal, set up a secure channel with the terminal, and provide a private key based on the ID of the user to the terminal through the secure channel, and a private-key generator configured to generate the private key corresponding to the ID of the terminal user according to a request of the authentication server.

Abstract: A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device.

Abstract: A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device.

Abstract: An online certificate status checking protocol (OCSP) system is provided for use with a first device, an end device and a certificate authority. The first device can provide a certificate. The end device can provide an OCSP request based on the certificate and process an OCSP response. The certificate authority can provide a CRL update. The certificate has a validity period. The OCSP system includes an OCSP responder, and OCSP proxy and a cache. The OCSP responder can provide the OCSP response. The OCSP proxy can receive the OCSP request from the end device, can send the OCSP request to the OCSP responder, can receive the OCSP response from the OCSP responder and can send the OCSP response to the end device. The cache can store information based on the OCSP response. The OCSP proxy can further store, in the cache, information based on the OCSP response and can send a proactive OCSP request to the OCSP responder based on a predetermined policy.

Abstract: A method and apparatus for delegating distribution of security keying material for the communication path between a mobile entity and a network service function, to the mobile entity. An authorization token is issued to the mobile entity which then supplies security keying material for the communication path. The keying material may be created by the Mobile entity itself. The mobile entity sends the security path material and the authorization token to a network service function. The network service function checks the authorization token to determine if the mobile entity is authorized to create the key material. If so, the received keying material is installed for use in securing the communication path with the mobile entity. The network service function may also be issued with a token to show that it is trusted by the issuer of the token.

Abstract: Various embodiments are described to address the problem of duplicated authentication processing in authorizing servers. Generally expressed, an authorizing server (220), such as an AAA server, sends (305) authorization material to a first access service node (210), such as a foreign agent or SIP agent. The authorization material is for a second access service node (230) and corresponds to a mobile node (201). The first access service node then forwards (307) the authorization material to the second access service node. By distributing the authorization material in this way, the second access service node need not communicate with the authorizing server to obtain the authorization material and neither does the authorizing server need to send messaging to both access service nodes. Thus, benefits such as reduced authorizing server load and reduced registration delays may be realized depending on the embodiment employed.

Abstract: Apparatus performs a method that includes the steps of: receiving (210) a location parameter request for a mobile entity; determining (220) a set of location parameters corresponding to the mobile entity, the set of location parameters comprising at least an identification of a current point of attachment of the mobile entity; and communicating (230) a response comprising at least a portion of the determined set of location parameters. Another method includes the steps of: receiving (310) a message comprising a set of location parameters corresponding to the mobile entity, wherein the set of location parameters is based on an identification of a current point of attachment of the mobile entity; and setting (320) a network access configuration for the mobile entity based on the set of location parameters.

Abstract: The invention provides for secure end-to-end user authentication by a remote server communicating with a communication device. The communication device further communicates with an authentication device, which provides a user authentication message to the communication device for forwarding to the remote server. The authentication device comprises a data store for storing user authentication credentials. A user authentication processor performs a local authentication of a user of the authentication device in response to a user input. An authentication processor generates the authentication message if the user authentication is valid. The authentication processor implements a cryptographic function based on the user authentication credentials. A transmitter then transmits the authentication message to the at least one communication device.

Abstract: An Authentication, Authorization, and Accounting (AAA) key, defining a first shared secret between a mobile node (108) and an AAA server (110), is acquired. A shared key becomes associated with the mobile node (108) and the VPN server (104). The shared key is formed, at least in part, from the AAA key. The shared key defines a second shared secret, which is between the mobile node (108) and the VPN server (104). A secure data tunnel is then established between the mobile node (108) and the VPN server (104) using the shared key.

Abstract: At least one candidate point-of-presence element to which at least one mobile node may be handed over from a first point-of-presence element is identified (201). In a preferred approach this occurs regardless of whether the point-of-presence elements differ from one another (for example, with respect to an enabling mobile node access technology, a service type, and/or a supported application to be handed over). A handover key is then derived (202) as corresponds at least to the identified point-of-presence element that use of that handover key is facilitated (203) to facilitate a possible handover of the mobile node from the first to the identified point-of-presence element. The handover key may also be used, if desired, to derive a pairwise handover key.

Abstract: Nonce exchange with a target BS is performed even when the MS connected to the source BS so when the mobile reaches the new BS, it will be able to create a fresh key quickly. Alternatively, the MS can provide the nonce directly to the target base station immediately (or very soon) upon handing over. In a similar manner, the mobile will receive the target BS nonce via one of several techniques. In a first embodiment of the present invention the target BS will share the BS nonce with the source BS which will provide the nonce to the MS. In a second embodiment of the present invention the target base station will transmit the nonce over-the-air to the MS as part to the initial exchanges leading to the set up of the wireless link between the MS and the target BS.