Abstract: Disclosed herein are user equipment (UE) configured to communicate with a vehicle-to-everything (V2X) control function (CF) and a V2X Key Management Function (KMF). The UE includes processing circuitry configured to select a broadcast service from a plurality of available broadcast services and encode a key request message for transmission to the V2X KMF. The key request message includes a service identification (ID) of the selected broadcast service and identification of V2X security techniques supported by the UE. A key response message received from the V2X KMF in response to the key request message is decoded. The key response message identifies a V2X security technique of the V2X security techniques. The identified V2X security technique is execute to obtain security credentials provisioned by the V2X KMF. Data is encoded for transmission to a second UE during the selected broadcast service, where the encoding is based on the provisioned security credentials.

Abstract: A registrar device is delegated enrollment authority for a group by a group authority. The registrar device identifies a particular asset device in association with a reconfiguration of a machine-to-machine (M2M) system that includes the group. The registrar device identifies an enrollment request for enrollment of the particular asset device within the group of devices in association with the reconfiguration of the M2M system and communicates with the particular device to initiate enrollment of the particular device within the group of devices, where enrollment of the particular device includes provisioning the particular device with a group access credential.

Abstract: Certain embodiments herein are directed to managing wireless spectrum, which may include recommending or transmitting spectrum usage changes to one or more wireless devices. A spectrum management system comprising one or more computers may receive spectrum usage information associated with one or more wireless devices. The spectrum management system may generate a spectrum usage map based on the received information. Based on the spectrum usage map, a spectrum usage change is determined and transmitted to one or more wireless devices. The wireless devices may change their operation in accordance with the spectrum usage change.

Abstract: Embodiments are directed to enrollment of an endpoint device in a secure domain. An enrollment request is sent to a delegated registrar (DR) device to initiate a trust-establishment procedure with the DR device to establish initial connectivity and an initial symmetric key to be shared between the DR and the endpoint device. The DR device provides to the endpoint device limited-use credentials for group-access key establishment, and group connectivity parameters for accessing a group administrator (GA) device. The endpoint device and the GA device perform a group-enrollment procedure in which the endpoint device provides the limited-use credentials to the GA device and receives, from the GA device, the group-access key.

Abstract: In one embodiment, a computing device includes at least one hardware processor to execute instructions, a network interface to enable communication with a second computing device and a third computing device, and at least one storage medium. Such medium may store instructions that when executed by the computing device enable the computing device to request delegation of a key provisioning privilege for the second computing device from the third computing device via a parent-guardian delegation protocol comprising a three-party key distribution protocol with the second computing device and the third computing device, the three-party key distribution protocol having interposed therein a two-party authenticated key exchange protocol between the computing device and the third computing device. Other embodiments are described and claimed.

Abstract: A registrar device is delegated enrollment authority for a group by a group authority. The registrar device identifies a particular asset device in association with a reconfiguration of a machine-to-machine (M2M) system that includes the group. The registrar device identifies an enrollment request for enrollment of the particular asset device within the group of devices in association with the reconfiguration of the M2M system and communicates with the particular device to initiate enrollment of the particular device within the group of devices, where enrollment of the particular device includes provisioning the particular device with a group access credential.

Abstract: Disclosed herein are user equipment (UE) configured to communicate with a vehicle-to-everything (V2X) control function (CF) and a V2X Key Management Function (KMF). The UE includes processing circuitry configured to select a broadcast service from a plurality of available broadcast services and encode a key request message for transmission to the V2X KMF. The key request message includes a service identification (ID) of the selected broadcast service and identification of V2X security techniques supported by the UE. A key response message received from the V2X KMF in response to the key request message is decoded. The key response message identifies a V2X security technique of the V2X security techniques. The identified V2X security technique is execute to obtain security credentials provisioned by the V2X KMF. Data is encoded for transmission to a second UE during the selected broadcast service, where the encoding is based on the provisioned security credentials.

Abstract: In some embodiments, the invention involves information routing in networks, and, more specifically, to defining a framework using swarm intelligence and utilization of the defined framework for routing information in the network, especially for cloud computing applications. In an embodiment, information about available information/services is pushed to network nodes using information packets (ants). Nodes requiring services send query packets (ants) and a node may send a response to a query ant when information is available. Ants may be forwarded throughout the network based on popularity of nodes, freshness of information/requests, routing table information, and requests or interest by consumer nodes captured in information routing table. Other embodiments are described and claimed.

Abstract: Embodiments are directed to enrollment of an endpoint device in a secure domain. An enrollment request is sent to a delegated registrar (DR) device to initiate a trust-establishment procedure with the DR device to establish initial connectivity and an initial symmetric key to be shared between the DR and the endpoint device. The DR device provides to the endpoint device limited-use credentials for group-access key establishment, and group connectivity parameters for accessing a group administrator (GA) device. The endpoint device and the GA device perform a group-enrollment procedure in which the endpoint device provides the limited-use credentials to the GA device and receives, from the GA device, the group-access key.

Abstract: In one embodiment, a computing device includes at least one hardware processor to execute instructions, a network interface to enable communication with a second computing device and a third computing device, and at least one storage medium. Such medium may store instructions that when executed by the computing device enable the computing device to request delegation of a key provisioning privilege for the second computing device from the third computing device via a parent-guardian delegation protocol comprising a three-party key distribution protocol with the second computing device and the third computing device, the three-party key distribution protocol having interposed therein a two-party authenticated key exchange protocol between the computing device and the third computing device. Other embodiments are described and claimed.

Abstract: A system and method for negotiating a pairwise master key (“PMK”) in wireless mesh networks. The system includes a plurality of mesh points that are configured to perform an abbreviated handshake protocol in negotiating a PMK and establishing a secure connection. The method for establishing a negotiated PMK is based on selecting a PMK before transmitting any data, and arranging available PMKs in a predetermined list so that a PMK can be negotiated in a limited number of exchanges.

Abstract: This disclosure is directed to data prioritization, storage and protection in a vehicular communication system. A black box (BB) in a vehicle may receive data from an on-board unit (OBU) and a vehicular control architecture (VCA). The OBU may interact with at least one RSU that is part of an intelligent transportation system (ITS) via at least two channels, at least one of the at least two channels being reserved for high priority messages. The OBU may transmit ITS data to the BB via a secure communication channel, which may be stored along with vehicular data received from the VCA in encrypted form. In response to a request for data, the BB may authenticate a requesting party, determine at least part of the stored data to which the authenticated party is allowed and sign the at least part of the stored data before providing it to the authenticated party.

Abstract: This disclosure is directed to data prioritization, storage and protection in a vehicular communication system. A black box (BB) in a vehicle may receive data from an on-board unit (OBU) and a vehicular control architecture (VCA). The OBU may interact with at least one RSU that is part of an intelligent transportation system (ITS) via at least two channels, at least one of the at least two channels being reserved for high priority messages. The OBU may transmit ITS data to the BB via a secure communication channel, which may be stored along with vehicular data received from the VCA in encrypted form. In response to a request for data, the BB may authenticate a requesting party, determine at least part of the stored data to which the authenticated party is allowed and sign the at least part of the stored data before providing it to the authenticated party.

Abstract: Key derivation procedures and key hierarchies compatible with the mesh link establishment protocol for use in a mesh network. A single cryptographic primitive may be utilized, which is a key derivation function, denoted as kdfK, where K is a cached pairwise master key. The result of the function kdfK may be used to derive the keys used to secure both link establishment and the data subsequently exchanged over the link.

Abstract: Certain embodiments herein are directed to managing wireless spectrum, which may include recommending or transmitting spectrum usage changes to one or more wireless devices. A spectrum management system comprising one or more computers may receive spectrum usage information associated with one or more wireless devices. The spectrum management system may generate a spectrum usage map based on the received information. Based on the spectrum usage map, a spectrum usage change is determined and transmitted to one or more wireless devices. The wireless devices may change their operation in accordance with the spectrum usage change.

Abstract: Certain embodiments herein are directed to predictive pre-caching of content for user devices. A service provider system may receive predictive pre-cache information associated with a user from a user device. The service provider system may obtain content based at least in part on the predictive pre-cache information associated with the user. The service provider system may determine a non-congested time to transmit the obtained content. The service provider system may transmit the content to the user device at the non-congested time.

Abstract: An embodiment of the invention includes an article with instructions that enable a first unit to: (a) sense the first unit's local surroundings to determine sensed data; (b) receive and decrypt encrypted context data directly from a second unit (the second unit located nearby the first unit and the context data corresponding to the first unit's local surroundings); and (c) based on the sensed data and the decrypted context data, communicate directly with the second unit. Other embodiments are described herein.

Abstract: In some embodiments, the invention involves information routing in networks, and, more specifically, to defining a framework using swarm intelligence and utilization of the defined framework for routing information in the network, especially for cloud computing applications. In an embodiment, information about available information/services is pushed to network nodes using information packets (ants). Nodes requiring services send query packets (ants) and a node may send a response to a query ant when information is available. Ants may be forwarded throughout the network based on popularity of nodes, freshness of information/requests, routing table information, and requests or interest by consumer nodes captured in information routing table. Other embodiments are described and claimed.

Abstract: In some embodiments, the invention involves information routing in networks, and, more specifically, to defining a framework using swarm intelligence and utilization of the defined framework for routing information in the network, especially for cloud computing applications. In an embodiment, information about available information/services is pushed to network nodes using information packets (ants). Nodes requiring services send query packets (ants) and a node may send a response to a query ant when information is available. Ants may be forwarded throughout the network based on popularity of nodes, freshness of information/requests, routing table information, and requests or interest by consumer nodes captured in information routing table. Other embodiments are described and claimed.

Abstract: An embodiment of the invention includes an article with instructions that enable a first unit to: (a) sense the first unit's local surroundings to determine sensed data; (b) receive and decrypt encrypted context data directly from a second unit (the second unit located nearby the first unit and the context data corresponding to the first unit's local surroundings); and (c) based on the sensed data and the decrypted context data, communicate directly with the second unit. Other embodiments are described herein.