Abstract: Because of the line-of-sight character of optical wireless communication and a limited field-of-view of optical receivers, the coverage of an access point and the overlapping coverage area of adjacent access points in an optical system are smaller as compared to a RF system. It turns more challenging to support an end point (110) to roam securely in an optical multi-cell wireless communication network. To speed up the derivation of a new pairwise transient key with a new access point during a handover procedure, the end point of this invention comprises a controller (118) that is configured to act as a second supplicant (1181), on behalf of a first supplicant (1186) comprised in a host processor (1185), to communicate with an authenticator to establish a new pairwise transient key for the end point (110) and a candidate access point, and an active pairwise transient key with the currently associated access point is used to secure the communication for new key derivation.

Abstract: Because of the line-of-sight character of optical wireless communication and a limited field-of-view of optical receivers, the coverage of an access point (120) and the overlapping coverage area of adjacent access points (120) in an optical system are smaller as compared to a RF system. It turns more challenging to support an end point (110) to roam securely in an optical multi-cell wireless communication network (100). To address that problem, a subsystem is disclosed to select for the end point (110) a candidate access point out of the plurality of access points (120) in view of one or more neighbor relationships, and to inform the end point (110) about the candidate access point to trigger the end point (110) to start a procedure for pre-establishing a new pairwise transient key between the end point (110) and the candidate access point (120) for a secure handover.

Abstract: Because of the line-of-sight character of optical wireless communication and a limited field-of-view of optical receivers, the coverage of an access point and the overlapping coverage area of adjacent access points in an optical system are smaller as compared to a RF system. It turns more challenging to support an end point (110) to roam securely in an optical multi-cell wireless communication network. To speed up the derivation of a new pairwise transient key with a new access point during a handover procedure, the end point of this invention comprises a controller (118) that is configured to act as a second supplicant (1181), on behalf of a first supplicant (1186) comprised in a host processor (1185), to communicate with an authenticator to establish a new pairwise transient key for the end point (110) and a candidate access point, and an active pairwise transient key with the currently associated access point is used to secure the communication for new key derivation.

Abstract: There is disclosed a method for facilitating transactions carried out by a mobile device, wherein: the mobile device executes a smart card application; the smart card application receives a cryptographic algorithm from a transaction server external to the mobile device; the smart card application further receives transaction data from said transaction server; the cryptographic algorithm encrypts said transaction data and stores the encrypted transaction data in a storage unit of the mobile device. Furthermore, a corresponding computer program product and a corresponding mobile device for carrying out transactions are disclosed.

Abstract: A method and apparatus for updating an encryption key for performing encrypted communication over a communications network. The method comprises, within a timestamp distribution node, transmitting a message to at least one timestamp reception node of the communications network containing a timestamp value. The method further comprises, within the at least one timestamp reception node, receiving the message from the timestamp distribution node and extracting the timestamp value. Wherein, within each of the timestamp distribution node and the at least one timestamp reception node, the method comprises generating at least one updated encryption key for performing encrypted communication based at least partly on the extracted timestamp value.

Abstract: An example communications apparatus includes a plurality of communicatively-interconnected communication domains and an electronic switch, integrated as part of a first domain of the plurality of communicatively-interconnected communications domains. The electronic switch effects secure communications of data over the one or more channels specific to the first domain, by using a first circuit and a second circuit. The first circuit is used to obtain and process sampled channel properties associated with the one or more channels specific to the first domain. The second circuit is used to generate, in response to the first circuit, a domain-specific code that is generated pseudo-randomly using the processed sampled channel properties, the domain-specific code being used for coding data conveyed over the one or more channels specific to the first domain.

Abstract: An example network communication device include a communication circuit and a processing circuit. The communication circuit securely communicates over a network using a rotating code and the processing circuit enter a sleep mode at which time values of the rotating code are unknown by the network communication device. The processing circuit enters the sleep mode by requesting another network communication device of the network to authorize entering the sleep mode, and entering the sleep mode responsive to an indication verifying that the network communication device and the other network communication device agree on a set of secure parameters that is created pseudo-randomly, wherein the processing circuit enters the sleep mode with the set of secure parameters as stored for awakening but without storage of the values of the rotating key.

Abstract: An apparatus comprising an authentication processor configured to, based on received firmware and predetermined cryptographic authentication information, provide for cryptographic based authentication of the received firmware to control execution of the received firmware by any one of a plurality of processors. Each processor of the plurality of processors is uniquely addressable by a boot sequencer.

Abstract: According to a first aspect of the present disclosure, a method for facilitating secure communication in a network is conceived, comprising: encrypting, by a source node in the network, a cryptographic key using a device key as an encryption key, wherein said device key is based on a device identifier that identifies a destination node in the network; transmitting, by said source node, the encrypted cryptographic key to the destination node. According to a second aspect of the present disclosure, a corresponding non-transitory, tangible computer program product is provided. According to a third aspect of the present disclosure, a corresponding system for facilitating secure communication in a network is provided.

Abstract: An example network communication device include a communication circuit and a processing circuit. The communication circuit securely communicates over a network using a rotating code and the processing circuit enter a sleep mode at which time values of the rotating code are unknown by the network communication device. The processing circuit enters the sleep mode by requesting another network communication device of the network to authorize entering the sleep mode, and entering the sleep mode responsive to an indication verifying that the network communication device and the other network communication device agree on a set of secure parameters that is created pseudo-randomly, wherein the processing circuit enters the sleep mode with the set of secure parameters as stored for awakening but without storage of the values of the rotating key.

Abstract: An example communications apparatus includes a plurality of communicatively-interconnected communication domains and an electronic switch, integrated as part of a first domain of the plurality of communicatively-interconnected communications domains. The electronic switch effects secure communications of data over the one or more channels specific to the first domain, by using a first circuit and a second circuit. The first circuit is used to obtain and process sampled channel properties associated with the one or more channels specific to the first domain. The second circuit is used to generate, in response to the first circuit, a domain-specific code that is generated pseudo-randomly using the processed sampled channel properties, the domain-specific code being used for coding data conveyed over the one or more channels specific to the first domain.

Abstract: A method for facilitating network joining is disclosed, wherein, while a communication session is active between a network gateway and an NFC device comprised in or connected to a networkable device, the following steps are performed: the network gateway obtains a first cryptographic key associated with the networkable device; the network gateway encrypts, using said first cryptographic key, a network key associated with a network; the network gateway provides the encrypted network key to the networkable device, such that the networkable device may decrypt the encrypted network key using a second cryptographic key. Furthermore, a corresponding computer program product and a corresponding system for facilitating network joining are disclosed.

Abstract: According to a first aspect of the present disclosure, a relay device for use in near field communication (NFC) transactions is provided, said relay device comprising a communication unit, wherein said communication unit comprises an NFC controller and a wireless communication controller which are operatively connected to each other through a physical interface, said NFC controller being arranged to establish communication with an NFC-enabled device that is external to the relay device, and said wireless communication controller being arranged to establish communication with a wireless device that is external to the relay device, wherein the communication unit is arranged to relay transaction data between the NFC-enabled device and the wireless device. According to a second aspect of the present disclosure, a corresponding method for facilitating near field communication (NFC) transactions is conceived.

Abstract: According to a first aspect of the present disclosure, a method is conceived for securing data communicated in a network, the method comprising: receiving, by a destination node in the network, at least one message transmitted by a source node in the network; generating, by said destination node, a session key by executing a one-way function that takes at least a part of a last received message and an initial key as input parameters; using, by said destination node, the session key for encrypting or decrypting said data. Furthermore, according to a second aspect of the present disclosure, a corresponding computer program product is conceived. Furthermore, according to a third aspect of the present disclosure, a corresponding system is conceived.

Abstract: An apparatus comprising: a firmware authentication element configured to, based on received firmware and predetermined cryptographic authentication information, provide for cryptographic based authentication of the received firmware to control execution of the received firmware by any one of a plurality of processors.

Abstract: There is disclosed a portable security device for securing a data exchange between a host device and a remote device, said portable security device comprising a processing unit, a secure element and a data interface, wherein: the secure element is arranged to store an encryption key and a decryption key; the processing unit is arranged to control the encryption of data to be transmitted from the host device to the remote device, wherein said encryption is performed using said encryption key; the processing unit is further arranged to control the decryption of data transmitted from the remote device to the host device, wherein said decryption is performed using said decryption key. Furthermore, a corresponding method for securing a data exchange between a host device and a remote device using a portable security device is disclosed, as well as a corresponding computer program product.

Abstract: A method and apparatus for updating an encryption key for performing encrypted communication over a communications network. The method comprises, within a timestamp distribution node, transmitting a message to at least one timestamp reception node of the communications network containing a timestamp value. The method further comprises, within the at least one timestamp reception node, receiving the message from the timestamp distribution node and extracting the timestamp value. Wherein, within each of the timestamp distribution node and the at least one timestamp reception node, the method comprises generating at least one updated encryption key for performing encrypted communication based at least partly on the extracted timestamp value.

Abstract: According to a first aspect of the present disclosure, a method for facilitating secure communication in a network is conceived, comprising: encrypting, by a source node in the network, a cryptographic key using a device key as an encryption key, wherein said device key is based on a device identifier that identifies a destination node in the network; transmitting, by said source node, the encrypted cryptographic key to the destination node. According to a second aspect of the present disclosure, a corresponding non-transitory, tangible computer program product is provided. According to a third aspect of the present disclosure, a corresponding system for facilitating secure communication in a network is provided.

Abstract: According to an aspect of the invention, an electronic lock is conceived, being adapted to harvest energy from a radio frequency (RF) connection established between a mobile device and said electronic lock, further being adapted to use the harvested energy for processing an authorization token received via said RF connection from the mobile device, and further being adapted to use the harvested energy for controlling an unlocking switch in dependence on a result of said processing.

Abstract: A time manager controls one or more timing functions on a circuit. The time manager includes a data storage and a time calculator. The data storage device stores a first indication of a performance characteristic of a memory cell at a first time. The data storage device also stores a second indication of the performance characteristic of the memory cell at a second time. The time calculator is coupled to the data storage device. The time calculator calculates a time duration between the first time and the second time based on a change in the performance characteristic of the memory cell from the first indication to the second indication.