Abstract: This invention introduces methods and mechanisms of partial integrity protection in mobile systems. A user equipment (UE), comprising: a memory configured to store instructions; and a processor configured to execute the instructions to: receive, from a network device, user plane data having integrity protection; send an error indication indicating an integrity protection error relating to the user plane data; and receive retransmitted user plane data from the network device with a reduced data rate, based on the error indication.

Abstract: The present disclosure provides a User Equipment (UE) comprising a transceiver circuit; and a controller configured to control the transceiver circuit to send, to an Access and mobility Management Function (AMF) of a communication node, an identifier, wherein upon successful authentication of a network access function of the UE in the communication node, the controller is configured to maintain a secure connection with the communication node.

Abstract: The system (1) of the invention is configured to receive information relating to relay devices (11, 17-19) present in a certain spatial area and determine relay configuration information for the relay devices from the information. The relay configuration information instructs the relay devices when to receive and/or relay data units and when not to receive and/or relay data units. The system is further configured to transmit the relay configuration information to the relay devices. The relay device of the invention is configured receive a data unit from a further device (21) or not in dependence on the received relay configuration information and/or relay a received data unit to the cellular communication network (31) or not in dependence on the received relay configuration information.

Abstract: The system (1) of the invention is configured to receive information relating to relay devices (11,17-19) present in a certain spatial area and determine relay configuration information for the relay devices from the information. The relay configuration information instructs the relay devices when to receive and/or relay data units and when not to receive and/or relay data units. The system is further configured to transmit the relay configuration information to the relay devices. The relay device of the invention is configured receive a data unit from a further device (21) or not in dependence on the received relay configuration information and/or relay a received data unit to the cellular communication network (31) or not in dependence on the received relay configuration information.

Abstract: The present disclosure relates to method of enabling key re-usage for an electronic device. The method comprising: receiving a request message from the electronic device, wherein the request message comprises a first information being indicative of a preference for one of a first key associated with a first network node in a first network or a second key associated with a second network node in a second network; processing the request message to determine the preference indicated in the first information; and transmitting a response message to the electronic device for reusing the first key or second key, the electronic device is configured to derive a third key based on the first key or the second key as indicated in the determined preference, and the second network is able to access to the first key and the second key whereas the first network cannot access the second key.

Abstract: A client device (13) is configured to transmit a relay request to a relay device (14). The relay request comprises a first device identifier identifying the client device and one or more first link identifiers identifying one or more links of which at least one links a further device (12) with a network node via the client device. The client device is further configured to receive an acceptance message accepting the relay request from the relay device and transmit data associated with the one or more links to the relay device in dependence on receipt of the acceptance message. The relay device is configured to receive the relay request from the client device, determine whether the relay request can be accepted, associate the first device identifier with each of the first link identifiers, and transmit the acceptance message upon determining that the relay request can be accepted.

Abstract: The present disclosure may be implemented in the form of a method or corresponding apparatus for sending signaling messages through an IPX proxy from a first network element. The at least one example embodiment includes a first network element located on a first mobile network, the first network element configured to establish an initial signaling connection with a second network element on a second mobile network. The first network element may be configured to send a signaling request message to the second network element, receive a signaling response message from the second network element, the received signaling response message including an indication of an IPX proxy selected by the second network element. The first network element may be further configured to establish a signaling connection with the IPX proxy indicated in the received signaling response message, and send a second signaling request message to the IPX proxy for mediation service.

Abstract: Provided is a user equipment (UE) including a first Subscriber Identity Module (SIM) and a second SIM, the UE is configured to receive, from a network node, a first token derived from a seed token using a first cryptographic key associated with the first SIM; derive a first third order token by encrypting the received first token using a second cryptographic key associated with the second SIM; and send the third order token to the network node.

Abstract: A method in a user equipment (UE), the method comprising: storing security keys, wherein each of the security keys corresponds to a RAT (Radio Access Technology); receiving from a communications apparatus, a message including information of a first RAT which the UE communicates with; and determining a first security key in the security keys based on the information of the first RAT, the first security key being used to verify integrity of the message.

Abstract: The present disclosure provides a terminal including a memory; and a processor, comprising hardware, configured to perform a primary authentication between the terminal and a network in 5G for a third party service, derive a security key, KAUSF, and derive an identifier for the security key from the security key.

Abstract: This disclosure introduces methods and mechanisms of integrity protection in 4G and 5G system, especially in the context of Dual Connectivity (DC) involving both 4G and 5G base stations.

Abstract: The invention relates to a system comprising a mobile device (1), a device (13b) for transmitting information, a device (15) hosting a device registry (14) and a wireless device (3a). The mobile device (1) comprises a receiver, a transmitter, storage means and a processor.

Abstract: The present disclosure provides a User Equipment (UE) comprising a transceiver circuit; and a controller configured to control the transceiver circuit to send, to an Access and mobility Management Function (AMF) of a communication node, an identifier, wherein upon successful authentication of a network access function of the UE in the communication node, the controller is configured to maintain a secure connection with the communication node.

Abstract: This invention introduces methods and mechanisms of partial integrity protection in mobile systems. A user equipment (UE), comprising: a memory configured to store instructions; and a processor configured to execute the instructions to: receive, from a network device, user plane data having integrity protection; send an error indication indicating an integrity protection error relating to the user plane data; and receive retransmitted user plane data from the network device with a reduced data rate, based on the error indication.

Abstract: A device (1) is configured to derive a first security key based on information relating to a first node (17), to request use of or to use a further device (9) as a relay to the mobile communication network and to determine whether the further device is connected to the first node and/or receive a message when another device, e.g. the first node, has determined that the further device is not connected to the first node. The device is further configured to, upon determining that the further device is not connected to the first node or upon receipt of the message, derive a second security key based on information relating to a second node (11) to which the further device is connected and transmit information via the further device, the information being encrypted using the second security key.

Abstract: The system of the invention is configured to receive from a client device (41) located in the mobile communication network (1) a request to connect to a home area network (5), determine an identifier of a residential gateway (61) in the home area network or of a fixed-line network (3) to which the home area network is coupled, and transmit a request for an address and a range of addresses in the home area network to the residential gateway or the fixed-line network corresponding to the determined identifier. The system is further configured to receive the address and the range of addresses from the residential gateway or the fixed-line network, transmit the address to the client device, establish a tunnel with the residential gateway and establish a forwarding rule at a forwarding function (15) of the mobile communication network.

Abstract: The service-providing device (11, 18, 19) of the invention is configured to obtain a code associated with the service-providing device, to wirelessly transmit the code, and to receive data from a service-using device (1,2) in response to the wireless transmission. The code does not comprise characteristics of the service-providing device. The service-using device of the invention is configured to receive information about one or more service-providing devices located on a secure local area network (29) over the secure local area network. The information comprises a code for each of the one or more service-providing devices. The service-using device is further configured to select one or more of the received codes, listen for wireless transmission of the selected one or more codes, and transmit data to a device which wirelessly transmitted at least one of the selected one or more codes.

Abstract: A system for sending a relay notification comprises a transceiver and a processor. The processor is configured to use the transceiver to receive a request for allowing a mobile device to be used by a further mobile device as a relay to a mobile communication network. The processor is further configured to determine whether the mobile device is to act as a relay for the further mobile device based on the unique identifier of the further mobile device, and to use the transceiver to notify the mobile device that it is to act as a relay for the further mobile device in dependence on the determination. The mobile device is configured to receive the notification from the system. The processor is further configured to start relaying data received from the further mobile device to the mobile communication network upon receiving the notification.

Abstract: The invention relates to a method for controlling access for a user equipment to at least one local device via an intermediary system that is configured to connect to a local network and to a public network. The user equipment is connected to the public network and the at least one local device is connected to the local network. The method comprises a number of steps in the intermediary system. One of these steps is storing one or more location conditions for access for the user equipment to the at least one local device. Another step is receiving first location information of the user equipment over the public network, the first location information indicating a location of the user equipment. Yet another step is controlling access for the user equipment to the at least one local device by verifying whether the first location information satisfies the one or more location conditions. The invention further relates to the intermediary system used in the method.

Abstract: An apparatus is provided. The apparatus includes a memory storing one or more instructions and a processor. The processor execute the one or more instructions to: receive update information from an external apparatus, the update information corresponding to a network communication; obtain a Subscription Concealed Identifier (SUCI) based on the update information; and transmit the SUCI to the external apparatus.