Abstract: Embodiments of this application provide a communication method and a network element device. The method includes: A first network function network element obtains integrity-protected attestation information, where the attestation information includes an attestation result and range indication information associated with the attestation result; generates a service request message when determining that a service provided by a second network function network element is to be requested; and sends the service request message to the second network function network element, where the service request message includes the attestation information and an identifier of the first network function network element. The method disclosed in this application can prevent and mitigate a potential security risk faced by a network function in a mobile communication network, especially faced by a network function implemented in a software or virtualization manner.

Abstract: Embodiments of the present disclosure disclose a data transmission method and a related device. The method includes: receiving a first data packet from a terminal device, where the first data packet includes a first QoT level of a service corresponding to the first data packet and a forwarding policy of the first data packet; obtaining a second QoT level of a second network device; and sending the first data packet to the second network device based on the first QoT level and the second QoT level and according to the forwarding policy. Embodiments of this disclosure help construct a trusted network route for data transmission.

Abstract: This disclosure discloses a device management method, system, and apparatus. The method includes: A second device sends an identity file to a first access control node, to indicate the first access control node to store the identity file in a file system, where the identity file includes identity information of a first device and a public key of the second device. The second device receives a first identifier sent by the first access control node. The first identifier is used to read the identity file from the file system. After verification is performed on the second device and information about a device associated with the first device in association information and succeeds, the first access control node sends the identity file to the file system. The association information is stored in a database node and a blockchain.

Abstract: A method for validation of virtual function pointers includes compiling a source code file with one or more classes whereby each of the classes has a virtual table, and the compiling includes associating a security check function with the virtual function invocation site such that the associated security check function is executed prior to an invocation of the virtual function, generating a class hierarchy hash table (CHHT), whereby when the compiled source code file is executed, the security check function is used to determine whether an invoked virtual function pointer of a virtual function associated with the security check function is valid by looking up an indicator in the CHHT according to a hash result of the virtual function pointer and an address of a virtual table containing the virtual function pointer.

Abstract: A vehicle-mounted device upgrade method and a related device. The method may be applied to a vehicle-mounted system, a vehicle-mounted control device and one or more to-be-upgraded vehicle-mounted devices, and the method may include: obtaining, by the vehicle-mounted control device, a vehicle-mounted upgrade package, where the vehicle-mounted upgrade package includes a plurality of upgrade files, and each upgrade file is used to upgrade at least one to-be-upgraded vehicle-mounted device; performing, by the vehicle-mounted control device, security verification on the plurality of upgrade files; and sending, by the vehicle-mounted control device, a target upgrade file to a target to-be-upgraded vehicle-mounted device that is to be upgraded by using the target upgrade file, where the target upgrade file is an upgrade file on which security verification succeeds in the plurality of upgrade files. According to this application, the vehicle-mounted device can be securely and efficiently upgraded.

Abstract: A system and method generate private keys for devices participating in a self-certified identity based encryption scheme. A private key is used by the devices to establish a common session key for encoding digital communications between devices.

Abstract: A method for authenticating a connection between a user device and a vehicle includes sending, by the vehicle, a first wireless signal through a connection channel, receiving, by the vehicle, a second wireless signal through the connection channel, and acquiring, by the vehicle, a second signal strength sequence from second N continuous signal strength characteristics (PFVeh) of the second wireless signal, receiving, by the user device from the vehicle, the first wireless signal, acquiring a first signal strength sequence from first N continuous signal strength characteristics (PFUDev) of the first wireless signal, and communicating, by the user device, the first signal strength sequence to the vehicle.

Abstract: This document describes a system and method for generating two types of session keys for encoding digital communications between two devices. In particular, the first type of session key possesses escrow properties whereby a trusted third party will be able to generate the first type of session key to decode the digital communications between the two devices while the second type of session key does not possess escrow properties.

Abstract: A method for authenticating a connection between a user device and a vehicle includes sending, by the vehicle, a first wireless signal through a connection channel, receiving, by the vehicle, a second wireless signal through the connection channel, and acquiring, by the vehicle, a second signal strength sequence from second N continuous signal strength characteristics (PFVeh) of the second wireless signal, receiving, by the user device from the vehicle, the first wireless signal, acquiring a first signal strength sequence from first N continuous signal strength characteristics (PFUDev) of the first wireless signal, and communicating, by the user device, the first signal strength sequence to the vehicle.

Abstract: This document describes a device and method for validation of virtual function pointers. The method is about compiling a source code file with one or more classes whereby each of the classes has a virtual table, the compiling comprises: associating a security check function with the virtual function invocation site such that the associated security check function is executed prior to an invocation of the virtual function; generating a Class Hierarchy Hash Table (CHHT); whereby when the compiled source code file is executed, the security check function is used to determine whether an invoked virtual function pointer of a virtual function associated with the security check function is valid by looking up a indicator in the CHHT according to a hash result of the virtual function pointer and an address of a virtual table containing the virtual function pointer.

Abstract: A network architecture for updating control units in a remote network such as in a vehicle comprises an administration module, a verification module and an agent module. The administration module formulates a policy for governing the update of control units based on context information about the control units provided to the administration module. In formulating the policy, the administration unit takes account of compatibility between the control units with regard to versions of the update so that the update can succeed. Or, if the update fails in whole or part, a stable state of the remote network can nevertheless still be obtained, since the administration module may provide error handling procedures for the agent module when errors are encountered during update.

Abstract: This document describes a system and method for generating two types of session keys for encoding digital communications between two devices. In particular, the first type of session key possesses escrow properties whereby a trusted third party will be able to generate the first type of session key to decode the digital communications between the two devices while the second type of session key does not possess escrow properties.

Abstract: A vehicle-mounted device upgrade method and a related device. The method may be applied to a vehicle-mounted system, a vehicle-mounted control device and one or more to-be-upgraded vehicle-mounted devices, and the method may include: obtaining, by the vehicle-mounted control device, a vehicle-mounted upgrade package, where the vehicle-mounted upgrade package includes a plurality of upgrade files, and each upgrade file is used to upgrade at least one to-be-upgraded vehicle-mounted device; performing, by the vehicle-mounted control device, security verification on the plurality of upgrade files; and sending, by the vehicle-mounted control device, a target upgrade file to a target to-be-upgraded vehicle-mounted device that is to be upgraded by using the target upgrade file, where the target upgrade file is an upgrade file on which security verification succeeds in the plurality of upgrade files. According to this application, the vehicle-mounted device can be securely and efficiently upgraded.

Abstract: This document discloses a system and method for verifying system integrity of an electronic device. The electronic device includes a verifier device provided within a secure environment of the electronic device and a scanner device provided within a normal environment of the electronic device whereby the secure environment comprises hardware that is isolated from the hardware in the normal environment, i.e. these two environments are hardware isolated.

Abstract: This document describes a system and method for generating private keys for devices participating in a self-certified identity based encryption scheme whereby the private key is used by the devices to establish a common session key for encoding digital communications between devices.

Abstract: A system and method for securing Short Message Service (SMS) communications between two communication devices disclosed herein. SMS communications between these two communication devices are secured using a SMS encryption technique that utilizes the communication device's unique address as inputs to encrypt and decrypt the SMS messages.

Abstract: This document discloses a system and method for verifying system integrity of an electronic device. The electronic device includes a verifier device provided within a secure environment of the electronic device and a scanner device provided within a normal environment of the electronic device whereby the secure environment comprises hardware that is isolated from the hardware in the normal environment, i.e. these two environments are hardware isolated.

Abstract: Embodiments of the application provide a mobile device architecture having non-protected environment and one or more protected containers for isolating application programs and application data according to their sensitivity or privacy levels. Access policy and exception policy are defined for each protected container to limit access to application program and data associated with or stored in the protected container(s). A communication monitor module is provided to implement the access and exception policy, and manage communication in the mobile device, including intra-container communication, inter-container communication and communication to and from the non-protected environment.