Abstract: There is provided a method comprising: generating and sharing an initial value of an integrity token between an endpoint node and a security backend computer, collecting data at the endpoint node, wherein dissimilar data types are aligned as input events, generating a new integrity token every time a new input event is written to a local repository of the endpoint node, wherein the new integrity token is generated based on the new input event and a prior integrity token that was generated prior to the new integrity token, removing the prior integrity token generated prior to the new integrity token from the endpoint node each time a new integrity token has been generated, and sending one or more input events with the new integrity token to the security backend computer for enabling the security backend computer checking integrity of the data received from the endpoint.

Abstract: The present disclosure relates to authentication methods, apparatus, and systems. In one example authentication method, user equipment (UE) sends a first request message to a first authentication node, where the first request message includes first indication information indicating whether the UE includes a universal subscriber identity module (USIM). The UE receives a second request message sent by the first authentication node, where the second request message includes a random number (RAND) and an authentication token (AUTN) in first authentication information or in second authentication information, where the first authentication information is for the USIM included in the UE, and the second authentication information is for mobile equipment included in the UE when the UE does not include the USIM. The UE determines a root key and a user response (RES) based on the second request message.

Abstract: A network authentication system comprises user equipment (UE), a service network (SN) and a home network (HN). The HN generates an expected user response (XRES) based on an identifier of the UE and generate an indicator, and sends the part of XRES and the indicator to the SN. The SN receives the part of XRES and indicator, and receives a user response (RES) from the UE. The SN then compares the RES with the XRES base on the indicator, and sends a confirmation message to the HN when the comparison succeeds.

Abstract: This application provides an extended authentication method and apparatus for a generic bootstrapping architecture and a storage medium. A first network element obtains a bootstrapping transaction identifier (B-TID) and a key lifetime; and the first network element sends the B-TID and the key lifetime to the terminal, so that the terminal performs extensible authentication protocol (EAP)-based generic bootstrapping architecture (GBA) authentication and key agreement (AKA) authentication with the first network element based on the B-TID and the key lifetime.

Abstract: There is provided a method comprising: generating and sharing an initial value of an integrity token between an endpoint node and a security backend computer, collecting data at the endpoint node, wherein dissimilar data types are aligned as input events, generating a new integrity token every time a new input event is written to a local repository of the endpoint node, wherein the new integrity token is generated based on the new input event and a prior integrity token that was generated prior to the new integrity token, removing the prior integrity token generated prior to the new integrity token from the endpoint node each time a new integrity token has been generated, and sending one or more input events with the new integrity token to the security backend computer for enabling the security backend computer checking integrity of the data received from the endpoint.

Abstract: A network authentication system comprises user equipment (UE), a service network (SN) and a home network (HN). The HN generates an expected user response (XRES) based on an identifier of the UE and generate an indicator, and sends the part of XRES and the indicator to the SN. The SN receives the part of XRES and indicator, and receives a user response (RES) from the UE. The SN then compares the RES with the XRES base on the indicator, and sends a confirmation message to the HN when the comparison succeeds.

Abstract: The present disclosure describes example mobile equipment, network nodes, and related methods. One example mobile equipment comprises a transceiver configured to receive at least one encoded temporary identifier and obtain a confidentiality key and an integrity key. At least one processor of the mobile equipment is configured to derive a privacy key for the mobile equipment based on the confidentiality key and the integrity key, and then derive at least one temporary identifier based on the privacy key.

Abstract: A method of communication between a first node and a second node for a system where a plurality of different channels is provided between said first and second node. The method comprises the step of calculating an integrity output. The integrity output is calculated from a plurality of values, some of said values being the same for said different channels. At least one of said values is arranged to comprise information relating to the identity of said channel, each channel having a different identity. After the integrity output has been calculated, Information relating to the integrity output is transmitted from one of said nodes to the other.

Abstract: A sender and a receiver includes first and second arrays of coupled oscillators, respectively, that are substantially identically constructed so as to exhibit substantially the same dynamical response to excitation. A chaotic waveform generated at the sender is transmitted to the receiver, which generates a second chaotic waveform, and compares the received waveform with the generated second waveform. If the first and second waveforms match the sender is an authorized sender. An integrated circuit includes an array of coupled oscillators that in combination generate a waveform in response to at least one excitation signal. The array of coupled oscillators represents, in response to application of the excitation signals, a multi-dimensional security key that is shared between the sender of the waveform and the receiver of the waveform.

Abstract: A method and apparatus for intersystem mobility security context handling between different radio access networks which can include a receiver configured to receive a tracking area update message from a user terminal. The message can include a first key identifier configured to identify a mapped security context and a second key identifier configured to identify a cached security context. A verifier can be configured to verify the tracking area update message with a key identified by the first or second key identifier.

Abstract: Systems and techniques for key management in mobile ad hoc networks are described. Pseudonyms are defined for group members of mobile ad hoc networks such that a pseudonym in a message can be deterministically identified with the sending device only by the sending device and the message recipient. Key management for a group is performed by a group manager, and key management may include key renewal and revocation. Key renewal is performed by a group manager, with the group manager using a set of couple pseudonyms, including a couple pseudonym between the manger and each group member. Key renewal employs a renewal key used to encrypt the updated group key, and the group manager updates the group key be transmitting a message to each group member in proximity, with the message being identified using the couple pseudonym of the manager and the group member.

Abstract: A method includes receiving a command to change a medium access control (MAC) address associated with a wireless local area network (WLAN) apparatus; and changing the medium access control address, without restarting a wireless modem of the apparatus, only if a restriction on an allowed rate of medium access control address changes is not violated. An apparatus that operates in accordance with the method is also described.

Abstract: A set of associated keys for an authentication process to be performed in a second network is calculated based on a random value used in an authentication process of a first network.

Abstract: The invention proposes a method for transmitting a message to a plurality of user entities in a network by using a multicast service, comprising the steps of encrypting a multicast message by using ciphering, and sending the encrypted multicast message to the plurality of user entities simultaneously. The invention also proposes a corresponding multicast service control device and a corresponding user entity.

Abstract: An identifier containing at least one encrypted part is received at a first network entity. A second network entity may then be determined based on the identifier. A request for assistance in decryption of the identifier from the second network entity may be sent from the first entity to the second network entity. The second network entity may then assist the first networks entity in an appropriate manner.

Abstract: Message authentication in an ad-hoc network. Upon creation of a message, a message authentication code is created using a key shared with members of a group comprising a subset of nodes of the ad-hoc network. The message authentication code may be created using a cryptographic process having the message and a message identifier as inputs. After or in parallel with broadcast of the message, a pointer to the message is broadcast. The message authentication code is publicly broadcast and those members of the group among which the key has been shared are able to authenticate the message as coming from a particular sender.

Abstract: The user equipment (UE) and the Mobility Management Entity (MME) in an evolved 3GPP system generate authentication material that can be carried inside a packet switched network temporary mobile station identifier (P-TMSI) signature field of a Universal Mobile Telecommunications System (UMTS) signaling message from the UE to a UMTS/GPRS serving GPRS support node (SGSN) in a UMTS or GPRS Terrestrial Radio Access Network (UTRAN) or in a GSM/Edge Radio Access Network (GERAN), as well as from the SGSN to the MME of the evolved 3GPP system. The MME authenticates a context transfer request from the UTRAN/GERAN system based on the transferred authentication material and knowledge of how to create or to verify the authentication material. Additionally, the MME and the UE derive or verify authentication material, based on at least one user-specific key, for embedding in the P-TMSI signature field in legacy 3GPP signalling.

Abstract: A method for providing efficient management of certificate revocation may comprise storing a list of identifiers of digital certificates including a revocation list defining a list of revoked certificates in an accumulator, storing a witness value in association with at least some entries in the revocation list in which the witness value provides proof of the membership or non-membership of an identifier in the revocation list, enabling generation of a new accumulator and a new witness value responsive to each insertion or deletion of an entry in the revocation list, and enabling batch updates to the revocation list using a reduced bitlength value generated based on to a ratio of a value generated based on elements added to the revocation list to a value generated based on elements deleted from the revocation list. A corresponding apparatus is also provided.

Abstract: A method of communication between a first node and a second node for a system where a plurality of different channels is provided between said first and second node. The method comprises the step of calculating an integrity output. The integrity output is calculated from a plurality of values, some of said values being the same for said different channels. At least one of said values is arranged to comprise information relating to the identity of said channel, each channel having a different identity. After the integrity output has been calculated, Information relating to the integrity output is transmitted from one of said nodes to the other.

Abstract: A method includes receiving a command to change a medium access control (MAC) address associated with a wireless local area network (WLAN) apparatus; and changing the medium access control address, without restarting a wireless modem of the apparatus, only if a restriction on an allowed rate of medium access control address changes is not violated. An apparatus that operates in accordance with the method is also described.