Abstract: A network node (21), which is placed within a core network, stores a list of network elements (24) capable of forwarding a trigger message to a MTC device (10). The network node (21) receives the trigger message from a transmission source (30, 40) placed outside the core network, and then selects, based on the list, one of the network elements to forward the trigger message to the MTC device (10). The MTC device (10) validates the received trigger message, and then transmits, when the trigger message is not validated, to the network node (21) a reject message indicating that the trigger message is not accepted by the MTC device (10). Upon receiving the reject message, the network node (21) forwards the trigger message through a different one of the network elements, or forwards the reject message to transmission source (30, 40) to send the trigger message through user plane.

Abstract: An SeNB informs an MeNB that it can configure bearers for the given UE. At this time, the MeNB manages the DRB status, and then sends a key S-KeNB to the SeNB. The MeNB also sends a KSI for the S-KeNB to both of the UE and the SeNB. After this procedure, the MeNB informs an EPC (MME and S-GW) about the new bearer configured at the SeNB, such that the S-GW 50 can start offloading the bearer(s) to the SeNB 30. Prior to the offloading, the EPC network entity (MME or S-GW) performs verification that: 1) whether the request is coming from authenticated source (MeNB); and 2) whether the SeNB is a valid eNB to which the traffic can be offload.

Abstract: In order for efficiently managing communications between a UE (10) and multiple SCSs (20_1-20_n), the UE (10) includes, in one message, multiple pieces of data to be transmitted to the SCSs (20_1-20_n), and sends the message to an MTC-IWF (30). The MTC-IWF (30) receives the message from the UE (10), and distributes the date to the SCSs (20_1-20_n). Each of the SCSs sends (20_1-20_n), to the MTC-IWF (30), data to be transmitted to the UE (10) and an indicator that indicates for the SCSs (20_1-20_n) the time tolerance until the data is transmitted to the UE (10). The MTC-IWF (30) receives the data and the indicators from the SCSs (20_1-20_n), and determines when to forward the data to the UE (10) based on the indicators.

Abstract: A UE (10) provides information on potential S?eNB(s). The information is forwarded from an MeNB (20_1) to an M?eNB (20_2) such that the M?eNB (20_2) can determine, before the handover happens, whether the M?eNB (20_2) will configure a new SeNB (S?eNB) and which S?eNB the M?eNB (20_2) will configure. In one of options, the MeNB (20_1) derives a key S?-KeNB for communication protection between the UE (10) and the S?eNB (30_1), and send the S?-KeNB to the M?eNB (20_2). In another option, the M?eNB (20_2) derives the S?-KeNB from a key KeNB* received from the MeNB (20_1). The M?eNB (20_2) sends the S?-KeNB to the S?eNB (30_1). Moreover, there are also provided several variations to perform SeNB Release, SeNB Addition, Bearer Modification and the like, in which the order and/or timing thereof can be different during the handover procedure.

Abstract: Upon receiving a triggering message from a MTC server (20), a network (10) verifies if the MTC server (20) is authorized to trigger a target MTC device (30) and also if the MTC device (30) is authorized to respond the triggering message, by comparing an MTC device ID and MTC server ID (and optionally information on subscription) which are include in the triggering message with authorized ones. Upon succeeding in the verification, the network (10) checks a trigger type included in the triggering message to verify if the triggering message is authorized to be sent to the MTC device (30). Upon succeeding in the check, the network (10) forwards the triggering message to the MTC device (30). The network (10) also validates a response from the MTC device (30), by checking whether the MTC device (30) is allowed to communicate with the addressed MTC server (20).

Abstract: A method of performing a secure discovery of devices in ProSe communication by a requesting device (21) and the receiving device (22), including requesting a ProSe service request to a ProSe server (24) from the requesting device, performing verification on the requesting and receiving devices by the ProSe server, performing a discovery procedure by the ProSe server to obtain location information of the receiving device, and sending a ProSe service result to the requesting device. The performing discovery procedure includes sending the ProSe service request to a receiving device, performing source verification to see if the request is from an authorized ProSe server and checking discovery criteria to see whether the discovery criteria should have the requested service by the receiving device, and sending a accept message to the ProSe server, if the performing source verification and the checking discovery criteria are successful.

Abstract: In order for supporting separate ciphering at an MeNB (20) and an SeNB (30), the MeNB (20) derives separate first and second keys (KUPenc-M, KUPenc-S) from a third key (KeNB). The first key (KUPenc-M) is used for confidentially protecting first traffic transmitted over U-Plane between the MeNB (20) and a UE (10). The first key (KUPenc-M) may be the same as current KUPenc or a new key. The second key (KUPenc-S) is used for confidentially protecting second traffic transmitted over the U-Plane between the UE (10) and the SeNB (30). The MeNB (20) sends the second key (KUPenc-S) to the SeNB (30). The UE (10) negotiates with the MeNB (20), and derives the second key (KUPenc-S) based on a result of the negotiation.

Abstract: There is provided a solution as to how the authentication and thus the authorization of the webRTC IMS Client can be achieved in the IMS of the mobile network operator. The WIC (20) is using an ID to register with IMS, which may be an IMPU, an IMPI, gGRUU etc. The WIC (20) may be preconfigured by the WWSF (30) with the eP-CSCF (40) address and authentication information, but if not, then this information should be retrieved via the WWSF (30) or from the IMS directly or via other device management procedures e.g. OMA DM. It is further assumed that the subscriber has already a valid webRTC account/membership and this can be validated, authenticated and authorized by the WWSF (30).

Abstract: In order for effectively managing security of ProSe (Proximity based Services) communication, a server forming a communication system monitors locations of a plurality of UEs that are grouped to conduct direct communication with each other. The server manages security of the direct communication based on the locations.

Abstract: In order for making MTC more efficient and/or secure, a base station (20) forming a communication system connects a UE (10) to a core network. A node (50) serves as an entering point to the core network for a service provider, and transmits traffic between the service provider and the UE (10). The node (50) establishes, as a connection to the base station (20), a first connection for directly transceiving messages between the node (50) and the base station (20). Alternatively, the node (50) establishes a second connection for transparently transceiving the messages through a different node (30) that is placed within the core network and has established a different secure connection to the base station (20).

Abstract: In order for effectively ensuring security for direct communication in ProSe, a ProSe Function acquires from a 3rd party root keys for each of UEs to derive a pair of session keys for securely conducting direct communication with different UEs, and distributes the acquired root keys to each of the UEs. Each of the UEs derives the session keys by using one of the distributed root keys. Moreover, a plurality of UEs, which form a communication system, and are allowed to conduct direct communication with each other when the UEs are in proximity to each other, share public keys of the UEs therebetween through a node which supports the direct communication upon successfully registering the UEs with the node. Each of the UEs verifies at least a request for the direct communication by using one of the public keys.

Abstract: A method for preparing un-hardened ceramic micro-electrolysis fillers by industrial solid wastes comprises: (1) Scrap iron, lignin, red mud and clay was completely mixed as mass ratio (4-5):(2-3):(1-3):3 and then made into pellets; (2) The dried pellets were sintered without oxygen. The production could be used in wastewater treatment, which could not only increase biodegradability but also decrease CODCr and toxicity in a short time.

Abstract: In order for charging SDT and MTC device trigger over control plane, there is provided a network node (40) that relays messages over a control plane (T5 and Tsp) between an MTC device (10) and an SCS (50). The network node (40) counts the number of messages successfully relayed, and generates a CDR in accordance with the counted number. The messages are SDT messages delivered from the MTC device (10) to the SCS (50), SDT messages delivered from the SCS (50) to the MTC device (10), or MTC device trigger messages delivered from the SCS (50) to the MTC device (10). The network node (40) transfers the CDR to an OCF (31) or a CDF (32).

Abstract: When MME receives Handover required from source eNB/HeNB which contains CSG ID, it verifies whether the CSG subscription data it stores is fresh or expired. If it is expired, or if MME does not have any association data for UE, MME retrieves the latest CSG subscription data from HSS. MME rewrites its stored CSG subscription data with the one retrieved from HSS, if they are different. MME performs access control for the UE according to the CSG ID received from Handover required message and its CSG subscription data. When the access control is failed, a new message List Update Indication is proposed to be sent from source eNB/HeNB to UE. In order to indicate what caused the failure, an appropriate cause in the message is proposed. Upon receiving the message, UE updates its stored CSG whitelist, such that the CSG subscription data in UE and MME are synchronized.

Abstract: In order to improve security upon distributing a group key, there is provided a gateway (20) to a core network for a group of MTC devices (10_1-10_n) communicating with the core network. The gateway (20) protects confidentiality and integrity of a group key, and distributes the protected group key to each of the MTC devices (10_1-10_n). The protection is performed by using: a key (Kgr) that is preliminarily shared between the gateway (20) and each of the MTC devices (10_1-10_n), and that is used for the gateway (20) to authenticate each of the MTC devices (10_1-10_n) as a member of the group; or a key (K_iwf) that is shared between an MTC-IWF (50) and each of the MTC devices (10_1-10_n), and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF (50) and each of the MTC devices (10_1-10_n).

Abstract: A secure system 1 includes a requesting device (L01) which requests a communication, and a receiving device (L03) which receives a communication request from the requesting device (L01). The requesting device (L01) and the receiving device (L03) are members of a specific group when the requesting device (L01) discovers the receiving device (L03). The requesting device (L01) is allowed to communicate with the requesting device (L01) by a network used by the specific group or by the receiving device upon a proof being provided by a network used by the specific group, the devices (L01) and (L03) being able to perform a mutual authentication over a direct wireless interface, or the receiving device (L03) checking a list maintained by a user on members of the specific group of devices for ProSe service purpose.

Abstract: A method of forming a secure group in ProSe communication includes requesting a service request to a ProSe server from a requesting device (21), the service request indicating a request to communicate with a receiving device (22) from the requesting device (21), performing verification on the requesting and receiving devices (21) and (22) by the ProSe server 24, sending a ProSe Service Result to the requesting and receiving devices (21) and (22) to inform to be allowed a group member, and starting a group security establishment of the group including the requesting and receiving devices (21) and (22).

Abstract: A method of performing authentication and authorization in Proximity based Service (ProSe) communication by a requesting device (31) which sends a request of a communication and a receiving device (32) which receives the request from the requesting device (31) and (32), the method including deriving session keys Kpc and Kpi from an unique key Kp at the requesting and receiving devices (31) and (32), using the session keys Kpc and Kpi for ProSe communication setup and direct communication between the requesting and receiving devices (31) and (32), starting the direct communication with the requesting and receiving devices (31) and (32). The key Kpc is confidentiality key and the key Kpi is integrity protection key.

Abstract: A method for preparing un-hardened ceramic micro-electrolysis fillers by industrial solid wastes comprises: (1) Scrap iron, lignin, red mud and clay was completely mixed as mass ratio (4-5):(2-3):(1-3):3 and then made into pellets; (2) The dried pellets were sintered without oxygen. The production could be used in wastewater treatment, which could not only increase biodegradability but also decrease CODCr and toxicity in a short time.

Abstract: A method for providing device connectivity to a radio access network, wherein at least two devices are connectable or connected to the radio access network and wherein the at least two devices are members of a group of devices within a wireless local network, the members of the group of devices having the capability to establish a direct connection with other members of the group of devices, includes providing connection information used for a connection between a first device of the at least two devices and the radio access network to a second device of the at least two devices. The connection information enables the second device to connect to the radio access network.