Abstract: Various embodiments include systems and methods to implement processing of web content for vulnerability assessments. A plurality of documents comprising web content may be obtained from multiple different web sources, and the documents may be parsed to determine a set of discrete document chunks. Parsing the documents includes determining whether a document satisfies a segmentation condition for segmenting the document into multiple discrete document chunks using a named-entity recognition system configured to segment the document based at least in part on a vulnerability identification. The discrete document chunks may be stored in a database, where vulnerability information is indexed such that each respective entry in the database corresponds to a respective vulnerability identification and a respective discrete document chunk.

Abstract: Techniques are disclosed for inline security key exchanges between network devices. An example network device includes one or more processors and memory coupled to the one or more processors. The memory stores instructions that, upon execution, cause one or more processors to obtain a first payload key and obtain a path key. The instructions cause the one or more processors to encrypt a first payload of a first packet using the first payload key and insert the first payload key into first metadata of the first packet. The instructions cause the one or more processors to encrypt the first metadata using the path key and send the first packet to another network device.

Abstract: An information processing apparatus according to an embodiment includes one or more hardware processor. The one or more hardware processor divides original data into a plurality of pieces of division data, each piece of the division data including a non-overlap with one another, and executes alteration processing in mutually different manners on the plurality of pieces of division data, the mutually different manners corresponding one-to-one to the plurality of pieces of division data.

Abstract: This disclosure provides techniques for recovering a root key from measurement of a circuit function. In some embodiments, a checkpointing feature is used to periodically mark measurements of this function and thereby track drift in the value of the root key over the life of a digital device; the checkpointing feature permits rollback of any measurement of the function in a manner that negates incremental drift and permits recovery of the root key for the life of a device (e.g., an IC circuit or product in which the IC is embedded). This disclosure also provides novel PUF designs and applications.

Abstract: A key generation method is provided. A first peer obtains an ephemeral key from a second peer via a server. The first peer uses the ephemeral key to compute a ciphertext that encrypts a first parameter. The first peer uses the first parameter to generate a session key. The ciphertext is sent to the server by the first peer to allow the second peer to generate the session key. The key may be subsequently used for communication, such as by using a key management algorithm such as Double Rachet.

Abstract: Embodiments include receiving input of a new message for a group of members having end-to-end encryption in which first keys encrypt and second keys decrypt the new message, determining that a subset of the members in the group is excluded from receiving the new message, and selectively encrypting the new message for the members of the group by encrypting the new message by first keys corresponding to ones of the members of the group while choosing not to encrypt the new message with first keys corresponding to the subset of the members. An aspect includes transmitting the new message encrypted by the first keys to the members, and in response to choosing not to encrypt the new message with first keys corresponding to the subset, causing a system message to be transmitted to the subset excluded from receiving the new message, the system message affecting a presentation to the subset.

Abstract: The present disclosure is directed to systems and methods of providing a secure quantum key distribution cryptosystem in which the quantum key data is exchanged between Alice and Bob using a quantum channel and the parity bits associated with the quantum key data are encrypted using a post-quantum computing (PQC) encryption method and communicated between Alice and Bob using a public channel.

Abstract: Systems and methods for managing group encryption are described. In certain methods, a content asset may be encrypted with an asset key. An account key may be determined. Using the account key, an encrypted content asset package may be generated. The asset key may make up at least a portion of the encrypted content asset package. The encrypted content asset package is decryptable with the account key. The encrypted content asset package and an identifier associated with the account key may be transmitted, for example to a playback device.

Abstract: A key-value storage device includes a nonvolatile memory device and a memory controller. The nonvolatile memory device stores a value, a key which is referenced to identify the value, and key age data which are changed based on an erase operation of the value, and the memory controller that receives an erase command directing erasing of the value corresponding to the key from a host, generates hash data, a size of which is smaller than a size of the key, in response to the erase command, and transmits a complete message to the host. The memory controller accesses the key and the key age data stored in the nonvolatile memory device based on the hash data and erases the value based on the accessed key and the accessed key age data during an idle time after the transmission of the complete message.

Abstract: A communication method implemented by a communications apparatus that is configured with a control rule parameter, where the control rule parameter includes a signature verification rule parameter, a message aggregation rule parameter, and a reporting control rule parameter, and the method includes receiving a first message, performing signature verification processing on the first message based on the signature verification rule parameter, performing, based on the message aggregation rule parameter, message aggregation processing on the first message after performing the signature verification processing to obtain a second message, and sending the second message to a server based on the reporting control rule parameter.

Abstract: A system, method, computer program product, and service for encrypting a message. A plaintext message to be encrypted is received as input data into a computer. A processor on the computer encrypts the plaintext message, using a public key having two components, each component having degree 4. The encrypted version of the input plaintext message is output as a ciphertext having two components, each component having degree 4.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. An ICC Master Key corresponding to the payment application is held by a trusted authority, such as the issuing bank. The trusted authority is adapted generate time-limited session keys on the basis of the ICC Master Key and distribute session keys to the payment application. Receipt of a session key by the payment application enables the payment application to conduct an EMV payment transaction. The session key is used to authorize a single EMV payment transaction.

Abstract: Secure device data records (DDRs) are provided. In some embodiments, a system for secure DDRs includes a processor of a wireless communication device for wireless communication with a wireless network, in which the processor is configured with a secure execution environment, and in which the secure execution environment is configured to: monitor service usage of the wireless communication device with the wireless network; and generate a plurality of device data records of the monitored service usage of the wireless communication device with the wireless network, in which each device data record is associated with a unique sequence order identifier; and a memory coupled to the processor and configured to provide the processor with instructions. In some embodiments, the secure execution environment is located in an application processor, in a modem processor, and/or in a subscriber identity module (SIM).

Abstract: According to one example, a system includes a second computing device that has one or more processors configured to receive encrypted data from a first computing device, the encrypted data being encrypted based on a first encryption key. The one or more processors are further configured to generate a second encryption key that matches the first encryption key, decrypt the encrypted data using the second encryption key, and transmit the data for use.

Abstract: An anti-counterfeit product of manufacture includes a housing defining a cavity. The housing is constructed of a first and second bodies forming an original joint at a parting line. Inner workings of the product are enclosed within the cavity. An encryption device includes an encryption-coded ceramics-based pin grid array embedded in the first body of the housing. An RFID circuit is connected with the ceramics-based pin grid array. The RFID circuit is configured to report out a confirmation signal based on the code set by the connected ceramics-based pin grid array upon an RFID reader interrogation trigger. The RFID circuit is programmed to prevent future reporting of the confirmation signal upon detachment of the ceramics-based pin grid array from the RFID circuit, such that the confirmation signal is configured to confirm both product authenticity and integrity of the original joint.

Abstract: A system for providing off-the-record functionality is provided herein. The system may include a processor configured to execute processor-executable instructions stored in non-transitory computer-readable medium to establish a video conference having a plurality of participants, each participant of the plurality of participants exchanging a plurality of audio or video streams via the video conference. The processor may also be configured to receive, from a first client device associated with one of the plurality of participants, a first audio stream or a first video stream of the plurality of audio or video streams, and record the plurality of audio or video streams within a recording. The processor may also be configured to receive an off-the-record request to begin an off-the-record time period, and in response to the off-the-record request, prevent at least one of the first audio stream or the first video stream from being included in the recording.

Abstract: This application provide a positioning method, including: obtaining, by a first electronic device, a first location of a second electronic device; determining a plurality of candidate locations by using the first location as a center point; selecting a plurality of candidate positioning locations from the plurality of candidate locations based on elevations and azimuths of a plurality of satellites relative to the candidate locations, grid data corresponding to the plurality of candidate locations, and signal parameters of broadcast signals received by the second electronic device from the plurality of satellites; and correcting the first location based on the plurality of candidate positioning locations, to output a corrected second location.

Abstract: An example device may include one or more processors to receive a request for a service from a requestor user device; provide transaction information associated with the service to a provider user device, where the transaction information may include location information corresponding to a location at which the service may be provided; obtain verification information from the requestor user device based on an interaction associated with the requestor user device or the provider user device at the location, where the verification information may include one or more characteristics of the requestor user device; generate a verification token based on the one or more characteristics of the requestor user device; and provide the verification information to the provider user device to permit the provider user device to verify the requestor user device, based on receiving the verification information and obtaining the verification token from the requestor user device.

Abstract: A mobile device is disclosed. The device includes a communicator, a GPS unit for calculating location information, a memory, a display, and a processor, and the processor is configured to generate movement path information of the mobile device by performing homomorphic encryption of a plurality of pieces of location information stored in the memory, transmit the movement path information to a server apparatus through the communicator, based on operation result data obtained by operating based on the movement path information and comparison target path information being transmitted from the server apparatus, decrypt the operation result data, and output a message notifying whether a route overlaps the comparison target path information based on a decrypted result through the display. Therefore, the route overlap is rapidly and accurately confirmed without invasion of privacy.

Abstract: A method and system of providing a second broadcast signal from a first broadcast signal is described. The method includes receiving a broadcast signal containing media content and data content and selecting, from the data content, a first portion containing control and configuration and a second portion containing replacement content. The method further includes converting the first portion and the second portion into a multicast internet protocol stream and processing the replacement content as a second broadcast signal using the control and configuration information. The system includes a transceiver that receives a broadcast signal, selects a first portion and a second portion of the data content, and converts the first portion of the data content and the second portion of the data content into a multicast internet protocol stream. The system further includes a gateway device that processes the replacement content using the control and configuration information.

Abstract: A method for updating a cryptographic key via a computation unit configured with one or more processors and a memory coupled to the one or more processors is disclosed. The method includes loading a base key into a cryptographic storage unit integrated with a cryptographic application. The method includes generating a temporal key based on the base key using a one-way key update algorithm via cryptographic application logic integrated within the cryptographic application. The temporal key is assigned an update count based on the number of updates performed on the temporal key. The method further includes comparing the update count value to a required update count, updating the temporal key if the update count is less than the required update count, and zeroizing the temporal key if the update count is more than the required update count, in which the temporal key may be regenerated with the required update count.

Abstract: The disclosure provides an approach for cryptographic agility. Embodiments include establishing, by a proxy component associated with a cryptographic agility system, a first secure connection with an application. Embodiments include receiving, by the proxy component, via the first secure connection, a communication from the application directed to an endpoint. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique based on contextual information related to the communication. Embodiments include establishing, by the proxy component, a second secure connection with the endpoint based on the cryptographic technique. Embodiments include transmitting, by the proxy component, a secure communication to the endpoint via the second secure connection based on the communication.

Abstract: A method for quantum routing is performed by a relay network node that is connected to a plurality of nearest-neighbor network nodes. The method includes receiving, from a source network node of the plurality of nearest-neighbor network nodes, a first command indicating a destination network node. The method includes selecting, based on the destination network node, a next-hop network node from the nearest-neighbor network nodes. The method includes determining a number of current quantum-entangled channels between the relay network node and the next-hop network node. The method includes establishing a new quantum-entangled channel between the relay network node and the next-hop network node in response to the number of current quantum-entangled channels being less than a threshold.

Abstract: A proximity based authentication system and method is described. The system includes a gateway, a cloud component, and a mobile device. The gateway is associated with a particular location and is communicatively coupled to a cloud component. The gateway includes a gateway short-range wireless radio capable of establishing a short-range wireless communication channel. The mobile device is also communicatively coupled the cloud component and includes a mobile device short-range wireless radio that communicates with the gateway using the short-range wireless communication channel when the mobile device is in proximity of the gateway. The mobile device receives a gateway key over the short-range wireless communication channel. The mobile device then communicates the gateway key to a cloud component database. The cloud component authenticates the particular location of the mobile device when the cloud component receives the gateway key from the mobile device.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. The data includes a plurality of characters. A portion of the anonymized data is selected as a search ID. A cross reference between a search key indicative of a portion of the received data and the corresponding search ID is stored.

Abstract: Embodiments are disclosed for a quantum key distribution (QKD) enabled intra-datacenter network. An example system includes a first QKD device and a second QKD device. The first QKD device includes a first quantum-enabled port and a first network port. The second QKD device includes a second quantum-enabled port and a second network port. The first quantum-enabled port of the first QKD device is communicatively coupled to the second quantum-enabled port of the second QKD device via a QKD link associated with quantum communication. Furthermore, the first network port of the first QKD device is communicatively coupled to a first network switch via a first classical link associated with classical network communication. The second network port of the second QKD device is communicatively coupled to a second network switch via a second classical link associated with classical network communication.

Abstract: Systems, methods, apparatuses, and computer program products directed to next generation (e.g., 5G systems) key set identifier(s) are provided. One method includes requesting, by a network node, authentication of a user equipment with an authentication server, receiving a master key and authentication parameters/vectors from the authentication server when authorization is successful, and verifying validity of the authentication request. When the verification is successful, the method may further include instantiating a security context for the user equipment and assigning a security context identifier for next generation system security context to the user equipment, and then sending a security mode command message to instruct the user equipment to instantiate security context using the security context identifier.

Abstract: A cover or components for cellphones or other digital devices featuring physical cryptography to forward and receive encrypted messages on a tamper-proof basis which uses physical encryption to send encrypted messages between two or more users, in which decoding of the forwarded message takes place by overlaying (30) on the cell phone device or digital device (1) a key image cover (20) matching the forwarded matrix image (10).

Abstract: A method for communication in a hearing system comprising the server device and a hearing device system, the hearing device system comprising a hearing device and a user accessory device with a user application installed thereon, the method includes: obtaining hearing device data for the hearing device; securing the hearing device data using a first security scheme to obtain a first output; securing the first output using a second security scheme to obtain a second output, wherein the second security scheme is different from the first security scheme; and transmitting the second output to the user accessory device.

Abstract: In one embodiment, a method includes receiving, at a social-networking system an identifier corresponding to a post item stored in the social-networking system, and information indicative of a plurality of coordinated user gestures input into a composition interface control. The composition interface control comprises a plurality of interface targets each associated with a respective musical note. The information comprises target musical note and timing data associated with each of the user gestures. The method further includes translating the plurality of coordinated user gestures into a musical composition that includes musical notation reflecting the musical note and timing data of each user gesture. The method also includes associating the musical composition with the post item, and in response to receiving a request for the post item, formatting the post item and a graphical representation of each note in the musical composition for display in a user interface control.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. The payment application is associated with a certificate and a corresponding hash. The hash is adapted to be generated on the basis of an application expiration date parameter, which is adapted to comprise data indicative of an expiration date of day level granularity associated with the certificate. During processing of the EMV transaction, the point-of-sale terminal verifies the hash, thereby establishing the authenticity of the application expiration date, and hence the validity of the certificate.

Abstract: Methods and systems for improved and novel encryption that make it difficult or impossible in any practical way to extract data that has been protected on the computing system. A computing device may receive authentication data from a client device. The computing device may generate an encryption key and a corresponding decryption key. The computing device may receive, from the client device, information associated with a timed access window. The computing device may send, to the client device, the encryption key. The computing device may receive, from the client device, a request for the corresponding decryption key. The computing device may calculate that the request for the corresponding decryption key is during the timed access window and send, to the client device, based on the request and the calculation that the request for the corresponding decryption key is during the timed access window, the corresponding decryption key.

Abstract: Methods and apparatus for providing protected content to subscribers of a managed (e.g., MSO) network via a content source accessible via an internetwork such as the Internet. In one embodiment, a user accesses a service provider portal (e.g., website), and requests content. The service provider determines whether the requesting user is permitted to access the content, and what rights or restrictions are associated with the user. This includes authenticating the user as a subscriber of the MSO, and determining the subscriber's subscription level. In another embodiment, a user's account with the MSO and service provider may be federated, thus a given user will have MSO-specific information regarding its identity (such as login information, GUID, etc.) and is able to perform a single sign on to request and receive content.

Abstract: The system is used by both Producer and Consumer of digital evidence, which use the system to provide a secure and irrefutable record of a transaction involving the use of the digital evidence to produce new protected digital evidentiary content, e.g. transcription, according to a set of rules and limitations on the use of the digital evidence over a specific period of time which expires after a certain time. The newly create evidentiary content along with security and metadata are evaluated, and results used to confirm that the evidence has been maintained according to the terms and conditions.

Abstract: Media, system, and method for providing encryption key management to a channel within a group-based communication system. The contents of the channel is encrypted according to the encryption key management policy of the organization to which the author of the content belongs and is stored in a data store. Responsive to a revocation request from a first organization, the encryption keys associated with any content in the channel submitted by the authors of said first organization may be revoked from a second organization, such that users of the second organization no longer have access to the content.

Abstract: Methods, systems and apparatus for quantum error correction. A layered representation of error propagation through quantum error detection circuits is constructed. The layered representation includes multiple line circuit layers that each represent a probability of local detection events in a quantum computing system associated with potential error processes in an execution of a quantum algorithm. To construct the layered representation, potential detection events associated with each potential error process occurring at quantum gates in the quantum circuit are determined. Lines are associated with each potential error process, the lines each connecting a potential detection event associated with the potential error process to another potential detection event associated with the same potential error process or a boundary of the quantum circuit. Similar lines are merged and used to construct unique line circuit layers.

Abstract: In order to acknowledge uplink frames transmitted from end devices to server equipment, the server equipment allocates the end devices to groups and to subgroups. The addresses of the end devices are constructed so as to identify the groups and subgroups to which said end devices belong. The server equipment carries out mass acknowledgements by group, by broadcasting a message wherein each subgroup of said group is associated with the same item of information acknowledging, or not, said uplink frames of all the end devices of said subgroup. The mass acknowledgement further includes information representing an estimated instant of next transmission of a mass acknowledgement for said group. The server equipment acknowledges, in unicast mode, the uplink frames received that have not been acknowledged by the mass acknowledgement.

Abstract: A method making modifications during a key phase of physical layer security methods and enabling the physical layer security methods to be applicable in a wireless communication is provided. The method includes a step of generating a K common key, including steps to be carried out at a modulator during a data transmission phase.

Abstract: Various embodiments relate to a method performed by a processor of a computing system. An example method includes determining a first cryptographic algorithm utilized in a first block of a first blockchain. The first block of the first blockchain has a first unique block identifier. A second cryptographic algorithm utilized in a second block of the first blockchain is determined. The second block of the first blockchain having a second unique block identifier. A first cryptographic algorithm status transition (“CAST”) event is defined if the second cryptographic algorithm is different than the first cryptographic algorithm. A first CAST record is defined upon occurrence of the first CAST event. The first CAST record includes the second cryptographic algorithm and the second unique block identifier. The first CAST record is digitally signed and stored on a second blockchain. The second blockchain may be referenced out-of-band of the first blockchain.

Abstract: Implementations of the present specification provide a model-based prediction method and apparatus. The method includes: a model running environment receives an input tensor of a machine learning model; the model running environment sends a table query request to an embedding running environment, the table query request including the input tensor, to request low-dimensional conversion of the input tensor; the model running environment receives a table query result returned by the embedding running environment, the table query result being obtained by the embedding running environment by performing embedding query and processing based on the input tensor; and the model running environment inputs the table query result into the machine learning model, and runs the machine learning model to complete model-based prediction.

Abstract: The disclosed embodiments disclose techniques for extracting encryption keys to enable monitoring services. During operation, an encrypted connection is detected on a computing device. A monitoring service harvests an encryption key for this encrypted connection from the memory of a computing device and then forwards the encryption key to an intercepting agent in an intermediate computing environment that intercepts encrypted traffic that is sent between the computing device and a remote service via the encrypted connection.

Abstract: A method for voiceprint recognition of an original speech is used to reduce information losses and system complexity of a model for data recognition of a speaker's original speech. The method includes: obtaining original speech data, and segmenting the original speech data based on a preset time length to obtain segmented speech data; performing tail-biting convolution processing and discrete Fourier transform on the segmented speech data through a preset convolution filter bank to obtain voiceprint feature data; pooling the voiceprint feature data through a preset deep neural network to obtain a target voiceprint feature; performing embedded vector transformation on the target voiceprint feature to obtain corresponding voiceprint feature vectors; and performing calculation on the voiceprint feature vectors through a preset loss function to obtain target voiceprint data, where the loss function includes a cosine similarity matrix loss function and a minimum mean square error matrix loss function.

Abstract: A service monitors password and username use while maintaining username and password privacy by receiving a hash of a username, a hash of a password, and a host name and comparing the received hashes against a database of associated host names and hashes of usernames and passwords. When the comparison determines that the hash of the new password meets certain conditions, e.g., no hash in the database matches the hash of the new password, then the new password may be allowed and the service informs the security component accordingly.

Abstract: Distributed storage system and method for transmitting storage-related messages between host computers in a distributed storage system uses a handshake operation of a first-type communication connection between a source data transport daemon of a source host computer and a target data transport daemon of a target host computer to derive a symmetric key at each of the source and target data transport daemons. The two symmetric keys are sent to a source data transport manager of the source host computer and to a target data transport manager of the target host computer. The source and target data transport managers then use the same symmetric keys to encrypt and decrypt storage-related messages that are transmitted from the source data transport manager to the target data transport manager through multiple second-type communication connections between the source and target data transport managers.

Abstract: Polynomial multiplication for side-channel protection in cryptography is described. An example of an apparatus includes one or more processors to process data; a memory to store data; and polynomial multiplier circuitry to multiply a first polynomial by a second polynomial, the first polynomial and the second polynomial each including a plurality of coefficients, the polynomial multiplier circuitry including a set of multiplier circuitry, wherein the polynomial multiplier circuitry is to select a first coefficient of the first polynomial for processing, and multiply the first coefficient of the first polynomial by all of the plurality of coefficients of the second polynomial in parallel using the set of multiplier circuits.

Abstract: Keystream generators for secure data transmission, the keystream generators being operated in counter mode, against repeated or improper generation of an already generated keystream and to protect the data transmission against repeated use of a keystream, so-called reuse are provided. The keystream generator is operated, with respect to realization options, selectively in one of two operating modes, an encryption operating mode and a decryption operating mode. In the encryption operating mode, a keystream generated on the basis of a first control data set is used to encrypt data, in particular payload data, to form cipher-data, the product of ciphered data or payload data. In the decryption operating mode, a keystream generated on the basis of a second control data set is used to decrypt the cipher-data. The keystream is output only if the generation of the keystream from the encryption of a counter value of the keystream generator operated in counter mode with a block cipher key is error-free.

Abstract: Disclosed herein are methods, systems, and processes for the enhanced crawling of unexposed web applications for vulnerability scanning purposes. A response to a request generated to a web application is received and a web application framework detection routine on the response for web application frameworks is executed. A determination is made that a web application framework is part of the response and the response is loaded in a web browser associated with the web application. A custom web application framework hook for the web application framework is injected into a web page of a web browser and a list of Document Object Model (DOM) elements and corresponding event handlers is received. A determination is made, based on the list, to execute DOM events to discover functionality of the web application. The web page is loaded in the web browser, the DOM events are executed, and network activity of the web browser during execution of the DOM events is recorded.

Abstract: There is provided a method performed by a network unit, and a corresponding network unit as well as a corresponding wireless communication device, for supporting interworking and/or idle mode mobility between different wireless communication systems, including a higher generation wireless system and a lower generation wireless system, to enable secure communication with the wireless communication device. The method comprises selecting, in connection with a registration procedure and/or a security context activation procedure of the wireless communication device with the higher generation wireless system, at least one security algorithm of the lower generation wireless system, also referred to as lower generation security algorithm(s). The method also comprises sending a control message including information on the selected lower generation security algorithm(s) to the wireless communication device.

Abstract: In one embodiment, a computer-implemented method performed by a data processing (DP) accelerator includes receiving, at the DP accelerator, first data representing an artificial intelligence (AI) model that has been previously trained from a host processor; receiving, at the DP accelerator, a request to implant a watermark in the AI model from the host processor; and implanting, by the DP accelerator, the watermark within the AI model. The DP accelerator then transmits second data representing the AI model having the watermark implanted therein to the host processor. In embodiment, the method further includes extracting, at the DP accelerator, a watermark algorithm identifier (ID) from the request to implant a watermark; and generating the watermark using a watermark algorithm identified by the watermark algorithm ID.

Abstract: Disclosed are a communication scheme and a system thereof for converging an IoT technology and a 5G communication system for supporting a high data transmission rate beyond that of a 4G system. A method and an apparatus for configuring a connection with a second device, which provides access to a network, by a first device in a communication system, is provided. The method includes discovering the second device supporting a neighbor awareness network (NAN) and located within a predetermined range from the first device, exchanging an ephemeral key of the first device for identifying the first device and an ephemeral key of the second device for identifying the second device, and performing a secure connection between the first device and the second device.