Abstract: Systems and methods that update configuration parameters on a UE using control plane functionalities. In one embodiment, an AMF element of a mobile network receives a control plane message from a UDM element that includes a UE configuration parameter update for the UE. The UE configuration parameter update is security protected via a secured packet, integrity protection, etc. The AMF element is configured to transparently send the UE configuration parameter update to the UE. Thus, AMF element inserts the UE configuration parameter update (that is security protected) in a container of a Non-Access Stratum (NAS) message, and sends the NAS message to the UE. The UE may then update its configuration parameters based on the update when security checks are complete.

Abstract: A method and an electronic device for training a classifier to identify a user of the electronic device are provided. The method comprises: receiving training key stroke data associated with the user, a given portion of the training key stroke data having been generated in response to the user inputting a respective symbol of a predetermined text into the electronic device, by interacting with a given key of the plurality of keys; determining, based on the given portion of the training key stroke data, a plurality of time intervals associated with the user; determining most stable ones of the plurality of time intervals for inclusion thereof in a training set of data; training, based on the training set of data, the classifier to determine if the predetermined text inputted into the electronic device in future has been inputted by the user.

Abstract: The present disclosure relates to a 5th (5G) generation) or pre-5G communication system for supporting a higher data transmission rate beyond a 4th (4G) generation communication system such as long term evolution (LTE). According to various embodiments of the present disclosure, an apparatus of a user data management (UDM) for a first cellular network in a wireless communication system may include at least one transceiver, and at least one processor operatively coupled with the at least one transceiver, the at least one processor may be configured to receive a request message for security of a second cellular network from an access and mobility management function (AMF) for the first cellular network, and transmit to the AMF a response message for transmitting a security key for an eNB of the second cellular network to the eNB, and the security key may be obtained from the base security key of the second cellular network.

Abstract: Methods and network devices implement a lawful interception (LI) trigger control function as an LI target handler and a modified trigger control function. A generic LI triggering interface enables the modified trigger control function to query the LI target handler regarding whether entities using a network function instance are in a target list. The LI target handler has to meet the LI security requirements, but the modified trigger control function does not have to meet such requirements.

Abstract: The present invention describes an architecture for increasing the performance of blockchain using a virtual actor model to provide stateful services that are highly scalable and responsive to events as they support publishing and/or subscribing to streaming messages and/or events. The architecture as described leverages established distributed design practices to achieve what would otherwise require costly resource intensive hardware.

Abstract: User equipment performing communication with a core network node by using network slices obtained by logically dividing a network includes: means for sending information related to security of one network slice; and means for sending identity information of the one network slice in a secure method, based on a request to send information in the secure method sent from the core network node based on the sent information.

Abstract: A solution for efficient and secure automated age assurance checking in association with a third party workflow involving an interaction between a user having an associated email address, and a target service. A request to estimate an age of the user is received and includes the email address. In response, the system issues a query to one or more data sources, each data source being of a different type and having an age attribute associated therewith. The data source(s) return responses to the queries. The system then associates an age attribute (typically, a minimum age) to each indication received from each data source queried. Based on a frequency of occurrence of the indications and the associated age attributes, a digital footprint that includes an estimate of the individual's minimum age is derived. A response (e.g., the estimated minimum age) to the request is then returned to the third party workflow.

Abstract: Data in a portable electronic device is protected by using external and internal status detection means to determine if the device is misplaced, lost, or stolen. The device then takes, singly or in combination, one of several actions to protect the data on the device, including declaring its location to an owner or service provider, locking the device or specific functions of the device to disable all data retrieval functionality, erasing or overwriting all the stored data in the device or, where the data has been stored in the device in an encrypted format, destroying an internally-stored encryption key, thereby preventing unauthorized access to the encrypted data in the device.

Abstract: Apparatus and associated methods relate to a singular event notification system (SENS). In an illustrative example, the SENS may automatically authenticate a singular event signal and dynamically generate an event action package as a function of an event notification signal. The operation, for example, may include retrieving a user notification profile (UNP) associated with a user account upon receiving an event notification signal (ENS). For example, the UNP may include relevant entities to be notified in response to the ENS. If the ENS is authorized based on the UNP, for example, the SENS apply an action model to the UNP to generate an event action package to be transmitted to a predetermined destination. For example, the event action package may include customized forms and contact instructions generated based on entities identified based on the UNP. Various embodiments may advantageously generate a timely and secure response to the relevant entities.

Abstract: First data is stored. A request for the first data is received from a communication device over a link established with a communication device. An access control engine comprising circuitry is to control access to the first data to the communication device based on an authentication state of the communication device and a protection state of the link.

Abstract: Provided is an authentication system capable of preventing determination that authentication of a person to be authenticated succeeds even though determination as to whether matching information matches registration information is not performed when authentication using two factors is performed. A determination unit 43 determines whether or not the matching information matches the registration information. A signature generation unit 21 of a client 10 generates a signature based on the message by using a signature key. A signature determination unit 34 determines whether or not the signature is a correct signature by using a first verification key, a message, and the signature. When it is determined that the matching information matches the registration information and it is determined that the signature is the correct signature, the authentication determination unit 37 determines that the authentication succeeds.

Abstract: Apparatus and associated methods relate to providing secure gatekeeping of communication from a remote internet-based website having an Internet-Protocol (IP) address to an implantable biomedical device. A gatekeeping device receives the communication transmitted by the remote internet-based website. The communication received is encoded using a first encoding algorithm. The gatekeeping device decodes the communication received. The gatekeeping device then encodes the communication decoded using a second encoding algorithm. The gatekeeping device wirelessly relays the communication encoded using the second encoding algorithm to the implantable biomedical device.

Abstract: Systems, methods, and devices authenticate mobile network cellular cells using asymmetric/public-key cryptography algorithms (e.g., Digital Signature Algorithm (DSA)) through integrity protecting the cellular cells broadcasted messages (e.g., paging and/or system information blocks (SIBs) system information broadcast messages) by message authentication code (MAC).

Abstract: A continuous authentication system and related methods are provided. The system detects requests to perform user actions. A security value is associated with each user action. The system determines a subsequent session security level in response to an adjustment to a session security level by a security value of a requested user action. The requested user action is permitted and the session security level is adjusted based on the security value of the requested user action in response to a determination by the system that the subsequent session security level is greater than or equal to a threshold session security level. A user authentication challenge is caused (e.g., prompted) in response to a determination by the system that the subsequent session security level is less than the threshold session security level.

Abstract: A method, including, associating a wireless tracker with an asset, tracking a location of the asset via the wireless tracker, determining a recipient mobile device authorized to accept receipt of the asset, determining a recipient mobile device holder is authorized to accept receipt of the asset, determining if the location of the asset is within a defined delivery location, determining if the authorized recipient mobile device is within the defined delivery location, sending a passcode to the authorized recipient mobile device if the authorized recipient mobile device location and the location of the asset are within the defined delivery location, receiving an authenticated passcode from the authorized recipient mobile device within the defined delivery location and notifying a delivery agent that delivery of the asset is approved.

Abstract: According to an embodiment, a communication control device includes a first communication system connected between a first device and a network communication network, and a second communication system connected between the first device and the network communication network separately from the first communication system. The first communication system and the second communication system each include a controller. The controller executes switching such that one of the communication systems executes communication in the first communication mode, and when a problem is detected in the communication system that is executing communication in the first communication mode, the other communication system executes communication in the first communication mode.

Abstract: A method that is performed to access data nodes of a data cluster. The method includes obtaining, by a data access gateway (DAG), a request from a host; and in response to the request, obtaining bidding counters from the data nodes; obtaining metadata mappings from the data nodes; identifying, based on the bidding counters and metadata mappings, a data node of the data nodes associated with a highest bidding counter of the bidding counters and an appropriate metadata mapping of the metadata mappings; and sending the request to the data node.

Abstract: Methods and devices employed in providing lawful interception (LI) by products related to a service session of an LI target as a unique chain. The packets sent to a legal enforcement agency are chained and have shorter headers. The number of packets is reduced by including both intercept-related information (IRI) and content of communications (CC) in the same packet if time-wise appropriate.

Abstract: A method for distributed assignment of yields of a facility to participating persons on the basis of a smart meter gateway network comprising smart meter gateways comprises storing information with regard to participation of a person in the facility, in a chain of data sets cryptographically linked to one another in the smart meter gateway network; storing a smart contract in a chain of data sets, the smart contract being uniquely allocated to the facility and containing facility parameters necessary to calculate yields of the facility; receiving energy information produced by the facility by at least one smart meter gateway; storing the energy information or information derived therefrom in a chain of data sets; calculating yield tokens on the basis of the energy information and the smart contract; and assigning a part of the yield tokens to a participating person on the basis of the participation information.

Abstract: A data platform provides for encryption of secrets. During operation, an application of the data platform receives a secret and communicates the secret to an encryption client of the data platform. The encryption client generates an encrypted secret using a Data Encryption Key (DEK) and the secret. The encryption client communicates the DEK to an encryption server of the data platform while retaining the encrypted secret. The encryption server generates an encrypted DEK using a Transit Encryption Key TEK. The encryption server communicates the encrypted DEK to the encryption client and the encryption client generates a binary large object (blob) using the retained encrypted secret and the encrypted DEK. The application stores the blob on a data storage device.