Abstract: This Application describes efficient cellular service transfer mechanisms to move cellular services that are based on cellular service credentials, e.g., eSIMs, between accessory wireless devices under various scenarios, including in some embodiments transfer of multiple eSIMs. The first and second accessory wireless devices and the primary wireless device are associated with a common user account. Transfer of credentials for cellular service access can occur between two accessory wireless devices via the primary wireless device, where the primary wireless device and the accessory wireless devices interact with applicable network-based servers.

Abstract: A method for singularizing frames to be transmitted by an object connected to a server via a low-power wireless communication network. The singularization method includes an integration, in a frame to be transmitted identifying the transmitting connected object and including payload data, of at least: a counter that can be incremented as a function of the frame to be transmitted, the counter having a predefined dimension; and a supplementary index that can be modified upon a zeroing of the counter. Thus, two frames originating from one and the same object with the same payload data will be unique because they will include at least one counter and at least one supplementary index that are distinct. The use of the supplementary index makes it possible, without reducing the lifetime of the connected object, to singularize a greater number of frames.

Abstract: Methods and systems provide for receiving, at a remote server, first data and a first sharing key acquired from a first processor associated with a first medical practice, and receiving, at the remote server, second data and a second sharing key acquired from a second processor associated with a second medical practice. The methods and systems provide for comparing, by the remote server, the first sharing key to the second sharing key, and granting, to the first and second processors by the remote server, access to the first and second data stored in the remote server in response to a successful comparison of the first and second sharing keys. The methods and systems provide for sharing, by the remote server, the first and second data with the first and second processors in response to the grant of access.

Abstract: Techniques for authentication for online content using an access token are described. According to various embodiments, online content (e.g., webpages and other types of web content) can be served across a variety of different online resources. According to one or more embodiments, an access token is leveraged to enable a user to authenticate with multiple different distributed content resources for access to online content, and without requiring the user to input authentication credentials for each of the content resources.

Abstract: Data stored on a data asset may be migrated to another data asset while maintaining compliance to applicable regulations. A data asset may experience a failure. Based on the type of data stored by that data asset and the applicable regulations, requirements, and/or restrictions that relate to a transfer of that type data from that data asset, a target data asset may be determined. The data stored on the data asset may then be transferred to the target data asset. The disclosed systems may use data models and/or data maps in determining the requirements for a data transfer and selecting target data assets.

Abstract: A chat robot may be used to facilitate interaction with a user in the determination of whether to initiate and process a data subject access request (DSAR). At a DSAR submission webpage, the chatbot may interact with a user to determine the information the user is in need of and/or the actions that the user may take. The chatbot may provide the information desired by the user, avoiding the processing overhead of submission and fulfillment of a DSAR. The chatbot may also facilitate completion of a DSAR on behalf of the user when needed.

Abstract: A method for implementing indirect GTP firewall filtering includes using a signaling message routing node to dynamically populate an indirect GTP-C firewall filtering database with IMSIs and VPLMN IDs extracted from mobility management signaling messages for updating the locations of outbound roaming subscribers. The method further includes receiving a CCR-I message generated in response to a GTP-C message. The method further includes extracting an IMSI and a VPLMN ID from the CCR-I message. The method further includes accessing the indirect GTP-C firewall filtering database using the IMSI extracted from the CCR-I message. The method further includes determining that a record corresponding to the IMSI is present in the indirect GTP-C firewall filtering database. The method further includes determining that a VPLMN ID in the record does not match the VPLMN ID extracted from the CCR-I message.

Abstract: This specification presents a method and apparatus to establish a transport layer security, TLS, tunnel over Ethernet, ETLS tunnel between two endpoints (UE and WAG) and to transport UE traffic encapsulated and encrypted in a proposed TLS type Ethernet frame for all applications, thus providing secure layer 2 connectivity over public wireless local area networks, WLAN, for all UE traffic and overcome the security vulnerability of the traditional HTTP login mechanism over the public WLAN. The UE uses the TLS handshake protocol which may include negotiating ETLS capabilities extension that comprises wireless control protocol for establishing a packet data connection and tunneled authentication protocol for UE authentication and full Ethernet protection for encrypting Ethernet frames of different types.

Abstract: A method for detection of a user equipment type includes: receiving, by a communication network, a service request message from a user equipment, wherein the service request message requests a service from the communication network and comprises subscriber identity information and/or device identity information related to the user equipment and an indication that an alternative authorization method and/or an alternative authentication method is to be applied to the user equipment; verifying, by the communication network, based on the subscriber identity information and/or the device identity information related to the user equipment, that the user equipment belongs to an internet-of-things user equipment type; and in response to verifying that the user equipment belongs to the internet-of-things user equipment type, granting, by the communication network, the requested service to the user equipment.

Abstract: A method for authenticating a connection between a user device and a vehicle includes sending, by the vehicle, a first wireless signal through a connection channel, receiving, by the vehicle, a second wireless signal through the connection channel, and acquiring, by the vehicle, a second signal strength sequence from second N continuous signal strength characteristics (PFVeh) of the second wireless signal, receiving, by the user device from the vehicle, the first wireless signal, acquiring a first signal strength sequence from first N continuous signal strength characteristics (PFUDev) of the first wireless signal, and communicating, by the user device, the first signal strength sequence to the vehicle.

Abstract: Methods and systems for identifying malicious applications and, more particularly, to identifying web shell applications. Embodiments described herein rely on machine learning tools to analyze static and dynamic features of a suspected file to determine whether the file is a web shell application.

Abstract: Methods and systems for identifying malicious applications and, more particularly, to identifying web shell applications. Embodiments described herein rely on machine learning tools to analyze static and dynamic features of a suspected file to determine whether the file is a web shell application.

Abstract: One variation of a method for end-to-end encryption of electronic mail includes: receiving an email encrypted according to a first encryption protocol and designating a recipient within an external domain; verifying encryption protocol supported by the recipient's mail client; in response to a recipient exclusion database identifying the recipient, encrypting the email to a less-robust encryption protocol supported by the recipient mail client and transmitting the email to the recipient; in response to the recipient exclusion database excluding the recipient and the recipient mail client supporting the first encryption protocol, transmitting the email encrypted according to the first encryption protocol to the recipient; and, in response to the recipient exclusion database excluding the recipient and the recipient mail client not supporting the first encryption protocol, generating a notification email including a hyperlink to a secure webpage containing content of the email and transmitting the notification

Abstract: Provided herein is a method for registering an IoT device with a DNS registry. The method can include obtaining, at a DNS server, an identifier, IP address, and a public key of an asymmetric key pair associated with the IoT device from a network gateway device that is in communication with the IoT device, wherein the asymmetric key pair is provisioned onto the IoT device and an associated private key stored within a memory of the IoT device at a time that IoT device is manufactured or during a predetermined time window after manufacturing; creating at least one DNS record for the IoT device; assigning a domain name associated with the internet protocol (“IP”) address to the IoT device; storing the identifier, IP address, the domain name, and the public key in the at least one DNS record; and providing confirmation of the registration to the IoT device.

Abstract: Controlling access to categorized messages includes categorizing a message into a number of categories according to a message objective. The message objective informing user association, message association, and message access rules for each of the number of categories. Controlling access to categorized messages includes determining, based on the message objective, a number of users allowed access to the message. Controlling access to categorized messages includes allowing the number of users to access the message according to the message objective.

Abstract: Disclosed is a data communication method of a vehicle-to-everything (V2X) communication device. The data communication method includes: sending a misbehavior detection (MBD) information request message for collecting information regarding MBD; receiving an MBD information response message as a response message to the MBD information request message from an external V2X communication device, the MBD information response message including MBD information including information regarding MBD of the external V2X communication device; and generating certificate revocation list (CRL) information based on the MBD information. The V2X communication device may have a preset security level required for the V2X communication device to be operated as a misbehavior breaker (MBB) generating the CRL information.

Abstract: In one embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the flow without decrypting the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, creating a classification response, and using the classification response to modify processing of the flow. In another embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the first plurality of packets associated with the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, and using the output of the classifier to modify processing of the flow.

Abstract: The present disclosure relates to a system for providing an anonymous and obfuscated communication over a virtual, modular and distributed satellite communication network.

Abstract: Disclosed are various embodiments for detecting Signaling System 7 (SS7) redirection attacks by measuring call audio round trip times between phones. Such redirection attacks force calls to travel longer physical distances than usual, thereby causing longer end-to-end delay. Accordingly, various embodiments implement a distance bounding-inspired protocol that allows for securely characterizing the round trip time between two call endpoints. As a result, telephone users can reliably detect SS7 redirection attacks and protect the information contained in their calls.

Abstract: Methods, systems, and devices for wireless communications are described that improve privacy in wireless communications, such as communications by a user equipment (UE), which may in some cases be a vehicle UE. For example, various vehicle-to-everything (V2X) transmissions may be unencrypted, and a vehicle may be expected to periodically change one or more identifiers it uses for various communication services. Privacy may be enhanced, for example, via encryption key roll-over, as well as roll-over of one or more other identifiers associated with a UE that may potentially be used by an observer to track the UE. The UE may transmit a message that includes an updated lower layer identifier (e.g., a layer-2 (L2) identifier) to another UE in a V2X unicast communications link, which may trigger a change in identifiers of a set of identifiers and an updated security context. All or a portion of the message may be encrypted.