Abstract: The present disclosure relates to a system for providing an anonymous and obfuscated communication over a virtual, modular and distributed satellite communication network.

Abstract: Disclosed are various embodiments for detecting Signaling System 7 (SS7) redirection attacks by measuring call audio round trip times between phones. Such redirection attacks force calls to travel longer physical distances than usual, thereby causing longer end-to-end delay. Accordingly, various embodiments implement a distance bounding-inspired protocol that allows for securely characterizing the round trip time between two call endpoints. As a result, telephone users can reliably detect SS7 redirection attacks and protect the information contained in their calls.

Abstract: Methods, systems, and devices for wireless communications are described that improve privacy in wireless communications, such as communications by a user equipment (UE), which may in some cases be a vehicle UE. For example, various vehicle-to-everything (V2X) transmissions may be unencrypted, and a vehicle may be expected to periodically change one or more identifiers it uses for various communication services. Privacy may be enhanced, for example, via encryption key roll-over, as well as roll-over of one or more other identifiers associated with a UE that may potentially be used by an observer to track the UE. The UE may transmit a message that includes an updated lower layer identifier (e.g., a layer-2 (L2) identifier) to another UE in a V2X unicast communications link, which may trigger a change in identifiers of a set of identifiers and an updated security context. All or a portion of the message may be encrypted.

Abstract: A vehicle system including a vehicle-to-X communication device for vehicle-to-X communication and a processing device for processing data to be sent by vehicle-to-X communication. The processing device is designed to transmit to the vehicle-to-X communication device data which are to be sent. The vehicle-to-X communication device is designed to generate an unsigned vehicle-to-X message using the transmitted data to be sent and to transmit the unsigned vehicle-to-X message to the processing device. The processing device is further designed to sign the transmitted vehicle-to-X message and to transmit the signed vehicle-to-X message to the vehicle-to-X communication device for emission. A corresponding method is also disclosed.

Abstract: A secure Simultaneous Authentication of Equals (SAE) anti-clogging mechanism may be provided. A public key of an access point may be provided from the access point to a client attempting to connect with a network via the access point. The access point may receive from the client a first anti-clogging token and a public key of the client. The first anti-clogging token may be generated by the first client using a shared secret based on a private key of the client and the public key of the access point and a multiplier. The access point may generate a second anti-clogging token using a shared secret based on a private key of the access point and the public key of the client and the multiplier. The access point may then verify the first anti-clogging token and the second anti-clogging token match to authenticate the client.

Abstract: An application installed on a user device (e.g., a mobile device, a smart device, a communication device, a computing device, etc.) may be used to validate, authenticate, and/or authorize another application installed on and/or associated with the user device.

Abstract: A novel and non-trivial system and method for restrictively exchanging and controlling vehicular data between communication devices of a private network is disclosed. A processor in communication with a plurality of user communication devices is used for controlling and restricting the exchange of vehicular data. In such network, the processor may establish a communication connection with an initiating communication device of an initiating user, receive initiating vehicular data from the initiating communication device and corresponding first users (e.g., defined trusted users) data, provide the initiating vehicular data to at least one available first user communication device, receive responding vehicular data responsive to the initiating vehicular data, and provide the responding vehicular data to the initiating communication device.

Abstract: Systems, devices, and methods are disclosed for selectively decrypting SSL/TLS communications. Contents of the decrypted communications that may result in some action; for example, to terminate the communications, or to log and store the plaintext packets of the communications for subsequent content inspection and analysis. A SSL/TLS proxy may examine the information contained in the TLS handshake protocol and/or examine other information associated with the connection. Based on the examination, a proxy may determine whether or not to decrypt the encrypted communications. The proxy may take additional actions based on content inspection.

Abstract: A device bootstrap method and a terminal configured to send a bootstrap request to a server, wherein the bootstrap request includes a node identifier (ID) and a transmission channel parameter of the terminal, receiving an acknowledgment message carrying a transmission channel selected by the server, where the transmission channel is determined based on the transmission channel parameter, receiving a temporary ID indication message including a temporary ID and a temporary key sent by a forwarding apparatus, where the forwarding apparatus is a network element that is configured to send a message to the terminal through the transmission channel selected by the server, and wherein the terminal is further configured to establish a secure communication channel with the server according to the temporary ID and the temporary key.

Abstract: Provided is a method for authenticating a user communicating with an enterprise via a network. The method includes receiving, via the network, authenticators for a user from a first user device associated with the user, and storing the received authenticators. A first authenticator from the stored authenticators is selected to be used for authenticating the user based on an authentication policy received from the enterprise. An authentication request is transmitted to a user device requesting the first authenticator and the user is authentication by comparing the received authenticator with the stored first authenticator.

Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.

Abstract: A system includes profile control circuitry that may receive a sovereign onboarding command. The sovereign onboarding command may be issued on behalf of a sovereign associated with a profile. The sovereign onboarding command may update a status value in the profile. The profile may be recorded on a data-tamper-protected distributed ledger. Arbitration circuitry may review the recorded profile status value and ensure that status values are enforced against the sovereign during exchanges.

Abstract: Concepts and technologies directed to connected vehicle network access optimization are disclosed herein. Embodiments can include a system that includes a processor and a memory storing computer-executable instructions that configure a processor to perform operations. The operations can include receiving an access probe message from a telematics control unit of a vehicle. The operations can include determining that the telematics control unit is not authorized to access a network communication service. The operations can further include generating an access redirect command that instructs a head unit of the vehicle to bypass a machine-to-machine platform so as to enable access to the network communication service via a network service portal. The operations can include providing the access redirect command to the telematics control unit of the vehicle.

Abstract: A payment reader and a POS terminal may communicate over a wireless connection. The methods and systems include monitoring one or more parameters corresponding to a payment reader and another device in proximity to the payment reader. The first device, through a set of customized instructions, determines whether behavior of the second device substantially corresponds to the first device, in order to detect suspected hardware or software intrusion associated with the secure first device. On successful detection of a suspected intrusion, the first device generates an alert for a user of the first device if illegal intrusion is suspected by the processor.

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.

Abstract: In accordance with one aspect, presented herein is a method to encrypt beacon device telemetry broadcast packets while respecting the low power and low processing requirements inherent to wireless beacon devices and various other challenges which such an encryption scheme brings. In accordance with another aspect, a methodology is provided through which the network can identify if an unauthorized connection is being established with a beacon device and thereby prevent potential beacon device tampering.

Abstract: A method for securely controlling a smart home, and a terminal device are provided, to resolve a prior-art problem that an intelligent terminal device is counterfeited. The method includes: displaying, by an intelligent terminal device, at least one operation indication for a smart home device when the intelligent terminal device receives an operation instruction entered by a user to add the smart home device, where the operation indication is used to instruct the user to perform function control on the smart home device; and generating, by the intelligent terminal device when determining an operation indication selected by the user from the at least one operation indication, a first key based on the selected operation indication, where the first key is used by the intelligent terminal device to encrypt information to be sent to the smart home device.

Abstract: A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The method includes steps of: providing a security device that is a separate unit from components necessary to operate the computer; storing a symmetric private key on the security device; using the device symmetric private key to produce an encrypted application program upon first installation; thereafter decrypting that part of the encrypted application program needed implement a command to run the application program; and, decrypting, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program.

Abstract: A method for networking between devices, including: connecting to, by a user mobile phone C, a primary router A, and detecting a nearby device B that can be networked; tapping, by a user on the user mobile phone C, a button for adding the device B, to send information about the to-be-added device B to the primary router A; after receiving a message sent by the mobile phone C, obtaining, by the primary router A, the SSID of the to-be-added device B, and sending a notification message to the SSID (the message needs to include an SSID and a password of the router A that need to be encrypted) to instruct B to connect to the primary router A; and after receiving the SSID and the password of the primary router A, connecting to, by the device B, the primary router A, so that the device is added.

Abstract: An apparatus in an illustrative embodiment comprises a client device configured for communication with a storage system, with the client device comprising a processor coupled to a memory. The client device is further configured to identify a data item to be stored in the storage system, and to generate a data encryption key for the data item as a function of a first secret key and the data item. For example, the function may comprise hashing at least the data item. The client device is further configured to encrypt the data item using the data encryption key for the data item, and to send the encrypted data item to the storage system for storage therein. The client device in some embodiments is further configured to encrypt the data encryption key using a second secret key, and to send the encrypted data encryption key to the storage system for storage therein as metadata of the data item.