Abstract: A routing method, apparatus, and system, related to the field of communications technologies, to update a routing indicator in a subscription concealed identifier when a user is migrated to a new unified subscriber data management UDM network element and the routing indicator in the subscription concealed identifier changes. The method includes: sending, by an authentication server function AUSF network element, a first authentication vector obtaining request to a first unified data management UDM network element; and if the AUSF network element receives a routing indicator RI sent by the first UDM network element, sending the RI to an access and mobility management function AMF network element. The method is applied to a process in which a terminal updates the RI.

Abstract: Systems and methods for blurring connection information in virtual private networks are provided herein. In some embodiments, a method of blurring VPN connection metadata may comprise: receiving, by a VPN service provider infrastructure, a request from a user device to establish a VPN connection with one or more VPN servers, wherein the VPN service provider infrastructure includes a logic engine configured to perform statistical blurring of VPN connection metadata; establishing a connection between the user device and one or more target sites during a VPN session; receiving, from the one or more VPN servers, VPN connection metadata associated with the user's VPN connections and a user identifier associated with the user; performing statistical blurring of VPN connection metadata by modifying the VPN connection metadata using an unknown random value to create blurred connection metadata; and storing the blurred connection metadata in association with the user identifier received.

Abstract: Techniques for securing an identifier of user equipment for a request external to a communication network are disclosed. For example, a method comprises receiving, at a network entity, a request for identification information for user equipment from an entity external to a communication network to which the network entity belongs. The network entity generates a secure identifier for the user equipment, wherein the secure identifier comprises an encrypted form of a public subscription identifier associated with the user equipment. The network entity sends the secure identifier to the external entity. The network entity receives the secure identifier in a subsequent request from the external entity. The network entity utilizes the received secure identifier to confirm the received secure identifier corresponds to the user equipment.

Abstract: This application discloses a password verification method and a password setting method. The password verification method includes: in response to a detected operation of requesting for password verification, collecting at least one first image by using a camera of a mobile terminal; obtaining matching information when a result of matching between the at least one first image collected by the mobile terminal and at least one first preset image satisfies a first preset matching condition, where the matching information includes at least one of the following: location information of the mobile terminal, motion information of the mobile terminal, at least one second image collected by the camera of the mobile terminal, and network connection information of the mobile terminal; and performing matching between the obtained matching information and a second preset matching condition, where the password verification succeeds when the matching is successful.

Abstract: An electronic processor of a wireless fob is configured to establish a first communication link between the wireless fob and an external device, and receive, over the first communication link, first identification information and credential information of a power tool device from the external device. The electronic processor is further configured to receive, via the wireless transceiver, an identification signal including second identification information from the power tool device. The electronic processor is further configured to identify the power tool device by determining that the first identification information matches with the second identification information. The electronic processor is further configured to transmit the credential information to the power tool device to establish a second communication link between the wireless fob and the power tool device and transmit, over the second communication link, a command to the power tool device to control an operation of the power tool device.

Abstract: A method for protection of data transfers for internet of things (IoT) devices using a blockchain includes: receiving, by a node in a blockchain network, a data message from an IoT device formatted according to an IoT messaging protocol and including a device identifier associated with the IoT device and encrypted data; generating a new block including one or more data values including the received data message; transmitting the generated new block to one or more additional nodes in the blockchain network; receiving a data request from an external device including an external identifier associated with the external device; verifying permission of the external device to access the encrypted data based on the external identifier and device identifier; and transmitting the encrypted data to the external device.

Abstract: A wireless communication network performs quantum authentication for a wireless User Equipment (UE). In the wireless communication network, quantum circuitry selects polarization states for qubits, generates and transfers the qubits, exchanges cryptography information with edge quantum circuitry, generates cryptography keys based on polarization states and cryptography information, and transfers the cryptography keys to network authentication circuitry. The edge quantum circuitry receives and process the qubits, determines the polarization states for the qubits, exchanges the cryptography information with the network quantum circuitry, generates the cryptography keys based on the polarization states and cryptography information, and transfers the cryptography keys to the wireless UE. The wireless UE generates authentication data based on the cryptography keys and wirelessly transfers the authentication data for delivery to the network authentication circuitry.

Abstract: A System Platform establishes a Genuine User ID (“GUID”), creates a user profile for an Intended User, generates a unique data set based upon input associated with the user profile and a digital device it has registered to the Intended User. The output of the GUID in combination with the output of an algorithm in a provisioning application enables the digital device to respond to Access Requests at an Access Point. The response from the genuine Intended User's application on their genuine digital device produces a unique data package which combines the GUID, a device ID for the digital device and the output of the algorithm using the payload obtained from one or more data management sources. The unique data package can be tailored for many different uses by the intended user, including uses which are attended or unattended, with varying levels of security.

Abstract: Some implementations of the disclosure are directed to preventing unauthorized transmissions of an outdoor IP Radio by an unauthorized user tapping the connection between an indoor unit and the outdoor IP Radio. In one implementation, a method comprises: initializing, over an interfacility link (IFL) connecting an indoor unit of a satellite terminal and an outdoor Internet Protocol (IP) Radio of the satellite terminal, a communication link between the indoor unit and the outdoor IP Radio; authenticating, using the indoor unit and the outdoor IP Radio, the communication link between the indoor unit and the outdoor IP radio; and after authenticating the communication link, providing satellite network service to the indoor unit via the outdoor IP Radio.

Abstract: Low power devices are able to utilize encryption in communication. Low power devices typically cannot send/receive large amounts of data since sending/receiving more data uses more power. Implementing a key exchange with a small encrypted payload enables secure communication between the devices. A one-way data stream is implemented. The one-way data stream is able to be encrypted. The dynamic key exchange is able to be used for a moving target.

Abstract: Methods, systems, and computer readable media for message validation in fifth generation (5G) communications networks are disclosed. One method occurring at a first network node of a first network comprises: obtaining, from at least one authentication and key agreement (AKA) procedure related message associated with a user device communicating via a second network, authentication information identifying the user device; storing the authentication information in a data store for validating subsequent messages; receiving a request message associated with the user device; determining, using the authentication information, that the request message is invalid; and in response to determining that the request message is invalid, performing an invalid message action.

Abstract: There are provided systems and methods for shared cryptogram generation during multi-party digital token processing. A service provider, such as an electronic transaction processor for digital transactions, may require tokenized data in order to protect sensitive or secure data, such as payment card data during electronic transaction processing. In this regard, the service provider may tokenize the data, which may require a cryptogram for validation of a corresponding digital token. The cryptogram may be generated based on input from multiple participants to the transaction, where a length of the cryptogram may be determined based on a risk score for the transaction. Each transaction participant may be assigned one or more slots or values in the cryptogram to provide based on the risk score and other rules for cryptogram generation. Each participant may provide corresponding portions, where the service provider may generate and backwards update the participants of the cryptogram.

Abstract: A system comprising a plurality of pieces of equipment, wherein the equipment included in the system communicates with other equipment by using inter-equipment pairing information, the other equipment being included in the system, and the equipment and the other equipment mutually storing the inter-equipment pairing information, a part included in the equipment communicates with an other part by using inter-part pairing information, the part and the other part being included in the equipment that is identical, and mutually storing the inter-part pairing information, and when receiving a deletion request that is information that requests deletion of the inter-equipment pairing information, the system deletes the inter-equipment pairing information stored in each of the plurality of pieces of equipment, and maintains the inter-part pairing information stored in the part.

Abstract: An information processing apparatus includes an authenticating unit, a transmitter, a receiver, and a controller. The authenticating unit authenticates a user. The transmitter transmits user identification information of the user authenticated by the authenticating unit to a management apparatus via a dedicated network used for exchanging the user identification information and restriction information. The receiver receives the restriction information of the user corresponding to the transmitted user identification information from the management apparatus via the dedicated network. The controller controls a range of a function usable by the user based on the restriction information received by the receiver.

Abstract: A method, a computer program product, and a system for binding post-quantum certificates to traditional certificates. The method includes selecting a traditional certificate in a certificate chain owned by an owner. The method also includes calculating a fingerprint of the traditional certificate. The method further includes generating a post-quantum certificate with identical information fields as the traditional certificate, and populating a serial number of the post-quantum certificate using the fingerprint. The post-quantum certificate acts as an extension of the first traditional certificate providing authentication and validation between a client and a server using post-quantum capable signing algorithms.

Abstract: The invention relates to a method for protecting information contained in a security module of a telecommunication device provided with a near field communication router, wherein the modification of routing table between ports of said route is subject to the checking of an authentication code inputted by a user.

Abstract: A method for creating single-use authentication messages includes creating, at a consumer network function of a core network of a telecommunications network, a message hash of at least a subset of a request message. The method includes adding, at the consumer network function, the message hash to a client credentials assertion (CCA) token for the consumer network function. The method includes sending, from the consumer network function, the request message with the CCA token to a producer network function.

Abstract: A communication system for resuming a connection comprises a user equipment (UE) and network nodes. A first network node is configured to prepopulate a UE context, and send, to a second network node, the UE context. The second network node is configured to receive, from the first network node, the UE context, and send, to a UE, a resume request message including a freshness parameter and the UE context. The UE is configured to receive, from the second network node, a resume request message including the freshness parameter and the UE context, generate an authentication token based on the freshness parameter and the UE context, and send, to the second network node, a resume response message including the authentication token. The communication system provides a freshness parameter and a prepopulated UE context to secure and facilitate resume procedure against replay attacks.

Abstract: Systems and methods are provided for managing user identities in networks. One exemplary method includes receiving, at a communication device, an API call request for a credential from a relying party. The communication device includes an application that incorporates an SDK. After receiving the API call request for the credential, the communication device authenticates a user associated with the communication device and identified in the API call request. After authentication of the user the communication device generates, via the SDK, a private-public key pair and stores the private key in memory. The communication device compiles, via the SDK, a credential packet include the public key and identity data associated with the user and transmits the credential packet to the relying party, whereby the relying party is registered to the SDK to request assertions of an identity of the user.

Abstract: Methods, systems, and devices are provided that allow for access to a wireless computer network, such as a home or business network, via a communal device. The communal device retrieves network access information such as a PSK and provides a machine-readable code such as a QR code or bar code that automatically provides the access information to a user's device, thereby allowing access to the network with little or no user input required.