Abstract: A device may establish a first connection to a first radio access network (RAN) associated with a first radio access technology (RAT). The device may register to receive a call service via the first RAN. The device may receive the call service via the first connection. The device may establish a second connection to a second RAN associated with a second RAT that is different from the first RAT. The device may register to receive the call service via the second RAN. The device may compare a first signal quality metric, associated with the first connection, and a second signal quality metric associated with the second connection. The device may cause the call service to be transferred from the first connection to the second connection, based on comparing the first signal quality metric and the second signal quality metric, without causing an interruption to the call service.

Abstract: A method is provided for operating a computing device, the method including verifying the contents of a protected portion of a nonvolatile memory included in the computing device, the protected portion including a first protected file that includes first instructions; in response to the protected portion being successfully verified, initiating execution of an operating system kernel, on the computing device, included in a boot portion of the nonvolatile memory, wherein the boot portion is configured to cause the computing device to execute instructions stored in a system portion of the nonvolatile memory under control of the kernel, and the system portion is not included in the protected portion; subsequent to initiating execution of the kernel, locating the first instructions via a first symbolic link to the first protected file, wherein the first symbolic link is stored in one of the system portion or the boot portion; and executing the first instructions under control of the kernel.

Abstract: A mobile device obtains an encryption key pair, including a public key and a private key, and engages in a process, that uses the private key, for requesting a digital certificate from a Public Key Infrastructure (PKI) Certificate Authority. The mobile device receives a digital certificate signed by the PKI Certificate Authority, and obtains, via a biometric input unit device, biometric data related to an identity of a user of the device. The mobile device derives a password using the biometric data, and stores, and password protects using the derived password, the public key, the private key, and the digital certificate in a secure key store.

Abstract: Systems and methods for mobile-based login via wireless credential transfer are disclosed. In some implementations, a proxy server receives a registration request for a receiver device for accessing a secure resource. The proxy server registers the receiver device in response to the registration request. The proxy server receives, from a transmitter device, information identifying the transmitter device along with authentication credentials for authenticating the receiver device to access the secure resource. The proxy server identifies the receiver device based on the information identifying the transmitter device. The proxy server forwards, to the receiver device, the authentication credentials for authenticating access of the receiver device to the secure resource.

Abstract: Techniques described herein may be used to encrypt a telephone call between users. User devices (e.g., smart phones) may be connected to encryption relay devices that operate as relays between headsets worn by the user and the user devices. As information passes from the headset toward a corresponding user device, an encryption relay device may encrypt the information before the information reaches the user device so that the user device transmits encrypted call information to the other user participating in the call. When encrypted information is received, and travels from the user device to the headset, the encryption relay device may decrypt the information before it reaches the headset. Thus, the techniques described herein provide an end-to-end encryption solution to telephone calls.

Abstract: A device determines whether a PTT application is authenticated to access a first API and a second API, and prevents the PTT application from accessing the first and second APIs when the PTT application is not authenticated. The device permits the PTT application to access the first and second APIs when the PTT application is authenticated, and modifies, via the first API, a timer that dictates when the device checks for traffic received from a network. The device establishes, via the second API, a data connection with the network, and determines, based on the data connection, a QoS framework for the network. The device utilizes the PTT application and the timer to establish a PTT session with another device via the network, and prioritizes, based on the QoS framework, PTT traffic provided in the PTT session with the other device.

Abstract: Techniques described herein may be used to encrypt a telephone call between users. User devices (e.g., smart phones) may be connected to encryption relay devices that operate as relays between headsets worn by the user and the user devices. As information passes from the headset toward a corresponding user device, an encryption relay device may encrypt the information before the information reaches the user device so that the user device transmits encrypted call information to the other user participating in the call. When encrypted information is received, and travels from the user device to the headset, the encryption relay device may decrypt the information before it reaches the headset. Thus, the techniques described herein provide an end-to-end encryption solution to telephone calls.

Abstract: A system may obtain identification information for a user for obtaining a form of access using universal enrollment. The system may obtain a digital certificate associated with the identification information, the digital certificate including a public key of a public key, private key pair and the public key and the private key of the public key, private key pair being generated using first biometric information of the user obtained during the universal enrollment. The system may obtain second biometric information. The system may generate a second private key using the second biometric information. The system may determine whether the second private key matches the public key included in the digital certificate. The system may provide the form of access based on the second private key matching the public key included in the digital certificate.

Abstract: Techniques described herein may be used to encrypt a telephone call between users. User devices (e.g., smart phones) may be connected to encryption relay devices that operate as relays between headsets worn by the user and the user devices. As information passes from the headset toward a corresponding user device, an encryption relay device may encrypt the information before the information reaches the user device so that the user device transmits encrypted call information to the other user participating in the call. When encrypted information is received, and travels from the user device to the headset, the encryption relay device may decrypt the information before it reaches the headset. Thus, the techniques described herein provide an end-to-end encryption solution to telephone calls.

Abstract: A method includes attaching to a Packet Data Network (PDN) supporting services over a long term evolution (LTE) network to establish a first network connection. The method includes connecting to a wireless local area network, e.g. a WiFi network, to establish a second network connection. The method further includes launching an application accessing at least one of the supported services and receiving a request from the application to switch between the first and second network connections, according to the supported service, e.g. a policy associated with the service. Switching from the first network connection to the second network connections includes connecting to the PDN via an evolved Packet Data Gateway (ePDG).

Abstract: A mobile device obtains an encryption key pair, including a public key and a private key, and engages in a process, that uses the private key, for requesting a digital certificate from a Public Key Infrastructure (PKI) Certificate Authority. The mobile device receives a digital certificate signed by the PKI Certificate Authority, and obtains, via a biometric input unit device, biometric data related to an identity of a user of the device. The mobile device derives a password using the biometric data, and stores, and password protects using the derived password, the public key, the private key, and the digital certificate in a secure key store.

Abstract: Techniques described herein may use perceptual quality measurement techniques to test and/or evaluate communication sessions between mobile devices. A method may include receiving, by a mobile device and as part of an audio or video call with a second mobile device, a streamed version of a reference audio or video file; and reading a version of the reference audio or video file that was previously stored locally to the mobile device. The method may further include calculating, based on a comparison of the streamed version of the reference audio or video file to the version of the reference audio video file that was stored locally, a perceptual quality score for the streamed version of the reference audio or video file.

Abstract: A device establishes a quality of service (QoS) framework with a network connected to the device. The device includes a push-to-talk (PTT) application, and the QoS framework assigns priorities to different types of traffic associated with the device. The device utilizes the PTT application to establish a PTT session with another device via the network, and prioritizes, based on the QoS framework, PTT traffic, provided in the PTT session, over best effort traffic during the PTT session with the other device.

Abstract: A device provides, to another device, a start request for an evolved multimedia broadcast multicast services (eMBMS) session, and receives eMBMS session traffic from the other device based on the start request. The device determines track information from the eMBMS session traffic, and decodes the eMBMS session traffic into a format understood by the device. The device determines quality information associated with the eMBMS session traffic, and presents, for display, the decoded eMBMS session traffic, the track information, and the quality information associated with the eMBMS session traffic.

Abstract: Systems and methods for application signing are disclosed. In some implementations, an application package identifier and a password may be received at an application signing server. Upon authenticating the application package identifier and the password, a fingerprint identifying the developer is received. Upon receipt of the fingerprint, the application signing server generates a secure key for the application based on the fingerprint, where the secure key is provided to the developer for inclusion within the application. Upon determining that the application package identifier and the secure key included in a request from an operating system of a mobile device matches an authorized application package identifier and an authorized secure key stored at the application signing server, the application signing server provides the requested list of the one or more APIs to the operating system to grant the application access to the APIs in the list.

Abstract: Information regarding the status of an update to a universal integrated circuit card (UICC) being performed across a mobile wireless communication network is provided to a server involved in the update process and/or to a user of the mobile communication device having the UICC. The UICC update server sends an update trigger to the mobile communication device, and the UICC initiates establishment of a communication link to receive the update. The UICC further causes a baseband processor of the mobile communication device to send a proof-of-receipt of the update trigger by short message service (SMS) messaging back to the update server. Additionally or alternatively, the UICC causes the baseband processor to send a wakeup message to a mobile device application executing on the mobile device. The wakeup message includes status information relating to the UICC update which can be provided to a user of the mobile device.

Abstract: Systems and methods for remote authentication using mobile single sign on credentials are disclosed. In some implementations, a proxy server receives, from a web access device, a request to access a secure online resource via the web access device. The proxy server receives, from a mobile device different from the web access device, one or more credentials for accessing the secure online resource. The proxy server determines that a geographic distance between the web access device and the mobile device is less than a geographic distance threshold. Upon determining that the geographic distance between the web access device and the mobile device is less than the geographic distance threshold, the proxy server enables the web access device access to the secure online resource.

Abstract: To reduce the contribution of data communications for background applications to network congestion, the examples implement techniques in which congestion detection leads a mobile device to impose restriction on data communications by any application running in the background. The mobile device may detect congestion and/or the need to restrict background data communications in response to a message or instruction received from a node of the network; or the mobile device may itself more directly detect congestion from monitoring and analysis of device/network interaction behavior and trends. Upon detecting congestion, the mobile device turns on a background data restriction. For example, with the restriction on, all applications only running in the background without direct user interaction are blocked from sending requests for data communication to/through the network. However, with the restriction active, the mobile device can still provide data communication in response to user interaction with the device.

Abstract: A device determines whether a PTT application is authenticated to access a first API and a second API, and prevents the PTT application from accessing the first and second APIs when the PTT application is not authenticated. The device permits the PTT application to access the first and second APIs when the PTT application is authenticated, and modifies, via the first API, a timer that dictates when the device checks for traffic received from a network. The device establishes, via the second API, a data connection with the network, and determines, based on the data connection, a QoS framework for the network. The device utilizes the PTT application and the timer to establish a PTT session with another device via the network, and prioritizes, based on the QoS framework, PTT traffic provided in the PTT session with the other device.

Abstract: Subscription status notification techniques are provided. A request is received by at least one server from a user equipment (UE) to attach to a wireless packet data communication network. The server determines whether the UE is associated with an enterprise identified by a service provider of the network as a sponsor of a data service through the network, based on an account of the UE stored on the server. Upon determining that the UE is associated with the enterprise, a notification message is sent from the server to the UE, through an information element field within an existing message in a bearer channel of the network. The UE is configured to control access to the network responsive to the subscription status in the notification message. The UE permits access to a sponsored data service associated with the enterprise sponsor regardless of the UE's ability to access non-enterprise associated data services.