Abstract: Aspects of the present disclosure relate to wireless communications, and more particularly, to techniques for increasing local area network (LAN) device privacy. One aspect provides a method for wireless communications at an access point (AP). The method generally includes: determining a mapping between a first distribution system (DS) medium access control (MAC) address and a second DS MAC address; obtaining, from a source access terminal, a frame having the second DS MAC address; and sending at least a portion of the frame to a target access terminal based on the mapping between the first MAC address and the second MAC address.

Abstract: Aspects relate to changing at least one communication parameter. In some examples, the at least one communication parameter may include at least one of an association identifier (AID), a packet number (PN), a sequence number (SN), a traffic identifier (TID), a timing synchronization function (TSF) value, or a combination thereof. In some examples, a first apparatus provides an indication of a change associated with at least one of the AID, the PN, the SN, the TID, the TSF value, or a combination thereof to a second apparatus.

Abstract: Certain aspects of the present disclosure relate to wireless communications. According to certain aspects, a method that may be performed by an access point (AP) includes outputting, for transmission to an access point (AP), a request to associate with the AP, wherein the request is encrypted with a first set of one or more keys; obtaining, from the AP, a response to the request; decrypting the response, based on the first set of keys, to obtain a second set of one or more keys; and using the second set of keys for secure data exchange with the AP.

Abstract: Aspects of the present disclosure relate to wireless communications, and more particularly, to techniques for increasing local area network (LAN) device privacy. One aspect provides a method for wireless communications at an access point (AP). The method generally includes: determining a mapping between a first distribution system (DS) medium access control (MAC) address and a second DS MAC address; obtaining, from a source access terminal, a frame having the second DS MAC address; and sending at least a portion of the frame to a target access terminal based on the mapping between the first MAC address and the second MAC address.

Abstract: This disclosure provides methods, devices and systems for using a pseudonym service set identifier (pSSID) for access point (AP) and station (STA) privacy. For example, a pSSID is included by a STA or AP in place of a persistent SSID for over the air communications used for various functions (such as for the STA to determine the SSID of the AP before connecting to the AP). The pSSID is generated using a hash function that is defined at both the AP and the STA. An input to the hash function includes the SSID. Other inputs may include a temporary media access control (MAC) address of the device generating the pSSID, a time value associated with a time when the pSSID is generated, or a location value associated with a position measurement of the device generating the pSSID.

Abstract: This disclosure provides methods, devices and systems for using a variable authentication identifier (AID) for access point (AP) privacy. For example, instead of a persistent SSID, an AID is used by a station (STA) to authenticate the AP before connecting to the AP. The AP is associated with a service set, and the STA has stored a secret token associated with the service set. Before connecting to the AP, a broadcasted probe request from the STA includes no identifying information other than the token. The AP generates the AID from the token and provides the AID in a probe response. The STA is able to identify the AP as being associated with a service set and connect to the AP using the token and AID without the token and the AID being used by another device not associated with the service set to identify the AP.

Abstract: Methods, devices, non-transitory processor-readable media of various embodiments provide for routing Misbehavior Detection Reports from vehicle-to-everything (V2X) onboard equipment to an associated entity.

Abstract: Methods and devices are provided for generating, delegating, and/or authenticating hierarchical globally unique identifier (HGUID) certificates that are arranged in domain-name form to permit delegation and authentication as a Fully Qualified Domain Name (FQDN). A first hierarchical device certificate is obtained that includes at least part of a first unique device identifier for a first device and a base domain name, wherein the first hierarchical device certificate includes a fully qualified domain name and the first unique device identifier includes at least one of a type/model identifier or an origin/manufacturer of the first device. The first hierarchical device certificate is sent to an authenticating device to prove the first device has authority to perform a transaction within a restricted domain as defined by the first hierarchical device certificate. An indication may then be received from the authenticating device that the first device has been authenticated to perform the transaction.

Abstract: Methods, devices, non-transitory processor-readable media of various embodiments provide for routing Misbehavior Detection Reports from vehicle-to-everything (V2X) onboard equipment to an associated entity.

Abstract: Methods and devices are provided for generating, delegating, and/or authenticating hierarchical globally unique identifier (HGUID) certificates that are arranged in domain-name form to permit delegation and authentication as a Fully Qualified Domain Name (FQDN). A first hierarchical device certificate is obtained that includes at least part of a first unique device identifier for a first device and a base domain name, wherein the first hierarchical device certificate includes a fully qualified domain name and the first unique device identifier includes at least one of a type/model identifier or an origin/manufacturer of the first device. The first hierarchical device certificate is sent to an authenticating device to prove the first device has authority to perform a transaction within a restricted domain as defined by the first hierarchical device certificate. An indication may then be received from the authenticating device that the first device has been authenticated to perform the transaction.

Abstract: Electronic devices are adapted to generate cryptographic keys from one or more biometrics. According to one examples, an electronic device can obtain a non-encoded bit string associated with biometric information for an individual. The non-encoded bit string can be treated as if it were encoded and a decoding operation may be applied to the bit string, resulting in a modified bit string. One or more cryptographic keys can then be generated based at least in part on the modified bit string. Other aspects, embodiments, and features are also included.

Abstract: Techniques are provided which may be implemented in various methods, apparatus, and/or articles of manufacture to allow a mobile device to obtain certain location service(s) and/or the like from one or more computing devices that have been authorized for use. For example, in certain implementations, a location server may comprise a proxy location server for an authorizing location server and may indicate one or more other location servers as being authorized for location service related access by a mobile device.

Abstract: Techniques are provided which may be implemented in various methods, apparatus, and/or articles of manufacture to allow a mobile device to obtain certain location service(s) and/or the like from one or more computing devices that have been authorized for use. For example, in certain implementations, a location server may comprise a proxy location server for an authorizing location server and may indicate one or more other location servers as being authorized for location service related access by a mobile device.

Abstract: A particular method includes generating, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including: a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and a request for a device certificate of the mobile device. The method also includes receiving a reply from the mobile device that includes a device certificate of the mobile device; and authenticating the mobile device as associated with a SUPL user based on the device certificate.

Abstract: Various techniques are provided for Location Services (LCS) Assistance Data broadcast, for example for implementation in LTE and LTE-A systems. The embodiments described herein may use the LPP/LPPe positioning protocol, by making use of existing unsolicited Provide Assistance Data (PAD) messages. Embodiments avoid the need to define and implement a separate broadcast Assistance Data protocol. Additional exemplary embodiments for scheduling and verifying of the broadcast Assistance Data messages are described herein.

Abstract: Methods, systems, and devices are described for wireless communication at a wireless station. Specifically, the present disclosure prevents a station from decrypting unauthorized messages transmitted by wireless device(s) impersonating an AP. In some examples, the AP may continuously and periodically alter the keys for each transmitted message transmitted to prevent malicious interference by unauthorized devices. In some examples, the method may use a symmetric cipher (e.g., Message Integrity Code) for a message using an undisclosed MIC key.

Abstract: Techniques are described for providing and using customized resource types for machine-to-machine (M2M) communication. Through the use of customized resource types, machine type communication (MTC) devices may be provided with flexibility to receive and process request messages without prior knowledge of a resource type associated with the request messages. A receiving MTC device or infrastructure node, may receive a request to create a resource from a requesting MTC device via wireless or wired communications technologies. The resource type of the request may be a customized resource type, and the request to create the resource may include a resource reference and a content parameter. The resource reference may include, for example, a Uniform Resource Indicator or a Uniform Resource Locator that may be used by the receiving MTC device to retrieve the data associated with the resource. The receiving MTC device may generate the resource using the retrieved data.

Abstract: Electronic devices are adapted to generate cryptographic keys from one or more biometrics. According to one examples, an electronic device can obtain a non-encoded bit string associated with biometric information for an individual. The non-encoded bit string can be treated as if it were encoded and a decoding operation may be applied to the bit string, resulting in a modified bit string. One or more cryptographic keys can then be generated based at least in part on the modified bit string. Other aspects, embodiments, and features are also included.

Abstract: A method for obtaining a secure connection between a first server and a client. The method may comprise establishing a secure communication session between a second server and the client, wherein the second server is trusted by the first server, and the second server is configured to authenticate the client. The client may receive a client token, wherein the client token contains data associated with the first server, the second server, the client, and a digital signature. Then, the client may request secure communication access to the first server, wherein the request includes transferring the client token to the first server. Finally, the client may receive a grant of secure communication access to the first server based on authentication of the client by the first server, wherein the authentication is based on the client token validating the client and the digital signature validating the client token.

Abstract: A particular method includes generating, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including: a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and a request for a device certificate of the mobile device. The method also includes receiving a reply from the mobile device that includes a device certificate of the mobile device; and authenticating the mobile device as associated with a SUPL user based on the device certificate.