Abstract: The present disclosure is related to an integrity protection method and device. In the method, a first BEARER parameter value is obtained based on at least one of the following: a LCID corresponding to data transmitted in the sidelink communication, an access communication standard adopted by the sidelink communication, a BEARER parameter value allocated for the sidelink communication, or a preset BEARER parameter value. A bit length of the LCID corresponding to the transmitted data is greater than a bit length of the first BEARER parameter value. Based on the first BEARER parameter value, a MAC-I or an XMAC-I for the sidelink communication is calculated.

Abstract: A data security system, and a method of operation thereof, includes a data security transceiver or receiver; an authentication subsystem operatively connected to the data security transceiver or receiver; and a storage subsystem connected to the authentication subsystem.

Abstract: A method and system for generating an encrypted and authenticated message for authenticating a first component of an electronic device as the originator of the message are disclosed. The method and system comprise encrypting a block of information based on a key associated with a second component of the electronic device to generate an encrypted block of information; accessing, from a memory of the first component, a previous version of a dynamic unique key, the previous version of the dynamic unique key being at least partially based on a original unique key; generating a current version of the dynamic unique key based on the previous version of the dynamic unique key; generating a message authentication code based on the encrypted block of information and the current version of the first dynamic unique key; and transmitting, to the second component, the encrypted block of information and the message authentication code.

Abstract: Provided is a process that establishes representations and permits users to login to a relying device to which a mobile device has registered. Credential values of the user are established within a trusted execution environment of the mobile device and representations of those credentials are transmitted to a server. The user of the mobile device may authenticate with the mobile device to the server, which may permit user access to the relying device via secure session. The user of the mobile device may authenticate with the mobile device to the server, which may permit user access by causing the mobile device to obtain a value by which the relying device may be accessed. The user of the mobile device may authenticate with the mobile device based on a policy received from the server to obtain a value by which the relying device may be accessed.

Abstract: Arrangements for account linking and dynamic device selection are provided. Registration data including one or more user accounts and/or payment devices may be received. A request to process a transaction may be received via a first device. User data may be retrieved to identify other devices. One or more external entities may provide user profile data including raw customer data and encrypted authentication data. A hash of the encrypted authentication data may be generated and stored. The system may dynamically generate a rendering displaying one or more payment devices available for selection. A second payment device may be selected and a handshake protocol initiated between a vendor device and a user device. Authentication data may be provided and a hash generated. The hashes may be compared and, if a match occurs, the transaction may be processed.

Abstract: A digital letter of approval (DLOA) is used by a subscription manager (SM) server to determine whether a device is compliant with requirements for an application to be provisioned. If the device is compliant, the application is provisioned to the device or to an embedded universal integrated circuit card (eUICC) included in the device. To increase the security of the device DLOA, the device DLOA is linked to the eUICC, in some embodiments. The linkage may be based on one or more platform label fields in the device DLOA. A database is consulted, in some embodiments, to confirm a relationship between the device and the eUICC identified in the device DLOA. In some embodiments, the eUICC signs the device DLOA and the device DLOA with eUICC signature is sent to the SM server. In some embodiments, the device provides a device signature on the DLOA independent of the eUICC.

Abstract: A calculation process is efficiently performed to a text file in which one or more records are included, each of the records includes one or more cells having an arbitrary length, and each of the cells includes arbitrary pieces of characters. A parameter setting apparatus sets a maximum value Scsv and a minimum value scsv of a size of character strings for one record by using attribute information as an input, a maximum value Senc of a total size of encode information, a maximum value Sss of a total size of a calculation value obtained by performing specific calculation to the encode information, and a total size Sref of reference information, obtains a function value of C/(Scsv+Senc+Sref) as the number of records which is a process unit of encoding and calculation, and obtains a function value of f0/I·r·Scsv as the number of parallels in the calculation process. Here, C is a cache memory size, M is a main memory size, and f0 is a function value of scsv·M/(scsv+Senc+max(Sref,Sss)).

Abstract: A controller used in a computing device executes the following steps. When a security profile stored in a storage device is successfully verified, according to a security profile configuration stored in the controller, an operation mode described in the security profile is used. When the used operation mode is in a non-secure mode, the booting of the computer device is directly completed. When the used operation mode is a secure mode and a main BIOS of the computing device is not valid, at least one BIOS stored in the storage device is used to recover the main BIOS, and the computer device is rebooted. When the used operation mode is a secure mode and the main BIOS is valid, but the storage device does not store the main BIOS, the main BIOS is backed up and to be stored in the storage device.

Abstract: Disclosed are a random access method and a communication device. The method includes determining a first scrambling sequence according to at least one of a first random access preamble index or a first synchronization signal block index. The method also includes performing a first scrambling or descrambling process on a data channel in a first message in a random access procedure according to the first scrambling sequence. The first scrambling or descrambling process includes scrambling or descrambling performed on an encoded information bit on the data channel.

Abstract: Methods, systems, and devices for wireless communication are described. Wireless communications systems may support beamformed transmissions between devices (e.g., to improve coverage range). The beamformed transmissions may depend on discovery and maintenance of receive and transmit beams over which a given device may communicate with another device. Various receive and transmit beams for a given device may be compared using reference signals. As the number of devices attempting to access a cell increases, the number of reference signals to be transmitted may scale proportionally. Large numbers of reference signals may flood time-frequency resources of the system and/or require excessive processing at a mobile device. Scrambling sequences for reference signals may be employed to improve efficiency of resource usage. In aspects, the scrambling sequences may be implicitly determined (e.g., based on resources over which the access request was transmitted).

Abstract: In some embodiments, an exemplary access controlling network architecture may include: a computer platform configured to: receive, from an online entity, an action performance request; request, from an access controlling platform, an expected access control digital key to be presented to the online entity; receive the expected access control digital key; instruct to display the expected access control digital key at a computing device; cause a mobile originating communication, having the expected access control digital key and an identity linked to the computing device; determine a lack of a receipt of the access authentication indicator associated with the online entity from the access controlling platform; and perform, due to, for example, the online entity being a BOT, one of: modifying a visual schema of the online entity, disabling the online entity, or suspending one of: a performance of the online entity or the performance of the action by the online entity.

Abstract: An authorized access list generation method including: at least one network service providing device registering for an authorized access list notification service with a server, the authorized access list including at least one authorization related record of at least one legitimate user device; the legitimate user device outputting a user ID to the server to log into the server, and directly sending an access request to a target network service provider after logging into the server, and continuing to provide an IP address being used and a device ID to the server to update a corresponding authorization related record; and the target network service providing device comparing the IP address, stored in each authorization related record of the authorized access list, with the IP address of a user device issuing an access request, and rejecting the access request if no matched result is found.

Abstract: Media, system, and method for providing encryption key management to an automated workflow within a group-based communication system. The automated workflow is encrypted using an organization-specific encryption key and is stored in a data store. Responsive to a triggering event, the encrypted workflow is retrieved from the data store to be decrypted and a corresponding decryption key is retrieved from a key store. The decrypted workflow performs a series of steps responsive to determining that a trigger condition has been met. The steps may be associated with at least one of sending a form and sending a message to a user within the group-based communication system.

Abstract: This application provides an unmanned aerial vehicle authentication method and an apparatus. The method includes: sending, by a communications device after determining that a type of a terminal is a UAV, authentication information of the terminal to an authentication server, so that the authentication server can perform authentication on the terminal based on the authentication information of the terminal, and therefore, the authentication server completes authentication on the terminal. In addition, the unmanned aerial vehicle is allowed to fly only after authentication on the terminal succeeds. Therefore, flight security of the unmanned aerial vehicle can be improved.

Abstract: Methods, systems, and devices for wireless communications are described. A first parent node of a wireless backhaul network may receive, from a donor node of the wireless backhaul network, a token for a child node of the wireless backhaul network, the token being unique to a first wireless link between the first parent node and the child node. The first parent node may determine that a triggering event has occurred for a second wireless link between the first parent node and a second parent node. The first parent node may transmit, in response to determining that the triggering event has occurred, the token to the child node over the first wireless link to indicate for the child node to select a third parent node of the wireless backhaul network.

Abstract: An authentication method includes receiving, at a processor, a signal representing an image of a serialization code and multiple flecks of a label, the flecks having a random distribution. The processor detects the serialization code and applies a modification to the image to produce a modified image. A subset of flecks of the modified image is detected, and metrics associated with each fleck from the subset of flecks are identified. The identified metrics are compared with metrics associated with a unique signature, and a message is displayed, via a user interface, indicating an authenticity of the label based on the comparison.

Abstract: An example system is configured to (i) receive, from a user device over a WAN, a request for an authorization code corresponding to a media application on the user device, (ii) based on the request transmit, to the user device over the WAN, the authorization code, (iii) receive, from a media playback system over the WAN, an authorization request that includes the authorization code, (iv) determine that the authorization code in the authorization request is valid, (v) based on determining that the authorization code is valid, generate an authorization token, (vi) transmit, to the media playback system over the WAN, the authorization token, (vii) receive, from the media playback system over the WAN, a media request including the authorization token, and (viii) responsive to the media request and a determination that the authorization token is valid, transmit, over the WAN, media content to the media playback system.

Abstract: In one example an apparatus comprises a computer readable memory, a signature logic to generate a signature to be transmitted in association with a message, the signature logic to apply a hash-based signature scheme to the message using a private key to generate the signature comprising a public key, or a verification logic to verify a signature received in association with the message, the verification logic to apply the hash-based signature scheme to verify the signature using the public key, and an accelerator logic to apply a structured order to at least one set of inputs to the hash-based signature scheme. Other examples may be described.

Abstract: A virtual computer application at a computing device may establish a secure communications channel between the computing device and a private network. The virtual computer application may determine one or more policies that specify one or more actions permitted to be performed by the computing device on documents in the private network based at least in part on context information associated with the computing device. The virtual computer application may determine whether to allow an action to be performed by the computing device on a document in the private network based at least in part on the one or more actions specified by the one or more policies. The virtual computer application may, in response to determining that the action to be performed on the document is not allowed, prevent the computing device from performing the action on the document.

Abstract: A wireless communication system transmits information to a communication terminal moving through a spot wireless area. In an integrated base station, an external information communication section controls communication with a server. A contents memory section stores contents received from the server. A wireless LAN communication section communicates with the communication terminal. A control section establishes connection with the communication terminal using a first connection not requiring an authentication procedure for connection with the communication terminal or using a second connection requiring the authentication procedure for connection with the communication terminal.

Abstract: The invention relates to a system and method that implements a customer account automation framework. A mobile device or system comprises: a memory that accesses customer profile data, customer transaction data and payment rules data; and a computer processor, coupled to the memory, programmed to: identify one or more rules, each rule comprising an event and an action, wherein the one or more rules comprise one of: notification, confirmation and automation and an associated device; receive one or more rule suggestions automatically generated based on customer behavior and transaction data; receive one or more sponsored rule suggestions automatically generated based on sponsor data; accept at least one suggested rule, wherein the suggested rule comprises a corresponding event and a corresponding action; detect an occurrence of the event; and automatically perform the action.

Abstract: Aspects of the subject disclosure may include, for example, a network API service that receives network event data and provides performance hints to a resource manager that manages application containers at edge cloud locations. Network event data may be received from access networks, core networks, nodes within access networks or core networks, or the like. Performance hints may allow booting of application containers at edge cloud locations. Other embodiments are disclosed.

Abstract: Some examples relate to detecting a security intrusion in a computer system. In an example, the detection of the security intrusion may be performed by analyzing a plurality of log records generated corresponding to a plurality of milestone actions performed during invocation of an operation on the computing system, based on a rule-set. Upon detection of a deviation in the plurality of log record from the rule-set, a security action is performed.

Abstract: Disclosed embodiments are related to Management Data Analytics (MDA) relation with Self-Organizing Network (SON) functions and coverage issues analysis use case. Other embodiments may be described and/or claimed.

Abstract: An authentication system includes a first controller that performs wireless communication with a mobile terminal and a first authentication unit that executes authentication of the mobile terminal including ID authentication and code authentication through the wireless communication performed between the first controller and the mobile terminal. The first authentication unit executes the code authentication by determining whether a terminal-side calculation result obtained by the mobile terminal matches a controller-side calculation result obtained by the first controller. The authentication system further includes a second controller that communicates with the mobile terminal and a second authentication unit that applies encryption communication using a portion of the terminal-side calculation result and a portion of the controller-side calculation result to communication performed between the second controller and the mobile terminal and authenticates the encryption communication.

Abstract: A user equipment is configured to receive an extensible authentication protocol (EAP) request from a session management function (SMF) that serves as an EAP authenticator for secondary authentication of the user equipment. The secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment. The user equipment is also configured to, responsive to the EAP request, transmit an EAP response to the SMF.

Abstract: A method includes receiving, by a mobility management entity (MME), a redirection request message from an access and mobility management function (AMF) node, where the redirection request message includes key-related information. The method also includes generating, by the MME, an encryption key and an integrity protection key based on the key-related information. The redirection request message is used to request to hand over a voice service from a packet switched (PS) domain to a circuit switched (CS) domain.

Abstract: Techniques are disclosed securely communicating traffic over a network. In some embodiments, an apparatus includes a first circuit having a local clock configured to maintain a local time value. The first circuit is configured to determine a synchronized time value based on the local time value, the synchronized time value being an expected time value of a reference clock. The first circuit is further configured to generate a first encryption key by calculating a key derivation function based on the synchronized time value and encrypt a portion of a packet using the first encryption key, the portion of the packet being to be communicated to a second circuit. In some embodiments, the apparatus further includes a first network node coupled to the first circuit and configured to communicate the packet to a second network node coupled to the second circuit and to include the synchronized time value in the packet.

Abstract: In some embodiments, an exemplary access controlling network architecture may include: a computer platform configured to: receive, from an online entity, an action performance request; request, from an access controlling platform, an expected access control digital key to be presented to the online entity; receive the expected access control digital key; instruct to display the expected access control digital key at a computing device; cause a mobile originating communication, having the expected access control digital key and an identity linked to the computing device; determine a lack of a receipt of the access authentication indicator associated with the online entity from the access controlling platform; and perform, due to, for example, the online entity being a BOT, one of: modifying a visual schema of the online entity, disabling the online entity, or suspending one of: a performance of the online entity or the performance of the action by the online entity.

Abstract: An authentication method is disclosed, the method comprising: receiving at least one request for an action in relation to an electronic device, wherein performance of the action requires verification of an association of a group of IDs specified by the request; verifying, via cryptographic verification, whether the group of IDs specified by the request match a cryptographically attested group of IDs associated with the electronic device, to determine whether the at least one request for an action is an authentic request; and, having determined the at least one request for an action is an authentic request, approving the at least one request, wherein the group of IDs comprises at least an Integrated Circuit Card Identifier (ICC ID) of a Subscriber Identity Module (SIM) of the electronic device and a device identifier associated with the electronic device.

Abstract: Disclosed are an access rejection method, apparatus and system, where the access rejection method includes: a first base station receives an access request from a terminal; and the first base station sends an access rejection message to the terminal; where the access rejection message at least carries: a check value generated based on a key of the terminal and at least part of contents of the access rejection message. And further disclosed are related computer storage media and processors.

Abstract: A device charger with accessory bays is described. In some embodiments, an Information Handling System (IHS) may include: a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: receive an indication, from a device charger coupled to the IHS, that an accessory has been ejected from the device charger; and in response to the indication, connect to the accessory.

Abstract: Functional data for use in one or more digital transactions are secured by using an encapsulated security token (EST). In certain embodiments, the EST is created by encapsulating digital data including the functional data using at least two cryptographic systems of two parties. The encapsulation and subsequent de-encapsulation can utilize cryptographic systems of the parties that involve a private key for signing and decryption and a public key for encryption and signature verification. If constructed carefully over a series of rigorous events, the resulting EST can be practically impossible to counterfeit. In addition, a propagation of rights can be tracked for auditing and rights can be easily terminated or modified.

Abstract: Events generated from a terminal are analyzed and a problem associated with a component peripheral of the terminal is identified. Operations and parameters to the operation are obtained to resolve the problem. The operations and parameters are encoded in a code along with security information. The code is provided to a mobile device. The mobile device provides the code back to the terminal. The terminal verifies the security information from the code and decodes the operations and parameters. The operations with the parameters are processed to resolve the problem on the terminal, and the security information and code are logged for auditing.

Abstract: The systems and methods herein provide for human- and machine-readable cryptographic keys from dice. In one embodiment, the system places a number of dice into an arrangement to fill a dice grid. The number of dice each contains a number of faces, and each of the faces of the dice includes an image. The system then captures, via a client device, an image of the arrangement. The system generates a cryptographic key from the captured image. This cryptographic key is a human-readable and machine-readable representation of the arrangement in a canonical sequence.

Abstract: Provided is a process that establishes representations and permits users to login to a relying device to which a mobile device has registered. Credential values of the user are established within a trusted execution environment of the mobile device and representations of those credentials are transmitted to a server. The user of the mobile device may authenticate with the mobile device to the server, which may permit user access to the relying device via secure session. The user of the mobile device may authenticate with the mobile device to the server, which may permit user access by causing the mobile device to obtain a value by which the relying device may be accessed. The user of the mobile device may authenticate with the mobile device based on a policy received from the server to obtain a value by which the relying device may be accessed.

Abstract: Systems, methods, and computer-readable media are provided for an efficient roaming management method using a single association identifier token for associating with different access points. In one aspect of the present disclosure, a network controller includes memory having computer-readable instructions stored therein and one or more processors. The one or more processors are configured to execute the computer-readable instructions to receive a request from an endpoint to connect to a first access point; generate association identification token (e.g., PMK and PMKID) for the endpoint to connect to the first access point; and distribute the association identification token to a second access point prior to the endpoint attempting to connect to the second access point, the association identification token being used by the second access point to validate a subsequent request by the endpoint to connect to the second access point.

Abstract: Embodiments of the present invention include techniques for reestablishing a secure communication channel between a client machine and a server machine. A client machine receives, from a server machine, a first message generated in connection with a first master token. The client machine detects an error condition associated with the first message. The client machine transmits, to the server machine, a second message generated in connection with a pre-provisioned key that includes a request for a new master token. The client machine receives, from the server machine, a third message that includes a second master token. The client machine transmits, to the server machine, a fourth message generated in connection with the second master token.

Abstract: Determining a level of congruence between modality-event characteristics is disclosed. Information can be collected from an event input source via one or more information collection modalities. Modality-event characteristics can be determined from this information. A level of congruence between the modality-event characteristics can be determined to enable initiating a response based on the level of congruence. The level of congruence can be based on satisfying a rule related to congruence between modality-event characteristics, user profile information, etc. The level of congruence can be related to a probability that the several inputs collected for an event, collected by a plurality of modalities, embody characteristics that are associated with the event occurring according to determined notions embodied in the rule and profile. Determining the level of congruence can support assertions that each input, across differing modes of capturing said input, accords with the expected inputs for an event.

Abstract: Aspects of the subject disclosure may include, for example, a network API service that receives network event data and provides performance hints to a resource manager that manages application containers at edge cloud locations. Network event data may be received from access networks, core networks, nodes within access networks or core networks, or the like. Performance hints may allow booting of application containers at edge cloud locations. Other embodiments are disclosed.

Abstract: A content consumption system or device may implement device-enabled identification for automated user detection. An identifying device may be detected at a content consumption device as within proximity of the content consumption device. An identifying device may be a mobile or wearable computing device, in various embodiments. A user account associated with the identification device may be selected for accessing content at the content consumption device. Access to content may be provided according to the selected user account. In some embodiments, content recommendations or content filtering may be performed based on the automatically determined user account.

Abstract: This document describes techniques and systems for reducing a state based on sensor data from an Inertial Measurement Unit (IMU) and radar. The techniques and systems use inertial sensor data from an IMU as well as radar data to reduce states of a user equipment, such as power, access, and information states. These states represent power used, an amount of access permitted, or an amount of information provided by the user equipment. The techniques manage the user equipment's states to correspond to a user's engagement with the user equipment, which can save power, reduce unwarranted access, and reduce an amount of information provided when the user is not engaged with the user equipment, thereby protecting the user's privacy.

Abstract: Disclosed herein are system, method, and device embodiments for an authentication workflow incorporating blockchain technology. An embodiment operates by requesting, from a distributed authentication service, transmission of a time-based one-time password to a communication endpoint associated with an end-user, receiving a time-based one-time password submission from a user device associated with the end-user, retrieving a plurality of distributed ledger entries (e.g., a plurality of blocks of a blockchain), and validating the time-based one-time password submission based on the plurality of distributed ledger entries as a part of a two factor authentication workflow.

Abstract: The present disclosure concerns a method of synchronization of data packet transmission (P1, P2, P3) in a network (N), including and/or initiating the acts of: Receiving (S1), e.g. from a terminal device (T1, T2, T3) of the network (N), one or more data packets (P1, P2, P3) after a threshold time interval (tt) of a periodic transmission window (RT, BE), wherein the threshold time interval (tt) is arranged at the beginning of said periodic transmission window (RT, BE), and Forwarding (S2) the data packet (P1, P2, P3) in a subsequent transmission window (RT, BE), preferably directly after the transmission window in which the data packet (P1, P2, P3) was received, within the threshold time interval (tt) of the transmission window (RT, BE).

Abstract: Methods and systems for automatically providing dynamic content for facilitating a transaction are described herein. An online marketplace is accessed by a client device over a network. A user identifier associated with the client device is passed to a payment service provider via a merchant system associated with the online market place. Dynamic content is generated by the payment service provider in response to the user identifier and subsequently served to the client device over the network.

Abstract: Aspects of the invention are directed towards method and system for providing secure access to a user inside the premises. One or more embodiments of the invention describe receiving a user defined pre-access condition for a predetermined time by an input interface coupled to an intrusion panel. The pre-access condition for a user are authenticated and an authentication result is notified to a cloud server. The authentication is confirmed based on the pre-access condition together with geo-location information of the user within a defined geo-fencing boundary thereby satisfying dual authentication and transmitting the authentication result to the cloud server. A preset emergency notification and location tracking information are triggered on breach of the pre-access condition and/or geo-location information to a predefined user.

Abstract: Methods and systems for connecting a wireless device to a wireless network. Configuration information is received by an access point of the wireless network including a service identifier corresponding to a service provided through the wireless device and a credential associated with the wireless device. The access point advertises the service identifier to the wireless device. The access point receives from the wireless device an association request including a network identifier corresponding to the wireless network. The access point authenticates the wireless device based on the service identifier and the credential.

Abstract: Methods and apparatuses for authentication in a computer network system based on security credentials issued for client hosts by a remote security authority are disclosed. In response to detection that a client host is prevented from obtaining security credentials from the remote security authority for use in accessing a target host, the client host can obtain an emergency security credential from a storage of emergency security credentials. The emergency security credential with an error state indication can be send from the client host to the target host for use in the authentication.

Abstract: Embodiments of this application provide a random access preamble transmission method and an apparatus. The method includes: obtaining, by a terminal device, a scrambling code sequence, scrambling a random access preamble by using the scrambling code sequence, and sending a scrambled random access preamble to a network device. In this technical solution, the terminal device scrambles the random access preamble, and sends the scrambled random access preamble over a channel, to effectively eliminate inter-cell interference and resolve a possible target cell false alarm problem.

Abstract: Disclosed is a method by which a transmission device transmits data on the basis of a sound signal in a wireless communication system, the method including transmitting a sound packet corresponding to transmission data, with the sound packet including at least one sound symbol, the sound symbol including at least one sound sub-symbol, a plurality of sound symbol types are supported in the wireless communication system, and each of the plurality of sound symbol types is mapped to a preset data value.