Abstract: A server system is provided for analyzing user interaction in an environment. The server system comprises a memory storing a set of instructions and a processor configured to execute the instructions to perform operations including determine a user has interacted with an item positioned in the environment based on a communication signal received from a hub physically located in the environment indicating an item tag associated with the item is linked with a user tag associated with the user. The server system may identify, based on one or more communication signals received from the hub, at least one metric associated with the user's interaction with the item and compare the at least one metric with a set of rules associated with the type of metric. The server system may provide an indication, based on the comparison, to a display device.

Abstract: One or more features of a tracking device can be disabled if the tracking device is lost. A tracking device is associated with a first mobile device, which can remotely control the tracking device via a tracking server. The tracking server receives an instruction from the first mobile device to disable a feature of the tracking device. The tracking server also receives a notification from a second mobile device that the second mobile device is within a communication range of the tracking device. In response to receiving the instruction and the notification, the tracking server transmits the instruction for the tracking device to disable the feature to the second mobile device. The tracking device receives the instruction to disable the feature from the second mobile device. In response to receiving the instruction to disable the feature, the tracking device disables the feature according to the instruction.

Abstract: Architectures, methods and apparatus for providing data services (including enhanced ultra-high data rate services and IoT data services) which leverage existing managed network (e.g., cable network) infrastructure, while also providing support and in 10 some cases utilizing the 3GPP requisite NSA functionality. Also disclosed are the ability to control nodes within the network via embedded control channels, some of which “repurpose” requisite 3GPP NSA infrastructure such as LTE anchor channels. In one variant, the premises devices include RF-enabled receivers (enhanced consumer premises equipment, or CPEe) configured to receive (and transmit) OFDM waveforms via a 15 coaxial cable drop to the premises. In another aspect of the disclosure, methods and apparatus for use of one or more required NSA LTE channels for transmission of IoT user data (and control/management data) to one or more premises devices are provided.

Abstract: An information processing method includes: activating a linkage function from a service of a linkage source to a service of a linkage destination, in response to determining that both of the service of the linkage source and the service of the linkage destination are usable by the contract user; and deactivating use of the linkage function for a login user managed by the contract user, in response to determining that the login user does not have use-permission for using the service of the linkage destination.

Abstract: Systems and methods are disclosed for detecting certain online activities associated with a digital identity. A Digital Identity Network may be monitored for potentially fraudulent activities (such as new account openings and certain transactions) related to an enrolled User identification (User ID) without requiring personally identifying information (PII). Corresponding alerts may be generated and sent to inform the associated user of such suspicious activity so that fraudulent account access or transactions may be prevented.

Abstract: A method performed by a network node, for handling User Equipment, UE, capabilities of a UE in a wireless communications network is provided. The network node sends (501) to the AMF node (130), a first indication indicating whether or not the network node (110) has capabilities to store UE capabilities associated with the UE capability ID. The network node receives (502) from an AMF node, a second indication indicating whether or not UE capabilities associated with a capability identity of the UE, UE capability ID, are UE available in the AMF node. The network node decides (503) whether explicit UE capabilities associated with the UE capability ID shall be retrieved from the UE or the AMF node based on the received first and second indication.

Abstract: System, methods, and computer-readable media for a Neutral Host (NH) operation of a 5G radio, whereby a NH operator receives feedback from hosts and determines to partition Physical Resource Block (PRB) resources. Thus, a NH system is provided that enables a third-party to independently operate other channels, whereby individual physical random access channels (PRACH) are operated by independent hosts. The NH system is able to indicate partitioned resources to individual hosts, including PRACH definition and mutually exclusive set of PRBs partitioned between tenants. The hosts operating in the NH system may be operable to implement their own independent schedulers, incorporating host specific logic, that can be configured with the partitioned resources but which may further operate independently of each other.

Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identify. A server is described that receives a service request to access a secure service provided by another service provider. The server may determine whether an additional secure service is required from a third-party server, and if so, generate a recursive authentication token for delivery to the third-party server. The recursive authentication token is intended to authenticate an identity of the server to the third-party server.

Abstract: A “scannable logo” image contains encoded identity data for the logo brand owner, encoded visual identification characteristics for the logo brand, an encoded GPS data corresponding to manufacturing location for a manufactured item or assembled item, plus additional embodiment dependent data. The image is scanned with the image scanning function of a mobile communication device and the encoded logo brand owner identity data, the encoded visually identifying characteristics for the logo brand, and the encoded GPS location information are decoded with a decoding function. The GPS location information is captured for the mobile communication device with the GPS function of the mobile communication device and compared to the decoded GPS location information. If the decoded information is a geo-proximal match, an authentication application is launched in the computer function of the mobile communication device.

Abstract: An NFC-enabled apparatus is disclosed. The apparatus includes a touch screen display and a near field communication (NFC) module comprising an NFC antenna and an NFC controller. In response to tagging between the NFC-enabled apparatus and the external NFC terminal, an NFC communication channel is established between the NFC-enabled apparatus and the external NFC terminal for data communication therebetween.

Abstract: A computer-implemented method for providing user data for a user in a cellular network. The method comprises receiving a request for user data from a requesting entity. The method includes providing login credentials associated with the requesting entity to a short message service function (SMSF), and querying the SMSF for user data. The method includes receiving user data in response to the query and parsing the received user data. The method includes converting the received user data to an API response and transmitting the converted user data to the requesting entity.

Abstract: Facilitate configuration of authentication information for a service provided over IP network when there is no shared authentication information between IoT device and service provider device for a service used by IoT device, an intermediary device capable of authenticating legitimate access mediates between devices. An example: a cipher key CK stored in intermediary device and IoT device, as a result of SIM authentication of the SIM of the IoT device, is used as master key for services used by IoT device. By generating unique application key for a service used by IoT device on the intermediary device and IoT device on the basis of master key, and sending it to service provider apparatus from intermediary device by secure connection, common keys are set as authentication information to IoT device and service provider apparatus. A SIM authentication process for generating cipher key can suppress SQN attack based on a bad request.

Abstract: A cloud communication architecture addresses shortcomings of traditional security protocols (e.g., SSL/TLS) in cloud computing, providing security for data-in-transit and authenticity of cloud users (CUs) and cloud service providers (CSPs). The architecture also protects the communication channel against attacks such as man-in-the-middle (MITM) (including eavesdropping, sniffing, identity spoofing, data tampering), sensitive information disclosure, replay, compromised-key, repudiation and session hijacking attacks. The architecture includes a high-performance cloud-focussed security protocol. The protocol efficiently utilizes the strength and speed of features such as symmetric block encryption with Galois/Counter mode (GCM), cryptographic hash, public key cryptography, and ephemeral key-exchange, and provides faster reconnection facility for supporting frequent connectivity and dealing with connection trade-offs. Embodiments have enhanced security against the above-noted attacks, and are superior to TLSv1.

Abstract: An example method of operation may include one or more of identifying an outbound call placed by a mobile device subscribed to a protected carrier network, determining the outbound call is destined for a destination telephone number that was stored in a call history of the mobile device, determining the destination telephone number is a scam call suspect telephone number based on one or more identified call filter parameters associated with the destination telephone number, and forwarding a scam call notification to the mobile device while the outbound call is dialing the destination telephone number.

Abstract: A method includes receiving, by an embedded universal integrated circuit card (eUICC), first information from a local profile assistant (LPA), where the first information includes a first certificate issuer (CI) public key identifier, and the first CI public key identifier is a CI public key identifier that the eUICC does not have. The method further includes sending, by the eUICC, second information to an OPS, where the second information includes the first CI public key identifier. The method further includes receiving, by the eUICC, a patch package from the OPS, where the patch package includes at least a first CI public key corresponding to the first CI public key identifier. The method further includes updating, by the eUICC, a CI public key of the eUICC by using the first CI public key.

Abstract: Various embodiments of the present invention relate to an electronic device for providing a service by using a secure element, and an operating method thereof. The electronic device comprises: a processor for acquiring secure state information of the electronic device; and a secure element operating under the control of the processor, receiving the secure state information of the electronic device from the processor, and including a repository for storing the received secure state information of the electronic device, wherein the secure element senses a security-related service request command, acquires the secure state information about the electronic device from the repository, and can process or ignore the sensed security-related service request command on the basis of whether the acquired secure state information of the electronic device satisfies a designated condition. Other embodiments are also possible.

Abstract: Methods and systems for verifying a resource definition include simulating an original resource definition to identify at least one change that is made to the original resource definition by a management service. A signature of a received resource definition is generated, omitting portions of the received resource definition that correspond to the at least one identified change. The signature of the received resource definition is compared to a signature of the original resource definition to find a match and to verify the received resource definition. The received resource definition is implemented, responsive to finding the match.

Abstract: An electronic control unit, which receives a message and a freshness value given to the message via a connectionless communication, includes a storage unit storing a freshness value list, which indicates a predetermined number of freshness values in a descending order from a reference value, which is a largest freshness value among the freshness values received in a past. The electronic control unit compares a received value, which is the received freshness value, with the freshness value list to provide a verification result, and updates the freshness value list so as to hold the received value in response to the verification result indicating that (i) the received value is not larger than the reference value and not smaller than a permissible value which is a smallest freshness value in the freshness value list, and (ii) the received value is not in the freshness value list.

Abstract: Authentication of a networked device with limited computational resources for secure communications over a network. Authentication of the device begins with the supplicant node transmitting a signed digital certificate with its authentication credentials to a proxy node. Upon verifying the certificate, the proxy node then authenticates the supplicant's credentials with an authentication server accessible over the network, acting as a proxy for the supplicant node. Typically, this verification includes decryption according to a public/private key scheme. Upon successful authentication, the authentication server creates a session key for the supplicant node and communicates it to the proxy node. The proxy node encrypts the session key with a symmetric key, and transmits the encrypted session key to the supplicant node which, after decryption, uses the session key for secure communications. In some embodiments, the authentication server encrypts the session key with the symmetric key.

Abstract: A network node selectively encrypts messages between a user plane node and a control plane node in a network system. The user plane node and the control plane node negotiate a connection and indicate an encryption level for the connection. The encryption level is selected from an Information Element (IE) level, a message level, or a feature level. The user plane node and the control plane node selectively encrypt at least a portion of the messages between the user plane node and the control plane node based on the encryption level for the connection.

Abstract: In some implementation, a device may execute a web-browsing application installed on the device. The device may scan, by a near-field communication (NFC) reader of the device and in connection with the web-browsing application, an NFC tag of an interaction card associated with an account of a user. The device may receive, from the interaction card, data associated with the account of the user. The device may store the data as coded data in the web-browsing application. The device may generate a uniform resource locator (URL) associated with a partial application having reduced functionality. The URL may include one or more URL parameters containing the coded data. The device may launch the partial application based on a user interaction with a hyperlink associated with the URL. The partial application may parse the URL parameter(s) and may decode the coded data to be used by the partial application.

Abstract: A method and a device for performing communication by using a virtual subscriber identity module are used to provide a mode in which the device can perform communication without a SIM card. The method includes: receiving, by a first device, a virtual subscriber identity module data package sent by a second device by using a short range communications protocol, where the virtual subscriber identity module data package carries a virtual subscriber identity, and the virtual subscriber identity is used to uniquely identify a user using the first device when the first device performs communication in a network provided by a mobile communications operator; obtaining, by the first device, the virtual subscriber identity by using the virtual subscriber identity module data package; and communicating, by the first device by using the virtual subscriber identity, with another device in the network provided by the mobile communications operator.

Abstract: Apparatuses that provide for secure wireless communications between wireless devices under cover of one or more jamming signals. Each such apparatus includes at least one data antenna and at least one jamming antenna. During secure-communications operations, the apparatus transmits a data signal containing desired data via the at least one data antenna while also at least partially simultaneously transmitting a jamming signal via the at least one jamming antenna. When a target antenna of a target device is in close proximity to the data antenna and is closer to the data antenna than to the jamming antenna, the target device can successfully receive the desired data contained in the data signal because the data signal is sufficiently stronger than the jamming signal within a finite secure-communications envelope due to the Inverse Square Law of signal propagation. Various related methods and machine-executable instructions are also disclosed.

Abstract: Methods and systems are provided for providing a mobile communications device with access to a provider with a plurality of security levels. The security state of the device varies according to severity levels of device security events. The mobile communications device generates data regarding security events and provides the data to the provider, which compares that security state to a policy associated with the provider. The mobile communications device is allowed to access to a provider service where the device's current security state meets or exceeds the security state required for the provider service.

Abstract: A communication system is disclosed. The communication system includes a first core network that is mobile, and a radio access network, which includes a first central unit and one or more distributed units. The first central unit includes a first router containing a multi-level security guard configured to route user plane data and control plane data to the first core network. The first central unit further includes a transceiver, a control plane interface coupled to the core network, and a second router configured to communicate user plane data and control plane data to one or more first distributed units. The central unit configures at least one network function of radio resource control (RRC). The one or more distributed units configures at least one network function of packet data convergence protocol (PDCP), radio link control (RLC), medium access control (MAC), and physical link (PHY) network functions.

Abstract: An Internet Key Exchange protocol message indicating a first Internet Protocol Security traffic flow is to be established via a first device is obtained at the first device. The Internet Key Exchange protocol message is forwarded from the first device to a second device. An encryption key used to transmit traffic via the first Internet Protocol Security Traffic flow is received at the first device from a key value store. The key value store is populated with the encryption key in response to the second device obtaining the Internet Key Exchange protocol message. A first data packet to be transmitted via the first Internet Protocol Security traffic flow is obtained at the first device. The first device provides the first data packet encrypted with the encryption key of the first Internet Protocol Security traffic flow.

Abstract: In a process for adding a base station as a secondary base station, and for example in 5 response to a UE Context Setup Request or a UE Context Modification Request, a distributed unit of a base station selects a feature set, and informs a central unit of the base station of the selected feature set.

Abstract: A method of blockchain-based data management of distributed binary objects includes identifying a binary object to be stored in a first data store. The method further includes encrypting, by a processing device, the binary object using a cryptographic function of a blockchain to generate an encrypted binary object. The method further includes storing the encrypted binary object in the first data store. The method further includes storing a reference to the encrypted binary object on the blockchain.

Abstract: Disclosed are various embodiments for interfaces for creating radio-based private networks. In one embodiment, a request is received via an interface to create a radio-based private network for a customer. The request indicates a quantity of wireless devices that will connect to the radio-based private network. A quantity of radio units to serve the radio-based private network is determined based at least in part on the quantity of wireless devices. The radio units are preconfigured to implement a radio access network for the radio-based private network. A shipment is initiated to the customer of the radio units that have been preconfigured. Resources in a cloud provider network are provisioned to function as a core network for the radio-based private network.

Abstract: The invention relates to a method, a non-transitory computer program product, and an apparatus for encrypting and decrypting physical-address information. The method includes: receiving a first read command requesting of the flash controller for first physical block addresses (PBAs) corresponding to a logical block address (LBA) range from a host side, wherein each first PBA indicates which physical address that user data of a first LBA of the LBA range is physically stored in a flash device; reading the first PBAs corresponding to the LBA range from the flash device; arranging the first PBAs into entries; encrypting content of each entry by using an encryption algorithm with an encryption parameter to obtain an encrypted entry; and delivering the encrypted entries to the host side.

Abstract: Methods and apparatus for detecting and handling evil twin access points (APs). The method and apparatus employ trusted beacons including security tokens that are broadcast by trusted APs. An Evil twin AP masquerades as a trusted AP by broadcasting beacons having the same SSID as the trusted AP, as well as other header field and information elements IE in the beacon frame body containing identical information. A sniffer on the trusted AP or in another AP that is part of a Trusted Wireless Environment (TWE) receives the beacons broadcasts by other APs in the TWE including potential evil twin APs. The content in the header and one or more IEs in received beacons are examined to determine whether a beacon is being broadcast by an evil twin.

Abstract: A cloud server collects and stores context data from mobile devices. Data collected for a mobile device is compared to the historical data. A security policy is selected for the mobile device based on the comparison. The selected policy is deployed to the mobile device. A status of the deployment is tracked by the cloud server.

Abstract: A mobile device management method includes: a first electronic device sends a request message including an identifier of at least one second electronic device to a first server. The first electronic device receives a DM service APP from the first server and installs the DM service APP. After the DM service APP is installed, the first electronic device can provide the MDM service. The first electronic device provides the MDM service for the second electronic device, to implement management and device system upgrade of the second electronic device.

Abstract: Methods and apparatus for detecting and handling evil twin access points (APs). The method and apparatus employ trusted beacons including security tokens that are broadcast by trusted APs. An Evil twin AP masquerades as a trusted AP by broadcasting beacons having the same SSID as the trusted AP, as well as other header field and information elements IE in the beacon frame body containing identical information. A sniffer on the trusted AP or in another AP that is part of a Trusted Wireless Environment (TWE) receives the beacons broadcasts by other APs in the TWE including potential evil twin APs. The content in the header and one or more IEs in received beacons are examined to determine whether a beacon is being broadcast by an evil twin.

Abstract: An information using device 300 adds an encryption public key held to a blockchain, an information holding device 200 transmits encrypted information as a result of acquiring the encryption public key from the blockchain 400 and encrypting the target information, the information management device 100 stores the encrypted information received, and transmits a storage destination address, the information holding device 100 adds the storage destination address of the encrypted information received to the blockchain 400, the information using device 300 acquires the storage destination address of the encrypted information, and accesses the storage address, the information management device 100 transmits the encrypted information at the storage destination address, in response to the access from the information using device 300, and the information using device 300 decrypts the encrypted information received, using an encryption secret key held.

Abstract: A method for determining an access right of a user terminal to a first network, wherein the user terminal (110) includes a subscription of a second network (150). The method includes: receiving (310) an access request message (240) including a data record for a user name and a data record for a password; determining (320) that the records are in a pre-determined format and that at least one of them includes data from which a subscriber identity for the second network is derivable; generating (330) an authentication request message from the access server (140) to a server (160) configured to perform authentication related tasks in the second network; receiving (340) information on the outcome of the authentication of the subscriber in the second network, generating (350) an acknowledgement to the user terminal (110) indicating right to access to the first network.

Abstract: Methods and network equipment for implementing security mechanism for interworking with independent security anchor function (SEAF) in 5G networks. A method performed by the standalone SEAF comprises receive a first request for a key to secure communication between the UE and a first access and mobility function (AMF) which a user equipment (UE) requests registration, wherein the request includes a first indication that indicates UE supports a standalone SEAF or not; receive, from a second AMF with which the UE requests registration for performing inter-AMF mobility to the second AMF, a second request for a key to secure communication between the UE and the second AMF, wherein the request includes a second indication that indicates the UE supports a standalone SEAF or not; and determine whether or not a bidding down attack has occurred depending at least in part on whether the first indication matches the second indication.

Abstract: A wireless communication device establishes voice communication between a supported user and a selected remote device supporting another user via a point-to-point wireless ad hoc network link. The device selects a particular remote device, establishes an ad hoc network link with the selected remote device, and communicates voice communication signals with the selected remote device. Selection can be based upon a user interaction with the device which specifies the particular remote device. The user interaction can include interaction with a graphical representation of the particular remote device presented in a graphical user interface. The user interaction can include an audio command received via an audio interface of the device. The device can include one or more headset devices, including a pair of headset devices which can be switched between providing audio signals to a single user to supporting communication between separate users via an ad hoc network link.

Abstract: Decoy data is generated from regular data. A deep neural network, which has been trained with the regular data, is trained with the decoy data. The trained deep neural network, responsive to a client request comprising input data, is operated on the input data. Post-processing is performed using at least an output of the operated trained deep neural network to determine whether the input data is regular data or decoy data. One or more actions are performed based on a result of the performed post-processing.

Abstract: Methods and systems are described for improvements to authentication processes. For example, conventional systems may rely on password authentication or contact-based alternative authentication techniques that are impractical or infeasible in sensitive medical environments, during pandemics, or fail meet the health and safety needs of an increasingly health-conscious public. In contrast, the described solutions provide an improvement over conventional authentication systems and methods by enabling user authentication via contactless physiological biometric authentication processes, behavioral authentication processes, and passive data authentication processes, that do not require a user to remove personal protective equipment.

Abstract: A method of determining a confidence level associated with a device using heuristics of trust includes receiving, by an evaluating device, at least a communication from a first remote device, determining, by the evaluating device, an identity of the first remote device as a function of the at least a communication, calculating, by the evaluating device, at least a heuristic of trust as a function of the at least a communication and the identity, assigning, by the evaluating device, a first confidence level to the first remote device as a function of the at least a heuristic of trust, and assigning, by the evaluating device, an access right as a function of the first confidence level.

Abstract: Embodiments disclosed herein relate to allowing unauthenticated UEs to gain restricted access to an operator network to access network access subscription service. Once the unauthenticated UE successfully downloads a subscription profile for accessing the operator network, the unauthenticated UE can disconnect and can, thereafter, authenticate to the operator network using the subscription profile. Embodiments disclosed herein can perform one-way authentication to the operator network for obtaining a limited connectivity to reduce DoS attacks on the operator network. More specifically, these embodiments can support unauthenticated UEs to allow unauthenticated UEs to access the operator network for RLOS while minimizing DoS attack.

Abstract: A method, apparatus, and computer program product for passive contact tracing is provided. An example method includes detecting a wireless signal from a mobile device at a sniffer device, generating a unique mobile device ID for said mobile device, recording the mobile device ID, identification data of the sniffer device, and a detection time, receiving a query for a target mobile device ID, proximate distance, and time period, and generating a list comprising a mobile device ID of every mobile device that came within the proximate distance of the target mobile device within the time period. The method further includes associating a mobile device with an employee by detecting an indication of employee identity within the range of a sniffer device and storing one or more mobile device IDs detected by said sniffer device as an employee parameter in an employee database.

Abstract: Systems and methods cross device application discovery and/or control. Cross device application discovery and/or control can provide for simple detection and activation of applications on remote devices. Cross device application discovery and/or control can provide for the control of remote applications in a master and slave configuration. Responsive to an activation message, an application can execute a task in an application, the task being displayed on a target device. Responsive to an activation message, an application can execute a task in an application on a target device, a task context data for the task being streamed to the source device for presentation on a display. Cross device application discovery and/or control can be enabled on a single operating system, or across a plurality of operating systems.

Abstract: A method (300) for indoor positioning or navigation comprises obtaining (310) a set of features which describe characteristics of a place in an indoor space. This obtained set of features may describe characteristics of a place at which a wireless device is located, a place targeted by a wireless device as a destination, or a place targeted by a wireless device to avoid. Regardless, the method (300) further comprises comparing (320) the obtained set of features to addresses of respective indoor blocks into which the indoor space is spatially divided. Each indoor block in this regard is identified as being located at an address formed from a set of features which describe characteristics of the indoor block. The method (300) also comprises determining (330), based on the comparing, which of the indoor blocks corresponds to the place in the indoor space.

Abstract: A method of processing an emergency incident reported to a Public Safety Answering Point (PSAP) by a user of a mobile communication device can include receiving an emergency call, determining the geolocation of the mobile communication device that made the emergency call; triggering an SMS-CB so SMS messages are sent to mobile communication devices located within a predetermined area around the determined geolocation of the device that made the emergency call, and receiving a plurality CB-SMS response messages that include objects related to the emergency incident. An object comparison on objects extracted from the responses can be performed to determine a similarity of the objects with respect to each other. It can also be verified whether the similar objects have been received from co-located mobile communication devices.

Abstract: A terminal selectively and passively monitors for predefined wireless network discovery advertisements/requests. Requests that match what are expected by the terminal or requests that are in a predefined format are verified. The requests lack any connection pairing passcode; rather, the passcodes are separately provided from connecting devices only after the discovery requests are verified. The terminal independently authenticates the passcodes before authorizing wireless sessions between the devices and the terminal. Wireless discovery settings are continuously changed by the terminal and are valid for only a preset time window, each setting corresponds to a Time-based One Time Password (TOTP) representing a passcode; the TOTP is dependent on and valid only for the corresponding setting and the corresponding time window. In an embodiment, the connection requests are preauthorized by a server for a time window in the future, and the terminal authenticates the requests without interaction with the server.

Abstract: The Situation Tag for Individual Safety Apparatuses, Methods and Systems (“SiTa”) transforms registration request, alert request inputs via SiTa components into alert response, alert notification outputs. A safety activation event is detected. Primary period media is recorded via a sensor array. Network communication with an app instantiated on a paired mobile device of the user is established. Location data associated with the situational safety device is determined. The location data is provided to the paired mobile device for transfer to a remote situational safety server. A timestamp is determined for the primary period media. The primary period media and the timestamp is provided to the paired mobile device for transfer to the remote situational safety server. Secondary period media is recorded via the sensor array. The secondary period media is provided to the paired mobile device for transfer to the remote situational safety server.

Abstract: A method for allocating a spectral resource of a radio cell of a mobile communication network to a mobile application includes: establishing, by the mobile application, a wireless connection to an application backend via a radio access point of the radio cell of the mobile communication network; and allocating, by a scheduler of the mobile communication network, the spectral resource of the radio cell to the established wireless connection. An optimization service requested by the scheduler determines a minimum of an overall cost function, the overall cost function summing a plurality of cost values, wherein each cost value is related to a respective mobile application connected to the radio access point. The scheduler allocates the spectral resource depending on the determined minimum of the overall cost function.

Abstract: A system includes a multi-person authentication server which receives an authentication request corresponding to a request to provide a first user access to a secure server. In response to the authentication request, a challenge-response message is provided to the first user device. A push notification is also provided to a second user device. A response to the challenge-response message is received from the first user device. If the received response indicates the first user is authenticated, the first user is allowed to access the secure server. If the received response indicates the first user is not authenticated, the first user is prevented from accessing the secure server.