Abstract: An improved cellular network architecture enables the provisioning of mobile profiles on devices lacking bootstrap profiles. A mobile device transmits an attach request that includes a pre-configured mobile country code (MCC) and mobile network code (MNC) uniquely associated with an emergency data session. The mobile device is then null-authenticated with a subscriber database, and an emergency data session is established, the emergency data session allowing traffic to a mobile profile manager. The mobile device can then download a mobile profile from the mobile profile using the emergency data session. Thus, a mobile device does not require a provisioning profile to download a full (or provisioning) mobile profile from a cellular network as in existing solutions.

Abstract: The disclosure provides a network authentication method, a network device, and a core network device, the network authentication method including: receiving, by a first network device, an access request message sent by a terminal device, where the access request message includes an identity of the terminal device; determining, by the first network device based on the identity of the terminal device, whether to allow authentication on the terminal device; if the first network device does not allow the authentication on the terminal device, sending, by the first network device, the identity of the terminal device to a core network device, so that the core network device performs network authentication based on the identity of the terminal device.

Abstract: The invention relates to a system and methods for providing conditional access to indoor location information in a system comprising a mobile device (320), a positioning webservice (310) and an authorization authority (360), the method comprising: the mobile device (320) performing the steps of: transmitting license information to the authorization authority (360) and transmitting a request for indoor location information to the positioning webservice, the request comprising a request-location-estimate corresponding to a location estimate of the mobile device (320) at the time of making the request, the authorization authority (360) performing the steps of: receiving the license information, verifying whether the license information authorizes access to indoor location information by the mobile device (320), issuing a secure proof, verifiable by the positioning webservice (310) upon successful verification, the secure proof indicating that the license information authorizes access to indoor location informati

Abstract: There is a need to accurately and dynamically generate a time-based prediction and control access to the time-based prediction. This need can be addressed, for example, by allowing controlled access to user information pertaining to a user visiting a facility. In one example, a method includes storing a companion user identifier in association with a public user identifier; receiving a request for a user status of the user; determining whether the companion user is permitted to receive the user status of the user based at least in part on the public user identifier and the companion user identifier; responsive to determining that the companion user is permitted to receive the user status of the user, requesting an aggregated time-based prediction for the user; and causing, the aggregated time-based prediction to be decrypted and provided as a response to the request for the user status of the user.

Abstract: Systems may establish a Session Initiated Protocol (SIP) session during a Home Subscriber Server (HSS) outage. The systems may include Network Functions (NF) that perform steps for establishing the SIP session and/or bypassing the HSS experiencing the outage. For instance, an Interrogating (I)-Call Session Control Function (CSCF) may modify a terminating message received from a User Equipment (UE) to generate a modified terminating message, and send one or more instances (e.g., forks) of the modified terminating message to one or more candidate Serving (S)-CSCFs. A particular S-CSCF of the candidate S-CSCFs may comprise the registered S-CSCF and may respond to an instance of the modified terminating message. In some embodiments, the I-CSCF may establish the SIP session by sending an instance of the modified terminating message to a designated S-CSCF. The designated S-CSCF may determine which candidate S-CSCF comprises the registered S-CSCF, for instance, by querying the candidate S-CSCFs.

Abstract: The invention relates to a network entity for controlling a respective operation mode of a plurality of physical base stations of a wireless communication network 100. The network entity comprises processing circuitry configured to: obtain a respective current data load of each of a plurality of physical base stations in an active operation mode; estimate a respective current data load of each of a plurality of virtual base stations based on the respective current data loads of the plurality of physical base stations; predict a respective data load of each of the plurality of virtual base stations; and adjust, based on the respective data loads of the plurality of virtual base stations, the operation mode of one or more of the plurality of physical base stations to the idle operation mode.

Abstract: A method for setting a device identifier comprises: obtaining a first APP (Application) list of a target device; performing matching between the first APP list and a second APP list to determine a number of identical APPs in both the first APP list and the second APP list; determining whether the determined number of identical APPs reaches a pre-set threshold; and when the determined number of identical APPs reaches the pre-set threshold, setting a device identifier corresponding to the second APP list as the target device's device identifier.

Abstract: A multi-factor authentication method and system is provided such that a push notification during an authentication process is only received if a mobile device and user are authenticated prior to receiving the push notification. Either the mobile device itself or a second device sending the push notification may be programmed to either reject or not forward the authentication request. Additionally, using the method of the present invention, enhanced security is provided by requiring the location of the mobile device and the second device to be approximately in the same geographical location.

Abstract: There is provided an arrangement which is capable of reliably generating and transmitting viewing information with respect to contents received via a communication route other than terrestrial broadcasting waves. Contents in which a contents ID applicable to the generation of viewing information and viewing information-compatible data such as viewing information destination information or the like are recorded in an electronic watermark (WaterMark) or a sound data file are sent from a transmitting apparatus to a receiving apparatus. The receiving apparatus acquires the contents ID and the viewing information destination information, etc. from the electronic watermark (WM) or the sound data file, generates viewing information using the acquired data, and sends the generated viewing information to a designated address.

Abstract: Methods (200, 900, 1100) and devices (300, 120, 130, 400, 510, 1000, 1200, 1340) enable tracking using existing mobile networks' infrastructure. A radio module (110, R, 1310) that is attached to a shipment sends one or more network attachment requests including a network-type identifier. Although the requests are rejected, the network records location information if the network-type identifier is actively associated with a shipment identifier.

Abstract: A mechanism of authenticating a communication device onto a radio access network via a private wireless gateway is described. This includes communicating with a communication device via a first wireless interface authentication information, a preferred roaming list (PRL), and an initial access value are obtained from the communication device. A first expected access value is determined based on rolling code data and a secret function. The PRL is authenticated when the first expected access value matches the initial access value. The communication device is proxied onto a radio access network via a second wireless interface. The proxying includes providing the authentication information and the PRL to a cell site attached to the radio access network.

Abstract: Methods and systems are provided that provide a portable, cryptographic hardware-software device allowing balancing of the needed heightened security while maintaining the modified communication device's original features and value. The system comprises a single chip comprising a self-contained security boundary and cryptographic processing, and is enabled to quickly and easily connect to and modify an existing, commercial, off the shelf mobile communication device. The systems may be enabled to modify the existing device by being contained in hardware, for example the battery of a smart phone. Then, the system may be connected to the existing device's interface, for example via a “micro-USB” or other suitable connection, and subsequently provide cryptographic functionality to the existing device.

Abstract: A method may include running virtual sessions on a virtualization server for a plurality of client devices associated with respective users, with the virtual sessions being responsive to traffic from the client devices. The method may further include generating baseline traffic patterns for the users based upon the traffic from respective client devices during the virtual sessions, monitoring traffic during a new virtual session for a given client device and detecting an anomaly therein relative to at least one of the baseline traffic patterns, and generating an anomaly alert based upon detecting the anomaly.

Abstract: A computing device may be configured to receive a set of inputs from other computing devices. The set of inputs may include inputs derived by the computing devices utilizing cryptographic keys of the computing devices. The set of inputs may be stored in a blockchain such that the inputs are tamper resistant. A symmetric key may be generated (periodically, upon expiration of a timer, according to a protocol set, upon request, etc.) from two or more of the set of inputs. The generated symmetric key may be distributed to the computing devices. The symmetric key may be utilized to encrypt and decrypt communications between two computing devices.

Abstract: The present disclosure describes techniques that facilitate detecting a Voice over Long-Term Evolution (VoLTE) call request with a recipient call number that lacks a country code. The VoLTE call request may be initiated by a subscriber device while roaming in a VPLMN. Specifically, a Normalization and Alert Policy (NAP) system is described that is configured to analyze the VoLTE call request and determine an intended country code and adjust the recipient call number to include the country code. Further, the NAP system may analyze the adjusted recipient call number to determine whether initiating a VoLTE call in response to the VoLTE call request may trigger an alert condition. An alert condition may relate to determining that the VoLTE call request may initiate a cost-prohibitive VoLTE communication or that the VoLTE call request relates a fraudulent communication.

Abstract: A technique utilizes a security heat map associated with a geographic region. The technique involves receiving, by a server, current heat scores for one or more endpoint devices located within the geographic region. The technique further involves providing, by the server, for areas within the geographic region, respective aggregate heat scores based on the current heat scores for the one or more endpoint devices. The technique further involves, based on the respective aggregate heat scores for the areas within the geographic region, generating, by the server, a security heat map defining one or more security zones within the geographic region. The technique further involves imposing, by the server, security policies on the one or more endpoint devices based on the security heat map.

Abstract: Systems and methods for obtaining authentication vectors issued, for use by a mobile communication terminal, by a Home Location Register (HLR) that serves a cellular communication network independently of any cooperation with the cellular network. Further to obtaining the authentication vectors, a terminal is caused to communicate over a WiFi WLAN using an encryption key derived from the obtained authentication vectors, e.g., per the EAP-SIM or EAP-AKA protocol. Since the encryption key is known, communication from the terminal is decrypted. The authentication vectors may be obtained by (i) an “impersonating” Visitor Location Register (VLR) server that does not serve the cellular network; (ii) an interrogation device which, by imitating a legitimate base station serving the cellular network, solicits the mobile communication terminal to associate with the interrogation device; or (iii) an SS7 probe, which obtains authentication vectors communicated from the HLR server to other entities on the SS7 network.

Abstract: A card registry system is configured to automatically identify financial card information in one or more credit files associated with a consumer and populate a card registry account of the consumer with the identified financial card information. Once the financial card information has been obtained from the credit file(s), the card registry system may transmit cancellation and/or reissuance requests to the respective card issuers in the instance that one or more cards are compromised, so that the financial cards may be easily and efficiently cancelled and/or reissued at the request of the consumer.

Abstract: Methods and apparatus for a mobility mechanism in the scenario including both enhanced packet core (“EPC”) and 5GC are disclosed. One method of a UE comprising receiving system information including a cell list from an eNB/ng-eNB, wherein, the cell list includes an identifier of a cell connected to EPC or an identifier of a cell connected to 5GC. Further, the identifier is a Physical Cell Identifier (“PCI”) of the cell, and the cell indicated in the cell list includes a serving cell for the UE and/or one or more neighbour cells of the serving cell. Further, the eNB/ng-eNB from which the system information is received can be the eNB/mg-eNB managing the serving cell for the UE or the eNB/mg-eNB managing the neighbour cells of the serving cell.

Abstract: The disclosed computer-implemented method for mitigating stalkerware by rendering it useless is performed, at least in part, by a computing device comprising at least one processor. The method includes detecting, by the at least one processor in accordance with a security configuration of the computing device, a stalkerware application running in a foreground of the computing device. The method also includes overlaying, by the at least one processor in accordance with the security configuration, the stalkerware application with a window in response to the detecting. The method further includes performing a security action by intercepting one or more user inputs to the stalkerware application via the window, thereby preventing user configuration of the stalkerware application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A memory system is communicable with a plurality of hosts. The memory system includes a nonvolatile memory and a controller electrically connected to the nonvolatile memory. The controller receives an authentication request command from a first host, and transmits a first authentication code when authentication of the first host is successful. The controller receives an access command, which includes a second authentication code, for accessing the nonvolatile memory from a second host. The controller permits an access to the nonvolatile memory in accordance with the access command when the second authentication code matches the first authentication code, and prohibits an access to the nonvolatile memory in accordance with the access command when the second authentication code is different from the first authentication code.

Abstract: A meter network includes a meter configuration having a meter, a communication module, and a remote station for the configuration in a wide area network. The meter and communication module are pairable for a wireless local area communication by using communication technology and communication protocol. The communication module and remote station are connectable for a wide area communication by using network technology and network protocol. The communication module includes a protocol converter for converting data to be communicated via the local area communication, communication module and wide area communication between the communication technology and network technology and between the communication protocol and network protocol.

Abstract: Aspects of the present disclosure provide apparatus, methods, processing systems, and computer readable mediums to enhance the functionality of directional repeaters (wireless nodes that relay directional wireless signals). For example, by adding even limited capability to buffer digital samples, repeater functionality may be enhanced to provide better coverage and make more efficient use of time, frequency, and spatial resources.

Abstract: Systems and methods for policy-controlled communication over the Internet between third party client applications and remote services. A client device enforces policies on the communication between the applications and services. The communication is redirected through a mid-link server using a digitally protected tunnel. Network addresses of the client device and remote service are masked.

Abstract: A quota management method includes: sending, by a client, a charging request to a server, where the charging request carries quota request information and information of quota usage; receiving, by the client, a granted quota and indication information from the server; processing, by the client, the granted quota and a remaining quota on the client based on the indication information, where the remaining quota is a difference between a quota granted by the server last time and the quota usage in the charging request; and using, by the client, a processed quota, and reporting information of usage of the processed quota when a reporting condition is met.

Abstract: An in-application content transfer system that generates receiver IDs to categorize a given exchange between two users where one does not execute a local instance of the application. One user executes the application on their mobile device and makes use of near-field communication protocols with a neighboring mobile device that is not executing the subject application. The content transfer is linked to the receiver's phone number and a unique ID is assigned to the content transfer. The receiving user is made aware of the content transfer via a push notification received via near field communication or via an SMS text message. The received message or notification enables the user to retrieve the content from the transfer at a later time.

Abstract: Methods, apparatus, and systems are disclosed for detection of a network signal identifying an electronic device in response to a transaction initiated by an entity. For example, the network signal can be transmitted by the electronic device in response to an initial network connection. An entity identifier identifies the entity associated with initiating a transaction based on matching identifying information contained in the network signal with transaction information from a supply chain. A configurator to configure the electronic device specific to the identified entity can be based on a feature set determined by channels through which the electronic device came to an end user. The feature set programs the electronic device to interoperate with a network device in response to the initial network connection.

Abstract: Techniques are described for automatically incorporating lifecycle information for a secured environment (SE) into an intrusion detection system monitoring the secured environment's operations. In one example, a secured environment including at least one component is monitored, where the secured environment is associated with a lifecycle operations manager (LOM) responsible for managing lifecycle operations associated with at least one component in the SE. One or more log files associated with operations of each of the at least one components are obtained, along with log files associated with lifecycle operations executed by the LOM. A determination is made as to whether the particular activities documented in the log files indicate a violation of at least one malicious action rule. In response to determining that the log files are associated with a malicious action rule, a mitigation action associated with the violation is triggered.

Abstract: A security profile for programming target devices may be provided. A base security profile may be obtained that defines security parameter(s) having a configurable value. A first security profile, generated from the base security profile, may include security parameter(s) that are assigned with a value of a first set of values by: (i) retrieving the value of the first set of values from a first data storage location coupled to a computing device and setting the configurable value of the security parameter using the retrieved value, or (ii) associating the security parameter with an instruction to obtain the value of the first set of values and set the configurable value of the security parameter using the obtained value, the instruction selected from one or more instructions. A second security profile may be generated from the base security profile in response to receiving further input from for the security parameter(s).

Abstract: A method for operating a user equipment (UE) comprises, in response to a condition being satisfied, selecting, from a full basis set, a basis subset comprising Ml bases for each layer l of a plurality of v layers; in response to the condition not being satisfied, selecting, from the full basis set, an intermediate basis set comprising N? bases that are common among the plurality of v layers, and selecting, from the selected intermediate basis set, the basis subset comprising Ml bases for each layer l of the plurality of v layers; transmitting, to a base station (BS), for each layer l of the plurality of v layers, an indicator i1,6,l indicating indices of the Ml bases included in the selected basis subset; and based on the condition not being satisfied, transmitting, to the BS, an indicator i1,5 indicating indices of the N? bases included in the selected intermediate basis set.

Abstract: In an embodiment, a computer implemented method receives flow data for one or more flows that correspond to a device-circuit pair. The method calculates a time difference for each flow that corresponds to a device-circuit pair. Based on the calculated time differences and the received flow data, the method updates a probability distribution model associated with the device-circuit pair. Then, the method determines whether a time bucket is complete or open based on the updated probability distribution model.

Abstract: This document discloses a solution for enabling biometric authentication of a station. According to an aspect, the solution comprises transmitting, from the station, a trigger to include biometric data of a user of the station in authentication; a logic at a network node to handle the trigger and cause execution of an authentication procedure that employs the biometric data when performing said authentication procedure in a wireless access network; and indicating a result of the authentication to the station.

Abstract: Embodiments herein relate e.g. to a method performed by a master node (QQ160) for handling communication of a wireless device (QQ110) in a wireless network. The master node (QQ160) transmits, to a secondary node, SN, a message before initiating a SN change procedure, which message indicates that an SN change is pending and as such the SN should not perform either a secondary cell group, SCG, reconfiguration or trigger any SN triggered procedures.

Abstract: A method, system and non-transitory computer-readable medium used for testing a plurality of circuits to determine open surfaces are disclosed. The method includes: receiving one or more of attack techniques, and known open surfaces; carrying out attacks on a circuit to determine vulnerable surfaces of the circuit; determining when new open surfaces exist in the circuit; updating an attack plan based on the new open surfaces; carrying out the attack plan; generating a report of the open and vulnerable surfaces; and updating a repository to include new attack techniques against newly discovered open surfaces of the circuit.

Abstract: A computer-implemented method for determining potentially undesirable voices, according to some embodiments, includes: receiving a plurality of audio recordings, the plurality of audio recordings comprising voices associated with undesirable activity, and determining a plurality of audio components of each of the plurality of audio recordings. The method may further comprise generating a multi-dimensional vector of audio components, from the plurality of audio components, for each of the plurality of audio recordings to generate a plurality of multi-dimensional vectors of audio components, and comparing audio components between the plurality of multi-dimensional vectors of audio components to determine a plurality of clusters of multi-dimensional vectors, each cluster of the plurality of clusters comprising two or more of the plurality of multi-dimensional vectors of audio components, wherein each cluster of the plurality of clusters corresponds to a blacklisted voice.

Abstract: A communications network is being accessed by a wireless device associated with a coverage class selected from a set of coverage classes. The wireless device performs a method comprising initiating network access to the communications network by transmitting a preamble sequence for random access on a physical random access channel during a starting opportunity defined by the coverage class of the wireless device. Each coverage class may be associated with a unique number of repetitions of the preamble sequence transmission.

Abstract: A method for updating a certificate issuer public key includes receiving, by an eUICC, first information sent by a LPA, where the first information includes a first CI public key identifier, and the first CI public key identifier is a CI public key identifier that the eUICC does not have. The method further includes sending, by the eUICC, second information to an OPS by using the LPA, where the second information includes the first CI public key identifier. The method further includes receiving, by the eUICC, a patch package sent by the OPS by using the LPA, where the patch package includes at least a first CI public key corresponding to the first CI public key identifier. The method further includes updating, by the eUICC, a CI public key of the eUICC by using the first CI public key.

Abstract: Methods and systems described in this disclosure receive a call from a device associated with a caller and request an indication of a context of the call. The system can send a request for authentication credentials in a push notification to the device. The push notification can be linked to an authentication tab or page in an application. After authentication of the caller, the system can direct the application to cause a tab or page associated with the subject matter of the call to be displayed on the qualified device.

Abstract: A facility for provisioning a device is described. The facility discerns an identifier that identifies the device, and transmits the identifier to a server computer system. The facility receives from the server computer system provisioning measures specified for the device. In response to receiving the specified provisioning measures, the facility performs the specified provisioning measures on the device.

Abstract: According to examples, an apparatus may include a processor and a computer readable medium on which is stored machine readable instructions that may cause the processor to determine a call duration threshold assigned to an entity, in which a phone number may be associated with the entity. The processor may also track durations of one or more calls placed to the phone number, determine whether the tracked durations of the one or more calls placed to the phone number meet or exceed the call duration threshold, and based on a determination that the tracked durations meet or exceed the call duration threshold, throttle placement of an additional call to the phone number.

Abstract: A control signaling processing method, a device, and a system relate to the field of communications technologies, to perform integrity protection on control signaling exchanged between a DU and UE in a CU-DU separated access network architecture. The method includes: determining, by a DU, integrity protection parameters and an integrity protection algorithm, where the integrity protection parameters and the integrity protection algorithm are used to perform integrity protection on a signaling radio bearer between the DU and UE; determining, by the DU, a message authentication code MAC-I based on the integrity protection parameters and the integrity protection algorithm; and receiving, by the DU, control signaling sent by an RRC layer of the DU, and sending, to the UE, the control signaling carrying the MAC-I.

Abstract: A setting system comprises a first electronic device and a second electronic device. The first electronic device is configured to output a password and setting information for the second electronic device. The second electronic device is configured to acquire the password and the setting information from the first electronic device, change setting of the second electronic device on the basis of the setting information, and lock the setting of the second electronic device using the password.

Abstract: A method is disclosed. The method includes establishing, by a first device, a wireless connection to a second device; transmitting a request, by the first device and to the second device, for location data indicative of a location of the second device; receiving, by the first device and from the second device, the location data indicative of the location of the second device; determining, by the first device, a distance between the first device and the second device based at least in part on the received location data; generating, by the first device, an altered value based on the received location data and the determined distance; and transmitting, by the first device and to the second device, the altered value and an account identifier associated with a user of the first device.

Abstract: An address retrieval system that retrieves the physical address of a user based on a request from another user. The address retrieval system can be connected to a network, such as a cellphone network, to allow a user to submit a request containing personally identifiable information, such as a phone number, of another user and the address retrieval system can locate/retrieve the requested address information and return the information to the requesting user or a third party. The release of the address information can be managed by a user-configurable privacy policy that provides rules, permissions and/or other management regarding the release of the user's address information.

Abstract: A method for configuring a terminal of a client user of an operator managing a first communications network. The method is implemented prior to the attachment of the terminal to a second communications network, for which transmission resources are temporarily used for routing data from the terminal to a remote server. The method includes receiving, from a control entity of the first network, a management instruction relating to the attachment of the terminal to the second network for a geographical zone. The method further includes configuring a data item relating to the control of the attachment of the terminal on the basis of the received management instruction, and transmitting, to the at least one terminal, at least one configuration parameter for attaching the terminal to the second network.

Abstract: Provided is an electric device, power device, electric device system, and management device capable of providing a theft prevention function that requires less effort as compared to the prior art. A power tool comprises a main power tool unit, and a battery pack 4 which can be attached to and removed from the main power tool unit. The main power tool unit and the battery pack each have a storage means for storing at least one authentication code and a communication means for transmitting and receiving the authentication code, and permit use when an authentication code received via the communication means matches at least one of the authentication codes stored in the storage means, and do not permit use when said authentication code does not match any of the authentication codes. The authentication code is set by a management device which is an external device.

Abstract: Apparatuses, methods, and systems are provided for securely configuring a Java Card virtual machine operating on a cellular device's application processor. In one embodiment, a connected device with an integrated cellular modem, a virtual universal integrated circuit chip and an integrated fingerprint scanner are used. In another embodiment, the cellular device's built-in camera is used, instead of an integrated fingerprint scanner, to capture the user's facial image.

Abstract: The position of a transmission device is estimated with a sufficient accuracy. A position estimation system includes a transmission device that includes a plurality of transmitters arranged symmetrically with respect to a specific reference position, a plurality of receivers that receive radio waves transmitted from the plurality of transmitters, and an estimation tool that estimates the position of the transmission device, based on reception strengths of the radio waves received at the receivers.

Abstract: Repositioning of a display on a touch screen based on touch screen usage statistics. Usage information of the touch screen is obtained, based on using the touch screen, which includes a plurality of contact points. Based on the usage information, positioning information for a display to be depicted on the touch screen is determined. The display is to be used to enter data and includes multiple contact points. Based on the positioning information, the display is repositioned on the touch screen. The repositioning includes moving one or more contact points of the multiple contact points from one or more locations on the touch screen to one or more other locations on the touch screen.

Abstract: Apparatuses that provide for secure wireless communications between wireless devices under cover of one or more jamming signals. Each such apparatus includes at least one data antenna and at least one jamming antenna. During secure-communications operations, the apparatus transmits a data signal containing desired data via the at least one data antenna while also at least partially simultaneously transmitting a jamming signal via the at least one jamming antenna. When a target antenna of a target device is in close proximity to the data antenna and is closer to the data antenna than to the jamming antenna, the target device can successfully receive the desired data contained in the data signal because the data signal is sufficiently stronger than the jamming signal within a finite secure-communications envelope due to the Inverse Square Law of signal propagation. Various related methods and machine-executable instructions are also disclosed.