Abstract: An energy detection method includes the following steps: controlling a communication device to enter a sleep mode during a first time interval; intermittently turning on and turning off a part of receiving functions of the communication device during a second time interval, in which the second time interval is after the first time interval, and when the part of receiving functions of the communication device are turned on, the communication device is controlled to receive a signal; and determining if a beacon signal is present according to energy of the signal received by the communication device. The first time interval and the second time interval form a detection period. First average power consumption of the communication device during the second time interval is smaller than second average power consumption of the communication device, in which the second average power consumption corresponds to enabling all receiving functions of the communication device.

Abstract: Computer-implemented methods and systems reliant on establishing a common session key between an electronic device and a computer server are disclosed. The method and systems may be for processing de-tokenization requests in payment transaction processing and for preparing an electronic device to perform payment transactions. During such a transaction, the server may perform a method that includes receiving a de-tokenization request including a payment token and a cryptogram generated by the electronic device using a session key generated by the electronic device based on a fingerprint of the electronic device, a secret value previously shared with the electronic device, the payment token, and a transaction counter; retrieving the fingerprint, the secret value, and the transaction counter and generating the session key based on the same; verifying the cryptogram using the session key; retrieving an associated account number; and sending response to the request including the account number.

Abstract: A transaction method includes: receiving, by a secure function module of a transaction terminal, a first transaction message sent by a transaction application module, where the first transaction message includes a first identifier and/or a secure transaction data requirement parameter; obtaining, by the secure function module, secure transaction data according to the first transaction message, or the first transaction message and a second identifier, where the second identifier is used to uniquely identify the secure function module; sending, by the secure function module, the secure transaction data to the transaction application module; and sending, by the transaction application module, a second transaction message to an acquiring terminal, where the second transaction message includes the secure transaction data, the first identifier, and a third identifier, and the third identifier is used to identify the transaction terminal.

Abstract: Systems and methods of managing enrollment of digital identities (e.g., for aeronautical communication) can involve a line-replaceable unit (LRU) in an aircraft establishing a digital identity with a ground-based server by requesting a public certificate from the ground-based server. The LRU may receive a public certificate from the ground-based server. The LRU may validate the public certificate. The LRU may generate, based on validating the public certificate, an enrollment status message indicative of at least one status code from a plurality of predefined status codes associated with a plurality of corresponding actions for the ground-based server. The LRU may transmit the enrollment status message including the at least one status code to the ground-based server, to cause the ground-based server to perform a corresponding action based on the at least one status code.

Abstract: A system and method according to the principles of the invention identifies mobile phone aliases. The system processes mobile location data and call event data to generate mobility profiles. The profiles indicate a mobile's geographic zone history over a specified time. To produce a mobility profile, the system aggregates location data into zones and associates the zones with times of day, week or month. Particular zones for different mobiles can be compared according to weighting algorithms to provide data indicating whether the mobiles belong to the same user.

Abstract: Agencies oftentimes desire to monitor personnel in the field during the course of their duties. To provide flexible monitoring capabilities to agencies, a common mobile device such as a mobile phone is converted for use as a radio-based listening system to collect and transmit audio data. Phone features and accessories are leveraged to collect additional data for transmission. Collected data is streamed or otherwise transmitted to monitoring devices at the agency or in the field for operational oversight and recordation.

Abstract: Example implementations relate to application access based on a network. For example, a computing device may include a processor. The processor may detect that the computing device is connected to a particular network and may identify an identifier associated with the particular network. The processor may access settings indicating a subset of applications associated with the identifier of the particular network, where the subset of applications is part of a set of applications available on the computing device. The processor may restrict access to the subset of applications based on the settings.

Abstract: A method for updating a predictive model of a variable representing the operation of a mobile terminal connected to a communication network by packets is described. A first predictive model is configured to estimate a value of the variable as a function of the value of predictors, linked to the variable by a common operating context. The method can be implemented by the mobile terminal and can include generating a feed message, comprising at least the measured value and the values of the predictors, if the difference between the measured value and the estimated value is greater than or equal to a determined threshold, called the feed threshold, the method can further include transmitting the at least one feed message generated, to an update server connected to the network, receiving an update message, comprising a second predictive model updated on the basis of at least the feed message, coming from the update server, and replacing the first predictive model with the second predictive model.

Abstract: Devices, servers, systems and methods for content protection are provided. Disclosed embodiments improve temporal granularity of controlling access to the protected content and increase resilience against attacks attempting to prevent re-evaluation of conditions of access. Enforcement of re-evaluation may be based on the receipt and/or verification of tokens. In some embodiments, re-evaluation is enforced by periodically rendering content keys required for content decryption unuseable and/or clearing content keys already in use.

Abstract: Disclosed aspects relate to access point selection. A set of beacon frame transmission data for a set of access points is collected by a computing device. The set of beacon frame transmission data includes first and second subsets including frame rates for access points and network capability data including security data for access points. The computing device compares factors derived utilizing the frame rates. The computing device weights the beacon frame transmission data with respect to the network capability data for the access points, wherein the weighting indicates security data has a heavier weight than network signal strength. The computing device computes, using the first and second factors and the weighting, a set of expected network quality scores. The computing device determines, using the set of expected network quality scores, to establish the connection utilizing the first access point. The computing device establishes the connection utilizing the first access point.

Abstract: A computing system includes a processor and memory storing instructions executable by the at least one processor. The instructions, when executed, provide a user interface component that receives an indication of an external user with which to share an item of electronic content, a link generation component that generates a link to share the item of electronic content and identifies a communication endpoint associated with the external user, and an access control component that receives a request to access the item of electronic content using the link and, in response to the request, generates an access code that is communicated to the communication endpoint associated with the external user. The user interface component receives an access input, and the access control component grants access to the item of electronic content based on a determination that the access input includes the access code communicated to the communication endpoint associated with the external user.

Abstract: A system is provided for detecting behaviour of a mobile telecommunications device in a telecommunications network. Malware in mobile devices can cause malicious behaviour in the device, for example sequential attaching and detaching of an infected device relative to a telecommunications network. A telecommunications network is provided which is configured to identify at least one mobile telecommunications device and to receive signals from the mobile telecommunications device and process the signals into data streams. The data streams include data of a first type arranged to cause an event of a first type within the telecommunications network. The network is arranged to monitor an occurrence in the data streams of the data of the first type and to register when the occurrence exceeds a level indicating acceptable behaviour of the mobile telecommunications device in the telecommunications network. A device for detection of mobile device behaviour is also described.

Abstract: Disclosed herein are techniques for enabling a user to activate a new device with a Mobile Network Operator (MNO) without requiring the user to provide MNO authentication credentials that are easily forgotten. The user activates the new device using credentials from an existing device (associated with the user) that is trusted by the MNO and also using a trust score provided by a third-party server that has knowledge of associations between the user and the existing device. The new device can be a supplemental device, such as a wearable device to a cellular phone, where both devices remain capable of accessing services provided by the MNO after the new device is activated with the MNO. The new device can also be a replacement device, such as a new phone, tablet, or wearable device, where the new device supplants access to services provided by the MNO for an existing device.

Abstract: This disclosure provides a method and system for protecting phone numbers from being exposed to third parties. The method comprises receiving a request, from a caller smart phone, for establishing telephone communication with a callee smart phone, wherein the request contains a code to designate the smart phone of the callee. The method further comprises checking whether the code is formally provided to the callee. The method further comprises: in response to determining that the code is formally provided to the caller, retrieving the phone number of the caller and the phone number of the callee based on the request and establishing a phone call connection via a cellular network with the phone number of the caller and the phone number of the callee.

Abstract: Examples of the present disclosure describe systems and methods relating to the offline protection of secrets. A secret may be encrypted using a public key provided by the client. The client may have obtained the public key from a cryptographic hardware device, wherein the private key of the cryptographic key pair may be bound to the cryptographic hardware device. The encrypted secret may be transmitted by a service to the client using a secured or an unsecured transmission method. In some examples, the service may transmit a subsequent encrypted secret, which may invalidate a previously encrypted secret. In order to authenticate with the service, the client may select an encrypted secret for decryption. The client may access the private key stored by the cryptographic device and decrypt the encrypted secret with the private key. The client may then use the decrypted secret to authenticate with the service.

Abstract: In a method for security handling in a mobility of a terminal device, a target access and mobility management function (AMF) entity receives a first message for registering a terminal device, sends a second message to a source AMF entity after receiving the first message. The source AMF entity derives a first key based on a key between the source AMF entity and the terminal device, sends the first key to the target AMF entity. The target AMF entity determines to use the first key based on security related information after receiving the first key and determines a communication key between the target AMF entity and the terminal device based on the first key after determining to use the first key.

Abstract: Disclosed are various embodiments for improvements in customer relationship management and point of sale payment processing at remote event spaces. The system, apparatuses, and methods disclosed herein facilitate the transaction processing of credit cards and other payment vehicles in often remote locations where network connections may be intermittent and suffer from frequent disconnects or interruptions of service. The embodiments disclosed operate to detect network events, dynamically adjust to the event space, and processes the transactions on demand. The apparatuses are equipped to facilitate the event environment and are adapted to execute instructions to facilitate the financial transactions.

Abstract: Techniques are provided to manage the casting of content from user devices to media playback devices. The proposed approach employs intermediate network components that intercept and manipulate session and configuration protocol traffic according to network rules. Enforcement of such rules ensures user devices only discover and cast content to allowed media playback devices. The proposed techniques support casting to local and remote public and private media playback devices and also regulate media playback device reconfiguration.

Abstract: An online system, an application on a computing device, or an operating system of a computing device stores a primary password and a duress password for a user account. The primary password grants access to the user account in a regular access mode, which allows the user to access any account data that is ordinarily accessible to the user. The duress password grants access to the user account in a limited access mode that makes at least some of the account data inaccessible to the user. The limited access mode can make some of the account data inaccessible while still providing the appearance of full access. For example, some of the account data remains accessible in the limited access mode while more sensitive account data is made inaccessible. The limited access mode can also display a mock error message to provide the appearance of a technical error.

Abstract: The present disclosure relates to a communication technique for converging a 5G communication system for supporting a higher data rate beyond a 4G system with an IoT technology, and a system therefor. The present disclosure can be applied to an intelligent service (e.g., smart home, smart building, smart city, smart car or connected car, health care, digital education, retail, security and safety related service, and the like) on the basis of a 5G communication technology and an IoT related technology. An embodiment of the present disclosure proposes a method for transmitting and receiving a profile by a terminal in a communication system, the method comprising the steps of: downloading the profile from a server that manages a profile for providing a communication service, and installing the same in an internal universal integrated circuit card (UICC); and deleting the profile from the UICC when a request event related to deletion of the profile is detected.

Abstract: This disclosure provides a method and system for protecting phone numbers from being exposed to third parties. The method comprises receiving a request, from a caller smart phone, for establishing telephone communication with a callee smart phone, wherein the request contains a code to designate the smart phone of the callee. The method further comprises checking whether the code is formally provided to the callee. The method further comprises: in response to determining that the code is formally provided to the caller, retrieving the phone number of the caller and the phone number of the callee based on the request and establishing a phone call connection via a cellular network with the phone number of the caller and the phone number of the callee.

Abstract: Systems and methods for adapting traditional landline telephones to make and receive Voice over Internet Protocol (VoIP) calls and other communications are described. In some embodiments, an adapter, adaptor, or other device or apparatus connects an IP router, such as a WiFi router or other access point, to a traditional landline telephone (e.g., a phone using dual-tone multi-frequency, or DTMF, signaling), enabling the traditional landline phone to make and/or receive VoIP calls.

Abstract: Disclosed is a system for tracking an information leakage of an endpoint. The system includes a management server which transmits the detection pattern information to an endpoint terminal connected through a network and an endpoint terminal which monitors generation and change of a file by using the detection pattern information, performs a first detection activity through matching information stored in a heap memory of a currently-executed process with the detection pattern information, and a second detection activity according to monitoring of a particular application program interface (API) according to process execution, executes an information leakage response process corresponding to first detection activity information and second detection activity information, and transmits the first detection activity information and the second detection activity information to the management server.

Abstract: Systems, methods, and computer-readable storage media are provided for publishing, discovering, connecting with and activating services in a peer-to-peer environment. Services available in association with a first computing device are determined and encoded with instructions for accessing and understanding such services via their respective activation protocols. The encoded services are published via a publication protocol such that they are discoverable by at least a second computing device, irrespective of whether such services may be activated via the publication protocol. The second computing device discovers the available services via the publication protocol and accesses and understands the instructions associated with a desired service. Upon receipt of a request from the second computing device, via the activation protocol, to activate the requested service, the requested service is activated by the first computing device.

Abstract: A method for securing a transaction in a reputation system includes the following steps: authenticating a user vis-à-vis an end device by means of an electronic proof of identity for releasing authentication data for the digital identity that are stored on the end device, and authenticating the digital pseudonym assigned to the user vis-à-vis the reputation system by means of the end device while employing the stored authentication data pertaining to the digital pseudonym. The electronic proof of identity can be present as an electronic identity card in the form of a portable data carrier.

Abstract: A vehicle operating apparatus is provided. The vehicle operating apparatus includes a memory configured to store data generated in association with an operation of a vehicle, and a processor configured to perform communication connection to a first external device, determine a first authorization level of the first external device, determine a second authorization level corresponding to a task according to characteristics of the task for performing the operation of the vehicle, and assign the task to a second external device corresponding to the second authorization level.

Abstract: The inventors recently developed a system that authenticates and/or identifies a user of an electronic device based on passive factors, which do not require conscious user actions. During operation of the system, in response to a trigger event, the system collects sensor data from one or more sensors in the electronic device, wherein the sensor data includes movement-related sensor data caused by movement of the portable electronic device while the portable electronic device is in control of the user. Next, the system extracts a feature vector from the sensor data, and analyzes the feature vector to authenticate and/or identify the user. During this process, the feature vector is analyzed using a model trained with sensor data previously obtained from the portable electronic device while the user was in control of the portable electronic device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for proximity-based logical access. In some implementations, a method includes receiving, by a mobile electronic device, a request from a server system to approve a session for a logical resource accessed by a second electronic device. In response to receiving the request, the mobile electronic device, initiates communication over a wireless communication link using a radio of the mobile electronic device. The mobile electronic device receives data from the second electronic device over the wireless communication link, the received data from the second electronic device indicating a session identifier. After receiving the data from the second electronic device, the mobile electronic device provides a response to the server system that indicates approval of the session and indicates the session identifier.

Abstract: A network-connected device, and methods for executing operating programs stored in a RAM-based file storage system, where the network-connected device includes a bootloader configured to be executed during a boot of the network-connected device. When executed, the bootloader causes the network-connected device to connect to an external computing device via a network, and to download an operating program. The network-connected device then stores the operating program in a RAM-based file storage system that is located in a simulated disk drive that resides in the RAM memory, and executes the operating program from within the RAM-based file storage system. In some embodiments, the network-connected device also is configured to store configuration files in the RAM-based file storage system, make changes to the configuration files stored in the RAM-based file storage system, and synchronize those changes with a remote persistent file store hosted by an external computing device.

Abstract: A method for performing a security procedure by a terminal in a wireless communication system, and an apparatus thereof. The method includes transmitting a first access request message for accessing a first network of a core network to a first radio access network (RAN) node, performing an authentication procedure for mutual authentication with a node performing an authentication server function (AUSF) of the core network, generating a common key commonly used in one or more networks included in the core network based on an authentication vector obtained through the mutual authentication procedure, generating a first base key of the first network based on the common key and a network code corresponding to a type of the first network, and receiving an access accept message indicating an access accept of the first network from the first RAN node.

Abstract: This application relates to the field of wireless communications technologies, and in particular, to a system message transmission technology, so as to resolve a system message update problem of a terminal device with DRX cycle. This application provides a terminal device, including: a receiving module, configured to receive a first system message; and a processing module, configured to: obtain first indication information from the first system message, and update system messages other than the first system message according to the obtained first indication information, where the first system message is periodically sent, and occupies a fixed physical resource location. The first indication information is sent in the first system message instead of a paging message. The terminal device may update the system messages other than the first system message according to the indication information, thereby updating all system messages.

Abstract: According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classification computer may determine, for each monitoring node, a classification result indicating whether each monitoring node is in a normal or abnormal state. A disambiguation engine may receive the classification results from the node classification computer and associate a Hidden Markov Model (“HMM”) with each monitoring node. For each node in an abnormal state, the disambiguation engine may execute the HMM associated with that monitoring node to determine a disambiguation result indicating if the abnormal state is a result of an attack or a fault and output a current status of each monitoring node based on the associated classification result and the disambiguation result.

Abstract: There is provided a method of controlling behaviour of a system that evaluates wireless device performance, and/or wireless network performance, and/or wireless network usage trends.

Abstract: A communication system is described in which user plane communication and control plane communication for a particular mobile communication device can be split between a base station that operates a small cell and a macro base station. Appropriate security for the user plane and control plane communications is safeguarded by ensuring that each base station is able to obtain or derive the correct security parameters for protecting the user plane or control plane communication for which it is responsible.

Abstract: Systems and methods for selectively disabling encryption for user equipment are disclosed. A technique comprises interrogating a location code of a device authenticated to a network through an encrypted connection and determining whether the location code corresponds to an unencrypted region. If the location code does not correspond to an unencrypted region, the technique comprises registering the device to the network for communication using the encrypted connection. If the location code corresponds to an unencrypted region, the technique comprises sending an intercept challenge to the device to re-authenticate the device to the network, the intercept challenge including parameters to establish an unencrypted connection, receiving re-registration information including unencrypted location information from the device using the unencrypted connection, and registering the device to the network using the unencrypted connection.

Abstract: A method begins with identifying a geographic area associated with an adverse condition and identifying a plurality of user devices of a social network potentially associated with the identified geographic area. The method continues with issuing a safety notification to the plurality of user devices. The method continues with receiving a first safety status response from a first user device and a second safety status response from a second user device, where the responses include location information of a first and second safe location. The method continues with issuing evacuation information to at least some of the plurality of user devices based on the location information of the first and second safe locations.

Abstract: Techniques for providing service-based security per data network name in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for service-based security per data network name in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting network name information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the network name information.

Abstract: Systems and methods for device and payment management include detecting, through a first network, that a user device that is associated with a user is located at a trusted location. A first anticipated activity that is associated with the user is determined. The first anticipated activity identifies a first activity location that is different from the trusted location. A first device management configuration that is associated with the first anticipated activity. A first user device action to be performed on the on the user device at the trusted location is determined using the device management configuration. A first notification that causes the first user device action to be performed on the user device while the user device remains at the trusted location is sent to the user device through the first network.

Abstract: The detection and prevention of unauthorized tracking devices is described herein. For example, a mobile device may be configured to detect nearby wireless devices. The communication signal between a detected wireless device and the mobile device may be tracked over time, and used to programmatically determine the likelihood that the detected wireless device is an unknown tracking device. The user of the mobile device may be given a notification and related data when a suspicious device is identified, and the user may choose to identify the unknown tracking device as an authorized tracking device or an unauthorized tracking device. When a detected wireless device is identified as an unauthorized tracking device, various remedial actions may be performed by a user and/or a central tracking system. In one example, the central tracking system remotely deactivates the unauthorized tracking device.

Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists secured SCEP enrollment of client devices includes receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.

Abstract: A computer system is configured to provide a database system. The computer system comprises one or more processors, a primary database system implemented by the one or more processors, and a secondary database system implemented by the one or more processors. The secondary database system is configured as a hot-standby system for the primary database system. The secondary database system is capable of providing at least a minimum amount of essential functionality of the primary database system during a disruption to the primary database system. The secondary database system is configured by programming instructions, executable on the computer system, to cause the one or more processors to accept an authentication request from the client application to allow user access to the secondary database to execute the query and delegate an authentication check to the primary database system using connection credentials received from the client application.

Abstract: Detecting an attempted theft of information stored in an RFID-enabled card, including: receiving, by a theft detection module, a transaction request, the transaction request including RFID-enabled card information; determining, by the theft detection module, that the RFID-enabled card information is mock card information, wherein mock card information is provided to an RFID reader by an RFID tag exterior to an RFID shield of an RFID-enabled card security enclosure responsive to an RFID request directed at the security enclosure; and responsive to determining that the RFID-enabled card information is mock card information, initiating, by the theft detection module, one or more security actions.

Abstract: Systems, methods, and other embodiments associated with bidirectional authorization are described herein. According to one embodiment, a method includes a user receiving a communication from an entity. In response to receiving the communication from the entity, the method further includes generating a token. The token may be personal identification number (PIN), alphanumeric value, code word, pass phrase, or security question. The token is received by a device of the user. Additionally, the token is transmitted to the entity. The user may then receive evidence of the token from the entity.

Abstract: An apparatus for wireless communications. The apparatus includes a network interface configured for wireless communication with one or more personal basic service set (PBSS) control points (PCPs)/access points (APs) within a basic service set (BSS) PCP/AP cluster (BPAC) BSS. A processor coupled to the network interface is configured to coordinate beam coverage functions of the one or more member PCP/APs within the BPAC BSS. The processor is also configured to schedule communications within the BPAC BSS. The processor is also configured to provide a function of a virtual PCP/AP, and/or instruct another PCP/AP within the BPAC BSS to provide a function of the virtual PCP/AP, the virtual PCP/AP providing a representation of all PCP/AP s in the BPAC BSS as the single virtual PCP/AP.

Abstract: In one embodiment, a device in a network identifies an set of services of a domain accessed by a plurality of users in the network. The device generates a service usage model for the domain based on the set of services accessed by the plurality of users. The service usage model models usage of the services of the domain by the plurality of users. The device trains a machine learning-based classifier to analyze traffic in the network using a set of training feature vectors. A particular training feature vector includes data indicative of service usage by one of the users for the domain and the modeled usage of the services of the domain by the plurality of users. The device causes classification of traffic in the network associated with a particular user by the trained machine learning-based classifier.

Abstract: A computerized component, designed to be used in a vehicle, is able to detect an ambient environmental variable; determine a memory profile corresponding to the ambient environmental variable; access memory parameters from the memory profile; and configure memory of the computerized component based on the accessed memory parameters. Another computerized component may be used to detect that the computerized component is initiating a shutdown procedure; obtain an ambient environmental variable, the ambient environmental variable indicating a state of an operating environment of the computerized component; identify memory parameters of random access memory integrated with the computerized component; and write the memory parameters to a memory profile stored in non-volatile storage in the computerized component, the memory profile keyed to the ambient environmental variable.

Abstract: A method for operating a network node in a millimeter network, mmW network is provided. Operations according to the method include receiving a data packet comprising header information, the header information indicating a source ID, a destination ID, 5 a flow ID and a UE ID; and transmitting, to the preceding network node, an ARQ response message indicating the flow ID and the UE ID and ACK/NACK pertaining to the received data packet. Related devices and methods are also provided.

Abstract: Method for generating security notifications regarding user of application executing on user's mobile device starts with a server receiving location data from user's mobile device and historic information related to the location data from historic database. Historic information may include historical safety rating, crime related data, sex offender data. Server generates current safety rating of location data based on historic information. Server generates and transmits notification to at least one mobile device of at least one contact associated with user when current safety rating indicates that location data is associated with a potential threat. Notification includes an alert message to be displayed on the at least one mobile device of the at least one contact. Other embodiments are disclosed.

Abstract: A method and server computer for recognizing patterns in wireless device locations using wireless device location data derived from a communications signaling network is provided. By using wireless network supported signaling operations and messages, data including information regarding the subscriber, the subscriber's device, and/or the subscriber's service may be statistically analyzed to reveal potential patterns that may indicate meaningful behaviors of the purported users of those devices.

Abstract: There is provided a method of controlling behaviour of a system that evaluates wireless device performance, and/or wireless network performance, and/or wireless network usage trends.