Abstract: Computer systems and methods are provided for training a machine learning system to determine an authentication decision and explanation information corresponding to the authentication decision. First authentication information for a first authentication request including a first image is received. First validation information corresponding to the first image and including a first authentication decision and first explanation information is received. Data storage of a machine learning system stores the first image and the first validation information. The machine learning system updates an authentication model based on the stored first image and first validation information. Second authentication information for a second authentication request is received. The machine learning system determines second validation information, including second explanation information, based on the updated authentication model. The second explanation information is provided for display to a user device.

Abstract: In some embodiments, an exemplary access controlling network architecture may include: a computing device, configured to: receive application program instruction to display an access controller interface element and a multi-part multi-functional access control, where the access controller interface element is: communicatively coupled to a cellular network hosted access controlling schema and operationally linked to at least one access-restricted digital resource; where the multi-part multi-functional access control sequence includes: a symbol, an access code, and a particular access control digital key; transmit an access request having: the multi-part multi-functional access control sequence and an identity linked to the computing device; receive, in response to the access request, a program instruction to unlock the at least one access-restricted digital resource for accessing via the computing device after the access code has been accepted by the cellular network hosted access controlling schema and the pa

Abstract: Disclosed herein are systems and techniques for using a content delivery network to perform various functions within a digital advertising ecosystem, in ways that yield technological benefits such as improved security, efficiency, and speed (for example, reduction in publisher load times). As one specific example, a content delivery network can be used for the creation of electronic tokens for user identity protection between demand side platforms, supply side platforms, content creators (for example, advertisers), and publishers.

Abstract: A method for providing a key derivation function (KDF) negotiation in a 5G network is provided. The method which includes: selecting a specific KDF at a UE and at the network for at least one security related key derivation; and transmitting, said selected KDF to the UE and to other network functions to indicate said selected KDF for generating specific security key at a receiver side.

Abstract: A strength meter in a relay attack determination device is disposed on a portable device and measures a reception strength by a plurality of times in each of a request signal and a request signal received from an in-vehicle device. A comparator executes a comparative process of the request signal and the request signal by using average values of the reception strength measured by the strength meter. A variation calculator calculates variation in the reception strength measured by a plurality of times in the strength meter regarding the request signal. The comparator, in a case where the variation in the reception strength exceeds a threshold value indicating a communication failure in the request signal, determines the relay attack regardless of a result of the comparative process.

Abstract: Authenticating a mobile user device with a mobile network operator in advance of an MNO authentication request from the mobile user device can be done by a satellite network sending an authentication request to the MNO system, obtaining a set of authentication vectors related to the mobile user device, storing them into a proxy home location register, receiving the MNO authentication request from the mobile user device, generating an authentication request response based on the authentication vectors, sending the authentication request response to the mobile user device, receiving an authentication response including a received signed response, comparing the received signed response with the stored signed response, and if the received signed response and stored signed response match, deem that to be a successful authentication, add an MNO location update message to a request queue and forward the MNO location update message to the MNO system over the channel when available.

Abstract: Systems and methods for tracking the privacy policy of an electronic device in a network having a privacy policy server and an authentication server are provided. In one aspect a privacy policy server receives a connection request from the electronic device, queries an authentication server for the device's privacy policy acceptance state. If the device had not accepted the network's privacy policy, the privacy policy server sends a URL to the device so the device may accept or reject the policy. The authentication server locates a network session identifier representing the device's connection with the network and response to the policy server indicating the device's current privacy policy acceptance state if applicable. Advantageously, a network session identifier can track a device's privacy policy acceptance state when the device reconnects with the network. The systems and methods are applicable in wireless networks, such as 802.11.

Abstract: A UE can enable a VoWIFI service, receive hidden SSID information, and register with a core network via a RAN. The UE can monitor a first signal strength of a first signal from the RAN. The UE can scan for a second signal from a WLAN, and when found, can measure a second signal strength of the second signal. The UE can determine whether the first signal strength is at or below a first threshold. If so, and if the WLAN is untrusted, the UE can probe it with the hidden SSID information. If the untrusted WLAN responds, the UE can send an access request to an untrusted WLAN access point. The UE can receive, via the untrusted WLAN access point, an authentication challenge from an ePDG. If the UE passes the authentication challenge, the UE can register with the core network via the untrusted WLAN and the ePDG.

Abstract: A system includes a memory and a processor configured to execute computer instructions stored in the memory that when executed cause the system to perform operations. The operations include receiving transaction data associated with a transaction via a transaction component. The operations include incorporating at least a portion of the transaction data into a security process associated with challenge-response authentication of a data block for the transaction data. The data block includes cryptographic hash data for another data block in a blockchain associated with the data block. The operations include validating the data block associated with the blockchain based on the security process.

Abstract: A method and a wireless communication device for providing communication service to devices connected to the wireless communication device. By establishing a starter wireless carrier connection using a starter SIM from a plurality of local SIMs, the wireless communication device establishes one or more logical data connections with one or more SIM banks. Remote-SIMs are selected from the one or more SIM banks and used to establish further wireless carrier connections to allow communication service to be provided to the devices over wireless carrier connections.

Abstract: In 5G cell (230) of 5G system (200), upon detecting that access to the 5G system (200) is barred, the 5G system (200) is congested, 5G core network (220) of the 5G system (200) does not support IMS-type communication service, or fallback to 4G system (300) is instructed, UE (100) selects 4G cell (330) of the 4G system (300) as a target cell for connection. The UE (100) transmits a connection request signal for the IMS-type communication service to the target cell for connection.

Abstract: Data exchanges between an ultra-wide band communication module and a secure element are controlled such that the data exchanges pass through a near-field communication router. The near-field communication router controls routing of the data exchanges so that the data exchanges do not pass through a host circuit that is also coupled to the near-field communication router.

Abstract: Systems and methods that update configuration parameters on a UE using control plane functionalities. In one embodiment, an AMF element of a mobile network receives a control plane message from a UDM element that includes a UE configuration parameter update for the UE. The UE configuration parameter update is security protected via a secured packet, integrity protection, etc. The AMF element is configured to transparently send the UE configuration parameter update to the UE. Thus, AMF element inserts the UE configuration parameter update (that is security protected) in a container of a Non-Access Stratum (NAS) message, and sends the NAS message to the UE. The UE may then update its configuration parameters based on the update when security checks are complete.

Abstract: Systems and methods for global account identifier translation. Embodiments described herein include a service provider system configured to receive API calls that include an initial identifier, which may be issued by the service provider system and/or associated with a third-party entity. The service provider system may use the initial identifier from the API call to obtain a primary identifier associated with an account. The primary identifier is then used to service the API call to obtain an API call result. The API call result may be transmitted to the device from which the API call was received.

Abstract: Embodiments of the present disclosure are directed to systems and methods for improving wireless network services by carrying out various procedures to identify and filter suspect user devices. A network function may monitor a plurality of network service requests from a particular user device and determine, based on the plurality of network services requests, that the requesting user device is engaged in suspicious activity. Upon such a determination, the network function may initiate one or more enforcement actions by communicating an instruction to an equipment identity register to add the requesting user device to a suspect device list stored on a unified data repository.

Abstract: Techniques are described herein that are capable of establishing multiple infrastructure connections to multiple access points via a single wireless network interface controller (WNIC). Capability information is analyzed to determine combination(s) of identified frequency bands over which the WNIC is capable of communicating simultaneously. Availability information is analyzed to determine signal qualities associated with respective available frequency bands. A primary infrastructure connection is established to a first access point via the WNIC based at least in part on a first frequency band associated with the first access point being included among the identified frequency bands and being associated with a relatively high signal quality.

Abstract: Methods, devices, and systems for changing a layer 2 (L2) identifier (ID) during an ongoing vehicle-to-everything (V2X) session between a source wireless transmit/receive unit (WTRU) and a peer WTRU include communicating between the source and a peer WTRUs based on an existing layer 2 (L2) identifier (ID). On a condition that a trigger event occurs, the source WTRU generates a new source L2 ID, communicates the new source L2 ID to the peer WTRU, receives from the peer WTRU a message that responds to the new source L2 ID, and communicates between the source WTRU and the peer WTRU based on the new source L2 ID.

Abstract: The present disclosure provides a fingerprint collection method. When a fingerprint sensor is integrated on any function key of a terminal, a failure of a fingerprint application function that is caused when a user unintentionally operates a function key can be avoided. The method includes: obtaining, by a terminal, a fingerprint collection instruction, where the fingerprint collection instruction is used to instruct to collect a fingerprint by using a fingerprint sensor integrated on a function key; collecting, by the terminal by using the fingerprint sensor based on the fingerprint collection instruction, fingerprint information recorded by a user on the function key; obtaining, by the terminal on the function key at any moment of collecting the fingerprint information, a first key event triggered by the user, where the first key event is any operation other than a fingerprint recording event; and discarding, by the terminal, the first key event.

Abstract: Embodiments described herein disclose technology for verifying authorization of an application download. The system can receive from a device associated with a user, a request to download an application. In response to a first instance of the application being downloaded on the device, the system can assign a unique identifier to the first instance of the application. After the application is downloaded and prior to granting the person requesting the application download access to the first instance of the application, the system can request via the first instance of the application identification information and particular authentication information to verify that the person requesting the application download is authorized to do so. In response to verifying that the person requesting the application download is authorized, the unique identifier can be associated with the account, user and/or device to result in a verified download of the first instance of the application.

Abstract: A server includes a management module that includes a memory device and that is configured to be connected to multiple data storage devices. The management module is configured to perform an initialization procedure, in which the management module obtains multiple pieces of storage identifier information corresponding to the data storage devices, determines, for each of the pieces of storage identifier information, whether the piece of storage identifier information matches any piece of default identifier information contained in a list stored in the memory device, and generates piece(s) of log data for matched piece(s) of storage identifier information.

Abstract: An example operation includes one or more of receiving a request into a transport network comprising at least one transport for a proposed use of personal data associated with the at least one transport prior to the at least one transport entering an area; receiving into the transport network a deletion time of the personal data, prior to the at least one transport entering the area; providing, from the transport network an acknowledgement of the deletion time; and providing, from the transport network, the personal data when the at least one transport is in the area based on the received acknowledgement. This enables an occupant of a transport to share personal data relating to the transport with confidence that the data will be deleted by an agreed time.

Abstract: Operating a data network of a motor vehicle, the data network being used by at least one mobile terminal that is external to the vehicle. Respective identification data of at least one terminal are recorded, on the basis of the identification data for the at least one terminal, a respective selection element is displayed and each terminal, the associated selection element of which is selected, is registered and each registered terminal is entered in a blocking function of an Internet routing service.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. According to one embodiment of the present invention, provided is a method comprising the steps of: receiving a first control signal transmitted from a base station; processing the received first control signal; and transmitting, to the base station, a second control signal generated on the basis of the processing.

Abstract: Methods for cellular network authentication utilizing unlinkable anonymous credentials are disclosed. In embodiments, a method includes: contacting, by a computing device, a mobile device network with a request to connect to the mobile device network; conducting, by the computing device, an interactive credential issuance protocol with an Issuer of the mobile device network to generate an unlinkable anonymous credential; and connecting, by the computing device, to the mobile device network based on a Verifier of the mobile device network verifying the computing device based on the unlinkable anonymous credential.

Abstract: In non-limiting examples of the present disclosure, systems, methods, and devices for cross-platform multi-transport remote code activation are provided. A first device operating on a first platform receives a wake initiation that indicates code for activation on a second device operating on a second platform. The first device identifies compatible transports for transmitting a wake message indicating the code for activation to the second device. The first device selects at least one transport and transmits the wake message over the transport to the second device. The second device, upon receiving the wake message, processes the wake message and activates the code, which was not executing prior to activating.

Abstract: A fingerprint recognition method includes, when a fingerprint authentication module is in a disabled state, receiving a touch operation used to trigger an application program. If fingerprint authentication is not required for execution of the application program, the fingerprint recognition module is kept in a disabled state, and after the application program has been executed for specific duration, the fingerprint authentication module is enabled again, to perform the fingerprint authentication.

Abstract: A wireless device receives one or more configuration parameters indicating a physical uplink shared channel (PUSCH) resource for transmission of a message A (MsgA) payload of a contention-free two-step random-access procedure. The wireless device receives, from a radio resource control (RRC) layer of the wireless device, a request to reset a medium access control (MAC) layer of the wireless device. In response to the request and based on the configuration parameter indicating the PUSCH resource, the PUSCH resource for the MsgA transmission of the contention-free two-step random-access procedure is cleared.

Abstract: A system and method (referred to as a system) processes a vehicle title interfaced to an issuance authority by authenticating a user and mapping the user's credentials. The system executes registration and titling activities over a network with an issuance authority in response to the authentication of a token. The system retrieves a user membership private key from a private key vault and instantiates smart contracts that commit a transaction associated with a registration of a physical asset with the issuance authority. The system signs the smart contracts with a cryptographic private key not assigned to the user membership in response to establishing a proof of claim to the physical asset and invokes a service discovery that identifies availability of on-line certificate attesting peer nodes to attest the transaction. The system instantiates of the smart contracts on a title issuance authority blockchain network hosted by the issuance authority or provisioned to them in a managed services deployment.

Abstract: Subscriber identity modules can be bound to devices and utilized for authentication. An initial or additional subscriber identity module can be bound to a user device, for instance after successful user authentication by way of an alternate mechanism. A subscriber identity module of a device can be identified, and carrier data associated with the subscriber identity module can be requested and received. A determination can be made regarding whether the subscriber identity module is linked to the device, for instance by an original linkage. A user profile can be automatically updated with the carrier data to bind the user to the user device based on the subscriber identity module when the subscriber identity module is verified to be linked to the user device. Subsequently, the subscriber identity module can be utilized as a basis for authentication.

Abstract: A method for applying control to a vehicle. The method includes: receiving, by way of a second control unit of a second vehicle to which control is to be applied, a signal encompassing a message encrypted using a valid symmetrical key of a first control unit of a first vehicle; ascertaining, by way of the second control unit, a decryptability of the encrypted message using a valid symmetrical key of the second control unit or a symmetrical reserve key of the second control unit ascertained by way of the second control unit; ecrypting the encrypted message, depending on the ascertained decryptability, by way of the second control unit using the valid symmetrical key of the second control unit or the symmetrical reserve key of the second control unit; and applying control, based on the decrypted message, to the second vehicle to which control is to be applied.

Abstract: At given user equipment in a communication system, a unified subscription identifier data structure is constructed. The unified subscription identifier data structure includes a plurality of fields that specify information for a selected one of two or more subscription identifier types and selectable parameters associated with the selected subscription identifier type, and wherein the information in the unified subscription identifier data structure is useable by the given user equipment to access one or more networks associated with the communication system based on an authentication scenario corresponding to the selected subscription identifier type. For example, during different authentication scenarios, the given user equipment utilizes the unified subscription identifier data structure to provide the appropriate subscription identifier (e.g., SUPI, SUCI or IMSI) and associated parameters for the given authentication scenario.

Abstract: In an embodiment, a computer-implemented method for using virtual tunnel interface teaming to achieve load balance and redundancy in virtual private networks (“VPNs”) is disclosed. In an embodiment, a method comprises: receiving, by a gateway, configuration data from a control plane; based on the configuration data, configuring on the gateway a bonded virtual tunnel interface (“bonded VTI”) having a plurality of slave virtual tunnel interfaces (“slave VTIs”); configuring a plurality of VPN tunnels between the plurality of slave VTIs configured on the gateway and a plurality of slave VTIs configured on a remote gateway; configuring an IPsec VPN tunnel between the bonded VTI configured on the gateway and a corresponding bonded VTI configured on the remote gateway; logically combining the plurality of VPN tunnels into the IPsec VPN tunnel; and enabling communications of IPsec VPN traffic via the IPsec VPN tunnel.

Abstract: An access control system includes a first controller having a first antenna interface for broadcasting identifying data to local devices, for receiving ephemeral ID signals, token signals or payload data from local devices, and a first processor for determining a first authentication when an ephemeral ID signal or a token from a first local device is determined to be valid, for determining a second authentication when an ephemeral ID signal or a token from a second local device is determined to be valid, and for instructing a peripheral to perform a user-perceptible action in response to the first authentication, and a second controller coupled to the first controller having a second processor for receiving payload data for the second local device in response to the second authentication, and a second antenna interface for outputting at least a portion of the payload data to the remote server in response to the second authentication.

Abstract: A method of communicating using a wireless gateway. The method comprises receiving a first message in a first radio spectrum band by a first radio transceiver of a wireless gateway, determining by a first processor of the wireless gateway that the first message is a trusted message transmitted by a first source device, transmitting the first message by the first radio transceiver in the first radio spectrum, receiving a second message in a second radio spectrum band by a second radio transceiver of the wireless gateway, determining by the first processor that the second message is a trusted message transmitted by a second source device, and transmitting a third message by the second radio transceiver in the second radio spectrum band to the second source device, wherein the third message directs the second source device to transmit the second message to the wireless gateway in the first radio spectrum band.

Abstract: Systems and methods are described for seamlessly connecting devices based on relationships between the users of the respective devices. A media guidance application may determine that a first user has entered an environment (e.g., his/her mother's home) and may determine a frequency with which the first user enters the environment (e.g., daily). In response to determining that the first user visits frequently, the media guidance application may identify a second device in the environment (e.g., a smart TV) that a second user (e.g., the first user's mother) is authorized to grant access rights for. The media guidance application may determine a likelihood that the second user will grant the access rights for the second device to the first user, based on interaction data between the first user and the second user. In response to determining a high likelihood, the media guidance application may transmit the access rights.

Abstract: A method is provided. A notice is received from a mobile device indicating that typing within a texting application has occurred substantially simultaneously as forward motion has been detected. The notice includes a timestamp of when the typing and the detection of forward motion occurred. A position of the mobile device is triangulated for the timestamp, and a determination is made as to whether the typing and the detection of forward motion occurred within a predetermined target area using at least a portion of data calculated from the step of triangulating.

Abstract: Certain aspects provide a method for wireless communication. The method generally includes deriving a network specific identifier (NSI) in a network access identifier (NAI) format, the NSI including a network identifier (NID) stored at the UE, generating a subscription concealed identifier (SUCI) based on the NSI for authentication of the UE with a non-public network (NPN), and sending the SUCI to a network entity for the authentication of the UE with the NPN.

Abstract: The present disclosure provides systems and methods for delivering notifications to a device or accessory based on the context. A host device may be wirelessly coupled to one or more accessories that are available to receive a notification. The host device may analyze a context for transmitting a notification, such as analyzing user attention and accessory state. Analyzing user attention and accessory state may be done by analyzing sensor data, such as audio input, image sensors, proximity sensors, etc. The host device may determine a content type, such as text, e-mail, news, or download, content classification, such as urgent, sensitive, or reminder, and a notification type, such as visual, audio, or haptic. The host device may select at least one of the accessories based on the context. The host device may transmit the notification to the selected accessory.

Abstract: A method for mitigating network function (NF) update and deregister attacks includes, at an NF repository function (NRF) implemented by at least one processor, receiving, from an NF, an NFRegister request including a hash of a first authentication string, an NF instance identifier, and an NF profile. The method further includes storing the hash of the first authentication string. The method further includes registering the NF by storing the NF profile in an NF profile database. The method further includes receiving a first NFUpdate or NFDeregister request including the NF instance identifier. The method further includes using the stored hash of the first authentication string to validate or reject the first NFUpdate or NFDeregister request.

Abstract: According to an aspect, a wireless device sends, while in an RRC inactive state, a message requesting resumption of an RRC connected state. Upon sending the message, the wireless device starts a timer according to a predetermined value. While the timer is running, the wireless device attempts decryption and integrity check handling for packets subsequently received from the wireless network.

Abstract: This document describes methods, devices, systems, and means for the provisioning of enrollee Wi-Fi devices to a Wi-Fi network. Many Wi-Fi devices have limited or no user interface capabilities, which presents challenges to connecting and, especially, securely connecting many of these devices to a Wi-Fi network. Techniques are described to enhance the Device Provisioning Protocol to solicit and provide feedback from an enrollee device to indicate band support of the enrollee device and provide the status of the enrollee device after attempting to join a provisioned Wi-Fi network.

Abstract: Techniques are described to provide for authentication and subscription management that are decoupled from a Home Subscriber Server (HSS).

Abstract: An authentication method, apparatus, and device. The method includes sending, by a core network device, an authentication request message of a user to a data network device, where the authentication request message requests that the data network device perform identity authentication on the user, and receiving, by the core network device, an authentication response message sent by the data network device, where the authentication response message comprises first information, and the first information indicates user identity information of the user.

Abstract: Secure access recovery to a network device includes encrypting a user password into an encrypted target password using a secret regenerative key, and adding a one-time password seed and the encrypted target password into a secure recovery container, which is stored securely in the network device and a trusted recovery device. In response to a recovery request, a one-time password can be generated using the one-time password seed to retrieve the encrypted target password from the recovery device. A decrypted recovery password is generated based on executing decryption on an input string based on the secret regenerative key. The encrypted target password, retrieved from the secure recovery container in the network device, is decrypted into a decrypted target password based on the secret regenerative key. Secure access is recovered in response to determining the decrypted recovery password matches at least a part of the decrypted target password.

Abstract: A method and system for network management on a 5G network. The method including: building a subscriber persona associated with a subscriber on the network; predicting a traffic load on a network function based on the subscriber's persona; and allocating the subscriber to a network function based on the traffic load and the subscriber's persona. The system including: a subscriber persona builder configured to build a subscriber persona associated with a subscriber on the network; an analysis module configured to predict a traffic load on a network function based on the subscriber's persona; and an allocation module configured to allocate the subscriber to a network function based on the traffic load and the subscriber's persona.

Abstract: An electronic device and a control method thereof are provided. The electronic apparatus includes a voice input unit, a display, a memory storing at least one instruction, and a processor configured to execute the at least one instruction. The processor is configured to: based on a voice of a user being input through the voice input unit, recognize the user who has uttered the voice by comparing the voice with a plurality of pre-registered voices; and control the display to display an indicator corresponding to the recognized user.

Abstract: The present invention discloses methods and systems for communicating at a cellular router between a first wireless communication module and a first subscriber identity module (SIM). The cellular router receives a first request from a first wireless communication module and encapsulates the first request in a first modified request. The cellular router then sends the first modified request to a first SIM card in a first communication apparatus and waits for a first modified reply. While waiting for the first modified reply the cellular router sends at least one halt message to the first wireless communication module after a first time threshold. After receiving the first modified reply, the cellular router decapsulates the first modified reply to retrieve a first reply and sends the first reply to the first wireless communication module where the first modified reply is a reply to the first modified request.

Abstract: An electronic device can be commissioned with an identifier for use in a centralized tracking system. The electronic device is assigned an interim unique identifier and authentication key, for instance by a manufacturer of the electronic device. The electronic device and the centralized tracking system each separately generate a permanent unique identifier and a permanent authentication key based on the interim unique identifier and interim authentication key, without requiring the permanent unique identifier and permanent authentication key from being transmitted between the electronic device and the central tracking server. Upon generating the permanent unique identifier and permanent authentication key, tracking device functionality can be enabled within the electronic device, enabling the electronic device to function as a tracking device within the centralized tracking system.

Abstract: Systems and methods disclosed herein provide fraud mitigation via dynamic transaction card wireless communication. A mobile device may cause a dynamic transaction card to periodically scan its environment to detect wireless enabled devices proximately located near the dynamic transaction card. Based on identifying the wireless enabled devices frequently located near the dynamic transaction card, a set of approved devices may be determined. During a transaction, a dynamic transaction card may scan its environment for other wireless enabled devices proximately located near the dynamic transaction card. If wireless enabled devices detected by the dynamic transaction card are all, or a subset, of the devices that are frequently located near the card, then the transaction may be authorized. However, if the wireless enabled devices detected by the dynamic transaction card are not all, or a subset, of the devices that are frequently located near the card, then the transaction may be unauthorized.

Abstract: Embodiments of the invention provide apparatuses, systems, and methods for more accurate remote monitoring of a user's body. In some embodiments, a system for monitoring a user's body comprises a wearable device, a video sensor attached at a collar portion of the wearable device, a plurality of audio sensors spaced and attached at a body portion of a wearable device and a controller configured to determine a Jugular Venous Pressure (JVP) of the user, and determine audio characteristics of an output of the plurality of audio sensors to generate an audio heat map corresponding to at least one internal organ of the user.