Abstract: Systems and methods disclosed herein provide fraud mitigation via dynamic transaction card wireless communication. A mobile device may cause a dynamic transaction card to periodically scan its environment to detect wireless enabled devices proximately located near the dynamic transaction card. Based on identifying the wireless enabled devices frequently located near the dynamic transaction card, a set of approved devices may be determined. During a transaction, a dynamic transaction card may scan its environment for other wireless enabled devices proximately located near the dynamic transaction card. If wireless enabled devices detected by the dynamic transaction card are all, or a subset, of the devices that are frequently located near the card, then the transaction may be authorized. However, if the wireless enabled devices detected by the dynamic transaction card are not all, or a subset, of the devices that are frequently located near the card, then the transaction may be unauthorized.

Abstract: Embodiments of the invention provide apparatuses, systems, and methods for more accurate remote monitoring of a user's body. In some embodiments, a system for monitoring a user's body comprises a wearable device, a video sensor attached at a collar portion of the wearable device, a plurality of audio sensors spaced and attached at a body portion of a wearable device and a controller configured to determine a Jugular Venous Pressure (JVP) of the user, and determine audio characteristics of an output of the plurality of audio sensors to generate an audio heat map corresponding to at least one internal organ of the user.

Abstract: An auto-login system and process enable maintaining user accounts on a server without a user having to register or create a user name, password, or other authentication method. An account may be created without user knowledge. The server may transmit a content item to a target user, along with a link. A server identifies the target user from use of the auto-login link and collects interaction or “engagement” data while the user is logged in, to assess user interest in products, for example, a mutual fund investment product, which may be characterized by tags and/or categories. The system may quantify a product salience metric for a given product relative to a target user's interest profile to focus marketing efforts and support engagement with interested target users, especially securities funds and financial advisors.

Abstract: One example method includes a device management system detecting an attempt to access a user account by an unenrolled device. The device management system identifies a first enrolled device of the user account by accessing a signature chain of the user account. The device management system facilitates a transmission of a cryptographically-signed enrollment request from the unenrolled device to the first enrolled device. The first enrolled device is configured to cryptographically validate the enrollment request. The first enrolled device is further configured to generate an encrypted attestation message that indicates that the unenrolled device has been authenticated. The unenrolled device can receive and decrypt the encrypted attestation message based on a passcode being displayed on the first enrolled device. The device management system receives a decrypted attestation message from the unenrolled device and updates the signature chain to include a new sequential record for the unenrolled device.

Abstract: Embodiments described herein provide a system and method for secure delivery of assets to a trusted device. Multiple levels of verification are implemented to enable components of a software update and asset delivery system to verify other components within the system. Furthermore, updates are provided only to client devices that are authorized to receive such updates. In one embodiment, the specific assets provided to a client device during a software update can be tailored to the client device, such that individual client devices can receive updated versions of software asset at a faster or slower rate than mass market devices. For example, developer or beta tester devices can receive pre-release assets, while enterprise devices can receive updates at a slower rate relative to mass market devices.

Abstract: A telecommunications system including a base station has a transceiver associated with a cellular network and a wireless access point. The system receives a request from a client device that includes a service set identifier (SSID). The system determines whether the SSID is registered for virtual wireless services and provisions a virtual router accessible through the wireless access point and identifiable using the SSID. The system may then authenticate and associate the client device with the virtual router.

Abstract: A method performed by a STA may comprise receiving a frame, from a first AP including an indication of a configuration change counter (CCC) associated with a second AP. The CCC may be an unsigned integer that increments when an update to one or more AP parameters of the second AP has occurred. The method may further comprise establishing a first wireless link with the first AP and establishing a master key via at least the first wireless link.

Abstract: A method for operating a user equipment (UE) includes deriving security keys for a signaling radio bearer (SRB) in accordance with a first message received from an access node, initiating security for the SRB in accordance with the first message, receiving, from the access node, a second message including at least one security parameter for at least one data radio bearer (DRB), wherein the at least one security parameter is associated with a session that includes the at least one DRB, and wherein the second message is secured with the security keys for the SRB, and initiating security for the at least one DRB in accordance with the at least one security parameter.

Abstract: A communication device and system are disclosed for providing communication and data services to residents of a controlled facility. The device can be restricted to communicating only using an internet protocol so as to restrict the device communication to an internal intranet. Wireless access points may be disposed throughout the environment to route calls and data between the device and a central processing center. By converting a protocol of the communications received from the device to a protocol used by the central processing center, minimal modifications to the central processing center are needed to support a wireless communication infrastructure. Many restrictions and safeguards may be implemented within the phone and system in order to prevent improper use.

Abstract: A wireless communication network delivers policy enforcement to a wireless user device in another wireless communication network. The wireless communication network wirelessly serves the wireless user device based on a policy. The wireless communication network determines when the wireless user device is visiting the other wireless communication network, and in response, selects the policy for the wireless user device. The wireless communication network transfers the selected policy for the wireless user device to the other wireless communication network. The other wireless communication network receives and enforces the selected policy for the wireless user device.

Abstract: A method of a mobile device configured to photograph an object includes controlling a display panel to display an image, a touch panel to receive a user input, and a network interface to wirelessly communicate with an external network, unlocking the mobile device when the mobile device is in an area condition, a wireless communication condition, and a time condition, and unlocking the mobile device according to a password when the mobile device is not in the time condition.

Abstract: A method of determining a response of a radio frequency wireless communication system to an adversarial attack is provided. Adversarial signals from an adversarial node are transmitted to confuse a target neural network of the communication system. An accuracy of classification of the incoming signals by the target neural network is determined.

Abstract: Methods, devices, and systems allow for bootstrapping of a machine-to-machine device. In an embodiment, a bootstrap erase architecture allows the machine-to-machine server to manage bootstrap erase policies, detect access network specific events, initiate a bootstrap erase based on these policies and events, and allow for machine-to-machine server handover. In another embodiment, a device or gateway service capability layer may request its network service capability layer fetch data that the device or gateway, previously stored on a different network service capability layer. In another embodiment, when bootstrap erase is performed because the network service capability layer can no longer provide service to the device or gateway, the network service capability layer may recommend other NSCLs to the device or gateway. In another embodiment, a bootstrap erase procedure may be modified so that temporary identifiers may be assigned for a next bootstrapping event.

Abstract: Embodiments of this application provide a data downloading and management method and a terminal. The downloading method includes: obtaining, by the terminal, first information pre-provisioned in the terminal, where the first information includes at least one networking profile; obtaining information about to-be-downloaded data, where the information about the to-be-downloaded data includes an identifier of the to-be-downloaded data; determining a first networking profile based on the identifier of the to-be-downloaded data, where the first networking profile is included in the at least one networking profile, and the first networking profile is used by the terminal for networking; sending a first message to a server, where the first message includes the identifier of the information of the to-be-downloaded data; receiving a second message sent by the server, where the second message includes data corresponding to the identifier of the to-be-downloaded data.

Abstract: In a subscription profile downloading method when an application in a device triggers subscription profile downloading, an operator server sends, to a subscription management server, authentication information of an application allowed to initiate subscription profile downloading; and when receiving an authentication request sent by the device, the subscription management server uses the authentication information to attempt to authenticate the application initiating subscription profile downloading in the device, and provides subscription profile downloading for the device after the authentication succeeds. The subscription management server may add the authentication information to a subscription profile downloaded last time and send the subscription profile to the device, and when the device downloads a different subscription profile next time, the device may use the authentication information in the subscription profile downloaded last time to attempt to authenticate the application.

Abstract: The present invention discloses methods and systems for communicating at a cellular router between a first wireless communication module and a first subscriber identity module (SIM). The cellular router receives a first request from a first wireless communication module and encapsulates the first request in a first modified request. The cellular router then sends the first modified request to a first SIM card in a first communication apparatus and waits for a first modified reply. While waiting for the first modified reply the cellular router sends at least one halt message to the first wireless communication module after a first time threshold. After receiving the first modified reply, the cellular router decapsulates the first modified reply to retrieve a first reply and sends the first reply to the first wireless communication module where the first modified reply is a reply to the first modified request.

Abstract: Various aspects of the present disclosure include methods, network servers or components and user equipment devices configured to authorize network slices that are associated with services provided by external providers. Various aspects enable access and use of network slices by user equipment devices connected to a network (e.g., 5G or New Radio network) via network components associated with a service provider by generating an allowed network slice selection assistance information (Allowed NSSAI) and an Unauthorized NSSAI, and sending the Allowed NSSAI and Unauthorized NSSAI to a user equipment device.

Abstract: A communication system includes a central cloud server that gradually decreases a gain of a currently active path, which corresponds to a primary communication path between a radio access network (RAN) node and one or more user equipment (UEs) via a first set of edge devices of a plurality of edge devices, until the currently active path becomes dormant. The central cloud server then gradually increases a gain of a dormant path, which corresponds to a secondary communication path between the RAN node and the one or more UEs via a second set of edge devices of the plurality of edge devices, until the dormant path becomes a new active path. Further, the central cloud server periodically checks whether the new active path has a signal strength greater than a threshold in order to maintain a continuity in service to the one or more UEs for an uplink and downlink communication.

Abstract: A method for implementing a generic routing encapsulation (GRE) tunnel, an access point (AP), and a network system. The method includes establishing a Control And Provisioning of Wireless Access Points (CAPWAP) tunnel with an access controller (AC), receiving addresses of at least two gateways, establishing at least two GRE tunnels coupled to the gateways respectively according to the addresses of the at least two gateways, and selecting one of the at least two GRE tunnels to transmit data.

Abstract: A method and an apparatus for Wi-Fi connection based on Wi-Fi Protected Setup (WPS) in a portable terminal are provided. The method includes entering a group owner mode of Wi-Fi Direct when enabling of WPS is requested, after entering the group owner mode, entering a WPS session mode where the portable terminal is operable in a WPS registrar mode, determining whether an Access Point (AP) whose WPS session of the WPS registrar mode is enabled or a device whose group owner mode is enabled, exists nearby, and when an AP whose WPS registrar mode is enabled is discovered, disabling the WPS registrar mode and the group owner mode, enabling a WPS session where the portable terminal is to operate in a WPS enrollee mode, and accessing the discovered AP.

Abstract: A communication apparatus acquires information about a communication-parameter setting process from a different communication apparatus and determines whether the acquired information includes identification information for identifying the different communication apparatus. If it is determined that the identification information is included, an authentication request is transmitted by unicast based on the identification information. If it is determined that the identification information is not included, the authentication request is transmitted by broadcast.

Abstract: Embodiments of the present disclosure provide a service-verification method and apparatus, wherein the method comprises: respectively receiving service parameters sent by a same user account on different terminals, respectively calculating corresponding service data according to the service parameters sent by each terminal; storing a plurality of corresponding relationships, each corresponding relationship comprising: service parameters sent by one terminal and corresponding calculated service data; when a service-processing request sent by any one of the different terminals is received and the service-processing request carries a target service parameter and target service data used in a current service, obtaining service data corresponding to the target service parameter according to the corresponding relationships; and acquiring a verification result according to a comparison between the obtained service data and the target service data.

Abstract: A computer-implemented method is described. The method includes generating, for display on a computing device, an identification rendering viewable on a display of the device, the identification rendering including an authority indicator and a digital image of a person. The method further includes the device triggering an interactive effect associated with the identification rendering. The triggering occurs in response to the device receiving a trigger input and the trigger can be from any input or communications sensor of the computing device. The triggered interactive effect includes an authority indicator and a freshness indicator that enables an individual viewing the display to validate the identity of the person associated with the digital image. Validation can be based on at least one of a characteristic of the interactive effect and attributes of the person or the authority indicator.

Abstract: This Application describes mechanisms for enterprise remote management of cellular services provided via access credentials, e.g., subscriber identity modules (SIMs) and/or electronic SIMS (eSIMs), for wireless devices. To minimize requirements for user interaction, installation and management of business-supplied cellular service profiles on the wireless device can intercept alert notifications to reduce interruptions and allow for background management of the business-supplied cellular service profiles. Additionally, a business enterprise can use multiple, distinct services to initiate installation of an eSIM to a wireless device. When two different services attempt to install eSIMs on the wireless device in parallel, management software on the wireless device can control an order of installation and disallow duplicate installations of an identical eSIM to the wireless device.

Abstract: In some aspects, a system is provided that includes a plurality of communication nodes configured in a wireless mesh network or a low-power wireless network and a sensor assigned to a monitored subject. The sensor includes a first wireless network interface, for a first wireless network, adapted to communicate with the wireless mesh network or the low-power wireless network and a second wireless network interface, for a second wireless network, adapted to communicate with a mobile device. The sensor includes one or more processors adapted to receive, via the first wireless network, an indicator to transmit an identification message to the mobile device and, based on receiving the indicator, transmit, via the second wireless network, the identification message to the mobile device.

Abstract: Disclosed is a method and authentication server for authentication of users requesting access to a restricted data resource from a communication device. Communication between the communication device and the authentication server passes via an access server, and the RADIUS protocol is used for the communication between the authentication server and the access server. After validating password and username entered by a user, the authentication server sends a request to the communication device to enter an authentication device ID. When receiving an entered authentication device ID, the authentication server performs authentication of the user based on a second authentication procedure using the received authentication device ID and when the second authentication procedure is successful, the user is granted access to the restricted data resource. The user can therefore decide which of a plurality of different authentication devices to use.

Abstract: The disclosure relates to systems and methods for authorization of a user in a spatial 3D environment. The systems and methods can include receiving a request from an application executing on a mixed reality display system to authorize the user with a web service, displaying to the user an authorization window configured to accept user input associated with authorization by the web service and to prevent the application or other applications from receiving the user input, communicating the user input to the web service, receiving an access token from the web service, in which the access token is indicative of successful authorization by the web service, and communicating the access token to the application for authorization of the user. The authorization window can be a modal window displayed in an immersive mode by the mixed reality display system.

Abstract: This disclosure describes systems, methods, and devices related to enhanced feedback for secure mode wireless communications. A device may send a first null data packet (NDP) to a second device, and identify a second NDP received from the second device. The device may identify a location measurement report (LMR) received from the second device, the LMR including a first channel response indicative of a first arrival time of the first NDP at the second device and a first phase shift associated with the first NDP. The device may generate a second channel response indicative of a second arrival time of the second NDP at the device and a second phase shift associated with the second NDP. The device may determine that the first channel response does not match the second channel response, and may identify an attempted attack.

Abstract: Provided are an access control method, a message broadcast method, and a related device. The access control method comprises: determining access information of a terminal, the access information comprising at least one of an access category and public land mobile network (PLMN) information; receiving a first system message broadcast by a network side device, the first system message not carrying or carrying at least one set of access control parameters, each set of access control parameters of the at least one set of access control parameters being associated with at least one piece of access information; if the first system message is not carrying access control parameters, or the access information is not associated with the at least one set of access control parameters, executing a specific action.

Abstract: The present invention utilizes an application which is loaded onto the mobile devices of attendees who will be attending festivals, concerts, etc, where the large crowds attending the event will create wireless and mobile network congestion. The application will enable the attendees and promoters to communicate without the need for a network connection. Communication and instructions are communicated between attendees and promoters using encoded network signals.

Abstract: Implementations set forth herein relate to an automated assistant that can operate in a transient personalization mode, and/or assist a separate automated assistant with providing output according to a transient personalization mode. The transient personalization mode can allow a guest user of an assistant enabled-device to receive personalized responses from the assistant-enabled device—despite not being signed into the assistant-enabled device. A host automated assistant of the assistant-enabled device can securely communicate with a guest user's automated assistant through a backend process. In this way, input queries from the guest user to the host automated assistant can be personalized according to the guest automated assistant—without the guest user directly engaging with their own personal device.

Abstract: A method may perform random access subject to Listen-Before-Talk (LBT) in an NR-U Serving Cell with multiple models. Enhancements may be to the Random Access Preamble Transmission procedure to enable autonomous BWP Switching or sub-band in the event the channel is busy for the active UL BWP.

Abstract: A controller for an implantable blood pump, having processing circuitry configured to control an operating speed of an impeller of the implantable blood pump. The processing circuitry being further configured to control activation and deactivation of a sleep mode. During the sleep mode the processing circuitry being configured to measure a level of suction by detecting suction during a predetermined time interval, recording the time at which suction occurred during the predetermined time interval, and generating a graph demonstrating the measured level of suction. The measured level of suction being a percentage of time the implantable blood pump experienced suction during the predetermined time interval. The processing circuitry being configured to reduce the operating speed of the impeller if the measured level of suction exceeds a predetermined threshold.

Abstract: Systems and methods for providing secure application support for NFC devices in both battery on and battery off modes are provided. A first application that requires available host battery supply and a second application that does not require available host battery supply are loaded onto a mobile device. When the second application is enabled, the reader requests user input on a POS device. The first application is enabled when host battery supply is available, and the second application is enabled when no host battery supply is available.

Abstract: Methods and systems for providing information associated with a location history of a mobile device to one or more applications are disclosed. A mobile device generates one or more location history records based on one or more locations of the mobile device, each location history record comprising one or more points of interest and a duration at the one or more points of interest, receives an information request from at least one application, determines a subset of the one or more location history records that meet criteria from the information request, determines a level of permission for the at least one application based on the information request and the subset of the one or more location history records, and provides information associated with the subset of the one or more location history records to the at least one application based on the level of permission.

Abstract: Implementations of the present application relate to the field of communications, and provide a data transmission method and device, and a system. The method comprises: a terminal transmits data using first power in a first area, and transmits data using second power in a second area, wherein the first area and the second area are distinguished by transmission resources.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. Accordingly the embodiments herein provides a method and system for ciphering of initial NAS message protection procedure. A UE is registered to a first PLMN and a first 5G NAS security context has been established. The UE selects a second PLMN. The UE sends Initial Registration procedure with only cleartext IE to the second PLMN. The second PLMN may initiate and perform authentication procedure.

Abstract: Systems and methods for providing additional functions on a user equipment (UE) with an over-the-top (OTT) application are disclosed. The systems and methods can enable the UE to register with a telephony application server (TAS) using a subscriber identity module identification (SIM ID). The registration can enable communications directed to a cellular number, for example, to be redirected to the UE via a Wi-Fi connection through a wireless residential gateway (WRG). The OTT application can enable the UE to utilize the SIM ID to send and receive communications via a cellular network, an internet protocol (IP) network, or both. The OTT application can also provide applications and capabilities that are not otherwise available on the UE. An OTT settings graphical user interface (GUI) can enable the user to dynamically configure how communications are sent and received in response to changing conditions or preferences.

Abstract: An automatic connection and disconnection system and an automatic connection and disconnection method are provided. The method includes the following steps. A connection signal sent by an electronic device is received by a determining device. The connection signal includes intensity information obtained from measuring at least three identification signals by the electronic device. The at least three identification signals are from at least three peripheral devices, and the at least three peripheral devices are placed to form a geographical region. Also, a first position of the electronic device is located by the determining device according to the connection signal. Next, whether the first position is within the geographical region is determined by the determining device. When the first position is within the geographical region, the electronic device is communicatively connected to a connecting device. The connecting device is located within or outside the geographical region.

Abstract: Methods and devices for a user equipment (UE) device to utilize an electronic subscriber identity module (eSIM) to provide backup cellular connectivity for essential services and security enhancements. A UE device receives user input to alter an operational state of the UE. The user input may include removing a physical subscriber identity module (SIM) card installed in the UE or attempting to power off the UE. In response to receiving the user input, an authorization process is initiated. In response to determining that the authorization process has failed, a security enhancement is implemented for the UE.

Abstract: A secure element of a mobile device receives a first authentication token, which may have an encrypted portion and a non-encrypted portion, from a network gateway device to which the mobile device is connected. The secure element determines whether the first authentication token is valid based on a sequence number included in the first authentication token. If the secure element determines that the first authentication token is valid, the secure element generates a second authentication token that indicates a result of an authentication operation performed by the secure element. The second authentication token is sent to the network gateway device. The secure element derives a pre-shared key using a key derivation function, where the pre-shared key is usable to establish a secure communication channel with the network gateway device.

Abstract: A system described herein may provide a technique for selectively granting or revoking/denying access to applications, services, data, etc. to a User Equipment (“UE”) based on location-based policies and a network-determined location of the UE. The network-determined location may be determined by elements of a wireless network, such as a Mobility Management Entity (“MME”), Access and Mobility Management Function (“AMF”), or other suitable element.

Abstract: Methods are provided for generating an enterprise key for access to an enterprise network via another access network, as part of a secondary authentication to an external data network through another access network. In these methods, an enterprise authentication device obtains, via a first access network, a request to authenticate a user device onto an enterprise network. The user device is connected to the first access network. The method further includes the enterprise authentication device authenticating the user device to obtain access to the enterprise network via the first access network and generating the enterprise key for the user device to provide access to the enterprise network via a second access network.

Abstract: One disclosed example involves a client device joining a videoconferencing meeting in which there is end-to-end encryption, where the end-to-end encryption is implemented by the client devices participating in the meting using a meeting key provided by the meeting host. Thereafter, the client device receives a public key of an asymmetric key pair corresponding to the host of the meeting, where the public key is different from the meeting key. The client device then generates a security code based on the public key and output the security code on a display device. The security code can be compared to another security code generated by another client device participating in the meeting to verify if the meeting is secure. The client device may also receive encrypted videoconferencing data, decrypt it using the meeting key, and output the decrypted videoconferencing data on the display device.

Abstract: This document discusses, among other things, a wireless personal-area network (PAN) underlying a cellular wide-area network (WAN). The PAN includes a wearable user equipment (UE-W) and a user equipment aggregation node (UE-AN). The UE-W includes processing circuitry to process data for communication with a network of the WAN through the UE-AN, and radio interface circuitry to communicate with the UE-AN through a first air interface. The UE-AN includes processing to process data for communication between the network of the WAN and the UE-W, and radio interface circuitry to communicate with the network of the WAN through the first air interface and with the UE-W through a second air interface. The UE-W and the UE-AN can share a network credential, appearing as a single device to the WAN.

Abstract: A communication interface can connect to an information terminal. When detecting the connection between the communication interface and the information terminal, a verification interface verifies the security status of the information terminal. When there is no problem in the security status of the information terminal verified by the verification interface, a display displays an image based on an image signal received by the communication interface from the information terminal. The operation interface accepts an operation on the image displayed by the display. The communication interface transmits an operation signal responsive to the operation accepted by the operation interface to the information terminal, and then receives an image signal as a result of processing by the information terminal in accordance with the operation signal from the information terminal.

Abstract: Embodiments of the disclosure provide a method, device and computer readable medium for authentication. According to embodiments of the present disclosure, only the first terminal device in a group of terminal devices which requests to connect to a network needs to finish the whole authentication. Upon the first terminal device successfully accesses to the network, the remaining terminal devices in the same group can ignore the authentication. In this way, time for authentication is reduced and the calculation efforts related to authentication is reduced for a large number for terminal devices.

Abstract: A system is provided that allows profiles from multiple mobile network operators to be provisioned across multiple eUICCs from different eUICC manufacturers that may each utilize different provisioning methods. This is accomplished through the use of an abstraction layer with application programming interfaces (APIs) that enable SM-DP and SM-SR functionality for eUICCs from multiple eUICC manufacturers and for multiple MNO profiles.

Abstract: The present invention discloses methods and systems for communicating at a cellular router between a first wireless communication module and a first subscriber identity module (SIM). The cellular router receives a first request from a first wireless communication module and encapsulates the first request in a first modified request. The cellular router then sends the first modified request to a first SIM card in a first communication apparatus and waits for a first modified reply. While waiting for the first modified reply the cellular router sends at least one halt message to the first wireless communication module after a first time threshold. After receiving the first modified reply, the cellular router decapsulates the first modified reply to retrieve a first reply and sends the first reply to the first wireless communication module where the first modified reply is a reply to the first modified request.

Abstract: A computing device may receive an indication of an audio signal captured by a microphone, wherein the audio signal includes voice input. The computing device may determine that the voice input in the audio signal is from an authorized user of the computing device and includes a trigger phrase associated with a request to trigger device finder functionality based at least in part on comparing the voice input with data provided by the authorized user of the computing device. The computing device may, in response to determining that the voice input in the audio signal is from the authorized user of the computing device and includes the trigger phrase associated with the request to trigger device finder functionality, cause a speaker of the computing device to audibly output the alert sound to assist the authorized user to locate the computing device.