Abstract: Apparatuses, methods, and systems are disclosed for providing enhanced QoS via a non-3GPP access network. One apparatus includes a transceiver communicates with a gateway function in a non-3GPP access network. The apparatus includes a processor that receives a create security association request for each of at least one security association. Here, each create security association request includes additional QoS information for the security association. The processor reserves, for each create security association request, at least one access resource in the access network based on the additional QoS information and sends a create security association response to the gateway function for each create security association request, each create security association response indicating whether the corresponding security association is accepted.

Abstract: A method of preventing a subject communication device 1021 . . . N from accessing a resource when it is determined to be counterfeit. The method involves delivering the web page component to a subject communication device 1021 . . . N in response to a request. The web page component is adapted to retrieve actual values of a plurality of attributes from the subject communication device 1021 . . . N. Reference values of the plurality of attributes are retrieved from a device property store 110 and the method determines that the subject communication device 1021 . . . N is counterfeit when at least one of the actual values of the plurality of attributes is different to the reference value of that attribute.

Abstract: A method and an apparatus for authenticating an access are provided. When a first interface of a BRAS device does not find a user entry corresponding to a user terminal, the first interface sends an authentication request packet including terminal information of the user terminal to an AAA server. The AAA server notifies a second interface already accessed by the user terminal to delete a user entry corresponding to the user terminal when determining that the user terminal is an authenticated terminal and a roaming terminal, and sends an authentication success packet to the first interface when determining the deletion is completed, so that the first interface allows access of the user terminal and records the user entry corresponding to the user terminal in the first interface.

Abstract: The present disclosure relates to mobile communications technologies, and in particular, to a mobile communication method, apparatus, and device. The method includes: receiving, by user equipment UE, a non-access stratum NAS security mode command message from a mobility management entity MME, where the NAS security mode command message carries first verification matching information used to verify UE capability information received by the MME; determining, by the UE based on the first verification matching information, whether the UE capability information received by the MME is consistent with UE capability information sent by the UE to the MME; and if the UE capability information received by the MME is consistent with the UE capability information sent by the UE to the MME, sending, by the UE, a NAS security mode complete message to the MME.

Abstract: Systems and methods are provided for seamless roaming in a network. First, a client device is authenticated at a first access point of the network. Next, a processor selectively determines, among remaining access points in the network, second access points at which respective precursor keys, such as Pairwise Master Keys R1 (PMK-R1s) are to be computed. The second access points are determined based on any of respective path losses from the first access point to the second access points and respective historical frequencies at which the client device associates at the respective remaining access points. For the second access points, the respective PMK-R1s are computed and transmitted to the second access points to be cached. Next, following a request from the client device to reassociate to a second access point of the second access points, the client device is authenticated at the second access point based on a corresponding PMK-R1.

Abstract: A data packet transmission method—that includes: obtaining, by a terminal, N application programs that are running; and if the N application programs include an application program including a low-latency service; determining whether an unlicensed frequency band is in a congestion state; and instructing a network device to schedule a data packet of the terminal to a licensed frequency band for transmission when the unlicensed frequency band is in a congestion state. When determining that the N running application programs include the application program including the low-latency service, the terminal may instruct the network device to schedule the data packet of the terminal to the licensed frequency band for transmission, so as to transmit a data packet of the low-latency service by using the licensed frequency band. Resources in the licensed frequency band are centrally scheduled by the network device, instead of being used through contention.

Abstract: A communication method includes: receiving, by a terminal device, sub-network information of a RAN sent by a network side device, where the sub-network information is used to indicate at least one RAN sub-network included in the RAN; accessing, by the terminal device, a target RAN sub-network among the at least one RAN sub-network based on a service requirement of the terminal device; and communicating, by the terminal device, with the network side device by using the target RAN sub-network.

Abstract: A mobile device is disclosed.

Abstract: A transceiver can transmit a broadcasted system information message including a restricted operator service access indication from a serving cell of a network. A controller can perform a radio resource control connection establishment procedure to receive an attach request message. The radio resource control connection establishment procedure can be for the restricted operator service access and can include receiving a RRCConnectionSetupComplete message from a mobile equipment to the network.

Abstract: Embodiments of the present invention provide methods and devices for transmitting or receiving beacon frames and probe response frames that include MAC addresses of a multi-link device (MLD) operating on multiple links in a wireless network. For example, the beacon frames and probe response frames can include an MLD MAC address that uniquely identifies an AP MLD in a wireless network, and can optionally include one or more WM MAC addresses of STAs of the AP MLD. The MAC addresses can be used to by wireless devices (e.g., STA MLDs) to connect to and associate with the AP MLD, and can be used to generate a password element used during authentication between wireless devices.

Abstract: An electronic subscriber identity module (eSIM) profile delivery and activation system is disclosed comprising a user equipment that includes an eSIM, a WIFI transceiver, a radio modem, and an application. The application is configured to detect that the eSIM is not initially provisioned with an eSIM profile, and in response to the detection, request, receive, and store via the WIFI transceiver a branding information handle from an over-the-air (OTA) platform in the eSIM, and reboot the eSIM and/or the radio modem. The radio modem is configured to receive the branding information handle stored in the eSIM after reboot, determine which subscription manager data preparation (SMDP+) server to access based on the handle, and obtain and configure the eSIM profile from the SMDP+ server into the eSIM. The radio modem is subsequently rebooted and configured to communicate with a carrier specific OTA platform to finalize activation of the eSIM profile.

Abstract: An e-paper display apparatus including an e-paper display panel is provided. The e-paper display panel includes a plurality of pixel circuits arranged in an array. Each of the pixel circuits includes a transistor device, a storage capacitor and a pixel capacitor. A data voltage is configured to drive the storage capacitor and the pixel capacitor, so as to drive the e-paper display panel to display image. The transistor device is an oxide thin-film transistor. An absolute value of the data voltage is greater than or equal to 20 voltages.

Abstract: A memory device is interfaced to a SST; an identifier and, optionally, an invalid identifier list are received from the device. The invalid identifier list is updated to the SST when the invalid identifier list is a more recent version of a SST invalid identifier list. The identifier is invalidated when the identifier is matched in the invalid identifier list or when an expiration date associated with the identifier has expired. When the identifier is invalid, access to administrative features of the SST is denied; and when the identifier is valid access to the administrative features is granted.

Abstract: Wireless communication methods are described for a user plane integrity protection failure detection and handling, determination and management of integrity protection enabled data rate that exceeds or is close to exceeding a user equipment's capability or threshold, and management of integrity protection or encryption mechanisms in a dual-connectivity system that includes a master network node and a secondary network node.

Abstract: In one example, an Access Point (AP) configures a first mapping of a first cellular network connection to a first local access network group, and further configures a second mapping of a second cellular network connection to a second local access network group. The AP determines whether a user device is authorized to use the first cellular network connection or the second cellular network connection. If the user device is authorized to use the first cellular network connection, the AP associates, for the user device, a first user device identifier with the first local access network group. If the user device is authorized to use the second cellular network connection, the AP associates, for the user device, a second user device identifier with the second local access network group.

Abstract: A system and method for security of Internet of things (IoT) devices are discussed. A user of a mobile device, such as a customer of a wireless communication network, may remotely lock an IoT device while concomitantly assigning an ad hoc password to the IoT device that can be subsequently used to unlock the device. Alternatively, an IoT device may self-lock and produce a password in response to detecting its motion. The produced password may be provided to the user of a mobile device and used later to unlock the IoT device.

Abstract: A method of processing measurement information, a terminal, and an access network node are provided. The method is applied to a multi-connection system. The method includes: acquiring, by the terminal, measurement information on at least one frequency other than a serving frequency of a second access network node; and transmitting, by the terminal, the measurement information on the at least one frequency other than the serving frequency of the second access network node to the second access network node, where the at least one frequency other than the serving frequency of the second access network node includes a serving frequency of a first access network node.

Abstract: There are provided systems and methods for a voice vector framework that authenticates user interactions. A service provider server receives user interaction data having audio data that is associated with an interaction between a user device and the service provider server. The server extracts user attributes from the audio data and obtains user account information associated with the user device. The server selects a classifier that corresponds to a select combination of features based on the user account information and applies the classifier to the user attributes. The server generates a voice vector that includes multiple scores indicating likelihoods that a respective user attribute corresponds to an attribute of the select combination of features. The server compares the voice vector to a baseline vector corresponding to a predetermined combination of features and sends a notification to an agent device with an indication of whether the user device is verified.

Abstract: The present invention provides a method of how the serving base station notifies UE of the encryption information used in the re-establishment process, how the serving base station finds the UE context information and authenticates the UE, in the 5G architecture. By means of the method of the present invention, the message between the RRC message and the base station can be optimized, the UE is correctly authenticated, and the re-establishment failure is avoided.

Abstract: Disclosed are various examples for enforcing network access permissions on applications that are installed on a client device. A network whitelist or network blacklist can be deployed by a management service onto a managed client device. A management component can facilitate enforcement of the whitelist and/or blacklist to enforce network access rules on installed applications.

Abstract: This application provides an information transmission method when a terminal device accesses a serving radio access network (RAN) device. The terminal device receives an identifier of a first cluster-data function (C-DF) associated with the serving RAN device from the serving RAN device, where the first C-DF is located in a radio access network and stores current data of the terminal device. When the terminal device camps on the serving RAN device longer than or equal to a first threshold, the terminal device stores the identifier of the first C-DF.

Abstract: Mechanisms are provided to implement a privacy enhanced location service for determining a granularity of location information to return to a requestor computing device. The privacy enhanced location service receives, from a requestor computing device, a location query requesting location information for a subject. The privacy enhanced location service retrieves a selected subject privacy policy data structure, selected from a set of subject privacy policy data structures corresponding to the subject identified in the location query. The privacy enhanced location service applies the selected subject privacy policy data structure to location information associated with the subject to generate modified location information having a granularity of location information specified in the selected subject privacy policy data structure. The privacy enhanced location service transmits the modified location information to the requestor computing device.

Abstract: A system for credential authentication include an interface configured to receive a create indication to create a location aware credential, wherein the location aware credential specifies visit location data and receive a check in indication to check in from an authentication device, wherein the authentication device provides the check in indication to check in in response to determining that a detected location is within a geographic boundary designated in the visit location data of the location aware credential, and a processor configured to provide a proof request, receive a proof response, validate the proof response using a distributed ledger, and provide a success indication of successful check in.

Abstract: Methods, computer-readable media, software, and apparatuses may determine, based upon edge-computing operations, that a vehicular trip has been initiated and cause one or more sensors to collect vehicle data. One or more trip segments for at least a portion of the vehicular trip may be determined. In some aspects, for each trip segment, a first plurality of time features and a second plurality of frequency features may be determined, and may be concatenated with a third plurality of GPS features to form a feature vector. An accuracy measure may be determined based on the feature vector, and a mode for the vehicle may be predicted.

Abstract: Provided is a process for authentication of a user on a mobile device. The user of the mobile device may authenticate with the mobile device, and credentials may be conveyed to a server via a relying device. The mobile device may directly communicate credentials to the relying device. In some examples, the user of the mobile device may authenticate using the mobile device without inputting credentials on the relying device. Credentials conveyed to the server by the relying device and authenticated by the server may permit user access to the relying device or access to an online resource from the relying device.

Abstract: A content management system may support a card engine to dynamically perform operations such as configuring content for display via a user interface and generating reports based on user behavior, account status, and business logic. In cooperation with a facts controller to provide facts that the card engine may access substantively in real time, a rules engine to provide constructs in the form of card definitions, and a development engine, the content management system may enable a content manager to effect changes to card and container definitions by providing or modifying rules and rulesets in the rules engine dynamically. Cards evaluated dynamically by the card engine may be transmitted to user equipment. In this way, the content manager may make content decisions in accordance with business logic and events occurring proximate to the user, thereby impacting the user experience and generating reports in a substantive and real-time fashion.

Abstract: Wireless devices (clients) connect to different access points (AP) in a wireless network. The wireless network may determine that based on, for example, congestion of certain APs that a client should be steered away from a current AP. Steering may be conducted utilizing BSS transition management (BTM) messages to provide the client with a list of network-preferred APs for a transition. Clients may also have one or more preferred APs and may reject the BTM steering message if it does not include at least one client-preferred AP. To prevent rejection of the BTM message, at least one client-preferred AP may be added to the BTM message. To ensure the client is steered to a network-preferred AP, the client is blacklisted from connecting to the client-preferred AP until the client has been steered to a network-preferred AP.

Abstract: A computer-implemented method is executed using a threat assessment server that is communicatively coupled via one or more networks to one or more different cloud computing service providers and comprises receiving first input data specifying a first cloud service account that is associated with two or more cloud computing instances and/or two or more cloud storage instances, the cloud computing instances or cloud storage instances being hosted at a first cloud computing service provider, the first cloud service account being from among one or more different cloud service accounts that are associated with the one or more different cloud computing service providers each hosting respective cloud computing instances and/or cloud storage instances; receiving second input data specifying an entry point identifier of a particular cloud resource from among the two or more cloud computing instances and/or two or more cloud storage instances; using a plurality of first network calls from the threat assessment server t

Abstract: Computerized systems and methods are provided to intelligently and dynamically manage a data center comprising at least one server and at least one central manager. The central manager is programmed to access the at least one server on a predetermined schedule to determine whether at least one application is functioning properly by determining a functionality level. Alternatively, the central manager determines whether the at least one server is actively used by determining an activity level for the server. Based on the central manager's determinations, the system dynamically adjusts the power level of the server, resulting in reduced power consumption and a reduction in wasted resources and unnecessary processing power in the management of servers in a data center.

Abstract: Methods and apparatuses for supporting outside the context of a basic service set (OCB) concurrent with infrastructure-based communications, including cellular communications or basic service set (BSS) communications, are described. OCB service information is transmitted by an infrastructure unit in an infrastructure-based communication. The OCB service information include a service identifier and channel information for each available OCB service. The infrastructure unit may then communicate with a terminal unit over an OCB communication link, to provide an OCB service to the terminal unit. The OCB service information may be communicated in an OCB operation information element (IE) including a service hash field and an operating class and channel field.

Abstract: A centralized configuration management system (CCM) may receive, from an NMS device, a request concerning a configuration for a microservice associated with the NMS device. The CCM may identify, based on the request, a first data model associated with default configuration information. The CCM may identify, based on the request, a second data model associated with customized configuration information. The CCM may generate, based on the first data model and the second data model, a response that includes at least one configuration parameter. The CCM may send the response to the NMS device to allow the microservice to be configured based on the at least one configuration parameter.

Abstract: Systems may establish a Session Initiated Protocol (SIP) session during a Home Subscriber Server (HSS) outage. The systems may include Network Functions (NF) that perform steps for establishing the SIP session and/or bypassing the HSS experiencing the outage. For instance, an Interrogating (I)-Call Session Control Function (CSCF) may modify a terminating message received from a User Equipment (UE) to generate a modified terminating message, and send one or more instances (e.g., forks) of the modified terminating message to one or more candidate Serving (S)-CSCFs. A particular S-CSCF of the candidate S-CSCFs may comprise the registered S-CSCF and may respond to an instance of the modified terminating message. In some embodiments, the I-CSCF may establish the SIP session by sending an instance of the modified terminating message to a designated S-CSCF. The designated S-CSCF may determine which candidate S-CSCF comprises the registered S-CSCF, for instance, by querying the candidate S-CSCFs.

Abstract: Various examples are directed to systems and methods for detecting potentially fraudulent voice calls to a financial services institution. A computing system may receive an indication of a voice call placed by a voice caller to an operator. The computing system may generate a network address indicator describing a network location. The network address indicator may be provided to the voice caller. The computing system may receive an indication of a financial services account indicated by the voice caller. The computing system may also receive an indication of an access to the network location by a remote device. The computing system may determine, using the indication of the access to the network location, a first location associated with the remote device and determine that the first location does not match a second location associated with the financial services account. The computing system may generate an alert indicating that the voice call is potentially fraudulent.

Abstract: Systems and methods are provided for managing user identities in networks. One exemplary method includes receiving, at a communication device, an API call request for a credential from a relying party. The communication device includes an application that incorporates an SDK. After receiving the API call request for the credential, the communication device authenticates a user associated with the communication device and identified in the API call request. After authentication of the user the communication device generates, via the SDK, a private-public key pair and stores the private key in memory. The communication device compiles, via the SDK, a credential packet include the public key and identity data associated with the user and transmits the credential packet to the relying party, whereby the relying party is registered to the SDK to request assertions of an identity of the user.

Abstract: One or more computing devices, systems, and/or methods for implementing differentiated mobility schemes are provided. In an example, a communication device may be identified as being connected with a first base station. A selection criterion may be identified based upon a characteristic associated with the communication device. A mobility scheme may be selected from a set of mobility schemes based upon the selection criterion. One or more thresholds of the mobility scheme may be communicated to the communication device.

Abstract: A check-in and tethering system for monitoring persons such as released in court-ordered supervised programs and a method for operating such a system is disclosed. The system includes a tethered mobile device that provides a check-in procedure that requires a response from a user of the tethered mobile device in the form of at least one of a device identifier from a monitored tethered device attached to the user, a biometric response, or a performed action by the user. The tethered mobile device determines whether the response is valid and transmits a notification to a monitoring center in response to the determination.

Abstract: A method and apparatus for managing TACs and TAIs used in communications system is disclosed in which “associated TACs” are used on a global basis and “unassociated TACs” are used on a regional basis. Associated TACs are associated with International Mobile Subscriber Identify (IMSI) Bin Numbers (IBNs). The value of each associated TACs is determined based on an associated IBN that serves as a seed for generating the TAC value. Unassociated TACs are TAC values that are within the “TAC space” of valid TAC values, but that are not within the pool of associated TACs. In some embodiments, there are 60,000 associated TACs and 65,536 total TAC values in the TAC space. Therefore, in such embodiments, there are 5,536 unassociated TACs that are regionally managed.

Abstract: The present disclosure provides a method, a control terminal and a system for assisting a device to access a network. The method includes: receiving auxiliary distribution network information which is used to assist a device to access the network, filling the received auxiliary distribution network information into a probe request frame, and sending the probe request frame which carries the auxiliary distribution network information in a wifi broadcast packet, so that, after monitoring the wifi broadcast packet, the device accesses a corresponding wireless router by using the auxiliary distribution network information carried by the probe request frame in the wifi broadcast packet.

Abstract: Disclosed herein is a computing device that includes a memory and a processor. The memory store processor executable instructions for an authentication system. The processor is coupled to the memory. The processor executes the authentication system to cause the computing device to generate a credential asset, which includes a unique name. The authentication system, also, fetches tokens for the credential asset using the unique name, calls a notification for each of the tokens, polls for a code of the credential asset, and utilizes the code for an authentication to run a job.

Abstract: Systems and methods model earth stations and other captive terrestrial sites as simulated cell sites in a radio access network (RAN) to identify potential cellular network interferers with the earth stations. A computing device selects an earth station within a geographic area of a RAN segment and model the earth station as a cell within the RAN segment, wherein the modeling creates a simulated earth station cell. The computing device obtains sector carrier data for cells in the RAN segment and scores, based on the sector carrier data, neighboring cells to the simulated earth station cell. The scoring indicates a level of potential interference of the neighboring cells with the earth station based on geo-spatial relevance. The computing device identifies projected mobility interference in neighboring cells to the earth station and provides prioritization recommendations for interference mitigation for the earth station based on the scoring and the identifying.

Abstract: Embodiments of the present invention provides an information obtaining method and a device. The method is applied to a base station, and includes: sending first information to a mobile management entity (MME), where the first information includes a first request used to re-establish an radio resource control (RRC) connection, the first request is used to instruct the MME to send second information to the base station, the second information includes context information of user equipment (UE) and indication information that is used to indicate connection establishment, and the UE is a UE that requests the RRC connection re-establishment; and receiving the second information. In the embodiments of the present invention, steps in a process of RRC link re-establishment can be reduced, thereby shortening time for re-establishing an RRC connection.

Abstract: A system described herein may provide for the use of modeling techniques to generate models associated with various locations or regions (e.g., sectors) associated with one or more radio access networks (“RANs”) of a wireless network, as well as for one or more mobile radio units (“MRUs”) that include wireless network infrastructure and which may be dynamically moved from one location to another. The system may identify attributes of a location within the network at which the MRU is located, and may automatically configure base stations of the RAN as well as the wireless network infrastructure of the MRU in order to optimize the operation of the RAN, as well as to gain optimal usage of the MRU.

Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus are provided. The apparatus may be a ME/UE. The ME/UE determines whether there is a closed access group (CAG) information list stored in a USIM utilized by the ME. The CAG information list includes an entry that specifying a public land mobile network (PLMN) ID and a CAG ID that in combination uniquely identify a CAG cell. When the CAG information list is detected: the ME/UE maintains the CAG information list for selecting the CAG cell for the ME to access; the ME/UE searches for the CAG cell according to the CAG information list.

Abstract: Methods for cellular network authentication utilizing unlinkable anonymous credentials are disclosed. In embodiments, a method includes: contacting, by a computing device, a mobile device network with a request to connect to the mobile device network; conducting, by the computing device, an interactive credential issuance protocol with an Issuer of the mobile device network to generate an unlinkable anonymous credential; and connecting, by the computing device, to the mobile device network based on a Verifier of the mobile device network verifying the computing device based on the unlinkable anonymous credential.

Abstract: An electronic device includes an address generator module that generates a source address for each traffic class to be sent using a network interface. The source address includes a Unique Local Address (ULA) prefix and an interface identifier having a traffic class identifier as one or more most significant bits and a randomly generated remainder. The address generator module generates a destination address having the ULA prefix and the traffic class identifier. When a processor of the electronic device is selecting a source address for the traffic class according to rules of a network layer protocol (e.g., IPv6), including a rule that a longest matching address of possible source addresses to the given destination is selected as the source address, the generated source address is selected due to the one or more most significant bits of the interface identifier matching with the traffic class identifier of the destination address.

Abstract: The present invention provides a method for unlocking a vehicle door using a mobile terminal. The unlocking method comprises: authenticating, by a mobile key management server, a user and a smartphone of the user; authenticating, by the mobile key management server, a vehicle having a door to be unlocked using the authenticated smartphone; generating, by the mobile key management server, a mobile key issuance algorithm corresponding to the authenticated vehicle and smartphone; issuing, by the mobile key management server, a mobile key, using the generated mobile key issuance algorithm, in response to a request from the smartphone; receiving, at the mobile key management server, the issued mobile key via the smartphone and the vehicle; confirming, by the mobile key management server, whether the issued mobile key matches the received mobile key; and requesting, by the mobile key management server, the vehicle to unlock the door thereof, when the issued mobile key matches the received mobile key.

Abstract: This application provides a key derivation algorithm negotiation method and an apparatus. The method includes: checking, by a terminal, a sent first key derivation algorithm and a received second key derivation algorithm; if the checking is correct and the first key derivation algorithm is the same as the second key derivation algorithm, determining that the first key derivation algorithm sent by the terminal is not tampered with by an attacker; and then using a negotiated third key derivation algorithm as a key derivation algorithm of the terminal, to ensure confidentiality of the negotiated key derivation algorithm, thereby improving communication security.

Abstract: A supervisory service of a node that includes a smart input/output (I/O) peripheral is extended into a cloud operator domain that is associated with the smart I/O peripheral. The supervisory service determines a state of a ready state indicator that is provided by the smart I/O peripheral. Based on the state, the supervisory service performs at least one of regulating an availability of an instance of an application operating environment of the node or determining whether the smart I/O peripheral is ready to be configured by the supervisory service.

Abstract: A method and a wireless communication device for providing communication service to devices connected to the wireless communication device. By establishing a starter wireless carrier connection using a starter SIM from a plurality of local SIMs, the wireless communication device establishes one or more logical data connections with one or more SIM banks. Remote-SIMs are selected from the one or more SIM banks and used to establish further wireless carrier connections to allow communication service to be provided to the devices over wireless carrier connections.

Abstract: A location system of a mobile device may detect a first location and a second location of the mobile device. A processor of the mobile device may determine that the first location and second location are within a geofence surrounding the location of interest. The processor may determine a speed at which the mobile device traveled from the first location to the second location. The processor may determine that the mobile device is loitering at the location of interest in response to the speed being below a threshold value. In response to determining that the mobile device is loitering at the location of interest, the processor may perform check in processing to check a user of the mobile device as being on site at the location of interest.