Abstract: Systems and methods are described herein for managing communications for a connected vehicle, such as between the connected vehicle and other connected vehicle and/or between the connected vehicle and infrastructure entities, such as providers of services to the connected vehicle. For example, a communication network, such as a network provided by a network carrier, may include various cloud engines or other network-based servers that manage, coordinate, and/or provision communications between the connected vehicle and other parties, such as vehicles, road devices, buildings, and other infrastructure entities.

Abstract: Systems and methods are described herein for configuring vehicles and infrastructure (e.g., buildings, smart homes, traffic devices, utilities and associated systems, emergency response systems, and so on) to include blockchain nodes, so a smart city or area of the various devices can be supported by a blockchain network, with some or all devices and systems provisioned with nodes acting as distributed nodes for the blockchain network.

Abstract: Implantable devices, such as artificial organs, increasingly incorporate hardware, software, firmware, and/or wireless communication capabilities. For example, such implantable devices can utilize wireless technology to allow for efficient configuration, maintenance, and operational analysis. As these implantable devices become more connected, electronic security will become more important. This disclosure relates to implantable devices that may utilize a secure boot process and secure communication, both between artificial devices in the human body and between these devices and the external world. This disclosure provides secure communication approaches for maintaining the digital privacy and integrity of artificial devices, for protecting the individual from malicious hacking of data, and for controlling of such implantable devices.

Abstract: An improved core network that includes a network resilience system that can detect network function virtualization (NFV)-implemented nodes that have been compromised and/or that are no longer operational, remove such nodes from the virtual network environment, and restart the removed nodes in a last-known good state is described herein. For example, the network resilience system can use health status messages provided by nodes, intrusion data provided by intrusion detection agents running on nodes, and/or operational data provided by the nodes as applied to machine learning models to identify nodes that may be compromised and/or non-operational. Once identified, the network resilience system can delete these nodes and restart or restore the nodes using the last-known good state.

Abstract: A user device implements a certificate authority for issuing digital certificates that extend to other computing devices a level of trust to a particular user paired with the user device. The user device may obtain user persona information, generate a user key, and combine the user key with a device key for the generation of a digital certificate. The computing device may further transmit the digital certificate to a certificate management system, which manages interactions between other computing devices and the user device or authorizes operation of other computing devices by the particular user based on the digital certificate.

Abstract: This disclosure describes techniques that enable a security monitoring application to detect the use of plaintext sensitive data by a user application on a user device. The security monitoring application may reside on a user device or may reside on a standalone device, such as a security monitoring controller, within an enterprise network. The security monitoring application may be configured to intercept a computing operation executed by a user application that includes user-plane data. In doing so, the security monitoring application may determine whether the user-plane data includes plaintext sensitive data and if so, quarantine the user-plane data.

Abstract: An automation hub may automatically identify the arrival of a package to a location and provide a notification of the delivery to a user. A package authenticator may be generated via the automation hub at the location for embedment in a packaging of a product that is being ordered from a merchant for delivery to the location. Subsequently, the package authenticator may be associated with a pending delivery of the product at the location in response to receiving an indication that the package authenticator is submitted to the merchant via an order. The presence of an arrived package authenticator may be detected in proximity of the location via a sensor that is connected to the automation hub. A notification of arrival for the product may be generated for presentation on connected user devices in response to the arrived package authenticator matching the package authenticator.

Abstract: A prediction engine may use the user behavior data of a user as collected by user devices to assist the user with obtaining products and services. The prediction engine may predict that a user desires to obtain a product or a service from a vendor based on user behavior data collected by applications on one or more user devices. The collected user behavior data may include a conversation of the user with one or more other persons. The prediction engine may trigger an application on a user device to prompt the user to confirm that the user requests to proceed with obtain the product or the service from the vendor. The prediction engine may notify the vendor to provide the product or the service to the user in response to receiving a confirmation from the user that the user requests to proceed with obtaining the product or the service.

Abstract: A permissioned blockchain can be a decentralized data store that maintains information indicating whether user equipment (UE) is SIM locked and/or should be disabled. A UE can access the blockchain during boot up to determine if it should be disabled and not booted into a normal operating environment, and/or whether it is SIM locked to a particular carrier. Authorized entities, such as carriers and UE manufacturers, can update the blockchain to indicate that certain UEs should be disabled, are SIM locked, are not SIM locked, and/or whether it is permissible to remove SIM locks from those UEs.

Abstract: Systems and methods are described herein for configuring vehicles and infrastructure (e.g., buildings, smart homes, traffic devices, utilities and associated systems, emergency response systems, and so on) to include blockchain nodes, so a smart city or area of the various devices can be supported by a blockchain network, with some or all devices and systems provisioned with nodes acting as distributed nodes for the blockchain network.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting modified media are disclosed. In one aspect, a method includes the actions of receiving an item of media content. The actions further include providing the item as an input to a model that is configured to determine whether the item likely includes audio of a user's voice that was not spoken by the user or likely includes video of the user that depicts actions of the user that were not performed by the user. The actions further include receiving, from the model, data indicating whether the item likely includes audio of the user's voice that was not spoken by the user or includes video of the user that depicts actions of the user that were not performed by the user. The actions further include determining whether the item likely includes deepfake content.

Abstract: This present disclosure describes techniques for relaying user plane data from a core network to a recipient device via a terrestrial core network. An orchestration controller is described that is configured to receive an indication that a terrestrial core network has received user plane data for transmission to a recipient device, detect a constellation of Low Earth Orbit (LEO) satellites to transmit the user plane data to the recipient device, select at least a first LEO satellite to receive the user plane data, and transmit the user plane data to the first LEO satellite.

Abstract: This present disclosure describes techniques for a satellite core network to relay user plane data to a recipient device. An orchestration controller on the satellite core network is described that is configured to receive an indication that the satellite core network has received user plane data for transmission to a recipient device, detect a constellation of secondary LEO satellites to transmit the user plane data to the recipient device, and select an initial LEO satellite to relay the user plane data to the recipient device.

Abstract: In a 4G LTE wireless carrier network, network slice instances are instantiated that are configured to provide a configured set of services that are accessible to a controlled set of user devices. A service profile for a user device is identified and analyzed. When the service profile matches a configured set of services for one of the instantiated network slice instances, the user device is enabled to access the matching instantiated network instance. The provisioning of the network slice instances is performed by a dedicated node.

Abstract: A user equipment (UE) including: a processor; a transceiver; and a memory storing instructions that, when executed by the processor, controls the processor to: receive a communication request to communicate with a remote system; instantiate, in response to receiving the communication request, a UE virtual machine instance on the UE; generate a root certificate for the UE virtual machine instance; execute, on the UE virtual machine instance, an application for processing the communication request; transmit, through the transceiver and to an attestation server, the root certificate to attest to the execution of the application within the UE virtual machine instance; establish a communication link between the application and the remote system; and communicate, via the transceiver, with the remote system across the communication link.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting modified media are disclosed. In one aspect, a method includes the actions of receiving an item of media content. The actions further include providing the item as an input to a model that is configured to determine whether the item likely includes audio of a user's voice that was not spoken by the user or likely includes video of the user that depicts actions of the user that were not performed by the user. The actions further include receiving, from the model, data indicating whether the item likely includes audio of the user's voice that was not spoken by the user or includes video of the user that depicts actions of the user that were not performed by the user. The actions further include determining whether the item likely includes deepfake content.

Abstract: A network provider implements network slicing. Network instances are instantiated on a communication network that are configured to provide a configured set of services that are accessible to a controlled set of devices. When a first device is either registered or authenticated with the communication network or has entered a service area, a service profile is identified and analyzed. In response to determining that the service profile matches a configured set of services for one of the instantiated network instances, the first device is enabled to access the matching instantiated network instance.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing a weapon manager are disclosed. In one aspect, a method includes the actions of determining, by the server, that the weapon is in a particular location. The actions further include determining, by the server, a projected travel path of the weapon. The actions further include, based on determining that the weapon is in a particular location and the projected travel path of the weapon, generating, by the server, an instruction to disable the weapon. The actions further include providing, for output to the weapon, the instruction to disable the weapon.

Abstract: Outgoing communications from a user device are monitored following a notification that an application is installed on a user device. When a number of the outgoing communications to a premium-rate number during a predetermined period of time exceeds a corresponding quantity threshold, the pattern of the outgoing communications may be ascertained to be anomalous. A user device is directed to present a prompt that requests an input as to whether the outgoing communications are authorized. In response to a first input that the outgoing communications are unauthorized, additional outgoing communications from the user device to the premium-rate number are blocked for a predesignated amount of time. Further, the first input is stored as a corresponding vote that the application is malicious. In response to a second input that the outgoing communications are authorized, the second input is stored as a corresponding vote that the application is non-malicious.

Abstract: This disclosure describes techniques that permit a user of a client device to authenticate their identity to a service provider using location-based telemetry data associated with the client device that is captured unobtrusively by a service provider over a predetermined time interval. More specifically, a Location-based identity authentication (LIA) system is described that is configured to develop authentication challenges that are based on the location-based telemetry data, such as location data, transaction data, calendar data, and event data. In one example, a client device may transmit an authentication request that relates to a set of service features available to a user identity. The LIA system may transmit a subset of the authentication challenges to the client device to authenticate the user identity. The LIA system may further receive to the subset of authentication challenges, and further, verify the user identity based at least in part on the number of correct responses.