Abstract: Systems and methods are described herein for configuring vehicles and infrastructure (e.g., buildings, smart homes, traffic devices, utilities and associated systems, emergency response systems, and so on) to include blockchain nodes, so a smart city or area of the various devices can be supported by a blockchain network, with some or all devices and systems provisioned with nodes acting as distributed nodes for the blockchain network.

Abstract: The use of user-behavior-based adaptive authentication may provide more secure user authentication without sacrificing user convenience. A baseline behavior pattern of a user may be identified using a machine learning algorithm based on user behavior data collected by one or more applications on at least one user device of the particular user for a predetermined time period. One or more events that deviate from the baseline behavior pattern of the user during a specific time period are then detected using the machine learning algorithm based on new user behavior data of the user obtained during the specific time period. In response to receiving a request from an application to authenticate a particular user for access or continued access to a resource, an authentication question and a correct answer for the authentication question are generated based on a detail of an event that deviates from the baseline behavior pattern.

Abstract: A request from a user device to register as a secure endpoint device of a secure local area network (LAN) is received by a wireless carrier network. A device type of the user device is identified by the network based on device identification information provided by the user device. A data protection policy that corresponds to the device type of the user device is sent to a secure endpoint application on the user device following a registration of the user device as a secure endpoint device by the network, in which the data protection policy includes an Access Point Name (APN). The user device allocated a network slice of the wireless carrier network that corresponds to the APN to the user device. Subsequently, a data file is transported from the user device to an additional secure endpoint device via the network slice that is allocated to the user device.

Abstract: A system and method for establishing a dynamic wireless communication network with a plurality of autonomous aerial vehicles, such as drones. The drones can dynamically change the size and availability of the communication network, and work with an existing communication network, such as cellular telecommunications or internet protocol networks. The drones can therefore create and maintain a robust network in response to a variety of needs, such as emergency response areas or large sporting events. Further, the drones can establish communication hotspots for mobile devices, and can alternately be configured to create a data pipeline.

Abstract: Systems and methods are described herein for managing communications for a connected vehicle, such as between the connected vehicle and other connected vehicle and/or between the connected vehicle and infrastructure entities, such as providers of services to the connected vehicle. For example, a communication network, such as a network provided by a network carrier, may include various cloud engines or other network-based servers that manage, coordinate, and/or provision communications between the connected vehicle and other parties, such as vehicles, road devices, buildings, and other infrastructure entities.

Abstract: A permissioned blockchain can be a decentralized data store that maintains information indicating whether user equipment (UE) is SIM locked and/or should be disabled. A UE can access the blockchain during boot up to determine if it should be disabled and not booted into a normal operating environment, and/or whether it is SIM locked to a particular carrier. Authorized entities, such as carriers and UE manufacturers, can update the blockchain to indicate that certain UEs should be disabled, are SIM locked, are not SIM locked, and/or whether it is permissible to remove SIM locks from those UEs.

Abstract: A user device implements a certificate authority for issuing digital certificates that extend to other computing devices a level of trust to a particular user paired with the user device. The user device may obtain user persona information, generate a user key, and combine the user key with a device key for the generation of a digital certificate. The computing device may further transmit the digital certificate to a certificate management system, which manages interactions between other computing devices and the user device or authorizes operation of other computing devices by the particular user based on the digital certificate.

Abstract: A method for virtual subscriber identity module (SIM) sharing. The method can include a service provider receiving a request including service details from a first UE. The service provider can verify the request and then generate a first SIM over-the-air (OTA) message. The first virtual SIM-OTA message can be sent to the first UE and causes the first UE to dynamically provision a virtual SIM. The service provider can also generate and transmit a first unique identifier to the first UE. The method can further include the service provider receiving a second unique identifier from a second UE. After determining the first unique identifier matches the second unique identifier, the service provider can generate and transmit a second SIM-OTA message to the second UE. The service provider can then provide the service to the first UE and second UE according to the service details.

Abstract: Systems and methods for authorizing drones with access to airborne fulfillment centers (AFCs) and other warehouse facilities are described. For example, the systems and methods perform multiple authentication processes, including a physical authentication process and a virtual or electronic authentication process, when determining whether a drone is authorized to access an AFC. Once authorized, the drone may access the AFC to pick up and/or deliver packages or other products, to recharge, to seek repairs, to be housed, and so on.

Abstract: A user equipment (UE) including: a processor; a transceiver; and a memory storing instructions that, when executed by the processor, controls the processor to: receive a communication request to communicate with a remote system; instantiate, in response to receiving the communication request, a UE virtual machine instance on the UE; generate a root certificate for the UE virtual machine instance; execute, on the UE virtual machine instance, an application for processing the communication request; transmit, through the transceiver and to an attestation server, the root certificate to attest to the execution of the application within the UE virtual machine instance; establish a communication link between the application and the remote system; and communicate, via the transceiver, with the remote system across the communication link.

Abstract: Systems and processes that may be implemented to manage access by software applications to various resources of a user telecommunications device are disclosed. The systems and processes may implement a trust policy which reflects privacy criteria selected by a user of the user telecommunications device, wherein the trust policy overrides registered permissions of the software applications. The user telecommunication device may include a memory that stores a software application has been granted registered permissions to access a input and/or output component of the user telecommunications device as well as a trust policy has been set by the user to proscribe access by that particular software application to the input and/or output component. In implementing the trust policy, the software application may be prevented from accessing the input and/or output component notwithstanding the software application having registered permissions to access the input and/or output component.

Abstract: A method for dynamically provisioning virtual subscriber identity modules (SIMs) to enable a user equipment (UE) to use a service from a service provider. The method can include a UE transmitting a user request to a virtual SIM marketplace. The virtual SIM marketplace can receive a plurality of service offers from a plurality of service providers. The virtual SIM marketplace can match details in the user request with offers made by the plurality of service providers. When a match is found, the virtual SIM marketplace can send user information from the user request to the matching provider. The provider can then send a SIM over-the-air (OTA) message to the UE. The UE can use the SIM-OTA message to enable the UE to provide a user device service on the provider's network.

Abstract: A system including: a transceiver; a boot processor configured to: capture an image of a container of the system, determine whether the system container image has been modified, and post, to a node of a distributed ledger network, a first attestation based on a determination of whether an anomaly exists in the system container image; a system processor; and a memory storing instructions that instruct the system processor to: receive a request to connect to an external device, request a second attestation from a node of the distributed ledger network as to whether an anomaly exists in the external device container image, determine whether an anomaly exists in the external device container image, and either: establish, in response to determining that an anomaly does not exist, a connection with the external device, or deny the request to connect to the external device in response to determining that an anomaly exists.

Abstract: Systems and methods for authenticating users to operate a vehicle are disclosed. The system can receive biometric data from a sensor on user equipment (UE) or a sensor installed in the vehicle. The system can also receive location data from the UE and the vehicle. The biometric data can be compared to stored biometric data for one or more authorized users. The location data of the UE and the location data of the vehicle can be compared to determine the proximity thereof. When the biometric data matches at least one biometric profile in the stored biometric data and the UE location data is within a predetermined distance of the vehicle location data, the user can be authenticated to operate the vehicle. The system can also detect risky driving behavior and assume control of the vehicle or report the behavior to authorities.

Abstract: Implantable devices, such as artificial organs, increasingly incorporate hardware, software, firmware, and/or wireless communication capabilities. For example, such implantable devices can utilize wireless technology to allow for efficient configuration, maintenance, and operational analysis. As these implantable devices become more connected, electronic security will become more important. This disclosure relates to implantable devices that may utilize a secure boot process and secure communication, both between artificial devices in the human body and between these devices and the external world. This disclosure provides secure communication approaches for maintaining the digital privacy and integrity of artificial devices, for protecting the individual from malicious hacking of data, and for controlling of such implantable devices.

Abstract: A permissioned blockchain can be a decentralized data store that maintains information indicating whether user equipment (UE) is SIM locked and/or should be disabled. A UE can access the blockchain during boot up to determine if it should be disabled and not booted into a normal operating environment, and/or whether it is SIM locked to a particular carrier. Authorized entities, such as carriers and UE manufacturers, can update the blockchain to indicate that certain UEs should be disabled, are SIM locked, are not SIM locked, and/or whether it is permissible to remove SIM locks from those UEs.

Abstract: A user device implements a certificate authority for issuing digital certificates that extend to other computing devices a level of trust to a particular user paired with the user device. The user device may obtain user persona information, generate a user key, and combine the user key with a device key for the generation of a digital certificate. The computing device may further transmit the digital certificate to a certificate management system, which manages interactions between other computing devices and the user device or authorizes operation of other computing devices by the particular user based on the digital certificate.

Abstract: Systems and methods are described herein for configuring vehicles and infrastructure (e.g., buildings, smart homes, traffic devices, utilities and associated systems, emergency response systems, and so on) to include blockchain nodes, so a smart city or area of the various devices can be supported by a blockchain network, with some or all devices and systems provisioned with nodes acting as distributed nodes for the blockchain network.

Abstract: Systems and methods are described herein for provisioning a home automation hub, or one or more of IoT devices, with blockchain nodes (or sub-nodes). The hub, an IoT device, and/or a group of IoT devices can perform operations similar to a node on a blockchain network. The operations can include blockchain transactions and other operations, such as transactions performed to verify or confirm an IoT device is authorized to be part of the shared network and thus is authorized to connect to the hub.

Abstract: Systems and methods are described herein for configuring vehicles and infrastructure (e.g., buildings, smart homes, traffic devices, utilities and associated systems, emergency response systems, and so on) to include blockchain nodes, so a smart city or area of the various devices can be supported by a blockchain network, with some or all devices and systems provisioned with nodes acting as distributed nodes for the blockchain network.