Abstract: Systems and methods for threat detection and mitigation for remote wireless communication network control systems. One example method includes receiving a threat detection message identifying a threat to at least one of a plurality of remote wireless network controllers, each associated with one of a plurality of wireless communication networks. The method includes determining a threat rating based on the threat detection message and determining, based on the rating, a threat mitigation action identifying at least a first remote wireless network controller of the plurality of remote wireless network controllers. The method includes executing the threat mitigation action by commanding a shift in an operational function of the first remote wireless network controller to a first on-premise wireless network controller associated with the same wireless communication network as the first remote wireless network controller.

Abstract: Improved user authentication of a communication device is provided by expanding voice biometric authentication with a dynamically updated user profile formed of non-voice usage parameters. The non-voice usage parameters are collected during successful voice authentications to establish non-voice compensation controls. When a failed voice biometric authentication attempt is followed by a valid PIN entry, then a false rejection is determined, and a voice biometric threshold is adjusted to reduce the individual user-based false rejection rate along with the enablement of the non-voice usage controls.

Abstract: Improved user authentication of a communication device is provided by expanding voice biometric authentication with a dynamically updated user profile formed of non-voice usage parameters. The non-voice usage parameters are collected during successful voice authentications to establish non-voice compensation controls. When a failed voice biometric authentication attempt is followed by a valid PIN entry, then a false rejection is determined, and a voice biometric threshold is adjusted to reduce the individual user-based false rejection rate along with the enablement of the non-voice usage controls.

Abstract: Improved user authentication of a communication device is provided by expanding voice biometric authentication with a dynamically updated user profile formed of non-voice usage parameters. The non-voice usage parameters are collected during successful voice authentications to establish non-voice compensation controls. When a failed voice biometric authentication attempt is followed by a valid PIN entry, then a false rejection is determined, and a voice biometric threshold is adjusted to reduce the individual user-based false rejection rate along with the enablement of the non-voice usage controls.

Abstract: A method and mobile device for identifying a current user of the mobile device as a trusted user is provided. The mobile device determines that a current user of the mobile device is not the owner of the mobile device. The mobile device obtains a biometric sample of the current user and transmits an identification request message to a distributed identification system. The distributed identification system includes a group of mobile devices, each one that includes biometric data the owner of the device. The identification request message includes the biometric sample of the current user. If the biometric sample matches the sample of one of the mobile devices in the distributed identification system, that device sends an identity response to the originating mobile device. Upon receiving the identity response, the original mobile unit determines if the identity in the identity response matches a known identity of the mobile device, such as a member in the contact list.

Abstract: Method, server, and communication device for updating identity-based cryptographic private keys of compromised communication devices. One method includes receiving, at a server, a security status indicating that the security of a first communication device has been compromised. The first communication device is associated with a user and includes a first identity-based cryptographic private key and a first user identifier. The method also includes, responsive to receiving the security status, determining, with the server, a second user identifier based on the first user identifier. The method further includes determining, with the server, a second identity-based cryptographic private key based on the second user identifier. The method also includes distributing, via the server, the second identity-based cryptographic private key to a second communication device. The second communication device is associated with the user.

Abstract: Method and management server for revoking group server identifiers of compromised group servers. One method includes determining, with a management server, an identity-based cryptographic signing key based on a group server identifier. The method also includes distributing, via the management server, the identity-based cryptographic signing key to a group server. The method further includes receiving, at the management server, a security status indicating that the security of the group server is compromised. The method also includes, responsive to receiving the security status, distributing, via the management server, a revocation of the group server identifier to a plurality of communication devices.

Abstract: Method and server for issuing a cryptographic key. One method includes distributing a first group key to a first communication device and a second communication device. The method also includes distributing a security request to the first communication device. The method further includes receiving a security status from the first communication device responsive to transmitting the security request. The method also includes determining when security of the first communication device is compromised based on the security status. The method further includes distributing, via a server, the cryptographic key to the first communication device when the security of the first communication device is not compromised. The method also includes distributing, via the server, a second group key to the second communication device when the security of the first communication device is compromised and the first communication device cannot be fixed or deactivated.

Abstract: Method and system for authenticating a session on a communication device. One method includes determining a use context of the communication device and an authentication status of the communication device. The method further includes determining a predetermined period of time based on at least one of the use context and the authentication status. The method further includes generating biometric templates based on at least one of the use context and the authentication status. The method further includes selecting a matching threshold for the biometric templates based on at least one of the use context and the authentication status. The method further includes comparing a match score of each of the biometric templates to the matching threshold to determine a passing amount of biometric templates with match scores that meet or exceed the matching threshold. The method further includes authenticating the session on the communication device.

Abstract: A method and mobile device for identifying a current user of the mobile device as a trusted user is provided. The mobile device determines that a current user of the mobile device is not the owner of the mobile device. The mobile device obtains a biometric sample of the current user and transmits an identification request message to a distributed identification system. The distributed identification system includes a group of mobile devices, each one that includes biometric data the owner of the device. The identification request message includes the biometric sample of the current user. If the biometric sample matches the sample of one of the mobile devices in the distributed identification system, that device sends an identity response to the originating mobile device. Upon receiving the identity response, the original mobile unit determines if the identity in the identity response matches a known identity of the mobile device, such as a member in the contact list.

Abstract: A method is provided for automatically deleting user passwords. Upon receiving a password-less user authentication a password grace period timer is started. Upon expiration of the password grace period timer the password is deleted if a user confidence score associated with the user is greater than a confidence threshold.

Abstract: Method and management server for revoking group server identifiers of compromised group servers. One method includes determining, with a management server, an identity-based cryptographic signing key based on a group server identifier. The method also includes distributing, via the management server, the identity-based cryptographic signing key to a group server. The method further includes receiving, at the management server, a security status indicating that the security of the group server is compromised. The method also includes, responsive to receiving the security status, distributing, via the management server, a revocation of the group server identifier to a plurality of communication devices.

Abstract: Method, server, and communication device for updating identity-based cryptographic private keys of compromised communication devices. One method includes receiving, at a server, a security status indicating that the security of a first communication device has been compromised. The first communication device is associated with a user and includes a first identity-based cryptographic private key and a first user identifier. The method also includes, responsive to receiving the security status, determining, with the server, a second user identifier based on the first user identifier. The method further includes determining, with the server, a second identity-based cryptographic private key based on the second user identifier. The method also includes distributing, via the server, the second identity-based cryptographic private key to a second communication device. The second communication device is associated with the user.

Abstract: Method and server for issuing a cryptographic key. One method includes distributing a first group key to a first communication device and a second communication device. The method also includes distributing a security request to the first communication device. The method further includes receiving a security status from the first communication device responsive to transmitting the security request. The method also includes determining when security of the first communication device is compromised based on the security status. The method further includes distributing, via a server, the cryptographic key to the first communication device when the security of the first communication device is not compromised. The method also includes distributing, via the server, a second group key to the second communication device when the security of the first communication device is compromised and the first communication device cannot be fixed or deactivated.

Abstract: Method and system for authenticating a session on a communication device. One method includes determining a use context of the communication device and an authentication status of the communication device. The method further includes determining a predetermined period of time based on at least one of the use context and the authentication status. The method further includes generating biometric templates based on at least one of the use context and the authentication status. The method further includes selecting a matching threshold for the biometric templates based on at least one of the use context and the authentication status. The method further includes comparing a match score of each of the biometric templates to the matching threshold to determine a passing amount of biometric templates with match scores that meet or exceed the matching threshold. The method further includes authenticating the session on the communication device.

Abstract: Methods and apparatus for using a biometric template to control access to a user credential for a shared wireless communication device. One method includes receiving, from a mobile device, an authentication request. The authentication request includes a device credential associated with the mobile device. The method further includes receiving, from the mobile device, a request for a biometric template of a user. The method further includes determining, by reference to at least one of a group consisting of the device credential and an authorization database, that the mobile device is authorized to receive the biometric template of the user based on at least one attribute controlling a use of the biometric template. The method further includes, in response to determining that the mobile device is authorized to receive the biometric template of the user, conveying the biometric template of the user to the mobile device.

Abstract: A method and apparatus for providing a lifetime extension to an identity assertion is provided herein. During operation a user will authenticate to an identity management server (also known as an authorization server or an authentication server) to obtain an identity assertion. An identity assertion will be provided upon successful authentication. The lifetime of the identity assertion will be based on whether or not biometric information of the user will be used by the device to which the assertion is being issued to identify the user prior to allowing the use of the identity assertion.

Abstract: A method between a controlling server and a participating server, a network, and a server include enhanced signaling via a Multicast-Broadcast Single Frequency Network (MBSFN) report allowing User Equipment (UE) to communicate MBSFN areas to a controlling server. Thus, the enhanced controlling server's Multimedia Broadcast Multicast Services (MBMS) decisions can count all visiting devices in addition to its own in its MBSFN areas. The method, network, and server include new signaling and additional info to provide a participating server with MBSFN areas that will have MBMS activated for a group session. This enhances the participating server's determination of which its visiting devices need unicast bearers. The participating server can add information related to the current MBSFN area of its UE to a message to the controlling server indicating joining the UE to a group.

Abstract: In a method, a secured link is established between a primary device and a secondary device, both of which are assigned to a user. The secondary device receives, on the secured link, a request for a derived certificate for the primary device and a public key generated by the primary device. The secondary device generates the derived certificate for the primary device based on an original certificate issued to the secondary device and transmits, on the secured link, the derived certificate to the primary device.

Abstract: A method and system for selecting a target cell for handover of user equipment in a Long Term Evolution (LTE) communication system are described. In accordance with the method, a serving cell: determines virtual channels supported by each of a plurality of neighboring cells; determines a set of virtual channels of interest to a UE; selects a subset of the neighboring cells, which supports at least one virtual channel in the set of virtual channels of interest to the UE; modifies handover behavior, and uses results of the modified handover behavior to select one of the neighboring cells, from the subset, as a target cell for handover of the UE.