Abstract: Disclosed are various embodiments that perform confidence-based authentication of a user. An identification of a user account is obtained from a user, and a minimum confidence threshold is determined. Multiple authentication challenges are presented to the user. Responses are obtained from the user to one or more of the challenges, with each response having a corresponding authentication point value. A confidence score is generated for the user, where the confidence score is increased by the respective authentication point values of the correct responses. The user is authenticated as being associated with the user account in response to determining that the confidence score meets the minimum confidence threshold.

Abstract: Aspects of the disclosure provide a method for reflective quality of service (QoS) control and management at a user equipment (UE). The method can include creating a derived QoS rule belonging to a session and having a QoS flow identifier (QFI). The derived QoS rule includes a precedence value that is set to one of a precedence value associated with a session identifier (ID) of the session received from a core network (CN) of a wireless communication system during a session establishment procedure for establishing the session, a precedence value associated with the QFI received from the CN during the session establishment procedure for establishing the session or when a downlink QoS flow having the QFI is added to the session, or a precedence value that is defined by an operator of the wireless communication system.

Abstract: A method of adaptive transmission time interval (TTI) tuning based on TCP information is proposed. First, a procedure for TCP information delivery between eNB and TCP sender/TCP receiver is disclosed. The TCP information comprises TCP status, TCP congestion window (CWND) size, TCP round trip delay, TCP SS threshold, TCP index, and TCP event indication. Second, various methods for eNB to configure TTI with UE TCP information and/or buffer information are disclosed. A first method is saturation detection which includes buffer status based saturation detection and CWND based saturation detection. A second method is Greedy Buffer Clearing. A third method is TCP state based TTI selection method.

Abstract: Techniques described and suggested in the present document include access-card systems and methods that are resistant to attack. In certain implementations, a card reader transmits a challenge message to an access card. When the access card receives the challenge message, the access card validates the challenge message, and then generates a response message based at least in part on the information contained in the challenge message. A security server validates the response message, and when the security server determines that the response is secure, valid, and from an authorized access card, the security server grants access to a physical space. In some implementations, the challenge and response messages are digitally signed using a cryptographic key. Additional implementations include various tests that, when performed on the challenge and/or response messages detect and defeat many attempts to compromise the access-card system.

Abstract: A plurality of cipher suites is negotiated as part of a handshake process to establish a cryptographically protected communications session. The handshake process is completed to establish the cryptographically protected communications session. A message is communicated over the established cryptographically protected communications session using at least two cipher suites of the plurality of cipher suites.

Abstract: A method and a device for determining a trajectory in off-road scenarios having a first sensor system for capturing a 2D image of an environment; a first computing unit for classifying 2D image points into at least three classes, wherein a first class is “intended for being driven on”, wherein a further class is “can be driven on if necessary” and another class is “cannot be driven on”; a second sensor system for determining a height profile of the environment; a second computing unit for projecting the classified image points into the height profile; and a third computing unit having a trajectory planning algorithm, wherein the third computing unit determines a trajectory using the image points of the first class, wherein the image points of the further class are additionally taken into account in response to an incomplete trajectory in the first class.

Abstract: In an embodiment, a method comprises: configuring a direct conversion compound semiconductor sensor over a first surface of a readout integrated circuit, IC, comprising two surfaces, each surface comprising solder material on the surface; illuminating the solder material with an infra-red laser such that the solder material on the readout IC melts and forms solder joints between the readout IC and the direct conversion compound semiconductor sensor; configuring a substrate over a second surface of the readout IC comprising solder material; and illuminating the solder material of the second surface with the infra-red laser such that the solder material on the readout IC melts and electrically connects the readout IC with the substrate. In other embodiments, a high frequency radiation detector and an imaging apparatus are discussed.

Abstract: The present invention relates to methods and compositions used to reduce or prevent organ, tissue and cellular damage induced by irradiation exposure, such as radiodermatitis and radio mucositis. The compositions according to the invention comprise one or more inhibitors of plasminogen or one or more inhibitors of a component of the plasminogen activating pathway.

Abstract: Aspects of the disclosure provide a mobile terminal including a processing circuit. The processing circuit is configured to obtain a serving cell measurement result of measuring a first set of signal beams from a serving base station, determine a cell-level signal quality parameter based on the serving cell measurement result, and determine whether the cell-level signal quality parameter meets a poor cell-level signal quality condition. The processing circuit is further configured to, in response to a determination that the cell-level signal quality parameter meets the poor cell-level signal quality condition, obtain a neighboring cell measurement result of measuring a second set of signal beams from a neighboring base station, determine whether a measurement event occurs based on the serving cell measurement result and the neighboring cell measurement result, and send a measurement report to the serving base station in response to a determination that the measurement event occurs.

Abstract: A customer submits a request for assistance to a customer service. Accordingly, the customer service may access a customer database to obtain one or more customer preferences that can be used to select a service representative. If the customer database does not include these preferences, the customer service may utilize one or more customer attributes to calculate these one or more customer preferences. Subsequently, the customer service may access a service representative database and select a service representative based at least in part on the one or more customer preferences. The customer service may transmit the request to the selected service representative to enable the service representative to assist the customer.

Abstract: Secure interactions between a client device executing an application and a remote server associated with the application are enabled without credentials such as passwords. The application may acquire an encryption key pair, store a first key of the pair on the client device, and secure access to it by associated biometric data. The second key of the pair is stored on the remote server in association with the user's account. Responsive to a request on the application for an action that requires authentication with the remote server, the user must input biometric data which, only if verified, enables access to use the first key. The first key is then used to encrypt authentication data for submission to the remote server. The server accesses the public key and uses it to decrypt the data and verify the source of the request. If verified, the server then authorizes the requested action.

Abstract: Methods and systems are provided for verifying reset of credentials for user accounts. The methods and systems receive a request to change a credential associated with a user account. The user account has account privileges associated with a network service. The methods and systems send a reset notification to a network application maintaining separate credentials associated with the user account to inform a valid owner or user of the account that a credential has been reset. The methods and systems manage availability of at least a restricted subset of the account privileges until a reset verification is received from a valid owner or user.

Abstract: Methods and apparatus are provided for load balancing and load distribution using a set of alternative configurations. In one novel aspect, the UE receives and stores a set of alternative configurations. The UE selects a new alternative configuration upon detecting one or more triggering events and performs a cell selection based on the new alternative configuration. In one embodiment, the UE receives the set of alternative configurations from a broadcast signaling channel. In another embodiment, the UE applies a new configuration upon detecting one or more triggering events. In another embodiment, the UE selects the new alternative configuration using a hash function based on a UE identifier, wherein the hash function hashes to a priority class, and wherein each priority class maps to an alternative configuration. In one embodiment, a prohibition timer is used to prevent too frequent resource changes.

Abstract: The present document describes systems and methods that detect unauthorized transmission of data from internal networks to remote service providers, even when the transmission occurs over an encrypted connection. An exfiltration monitor is configured to monitor encrypted communications between clients within an internal network and a remote service provider. In various implementations, the exfiltration monitor associates the encrypted connections with account information, and applies exfiltration policies to the connections based at least in part on the associated account information. In additional implementations, the exfiltration monitor is provided with cryptographic keys that facilitate packet inspection of the encrypted connections. In many situations, the exfiltration monitor can use this information to discern between authorized use of a remote service, and unauthorized data exfiltration to the remote service.

Abstract: Representations of authentication objects are provided for selection via an interface. An authentication object may be generated to include information obtained from one or more sensors of a device. A selected authentication object may contain information sufficient for authentication with a corresponding system. The interface may provide multiple representations of authentication objects that are usable with different service providers. The interface, executed by a first device, may be configured to authenticate a second device.

Abstract: User input into a user interface is symbolically represented to increase security. User input received into a user interface and a mapping is applied to the user input. A result of the mapping is provided. The user interface may be updated to include the result of the mapping and/or may be provided to another device, such as over a short range communication channel. A person who views or otherwise has access to the user interface does not obtain the user input, but the result of the mapping indicates whether the user input was provided correctly.

Abstract: Entities of an organization may have difficulties generating and remembering strong passwords. A password management service may generate passwords with high entropy and aid entities in remembering generated passwords. The password management service may generate a list of passwords based on a seed value provided by the entities. The entities may then select a password from the list of passwords to be used at the entities' password. Furthermore, the entities may be allowed to save the list of passwords to aid the entities in remembering their selected password from the list of passwords.

Abstract: Disclosed are various embodiments for providing multi-factor authentication credentials. In one embodiment, in response to a request from an application, a notification is generated in a notification area of a display. Entry of a user approval is facilitated via the notification. The security credential may be shown in the notification area so that a user may enter it in a form field of the application.

Abstract: Apparatus and method are provided to configure two-tier identifiers for serving cells of a UE configured with inter-eNB carrier aggregation (CA). In one novel aspect, cell group identifiers are configured. The cell group identifier is a super set of one or more uplink group identifiers that are associated with serving cells served by the same base station. In one embodiment, different MAC entities are associated with different cell group identifiers. The UE performs uplink alignment, monitoring and management procedures linking to the cell group identifier. In another novel aspect, a group TAG, which is a super set identifier of one or more cell TAGs associated with serving cells served by the same base station, is configured. In one embodiment, the UE performs uplink alignment procedure based on the status of the group TAG, which is determined based on the status of the cell TAGs associated with the group TAG.

Abstract: Methods and apparatus are provided for handling of new UE capability. In one novel aspect, the UE reports a new UE capability to an eNB, determines whether the eNB supports the new UE capability and monitors a new DCI format to implement the new UE capability in the USS if the eNB supports the new UE capability, otherwise, monitors for a default DCI format to implement the default UE capability by the UE. In one embodiment, the UE is a NB-IoT device and reports the new UE capability in MSG3. In one embodiment, the UE obtains a configuration in system information to determine whether the eNB supports the new UE capability. In another embodiment, the UE obtains an indication in a dedicated RRC signaling to determine whether the eNB supports the new UE capability. In one embodiment, the new DCI format includes an indicator for a HARQ process number.