Abstract: Aspects of the present disclosure describe authentication of a user equipment (UE) in a network. It can be determined, by the UE, to access a discovered network for wireless communications, and based on a service provider associated with the discovered network, to use a modified universal subscriber identity module (USIM) subscription stored in the UE for authentication with the discovered network. The UE can obtain a subscriber identifier for authenticating on the discovered network via the authentication, where the subscriber identifier is generated based at least in part on a service provider identifier associated with the service provider and a modified mobile subscriber identity associated with the service provider. The UE can send the subscriber identifier to a node of the discovered network for the authentication.

Abstract: Aspects of the present disclosure describe authentication of a user equipment (UE) in a network. It can be determined, by the UE, to access a discovered network for wireless communications, and based on a service provider associated with the discovered network, to use a modified universal subscriber identity module (USIM) subscription stored in the UE for authentication with the discovered network. The UE can obtain a subscriber identifier for authenticating on the discovered network via the authentication, where the subscriber identifier is generated based at least in part on a service provider identifier associated with the service provider and a modified mobile subscriber identity associated with the service provider. The UE can send the subscriber identifier to a node of the discovered network for the authentication.

Abstract: Various features pertain to the authentication of mobile devices or other User Equipment. In some aspects, a Retail-based Neutral Host LTE is provided for use with Long Term Evolution (LTE) networks that, among other features, provides a WiFi Alliance HotSpot 2.0 (HS2.0) user experience using LTE technology for non-mobile network operator (non-MNO) Service Providers (SPs), while maintaining high security assurances as with LTE. That is, in some examples, Retail Neutral Host-LTE is configured to provide the same or similar security assurances as with MNO-based LTE. Moreover, retail Neutral Host-LTE offers options for provisioning credentials and authentication with the AAA that are analogous to the options for HS2.0, that is: username/password, SP-issued certificate, and pre-configured mobile device certificate. This is achieved, at least in part, while providing or ensuring that Retail Neutral Host-LTE security provides similar security assurances to MNO-based LTE.

Abstract: Aspect may relate to a device that comprises an interface and a processor. The interface may be configured to: obtain a statement from an asserting party exercising an authorization. The processor may be coupled to the interface and the processor may be configured to: implement an evaluator to evaluate the statement from the asserting party with policy verification instructions to determine if the asserting party was authorized to issue the statement.

Abstract: Various features pertain to the authentication of mobile devices or other User Equipment. In some aspects, a Retail-based Neutral Host LTE is provided for use with Long Term Evolution (LTE) networks that, among other features, provides a WiFi Alliance HotSpot 2.0 (HS2.0) user experience using LTE technology for non-mobile network operator (non-MNO) Service Providers (SPs), while maintaining high security assurances as with LTE. That is, in some examples, Retail Neutral Host-LTE is configured to provide the same or similar security assurances as with MNO-based LTE. Moreover, retail Neutral Host-LTE offers options for provisioning credentials and authentication with the AAA that are analogous to the options for HS2.0, that is: username/password, SP-issued certificate, and pre-configured mobile device certificate. This is achieved, at least in part, while providing or ensuring that Retail Neutral Host-LTE security provides similar security assurances to MNO-based LTE.

Abstract: Techniques are provided which may be implemented in various methods, apparatus, and/or articles of manufacture to allow a mobile device to obtain certain location service(s) and/or the like from one or more computing devices that have been authorized for use. For example, in certain implementations, an authorizing location server may obtain a first message from a mobile device indicating a first set of location servers, determine a second set of location servers based, at least in part, on the first set of location servers, and transmit a second message to the mobile device indicating that the second set of location servers are authorized for location service related access by the mobile device.

Abstract: Techniques are provided which may be implemented in various methods, apparatus, and/or articles of manufacture to allow a mobile device to obtain certain location service(s) and/or the like from one or more computing devices that have been authorized for use. For example, in certain implementations, an authorizing location server may obtain a first message from a mobile device indicating a first set of location servers, determine a second set of location servers based, at least in part, on the first set of location servers, and transmit a second message to the mobile device indicating that the second set of location servers are authorized for location service related access by the mobile device.

Abstract: Prior to transmission, a message is divided into multiple transmission units. A sub-message authentication code is obtained for each of the transmission units. A composed message authentication code is obtained for the whole message based on the sub-message authentication codes of the multiple transmission units. The multiple transmission units and the composed message authentication code are then transmitted. A receiver of the message receives a plurality of transmission units corresponding to the message. A local sub-message authentication code is calculated by the receiver for each transmission unit. A local composed message authentication code is calculated by the receiver based on the local sub-message authentication codes for the plurality of transmission units. The local composed message authentication code is compared to a received composed message authentication code to determine the integrity and/or authenticity of the received message.

Abstract: Disclosed is an apparatus, system, and method to utilize road markers to control vehicle speeds. The road markers may be commanded to emit a light for a pre-determined period of time. Further, the road markers may be controlled such that they are commanded to emit the light based upon a timing sequence associated with a desired speed so that the road markers emit light in a strobe pattern. In this way, if a vehicle is traveling at the desired speed, then the strobe pattern appears static to a driver of the vehicle. Additionally, a message may be transmitted from a traffic authority to increase or decrease the timing sequence of the strobe pattern to increase or decrease the speed to the desired speed.

Abstract: Systems and methods for protecting digital assets associated with a computing device are described herein. An example of a method according to the disclosure includes assigning at least one asset worth value to respective digital assets associated with a device, computing at least one device worth value using the at least one asset worth value assigned to the digital assets associated with the device, identifying at least one device worth value threshold, performing a comparison of the at least one device worth value to the at least one worth value threshold, and initiating at least one action with respect to the digital assets associated with the device based on the comparison.

Abstract: Disclosed is a method for configuring an internal entity of a WiFi-enabled remote station with a certificate. In the method, the remote station receives the certificate in at least one message from a registrar acting as a certificate authority. The remote station provides the certificate to the internal entity. The internal entity securely communicates with an external entity based on the certificate.

Abstract: An apparatus and method for identity reuse operable in a communications system, the method comprising selecting an identity value for a device; registering the device onto a network with the selected identity value; determining if the registration of the device is successful; and establishing a communication session for the device and deregistering the selected identity value upon termination of the communication session if the registration is successful, or determining whether to try a different identity value if the registration is not successful. In one aspect, the apparatus and method further comprising waiting a predetermined time period before either re-registering with the selected identity value or registering with the different identity value.

Abstract: Disclosed is an apparatus, system, and method to utilize road markers to control vehicle speeds. The road markers may be commanded to emit a light for a pre-determined period of time. Further, the road markers may be controlled such that they are commanded to emit the light based upon a timing sequence associated with a desired speed so that the road markers emit light in a strobe pattern. In this way, if a vehicle is traveling at the desired speed, then the strobe pattern appears static to a driver of the vehicle. Additionally, a message may be transmitted from a traffic authority to increase or decrease the timing sequence of the strobe pattern to increase or decrease the speed to the desired speed.

Abstract: Systems and methods for protecting digital assets associated with a computing device are described herein. An example of a method according to the disclosure includes assigning at least one asset worth value to respective digital assets associated with a device, computing at least one device worth value using the at least one asset worth value assigned to the digital assets associated with the device, identifying at least one device worth value threshold, performing a comparison of the at least one device worth value to the at least one worth value threshold, and initiating at least one action with respect to the digital assets associated with the device based on the comparison.

Abstract: Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key and provided periodically to a user. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key.

Abstract: A method for constructing keyed integer permutations over the set ZN. where N can be factored into p and q, or N can be prime. N bits are permuted by deriving a keyed permutation of representative indices. When N is factorable into p and q, the set of indices are divided into two portions. The portions undergo iterative processing called “rounds,” and in each round, a first half-round function operates on the first portion to form a first half-round value; the first half-round value and the second portion are added together by a modulo-p adder to form a first output value; a second half-round function operates on the second portion to form a second half-round value; and the second half-round value and the first portion are added together by a modulo-q adder to form a second output value. In this manner, outputs of the rounds are reordered. If N is prime and not less than 13, then N is separated into composite values s and t, and two sets are formed with s and t elements, respectively.

Abstract: Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key. The short-time key is available with each broadcast message, wherein sufficient information to calculate the short-time key is provided in an Internet protocol header preceding the broadcast content. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key.

Abstract: Prior to transmission, a message is divided into multiple transmission units. A sub-message authentication code is obtained for each of the transmission units. A composed message authentication code is obtained for the whole message based on the sub-message authentication codes of the multiple transmission units. The multiple transmission units and the composed message authentication code are then transmitted. A receiver of the message receives a plurality of transmission units corresponding to the message. A local sub-message authentication code is calculated by the receiver for each transmission unit. A local composed message authentication code is calculated by the receiver based on the local sub-message authentication codes for the plurality of transmission units. The local composed message authentication code is compared to a received composed message authentication code to determine the integrity and/or authenticity of the received message.

Abstract: Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key. The short-time key is available with each broadcast message, wherein sufficient information to calculate the short-time key is provided in an Internet protocol header preceding the broadcast content. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key.

Abstract: Methods and systems for blackout provisioning in a communication network. In an aspect, a method is provided for blackout provisioning in a distribution network. The method includes determining one or more affected regions, and generating a blackout key based an original key and the affected regions. The method also includes encrypting content with the blackout key to produce encrypted content, and transmitting the encrypted content and an encrypted version of the original key over the distribution network. An apparatus is provided for blackout provisioning that includes provisioning logic to determine one or more affected regions, a key generator to generate a blackout key based an original key and the affected regions, encryption logic to encrypt content with the blackout key to produce encrypted content, and a transmitter to transmit the encrypted content and an encrypted version of the original key over the distribution network.