Abstract: Disclosed are systems, apparatus, devices, methods, computer program products, and other implementations, including a method that includes determining location of a device, and controlling monitoring of behavior of one or more processes executing on the device based on the determined location of the device to identify potential one or more security-risky processes from the monitored one or more executing processes. In some embodiments, controlling the monitoring of the behavior of the one or more processes may include one or more of, for example, adjusting frequency of the monitoring of the one or more processes based on the determined location of the device, adjusting level of detail obtained for the monitored behavior of the one or more processes based on the determined location of the device, and/or adjusting features being observed for the monitored one or more processes based on the determined location of the device.

Abstract: Methods, devices and systems for detecting suspicious or performance-degrading mobile device behaviors intelligently, dynamically, and/or adaptively determine computing device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the mobile device behaviors are to be observed. The various aspects efficiently identify suspicious or performance-degrading mobile device behaviors without requiring an excessive amount of processing, memory, or energy resources.

Abstract: The various aspects provide for a computing device and methods implemented by the device to ensure that an application executing on the device and seeking root access will not cause malicious behavior while after receiving root access. Before giving the application root access, the computing device may identify operations the application intends to execute while having root access, determine whether executing the operations will cause malicious behavior by simulating execution of the operations, and pre-approve those operations after determining that executing those operations will not result in malicious behavior. Further, after giving the application root access, the computing device may only allow the application to perform pre-approved operations by quickly checking the application's pending operations against the pre-approved operations before allowing the application to perform those operations.

Abstract: Methods, systems and devices for generating data models in a communication system may include applying machine learning techniques to generate a first family of classifier models using a boosted decision tree to describe a corpus of behavior vectors. Such behavior vectors may be used to compute a weight value for one or more nodes of the boosted decision tree. Classifier models factors having a high probably of determining whether a mobile device behavior is benign or not benign based on the computed weight values may be identified. Computing weight values for boosted decision tree nodes may include computing an exclusive answer ratio for generated boosted decision tree nodes. The identified factors may be applied to the corpus of behavior vectors to generate a second family of classifier models identifying fewer factors and data points relevant for enabling the mobile device to determine whether a behavior is benign or not benign.

Abstract: Handover parameter settings are automatically adapted in access points in a system to improve handover performance. Reactive detection techniques are employed for identifying different types of handover-related failures and adapting handover parameters based on this detection. Messaging schemes are also employed for providing handover-related information to access points. Proactive detection techniques also may be used for identifying conditions that may lead to handover-related failures and then adapting handover parameters in an attempt to prevent such handover-related failures. Ping-ponging may be mitigated by adapting handover parameters based on analysis of access terminal visited cell history acquired by access points in the system. In addition, configurable parameters (e.g., timer values) may be used to detect handover-related failures.

Abstract: A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to identify, prevent, correct, and/or otherwise respond to malicious or performance-degrading behaviors of the computing device. As part of these operations, the processor may perform multifactor authentication operations that include determining one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value, using the one or more of these values to determine a number of authentication factors that are be evaluated when authenticating a user of the computing device, and authenticating the user by evaluating the determined number of authentication factors.

Abstract: Systems and methods for recognizing and reacting to malicious or performance-degrading behaviors in a mobile device include observing mobile device behaviors in an observer module within a privileged-normal portion of a secure operating environment to identify a suspicious mobile device behavior. The observer module may generate a concise behavior vector based on the observations, and provide the vector to an analyzer module in an unprivileged-secure portion of the secure operating environment. The vector may be analyzed in the unprivileged-secure portion to determine whether the mobile device behavior is benign, suspicious, malicious, or performance-degrading. If the behavior is found to be suspicious, operations of the observer module may be adjusted, such as to perform deeper observations. If the behavior is found to be malicious or performance-degrading behavior the user and/or a client module may be alerted in a secure, tamper-proof manner.

Abstract: A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to identify, prevent, correct, or otherwise respond to malicious or performance-degrading behaviors of the computing device. As part of these operations, the processor may generate user-persona information that characterizes the user based on that user's activities, preferences, age, occupation, habits, moods, emotional states, personality, device usage patterns, etc. The processor may use the user-persona information to dynamically determine the number of device features that are monitored or evaluated in the computing device, to identify the device features that are most relevant to determining whether the device behavior is not consistent with a pattern of ordinary usage of the computing device by the user, and to better identify or respond to non-benign behaviors of the computing device.

Abstract: Paging load and/or registration load in a network is reduced by using different types of identifiers to specifying which nodes page an access terminal in the network. In some aspects, the network maintains a list that specifies that certain individual nodes (e.g., cells or sectors) are to page a given access terminal and/or that one or more zones (e.g., tracking areas) are to page the access terminal. In some aspects, an access terminal in a network may be configured to provide a forward-looking paging list to the network. The list provided by an access terminal may specify different types of node identifiers (e.g., individual node identifiers, subscriber groups, etc.). The network may then use the list to determine which nodes are to page a given access terminal such that when the access terminal moves to a different node, that node may already be configured to page the access terminal.

Abstract: The subject matter disclosed herein relates to systems, methods, apparatuses, articles, etc. for mobile device locating in conjunction with localized environments. For certain example implementations, a method may comprise obtaining at a mobile device one or more signals comprising information indicative of a location thereof. The information may be transmitted to one or more servers. A location context identifier (LCI) may be received responsive to the transmitting, with the LCI corresponding to a localized environment at which the mobile device is located. The LCI may be transmitted to the one or more servers. Location-based data may be received responsive to the transmitting of the LCI, with the location-based data being associated with the LCI and pertaining to the localized environment. The location of the mobile device may be determined with respect to the localized environment based, at least in part, on the location-based data. Other example implementations are described herein.

Abstract: Methods, systems and devices for classifying mobile device behaviors of a first mobile device may include the first mobile device monitoring mobile device behaviors to generate a behavior vector, and applying the behavior vector to a first classifier model to obtain a first determination of whether a mobile device behavior is benign or not benign. The first mobile device may also send the behavior vector to a second mobile device, which may receive and apply the behavior vector to a second classifier model to obtain a second determination of whether the mobile device behavior is benign or not benign. The second mobile device may send the second determination to the first mobile device, which may receive the second determination, collate the first determination and the second determination to generate collated results, and determine whether the mobile device behavior is benign or not benign based on the collated results.

Abstract: Systems and methods for recognizing and reacting to malicious or performance-degrading behaviors in a mobile computing device include observing mobile device behaviors in an observer module within a privileged-normal portion of a secure operating environment to identify a suspicious mobile device behavior. The observer module may generate a behavior vector based on the observations, and provide the vector to an analyzer module in an unprivileged-secure portion of the secure operating environment. The vector may be analyzed in the unprivileged-secure portion to determine whether the mobile device behavior is benign, suspicious, malicious, or performance-degrading. If the behavior is found to be suspicious, operations of the observer module may be adjusted, such as to perform deeper observations. If the behavior is found to be malicious or performance-degrading behavior the user and/or a client module may be alerted in a secure, tamper-proof manner.

Abstract: Aspect methods, systems and devices may be configured to create/capture checkpoints without significantly impacting the performance, power consumption, or responsiveness of the mobile device. An observer module of the mobile device may instrument or coordinate various application programming interfaces (APIs) at various levels of the mobile device system and constantly monitor the mobile device (via a low power process, background processes, etc.) to identify the normal operation patterns of the mobile device and/or to identify behaviors that are not consistent with previously computed normal operation patterns. The mobile device may store mobile device state information in a memory as a stored checkpoint when it determines that the mobile device behaviors are consistent with normal operation patterns, and upload a previously stored checkpoint to a backup storage system when it determines that the mobile device behaviors are not consistent with normal operation patterns.

Abstract: Described are devices, methods, techniques and systems for locating a portable services access transceiver (PSAT) for use in aiding emergency “911” services. In one implementation, one or more conditions indicative of movement of a PSAT may initiate a process for obtaining a new estimated location of the PSAT. In another implementation, a location of a PSAT may be determined or updated using indoor navigation techniques.

Abstract: The various aspects provide a method for recognizing and preventing malicious behavior on a mobile computing device before it occurs by monitoring and modifying instructions pending in the mobile computing device's hardware pipeline (i.e., queued instructions). In the various aspects, a mobile computing device may preemptively determine whether executing a set of queued instructions will result in a malicious configuration given the mobile computing device's current configuration. When the mobile computing device determines that executing the queued instructions will result in a malicious configuration, the mobile computing device may stop execution of the queued instructions or take other actions to preempt the malicious behavior before the queued instructions are executed.

Abstract: Paging and power consumption are managed in conjunction with providing local breakout in a wireless wide area network. In some aspects, if a packet destined for an access terminal is received at an access point that provides local breakout, the access point may inform the network so that the network will cause the access point to page the access terminal. Alternatively, in some aspects an access point that provides local breakout may maintain idle context of the access terminal, whereby the access point may autonomously page the access terminal (i.e., without involving the core network). In some aspects local breakout traffic is filtered at an access point to reduce the number of pages or packets sent to an access terminal. In some aspects an indication of a packet type is provided with a page message to enable an access terminal to determine whether to receive the packet. In some aspects a local link interface may be selectively disabled or enabled to limit traffic at an access terminal.

Abstract: The subject matter disclosed herein relates to a system and method for determining navigation instructions in a navigation environment. A location estimate may be determined for a mobile device within an indoor pedestrian navigation environment. A user input indicating one or more destinations within the indoor pedestrian navigation environment may be received. A lowest cost path from the location estimate to the one or more destinations may be determined based at least in part on an expected number of navigation instructions associated with the lowest cost path. Such a lowest cost path may be presented to a user.

Abstract: The subject matter disclosed herein relates to a system and method for receiving incentives on a mobile device. A first message may be received based on a first location of the mobile device, such that the first message indicates to a user of the mobile device that an incentive will be provided if the user remains within a certain proximity a waypoint for a predetermined length of time, and a second message including may be received if a second location of the mobile device is within the certain proximity of the waypoint, such that an elapsed time between a determination of the first location and a determination of the second location is equal to or greater than the predetermined length of time.

Abstract: A behavior-based security system of a computing device may be protected from non-benign behavior, malware, and cyber attacks by configuring the device to work in conjunction with another component (e.g., a server) to monitor the accuracy and performance of the security system, and determine whether the system is working correctly, efficiently, or as expected. This may be accomplished via the server generating artificial attack software, sending the generated artificial attack software to the mobile device to simulate non-benign behavior in the mobile device, such as a cyber attack, and determining whether the behavior-based security system of the mobile device responded adequately to the simulated non-benign behavior. The sever may send a dead-man signal to the mobile device in response to determining that the behavior-based security system of the mobile device did not respond adequately to the simulated non-benign behavior.

Abstract: The subject matter disclosed herein relates to systems, methods, apparatuses, articles, and means for determining at least one navigational coordinate system to be utilized in conjunction with transports and/or mobile devices. For certain example implementations, a method by a mobile device that is at least proximate to a transport may comprise identifying a first navigational coordinate system, with the first navigational coordinate system being associated with the transport and enabling navigation within at least one navigable area of the transport. A second navigational coordinate system may also be identified. The mobile device may determine to utilize at least one of the first navigational coordinate system or the second navigational coordinate system based, at least in part, on one or more predetermined conditions. Other example implementations are described herein.