Abstract: Systems, methods, and related technologies for device compliance monitoring are described. In certain aspects, one or more compliance rules associated with a device classification are used to determine a compliance level of a device. The one or more compliance rules may be based on a standard. An action can be initiated based on the compliance level.

Abstract: The present invention solves the problem by having: a first recording unit which accepts a handwritten electronic signature by a transactor and records the handwritten electronic signature in an electronic document; a second recording unit which records record information including transaction position information at a time that the handwritten electronic signature is recorded, in image data of the electronic document where the handwritten electronic signature is recorded by the first recording unit; and a managing unit which manages the record information recorded by the second recording unit and the image data where the record information is recorded as managing information, while associating the record information with the image data.

Abstract: Disclosed are a communication information hiding realization method and realization system. The method comprises: monitoring a communication information database for storing communication information in real time, and judging whether there is newly added communication information in the communication information database; when there is newly added communication information in the communication information database, acquiring a communication number of the newly added communication information, and comparing the communication number to a pre-set communication number set needing to be hidden; and when the communication number exists in the communication number set needing to be hidden, deleting or hiding the communication information corresponding to the communication number in the communication information database.

Abstract: Techniques provided herein relate to electronic authentication on public systems. A backend system receives at least one electronic data action request from a publicly available client system that is shared amongst a plurality of users. At least a portion of the primary authentication information is received from a secondary device separate from the publicly available client system. The electronic data action request is authenticated by determining if the primary authentication information matches expected primary authentication information that is expected to complete the electronic data action request. Performance of the electronic data action request is facilitated when the primary authentication information matches the expected primary authentication information.

Abstract: It is disclosed a method of establishing a secure connection between a device and a network-based entity, NAF, via an access gateway, where the device and a network-based bootstrapping server, BSF, have a pre-established trust relationship. The method comprises the access gateway acting as a proxy between the device and the BSF. A reference to a NAF received from the BSF is used to securely authenticate the device to the NAF. An identity of the access gateway is sent to the NAF and the identity is used to authorise the device to use the access gateway. The access gateway identity is authenticated at the BSF and/or the NAF. The access gateway may relay messages to the device over a non-HTTP link.

Abstract: Privacy management techniques for communication systems are provided. In one or more methods, one or more cryptographic key pairs are provisioned in a home network of a communication system for utilization by subscribers of the home network to conceal subscriber identifiers provided to access points in the communication system. The cryptographic key pairs are managed utilizing an element or function in the home network of the communication system. In one or more other methods, one or more public keys associated with one or more cryptographic key pairs are stored in user equipment, the cryptographic key pairs being provisioned by a home network of a communication system for use by subscribers of the home network to conceal subscriber identifiers provided to access points in the communication network. An element or function of the home network of the communication system is interfaced for management of the public keys stored in the user equipment.

Abstract: A method of verifying IMEIs and chipset S/Ns of devices within a wireless communication network. The method comprises receiving a request from a device to access the wireless communication network and receiving an international mobile equipment identity (IMEI) and serial number (S/N) from the device, wherein the IMEI and S/N are included on a chipset of the device, and wherein the S/N is the S/N for the chipset. The method further comprises comparing the IMEI and S/N with a database to confirm the authenticity of the IMEI and S/N. Based upon the authenticity of the IMEI and S/N, the request is either granted or not granted for the device to access the wireless communication network.

Abstract: The present invention relates to a wireless communication system. More specifically, the present invention relates to a method and a device for performing UL packet delay measurement in a wireless communication system, the method comprising: checking whether a value of queuing delay of a PDCP SDU is above a threshold, and generating and transmitting a PDCP PDU including the PDCP SDU and a time stamp for the PDCP SDU, if the value of the queuing delay is above the threshold, wherein a value of the time stamp for the PDCP SDU is set to a time when the PDCP SDU is received from the upper layer.

Abstract: An example method includes receiving an indication of a first level of authentication for an electronic device, the first authentication being associated with a first authentication device associated with the user; receiving an indication of a second level of authentication for the electronic device, the second authentication being associated with a second authentication device associated with the user, the second authentication device being different from the first authentication device; and upon receiving the indication of at least the first level of authentication and the second level of authentication, allow access to the electronic device.

Abstract: In various implementations, a computer-implemented method for remotely managing settings of applications includes receiving a network communication from a managed device, the received network communication including a client-side hash value. The method further includes identifying settings for an application on the managed device in response to the receiving of the network communication, where the identified settings include configuration instructions for the application. Based on a comparison between the received client-side hash value and a server-side hash value that corresponds to the identified settings, at least some of the identified settings are transmitted to the managed device. The transmitting of the at least some of the identified settings can be based on the comparison indicating a mismatch between the received client-side hash value and the server-side hash value.

Abstract: The invention relates to a method for discovering a home agent serving a mobile node upon the mobile node changing its mobility management scheme in a packet-switched network and the implementation of such method in a mobile node or home agent. In order to propose a home agent discover scheme that maintains session continuity in a seamless manner upon a mobile node changing its mobility management scheme, a mobile node comprises information on its location prior to changing the mobility management scheme to one of the first signaling messages transmitted upon changing the mobility management scheme (home agent discovery message). The receiving node uses this information to identify the home agent serving the mobile node or to provide a hint to the home agent where the mobile node is registered in a response message to the mobile node.

Abstract: Examples provided herein are directed to a computing device and media playback system sharing access to a media service corresponding to a media application installed on the computing device. In one example, a media playback system may be configured to (i) receive from the computing device an authorization code that corresponds to a media application installed on the computing device that is authorized to access media from a media service, (ii) transmit to the media service an authorization request with the authorization code, (iii) receive from the media service an authorization token that facilitates obtaining media from the media service, and (iv) transmit to the media service a request for media for playback by the media playback system, where the request for media includes the authorization token.

Abstract: An authentication device includes: a wearing position determination unit that determines a wearing position, the wearing position being a position at which a wearable article comprising a sensor is being worn on a body; and an authentication unit that performs authentication by using biometric information of the body, the biometric information being detected by the sensor at the wearing position.

Abstract: A user-operated communication device stores security association information that is initially used to wirelessly connect the user-operated communication device to a first wireless access point made available by a first private wireless network service provider. Assume that the user-operated communication device roams out of a first wireless coverage region supported by the first wireless access point into wireless range of a second wireless access point operated by a second private wireless network service provider. Instead of performing full authentication to establish a wireless communication link with the second wireless access point, the user-operated communication device requests authentication resumption and utilizes the stored security association information (provided by the first service provider) to more quickly, wirelessly connect the communication device to the second wireless access point.

Abstract: An authentication device includes: a wearing position determination unit that determines a wearing position, the wearing position being a position at which a wearable article comprising a sensor is being worn on a body; and an authentication unit that performs authentication by using biometric information of the body, the biometric information being detected by the sensor at the wearing position.

Abstract: A device that incorporates the subject disclosure may perform, for example, generating a security domain root structure for a universal integrated circuit card of an end user device, where the security domain root structure includes a hierarchy of a link provider operator security domain above a mobile network operator trusted security domain, where the link provider operator security domain enables transport management by a link provider operator, and where the mobile network operator trusted security domain enables card content management and subscription eligibility verification by a mobile network operator trusted service manager. Other embodiments are disclosed.

Abstract: In some embodiments, securing device commands includes a first electronic device receiving a command authorization request message from a second electronic device, including a device command to be performed by the second electronic device, a command argument, and a first message authentication code (MAC) generated by applying a hash function to the device command, the command argument and a first counter value. The first electronic device generates a second MAC by applying the hash function to the device command, the command argument and a second counter value synchronized with the first counter value. The first electronic device compares the first MAC and the second MAC to authenticate the device command and transmit a command approval message or a command denial message. The command approval message causes the second electronic device to perform the device command and the command denial message causes the second electronic device to reject the device command.

Abstract: The present invention relates to a virtual operating system for operating a terminal protected privacy application to a cloud based service for any apparatus capable of internet interception. Operating in a hidden background and turning any mobile phone into a smartphone by operating cloud applications from anywhere. More specifically, the present invention is a terminal platform operating in a cloud service, as a background hidden service, connecting terminal to cloud profile (Avatar) in a cloud server environment erasing dialed cryptic code from device log. The system enables user to use multi profiles from within the cloud application by code and switch between them by using the multi profiles button (MPB).

Abstract: A method, an information handling system (IHS) and a detection system for detecting tampering of memory contents. The method includes retrieving, via a board management controller (BMC), from a first memory device, a first hash associated with current first data such as a firmware image stored on the first memory device and retrieving, from a second memory device, a previously stored second hash associated with initial first data. The method further includes determining if the first hash and the second hash match. In response to the first hash and the second hash not matching, an error message is generated which indicates that the current first data of the first memory device has been tampered with. The error message is stored to an error log. The error message identifies the specific current first data and/or firmware image that has been tampered with. The method repeats periodically during runtime.

Abstract: The embodiments provide a cryptography key for two communicating devices that is based on information known only to the devices. Each of the communicating devices determines the information without communicating key information related to the encryption key with the other. Each device receives a setup signal sent by the other device. Each device samples the received signal, generates sampling results, creates a plurality of keys based on the sampling results, selects a key of the plurality of keys based on criteria, and utilizes the selected key. The sets of plurality of keys may be created by creating each of the keys based on a different power threshold applied to the sampling results. The sets of plurality of keys may also be created by inputting the sampling results into each of a plurality of decoders to generate a key at each decoder that comprises a key of the plurality of keys.

Abstract: A geographic location is received in which a payment recipient is to perform a task. A geolocation system determines that the recipient is at the geographic location based on information received from a mobile device of the recipient. Payment is electronically transferred to the recipient for completion of the task via a payment network. The payment is transferred responsive to determining that the recipient is at the geographic location.

Abstract: Mobile devices are provisionally registered when the mobile device does not have an active subscription profile. A communications session is established with an access network of a mobile communications network. Identification data for the computing device is sent to the access network. A connectivity configuration is used to allow the computing device to establish a limited connection on the mobile communications network. Using the limited connection, an eSIM profile is received. The eSIM profile is activated and the device is connected to an associated mobile network.

Abstract: A computing resource service provider detects that an account has been compromised. The computing resource service provider applies a set of restrictions on the account. The computing resource service provider denies a request if the request is preempted by the set of restrictions. The computing resource service provider fulfills a request that is not preempted by the set of restrictions.

Abstract: A method for secure access to a mobile edge computing gateway device based on a subscriber location fingerprint may comprise receiving a request to access the mobile edge computing gateway, a first user credential, and an encrypted token from a requesting user, associating the first user credential with a block chain location fingerprint for the subscribing user, including a plurality of time-stamped records of a plurality of estimated or measured location state variables of the subscribing user and an associated confidence interval representing an accuracy of those variables, decrypting the location fingerprint, receiving a requesting user location measurement, predicting a current location for the subscribing user and an associated current confidence interval based on recent location state variables in the location fingerprint, and allowing the requesting user access to the mobile edge computing gateway when the received requesting user location measurement falls within the value of the current confidence i

Abstract: The present invention relates to an authentication apparatus and method for a wireless network among a plurality of beacon devices constituting a mesh network and a computer-readable recording medium storing a program for carrying out the method, and more particularly, to an authentication apparatus and method according to authentication technology for including only beacon devices installed at a particular location in a particular mesh network and a recording medium storing a computer program for carrying out the method.

Abstract: An authentication management method executed in a plurality of apparatuses cooperating each other communicably connecting, to allow reception of instruction by a user, a first information processing apparatus which performs authentication that the user is a predetermined person and a second information processing apparatus which is worn by the user, in a case where the user wearing the second information processing apparatus has been identified, by the second information processing apparatus, to be the predetermined person, identifying, by the second information processing apparatus, whether or not the first information processing apparatus and the second information processing apparatus are associated with each other as a plurality of apparatuses which perform cooperative processing.

Abstract: Systems and methods are described for securely and efficiently processing electronic content. In one embodiment, a first application running on a first computing system establishes a secure channel with a second computing system, the secure channel being secured by one or more cryptographic session keys. The first application obtains a license from the second computing system via the secure channel, the license being encrypted using at least one of the one or more cryptographic session keys, the license comprising a content decryption key, the content decryption key being further encrypted using at least one of the one or more cryptographic session keys or one or more keys derived therefrom.

Abstract: A network device for maintaining data security generates different keys corresponding to data received from a sender. The different keys comprise a secret key, a client key, and a server key. The client and server keys form the secret key when combined. The network device encrypts the data with the secret key and discards the secret key in response. The network device generates a Uniform Resource Locator (URL) for requesting the data from the network device. The URL comprises the client key and a randomly-generated data identifier associated with the data. The network device sends the URL to an electronic address of a recipient and discards the client key in response.

Abstract: Disclosed are various examples of securely distributing certificates to client devices. A uniform resource locator (URL) is sent to a client device, wherein the URL represents an address from which the client device can request a user certificate. A certificate for a registration authority is sent to the client device, wherein the certificate comprises a first public key and a first private key. A certificate signing request (CSR) received from the client device at the URL is decrypted, wherein the CSR is encrypted with the first public key. The CSR is validated based at least in part on the URL sent to the client device. The user certificate is then sent to the client device.

Abstract: A first device, upon detecting participation in an authentication system, transmits new and old identification information of a first certificate revocation list that the first device manages to a second device. In a case where the new and old identification information of a second certificate revocation list that the second device manages is older than the new and old identification information of the received first certificate revocation list, the second device transmits a transmission request for the first certificate revocation list to the first device. Upon receiving the transmission request for the first certificate revocation list from the second device, the first device transmits the first certificate revocation list to the second device. the second device updates the second certificate revocation list using the received first certificate revocation list.

Abstract: A method for transmitting software in which a checker generates two random numbers. The checker calculates a cryptographic key based on the second random number based on a measured hardware function of the device. The checker encrypts the software into a cryptogram using the key, and transmits the cryptogram to the device. The checker transmits the first random number to the device, and receives a checksum from the device. The checker calculates a reference value based on the first random number and an emulated random access memory of the device, with the aid of the measured hardware function and a predefined cryptographic hash function. The checker subjects the checksum to a check based on the reference value, and if the check is successful, the checker transmits the second random number to the device.

Abstract: Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

Abstract: A wireless access point has a physically-embedded hardware-trust key and serves User Equipment (UE) with hardware-trusted wireless data communications. The wireless access point receives a hardware-trust challenge number and responsively generates a hardware-trust result with the physically-embedded hardware-trust key and the hardware-trust challenge number. The wireless access point transfers the hardware-trust result and receives an access hardware-trust digital certificate. The wireless access point wirelessly receives a hardware-trusted attachment request from the UE and wirelessly transfers the access hardware-trust digital certificate to the UE. The UE validates the access hardware-trust digital certificate. The wireless access point wirelessly exchanges user data with the UE responsive to the UE validating the access hardware-trust digital certificate. The wireless access point exchanges the user data with a data network.

Abstract: Provided are a method for personalizing a security element for a mobile end device for communicating via a mobile radio network as well as a corresponding system. The method comprises the following steps: supplying initialization data of an initialization entity to the security element, wherein the initialization data comprise a personalization token; supplying the personalization token from the security element to a personalization entity; checking the validity of the personalization token through the personalization entity; and after successfully checking the validity of the personalization token, supplying personalization data from the personalization entity to the security element, wherein authorization data for authenticating the security element in encrypted form are already part of the initialization data and the personalization data comprise a key for decrypting the authorization data.

Abstract: A method includes receiving a first message from a wireless device via a network. The method includes determining a device type of the wireless device. In response to determining that the device type satisfies a criterion, sending a second message granting the wireless device access to the network subject to a first restriction level and sending a network access request to a second device associated with an operator of the access point. The second message includes a first key to grant the wireless device access to the network subject to the first restriction level. The method includes receiving a response to the network access request from the second device. The method also includes determining, based on the response, based on the response, whether to grant the wireless device access to the network subject to a second restriction level, the second restriction level less restrictive than the first restriction level.

Abstract: A communication apparatus capable of secure wireless communication by using a certificate, comprises: a determining unit that determines, in the communication apparatus, one of whether a first mode which operates as a role in deciding a communication channel used for direct wireless connection with a communication target apparatus is activated and whether a second mode which executes role decision processing of deciding whether to operate as the role in deciding the communication channel used for the direct wireless connection with the communication target apparatus is activated; and a control unit that executes certificate generation processing before being connected to the communication target apparatus if the determining unit determines that the first mode is activated and obtain the certificate held in the communication apparatus before executing the role decision processing if the determining unit determines that the second mode is activated.

Abstract: Methods are disclosed for improving communications on feedback transmission channels, in which there is a possibility of bit errors. The basic solutions to counter those errors are: proper design of the CSI vector quantizer indexing (i.e., the bit representation of centroid indices) in order to minimize impact of index errors, use of error detection techniques to expurgate the erroneous indices and use of other methods to recover correct indices.

Abstract: A method of using biometric verification comprises identifying a validation requirement during the execution of a non-voice channel interaction, and initiating a contact to the user, at a pre-registered device. The method further comprises executing a biometric verification of the user's identity and possession of the device, via a user interaction at the pre-registered device, and providing the validation when the user is successfully identified.

Abstract: In certain embodiments, first and second challenge responses may be obtained at a computer system from a client device respectively via first and second connections between the computer system and the client device. The challenge responses may each be generated based on a same private key stored in a secure local storage at the client device. Confirmation of identification information associated with an entity, to which the private key corresponds, may be obtained based on information obtained from the client device via the first connection. Information obtained from the client device via the second connection may be authenticated based on (i) the obtained confirmation via the first connection and (ii) verification of the first and second challenge responses obtained respectively via the first and second connections.

Abstract: Service data feeds that indicate multiple Embedded Subscriber Identity Module (eSIM) profiles provided by one or more eSIM profile vendor are loaded into one or more profile data stores of a subscription management service may be received from the subscription management service. The profile data stores may include a Subscription Manager Data Preparation (SM-DP) profile data store or a Subscription Manager Data Preparation Plus (SM-DP+) profile data store. A request is then received from an entity to perform an action with respect to a particular eSIM profile that has a specific Integrated Circuit Card identifier (ICCID). The request is forwarded to the subscription management service in response to determining that the specific ICCID matches an ICCID of an eSIM profile that is indicated by a service data feed as being loaded into a profile data store of the subscription management service. Accordingly, the subscription management service may implement the action with respect to the particular eSIM profile.

Abstract: A streaming one time Pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) to establish multiple secure point-to-point connections. This can be used to implement a streaming OTP point-to-point firewall, virtual private network or other communications facility for communicating secure information across one or more insecure networks.

Abstract: Methods and apparatus for intelligent scheduling in hybrid networks based on client identity. For example, in one embodiment, the hybrid networks are cellular networks (e.g., LTE and CDMA 1X), and a cellular device uses a single-radio solution to support circuit-switched calls on a CDMA 1X network and packet-switched calls on LTE. Periodically, the cellular device tunes away from LTE and monitors CDMA 1X activity, and vice versa. The LTE network can infer the cellular device's tune away schedule, based on the device's identity, and the paging schedule algorithm of the CDMA 1X network.

Abstract: The present disclosure relates to changing a password in a proximity-based authentication system. After a successful proximity-based authentication, a password agent may determine that a password does not comply with an administrative password policy. The password agent may then generate a new password that does comply with the administrative password policy and submit a password change request to an administrator of that password policy, without any input by a user at these steps. The user can then request to view the password for input to a service using the same password, and after passing a biometric challenge may view the password.

Abstract: Aspects of the present disclosure provide mechanisms for count synchronization in a wireless communication network. A respective count value may be maintained for each packet transmitted over a wireless connection, where each count value includes a respective hyper frame number and a respective sequence number. To synchronize a current count value associated with a current packet, a count synchronization may be initiated to transmit at least a current hyper frame number of the current count value over the wireless connection.

Abstract: Techniques disclosed herein enable a system to reduce user authentication requirements during a user's travels by analyzing transportation data and/or event data sent to the user via a communication service, e.g. email. The system may analyze the data in order to determine where the user will be at some future time and, ultimately, to then validate access requests against such determinations to mitigate the need for heightened user authentication requirements while the user is traveling. For instance, the system may identify an airline reservation sent to the user and enable the user to confirm that she has corresponding travel plans. Once she confirms her travel plans, the system may refrain from increasing authentication requirements from Single-Factor Authentication (SFA) to Multi-Factor Authentication (MFA) input requirements for access requests that match the confirmed travel plans.

Abstract: A method for verifying a security of a service operation is provided. The method includes receiving, by a service terminal, a creditability analysis instruction of the service operation, where the creditability analysis instruction is sent by a service server. The method may further include obtaining, by the service terminal, a creditability analysis result of the service operation based on the creditability analysis instruction and one or more risk control models pre-stored in the service terminal, and sending the creditability analysis result to the service server for determining the security of the service operation.

Abstract: The objective of the invention is to provide an encoding method and a communication method wherein bit-error correction is easy for a authorized recipient but difficult for an unauthorized recipient. A transmission channel in which bit errors are moderately controlled is used to transmit/receive a random number sequence. A common key is shared between a transmitter and a receiver in advance; each bit value of the common key is connected with each slot of the random number sequence; the common key is used to divide the random number sequence into two or more random number series in accordance with the connection; and each random number series is independently encoded and parity check symbols are generated. The unit of the encoding is equal to or greater than the length of the common key so as to make a partial analysis by an unauthorized recipient impossible.

Abstract: A method of authenticating a user of a terminal referred of as a first terminal, and suitable for communicating with a service provider via a first communications network, the provider requesting an authentication of the user of the first terminal before providing a service to the first terminal, wherein the authentication of the user is based on user authentication performed with regard to a second terminal.

Abstract: A two-way key switching method and an implementation device. The method includes: when acquiring a new key, any end in a communication link setting a new key transmitting direction to be unavailable and setting a new key receiving direction to be available; after it is presumed or determined that at least n opposite ends have acquired the new key and before an original key is invalid, the any end starting a first key switching process, to set the transmitting direction of the original key to be unavailable and set the new key transmitting direction to be available, where N?n?1, and N is the total number of receiving sides corresponding to the transmitting side; according to a protection identifier of data transmitted from the opposite end, the any end selecting a valid key to perform deprotection; and after the data is successfully deprotected with the new key for the first time, the any end starting a second key switching process, to set the receiving direction of the original key to be unavailable.

Abstract: The present invention relates to a relaying device which performs the individual calling in response to not only a call incoming from a telephone but also a call incoming from a transceiver. When receiving a communication request from another device over a network, the relaying device determines if this communication request is accompanied by the wireless-device specifying information (ID). When the communication request is not accompanied by the ID, the relaying device sends a signal for prompting another device to input the ID. When the ID is sent in response to the sent signal, the relaying device instructs the relaying wireless device to call the wireless terminal device specified by this ID. In addition, when the communication request is accompanied by the ID, the relaying device instructs the relaying wireless device to call the wireless terminal device specified by this ID.