Abstract: A method for user authentication in a telecommunication network includes an authentication server with an authentication service and comprises an initial identity check of a upon a user request. The method includes steps performed by the authentication server, in which steps the authentication server receives a request with user behavior data for further authentication of a user, stores the user behavior data, matches the initial identity with previous information of the user by using an algorithm, performs further checking of the identity of the user if the initial identity of the user and the previous information of the user did not match in a predetermined manner, and reports the result of the further authentication as a reply to the request. A system performs the steps of the method.

Abstract: Wireless printing devices that are configured to register with a service over a network (e.g., the Internet) for providing printing services without a device specific printer driver are herein disclosed and enabled. The printing device may include an interface (e.g., a touch sensitive screen) to receive security information for connecting to a wireless local area network (WLAN). While connected to the wireless WLAN, the printing device registers the printing device with the service and transmits, to the service, device information related to the printing device. Subsequent to registration, one or more client devices, using the service over the network, may select the registered printing device for printing. The printing device is configured to receive output data either from the service over the network or from the one or more client devices over the network. The output data is related to the device information transmitted from the printing device to the service.

Abstract: Disclosed herein are methods, computer program instructions and apparatus for performing random access procedures in a wireless communication system. A method includes receiving at a network access node, in different time and frequency resources that are allocated for preamble transmission, and in different ones of a plurality of component carriers, a plurality of random access requests from individual ones of a plurality of user equipments; and transmitting a corresponding plurality of random access responses in a time and frequency resource of a single component carrier.

Abstract: In some embodiments, securing device commands includes a first electronic device receiving a command authorization request message from a second electronic device, including a device command to be performed by the second electronic device, a command argument, and a first message authentication code (MAC) generated by applying a hash function to the device command, the command argument and a first counter value. The first electronic device generates a second MAC by applying the hash function to the device command, the command argument and a second counter value synchronized with the first counter value. The first electronic device compares the first MAC and the second MAC to authenticate the device command and transmit a command approval message or a command denial message. The command approval message causes the second electronic device to perform the device command and the command denial message causes the second electronic device to reject the device command.

Abstract: A downlink information receiving method and sending method, user equipment, and a network device, where a first user equipment first receives a first data packet, and the first user equipment determines whether the first data packet carries identity-related information of the first user equipment. If the first data packet does not carry identity-related information of the first user equipment, the first user equipment does not need to receive a second data packet.

Abstract: A method of transmitting a signal over a physical random access channel, wherein the signal comprises a plurality of symbols forming a symbol group. The method comprises applying scrambling to a plurality of symbols within the symbol group.

Abstract: Certain embodiments may generally relate to controlling access to data held in the cloud. A method for controlling access to data held in the cloud may include determining, at a cloud server, the validity of user credentials received from a user device. The method may also include receiving context data related to the user device based on the validity of the user credentials. The method may further include synchronizing the context data with the cloud server. In addition, the method may include enforcing context-sensitive security checks on requests made by the user for resources based on the sensor data collected by the user device.

Abstract: A client device is operated by obtaining a list of contacts, wherein the list of contacts includes contact information of authorized users, recording media content, defining a selected recipient of the media content, and transmitting the media content and contact information of the selected recipient to a media repository system to enable the media repository system to compare an identification of a user requesting access to the media content from the media repository system with the contact information of the selected recipient and to enable a communication device of the user to access the media content from the media repository system responsive to a determination that the contact information of the selected recipient matches the identification of the user. The media content includes audio, video, and/or image content.

Abstract: The inventor provides a Bluetooth automatic connection method and a master device, slave device, and system for implementing Bluetooth automatic connection, solving the problem that manual selection and connection are needed in a scenario in which there are multiple Bluetooth devices. The present invention relates to implementation of connection between Bluetooth devices, and in particular, quick automatic connection of the Bluetooth devices.

Abstract: Disclosed is a Managed Access System that operates as a man-in-the-middle between a handset and a network carrier system (e.g., Verizon, AT&T) to control access of handsets to connect to the network carrier system. The Managed Access System includes adaptable hardware, which emulates or simulates the characteristics of the handset such that the network carrier system communicates with the Managed Access System rather than the handset.

Abstract: A radio communication system provided with a communication device and a radio communication network system is characterized by comprising a transmission delay estimate information transmitting means for transmitting transmission delay estimate information to the radio communication network system when the transmission condition of the transmission delay estimate information is met.

Abstract: There is provided a method and system for authenticating a production of products. The method and system comprise determining if configuration data for the production run is authorized and, if the production run is authorized, generating a security token and associating the token with configuration data. The configuration data is digitally signed by generating a digital signature and associating the digital signature with the configuration data. The digital signature associated with the digitally signed configuration data is verified. Products are then produced in a production run according to the digitally signed configuration data, and the set of secure product identifiers is printed on the products according to the digitally signed configuration data.

Abstract: The disclosure relates to a security method and system in a telecommunications network comprising a radio access network system and a core network system. The radio access network system is configured to provide a wireless radio interface for at least one user device, wherein a shared secret key is stored in both the user device and the core network system. At least one vector is received from the core network system comprising one or more values derived from the shared secret key. At least one of an authentication procedure and a key agreement procedure is performed in the radio access network system for the user device over the wireless radio interface using the one or more values of the received vector for establishing a connection between the user device and the radio access network system.

Abstract: Systems, methods, and related technologies for device compliance monitoring are described. In certain aspects, one or more compliance rules associated with a device classification are used to determine a compliance level of a device. The one or more compliance rules may be based on a standard. An action can be initiated based on the compliance level.

Abstract: The present invention solves the problem by having: a first recording unit which accepts a handwritten electronic signature by a transactor and records the handwritten electronic signature in an electronic document; a second recording unit which records record information including transaction position information at a time that the handwritten electronic signature is recorded, in image data of the electronic document where the handwritten electronic signature is recorded by the first recording unit; and a managing unit which manages the record information recorded by the second recording unit and the image data where the record information is recorded as managing information, while associating the record information with the image data.

Abstract: It is disclosed a method of establishing a secure connection between a device and a network-based entity, NAF, via an access gateway, where the device and a network-based bootstrapping server, BSF, have a pre-established trust relationship. The method comprises the access gateway acting as a proxy between the device and the BSF. A reference to a NAF received from the BSF is used to securely authenticate the device to the NAF. An identity of the access gateway is sent to the NAF and the identity is used to authorise the device to use the access gateway. The access gateway identity is authenticated at the BSF and/or the NAF. The access gateway may relay messages to the device over a non-HTTP link.

Abstract: Disclosed are a communication information hiding realization method and realization system. The method comprises: monitoring a communication information database for storing communication information in real time, and judging whether there is newly added communication information in the communication information database; when there is newly added communication information in the communication information database, acquiring a communication number of the newly added communication information, and comparing the communication number to a pre-set communication number set needing to be hidden; and when the communication number exists in the communication number set needing to be hidden, deleting or hiding the communication information corresponding to the communication number in the communication information database.

Abstract: Techniques provided herein relate to electronic authentication on public systems. A backend system receives at least one electronic data action request from a publicly available client system that is shared amongst a plurality of users. At least a portion of the primary authentication information is received from a secondary device separate from the publicly available client system. The electronic data action request is authenticated by determining if the primary authentication information matches expected primary authentication information that is expected to complete the electronic data action request. Performance of the electronic data action request is facilitated when the primary authentication information matches the expected primary authentication information.

Abstract: A method of verifying IMEIs and chipset S/Ns of devices within a wireless communication network. The method comprises receiving a request from a device to access the wireless communication network and receiving an international mobile equipment identity (IMEI) and serial number (S/N) from the device, wherein the IMEI and S/N are included on a chipset of the device, and wherein the S/N is the S/N for the chipset. The method further comprises comparing the IMEI and S/N with a database to confirm the authenticity of the IMEI and S/N. Based upon the authenticity of the IMEI and S/N, the request is either granted or not granted for the device to access the wireless communication network.

Abstract: Privacy management techniques for communication systems are provided. In one or more methods, one or more cryptographic key pairs are provisioned in a home network of a communication system for utilization by subscribers of the home network to conceal subscriber identifiers provided to access points in the communication system. The cryptographic key pairs are managed utilizing an element or function in the home network of the communication system. In one or more other methods, one or more public keys associated with one or more cryptographic key pairs are stored in user equipment, the cryptographic key pairs being provisioned by a home network of a communication system for use by subscribers of the home network to conceal subscriber identifiers provided to access points in the communication network. An element or function of the home network of the communication system is interfaced for management of the public keys stored in the user equipment.

Abstract: The present invention relates to a wireless communication system. More specifically, the present invention relates to a method and a device for performing UL packet delay measurement in a wireless communication system, the method comprising: checking whether a value of queuing delay of a PDCP SDU is above a threshold, and generating and transmitting a PDCP PDU including the PDCP SDU and a time stamp for the PDCP SDU, if the value of the queuing delay is above the threshold, wherein a value of the time stamp for the PDCP SDU is set to a time when the PDCP SDU is received from the upper layer.

Abstract: An example method includes receiving an indication of a first level of authentication for an electronic device, the first authentication being associated with a first authentication device associated with the user; receiving an indication of a second level of authentication for the electronic device, the second authentication being associated with a second authentication device associated with the user, the second authentication device being different from the first authentication device; and upon receiving the indication of at least the first level of authentication and the second level of authentication, allow access to the electronic device.

Abstract: The invention relates to a method for discovering a home agent serving a mobile node upon the mobile node changing its mobility management scheme in a packet-switched network and the implementation of such method in a mobile node or home agent. In order to propose a home agent discover scheme that maintains session continuity in a seamless manner upon a mobile node changing its mobility management scheme, a mobile node comprises information on its location prior to changing the mobility management scheme to one of the first signaling messages transmitted upon changing the mobility management scheme (home agent discovery message). The receiving node uses this information to identify the home agent serving the mobile node or to provide a hint to the home agent where the mobile node is registered in a response message to the mobile node.

Abstract: In various implementations, a computer-implemented method for remotely managing settings of applications includes receiving a network communication from a managed device, the received network communication including a client-side hash value. The method further includes identifying settings for an application on the managed device in response to the receiving of the network communication, where the identified settings include configuration instructions for the application. Based on a comparison between the received client-side hash value and a server-side hash value that corresponds to the identified settings, at least some of the identified settings are transmitted to the managed device. The transmitting of the at least some of the identified settings can be based on the comparison indicating a mismatch between the received client-side hash value and the server-side hash value.

Abstract: Examples provided herein are directed to a computing device and media playback system sharing access to a media service corresponding to a media application installed on the computing device. In one example, a media playback system may be configured to (i) receive from the computing device an authorization code that corresponds to a media application installed on the computing device that is authorized to access media from a media service, (ii) transmit to the media service an authorization request with the authorization code, (iii) receive from the media service an authorization token that facilitates obtaining media from the media service, and (iv) transmit to the media service a request for media for playback by the media playback system, where the request for media includes the authorization token.

Abstract: An authentication device includes: a wearing position determination unit that determines a wearing position, the wearing position being a position at which a wearable article comprising a sensor is being worn on a body; and an authentication unit that performs authentication by using biometric information of the body, the biometric information being detected by the sensor at the wearing position.

Abstract: A user-operated communication device stores security association information that is initially used to wirelessly connect the user-operated communication device to a first wireless access point made available by a first private wireless network service provider. Assume that the user-operated communication device roams out of a first wireless coverage region supported by the first wireless access point into wireless range of a second wireless access point operated by a second private wireless network service provider. Instead of performing full authentication to establish a wireless communication link with the second wireless access point, the user-operated communication device requests authentication resumption and utilizes the stored security association information (provided by the first service provider) to more quickly, wirelessly connect the communication device to the second wireless access point.

Abstract: An authentication device includes: a wearing position determination unit that determines a wearing position, the wearing position being a position at which a wearable article comprising a sensor is being worn on a body; and an authentication unit that performs authentication by using biometric information of the body, the biometric information being detected by the sensor at the wearing position.

Abstract: In some embodiments, securing device commands includes a first electronic device receiving a command authorization request message from a second electronic device, including a device command to be performed by the second electronic device, a command argument, and a first message authentication code (MAC) generated by applying a hash function to the device command, the command argument and a first counter value. The first electronic device generates a second MAC by applying the hash function to the device command, the command argument and a second counter value synchronized with the first counter value. The first electronic device compares the first MAC and the second MAC to authenticate the device command and transmit a command approval message or a command denial message. The command approval message causes the second electronic device to perform the device command and the command denial message causes the second electronic device to reject the device command.

Abstract: A device that incorporates the subject disclosure may perform, for example, generating a security domain root structure for a universal integrated circuit card of an end user device, where the security domain root structure includes a hierarchy of a link provider operator security domain above a mobile network operator trusted security domain, where the link provider operator security domain enables transport management by a link provider operator, and where the mobile network operator trusted security domain enables card content management and subscription eligibility verification by a mobile network operator trusted service manager. Other embodiments are disclosed.

Abstract: A method, an information handling system (IHS) and a detection system for detecting tampering of memory contents. The method includes retrieving, via a board management controller (BMC), from a first memory device, a first hash associated with current first data such as a firmware image stored on the first memory device and retrieving, from a second memory device, a previously stored second hash associated with initial first data. The method further includes determining if the first hash and the second hash match. In response to the first hash and the second hash not matching, an error message is generated which indicates that the current first data of the first memory device has been tampered with. The error message is stored to an error log. The error message identifies the specific current first data and/or firmware image that has been tampered with. The method repeats periodically during runtime.

Abstract: The present invention relates to a virtual operating system for operating a terminal protected privacy application to a cloud based service for any apparatus capable of internet interception. Operating in a hidden background and turning any mobile phone into a smartphone by operating cloud applications from anywhere. More specifically, the present invention is a terminal platform operating in a cloud service, as a background hidden service, connecting terminal to cloud profile (Avatar) in a cloud server environment erasing dialed cryptic code from device log. The system enables user to use multi profiles from within the cloud application by code and switch between them by using the multi profiles button (MPB).

Abstract: The embodiments provide a cryptography key for two communicating devices that is based on information known only to the devices. Each of the communicating devices determines the information without communicating key information related to the encryption key with the other. Each device receives a setup signal sent by the other device. Each device samples the received signal, generates sampling results, creates a plurality of keys based on the sampling results, selects a key of the plurality of keys based on criteria, and utilizes the selected key. The sets of plurality of keys may be created by creating each of the keys based on a different power threshold applied to the sampling results. The sets of plurality of keys may also be created by inputting the sampling results into each of a plurality of decoders to generate a key at each decoder that comprises a key of the plurality of keys.

Abstract: A geographic location is received in which a payment recipient is to perform a task. A geolocation system determines that the recipient is at the geographic location based on information received from a mobile device of the recipient. Payment is electronically transferred to the recipient for completion of the task via a payment network. The payment is transferred responsive to determining that the recipient is at the geographic location.

Abstract: Mobile devices are provisionally registered when the mobile device does not have an active subscription profile. A communications session is established with an access network of a mobile communications network. Identification data for the computing device is sent to the access network. A connectivity configuration is used to allow the computing device to establish a limited connection on the mobile communications network. Using the limited connection, an eSIM profile is received. The eSIM profile is activated and the device is connected to an associated mobile network.

Abstract: A computing resource service provider detects that an account has been compromised. The computing resource service provider applies a set of restrictions on the account. The computing resource service provider denies a request if the request is preempted by the set of restrictions. The computing resource service provider fulfills a request that is not preempted by the set of restrictions.

Abstract: A method for secure access to a mobile edge computing gateway device based on a subscriber location fingerprint may comprise receiving a request to access the mobile edge computing gateway, a first user credential, and an encrypted token from a requesting user, associating the first user credential with a block chain location fingerprint for the subscribing user, including a plurality of time-stamped records of a plurality of estimated or measured location state variables of the subscribing user and an associated confidence interval representing an accuracy of those variables, decrypting the location fingerprint, receiving a requesting user location measurement, predicting a current location for the subscribing user and an associated current confidence interval based on recent location state variables in the location fingerprint, and allowing the requesting user access to the mobile edge computing gateway when the received requesting user location measurement falls within the value of the current confidence i

Abstract: The present invention relates to an authentication apparatus and method for a wireless network among a plurality of beacon devices constituting a mesh network and a computer-readable recording medium storing a program for carrying out the method, and more particularly, to an authentication apparatus and method according to authentication technology for including only beacon devices installed at a particular location in a particular mesh network and a recording medium storing a computer program for carrying out the method.

Abstract: An authentication management method executed in a plurality of apparatuses cooperating each other communicably connecting, to allow reception of instruction by a user, a first information processing apparatus which performs authentication that the user is a predetermined person and a second information processing apparatus which is worn by the user, in a case where the user wearing the second information processing apparatus has been identified, by the second information processing apparatus, to be the predetermined person, identifying, by the second information processing apparatus, whether or not the first information processing apparatus and the second information processing apparatus are associated with each other as a plurality of apparatuses which perform cooperative processing.

Abstract: Systems and methods are described for securely and efficiently processing electronic content. In one embodiment, a first application running on a first computing system establishes a secure channel with a second computing system, the secure channel being secured by one or more cryptographic session keys. The first application obtains a license from the second computing system via the secure channel, the license being encrypted using at least one of the one or more cryptographic session keys, the license comprising a content decryption key, the content decryption key being further encrypted using at least one of the one or more cryptographic session keys or one or more keys derived therefrom.

Abstract: A network device for maintaining data security generates different keys corresponding to data received from a sender. The different keys comprise a secret key, a client key, and a server key. The client and server keys form the secret key when combined. The network device encrypts the data with the secret key and discards the secret key in response. The network device generates a Uniform Resource Locator (URL) for requesting the data from the network device. The URL comprises the client key and a randomly-generated data identifier associated with the data. The network device sends the URL to an electronic address of a recipient and discards the client key in response.

Abstract: A first device, upon detecting participation in an authentication system, transmits new and old identification information of a first certificate revocation list that the first device manages to a second device. In a case where the new and old identification information of a second certificate revocation list that the second device manages is older than the new and old identification information of the received first certificate revocation list, the second device transmits a transmission request for the first certificate revocation list to the first device. Upon receiving the transmission request for the first certificate revocation list from the second device, the first device transmits the first certificate revocation list to the second device. the second device updates the second certificate revocation list using the received first certificate revocation list.

Abstract: Disclosed are various examples of securely distributing certificates to client devices. A uniform resource locator (URL) is sent to a client device, wherein the URL represents an address from which the client device can request a user certificate. A certificate for a registration authority is sent to the client device, wherein the certificate comprises a first public key and a first private key. A certificate signing request (CSR) received from the client device at the URL is decrypted, wherein the CSR is encrypted with the first public key. The CSR is validated based at least in part on the URL sent to the client device. The user certificate is then sent to the client device.

Abstract: Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

Abstract: A method for transmitting software in which a checker generates two random numbers. The checker calculates a cryptographic key based on the second random number based on a measured hardware function of the device. The checker encrypts the software into a cryptogram using the key, and transmits the cryptogram to the device. The checker transmits the first random number to the device, and receives a checksum from the device. The checker calculates a reference value based on the first random number and an emulated random access memory of the device, with the aid of the measured hardware function and a predefined cryptographic hash function. The checker subjects the checksum to a check based on the reference value, and if the check is successful, the checker transmits the second random number to the device.

Abstract: A wireless access point has a physically-embedded hardware-trust key and serves User Equipment (UE) with hardware-trusted wireless data communications. The wireless access point receives a hardware-trust challenge number and responsively generates a hardware-trust result with the physically-embedded hardware-trust key and the hardware-trust challenge number. The wireless access point transfers the hardware-trust result and receives an access hardware-trust digital certificate. The wireless access point wirelessly receives a hardware-trusted attachment request from the UE and wirelessly transfers the access hardware-trust digital certificate to the UE. The UE validates the access hardware-trust digital certificate. The wireless access point wirelessly exchanges user data with the UE responsive to the UE validating the access hardware-trust digital certificate. The wireless access point exchanges the user data with a data network.

Abstract: Provided are a method for personalizing a security element for a mobile end device for communicating via a mobile radio network as well as a corresponding system. The method comprises the following steps: supplying initialization data of an initialization entity to the security element, wherein the initialization data comprise a personalization token; supplying the personalization token from the security element to a personalization entity; checking the validity of the personalization token through the personalization entity; and after successfully checking the validity of the personalization token, supplying personalization data from the personalization entity to the security element, wherein authorization data for authenticating the security element in encrypted form are already part of the initialization data and the personalization data comprise a key for decrypting the authorization data.

Abstract: A communication apparatus capable of secure wireless communication by using a certificate, comprises: a determining unit that determines, in the communication apparatus, one of whether a first mode which operates as a role in deciding a communication channel used for direct wireless connection with a communication target apparatus is activated and whether a second mode which executes role decision processing of deciding whether to operate as the role in deciding the communication channel used for the direct wireless connection with the communication target apparatus is activated; and a control unit that executes certificate generation processing before being connected to the communication target apparatus if the determining unit determines that the first mode is activated and obtain the certificate held in the communication apparatus before executing the role decision processing if the determining unit determines that the second mode is activated.

Abstract: A method includes receiving a first message from a wireless device via a network. The method includes determining a device type of the wireless device. In response to determining that the device type satisfies a criterion, sending a second message granting the wireless device access to the network subject to a first restriction level and sending a network access request to a second device associated with an operator of the access point. The second message includes a first key to grant the wireless device access to the network subject to the first restriction level. The method includes receiving a response to the network access request from the second device. The method also includes determining, based on the response, based on the response, whether to grant the wireless device access to the network subject to a second restriction level, the second restriction level less restrictive than the first restriction level.

Abstract: Methods are disclosed for improving communications on feedback transmission channels, in which there is a possibility of bit errors. The basic solutions to counter those errors are: proper design of the CSI vector quantizer indexing (i.e., the bit representation of centroid indices) in order to minimize impact of index errors, use of error detection techniques to expurgate the erroneous indices and use of other methods to recover correct indices.