Abstract: A marine vessel portable device registration system includes portable devices and a controller. A registered portable device transmits a specific wireless signal based on an input operation on a portable device operator. The controller is configured or programmed to receive the specific wireless signal from the registered portable device, and perform a control to authenticate and register an unregistered portable device as a new registered portable device based on having received a wireless signal from the unregistered portable device.

Abstract: Systems and methods implemented by an application executed on a user device for service discovery and connectivity include, responsive to joining a new network, performing a Dynamic Host Configuration Protocol (DHCP) operation to obtain network configuration parameters; receiving a DHCP message in response with the network configuration parameters; via an application executed on the user device for service discovery and connectivity analyzing data in the DHCP message to determine one or more forwarding profiles on the new network, wherein the one or more forwarding profiles are based on a location or trust of the new network; and automatically installing the determined one or more forwarding profiles.

Abstract: A method includes: receiving, by a computing device of a first vehicle, a command from a host device; in response to receiving the command, storing a new device secret in memory; generating, by the computing device using the new device secret, a triple comprising an identifier, a certificate, and a public key; and sending, by the computing device, the triple to a second vehicle, where the second vehicle is configured to verify an identity of the first vehicle using the triple.

Abstract: Methods, systems, and computer storage media for providing identification of secrets as one-way secrets in a computing environment. In particular, a secret isolation manager of an access management in the computing environment can identify an entity as an owner of secrets in a secret storage structure. In operation, the secret isolation manager, can receive a request, associated with a requesting entity, to access a secret associated with an approving entity. The request can be for an application of the requesting entity to access a secret of the approving entity. The secret isolation manager accesses the secret storage structure that stores affinity identifiers, where an affinity identifier indicates that the requesting entity has a one-way affinity with the approving entity that owns the secret. The one-way affinity operates to allow the approving entity to share the secret with the requesting entity, so the requesting entity is granted access to the secret.

Abstract: Aspects of the subject disclosure may include, for example, including a processing system for performing operations for determining service requirements of a call session at first user equipment associated with a communication network, determining a first codec to facilitate the call session at the first user equipment according to the service requirements of the call session, searching a session border controller table according to the first codec to obtain a first resource identifier associated with a first session border controller type to facilitate the call session at the user equipment, receiving a first address of a first session border controller associated with the communication network from a domain name server associated with the communication network responsive to a first query including the first resource identifier, and sending a first transport protocol message to the first session border controller according to the first address. Other embodiments are disclosed.

Abstract: A device implementing a system for device-relationship based communication includes at least one processor configured to establish, by a first device associated with a first user, a secure communication channel with a second device associated with a second user via a direct wireless connection. The at least one processor is configured to transmit, over the secure communication channel, first device-identifying information to the second device, and receive, over the secure communication channel, second device-identifying information from the second device. The at least one processor is configured to establish a particular type of relationship with the second device, store the second device-identifying information in association with an indication of the particular type of relationship established with the second device, and transmit, to the second device and over the secure communication channel, the indication of the particular type of relationship established with the second device.

Abstract: A method and system to control configuration of dual-connectivity for UEs served by a first NB. A computing system monitors the level of load on a backhaul interface through which the first NB communicates with a core network. And based on the monitored level of backhaul load, the computing system imposes a limit on establishing secondary connectivity with one or more second NBs for one or more UEs served by the first NB. For instance, when the backhaul interface through which the first NB communicates with the core network becomes threshold highly loaded with communication traffic, the computing system could responsively impose a maximum cap on the number of the first-NB-served UEs that will be provided with secondary connectivity by one or more second NBs and/or on the number of secondary connections that will be established for UEs served by the first NB.

Abstract: The disclosure provides some embodiments for securing long training field (LTF) sequence. A responding station (RSTA) configures a location management report (LMR) frame. The LMR frame is configured to include an LMR in respect of a previous measurement, and data to be used to generate a null data packet (NDP) for a current measurement that is to be performed following the previous measurement. The RSTA further encrypts the LMR frame using protected management frames (PMF) scheme, and transmits the encrypted LMR frame to an initiating station (ISTA) for generating an LTF sequence for the current measurement. In response to receiving an NDP announcement (NDPA) and an NDP for the current measurement from the ISTA, the RSTA generates an NDP for the current measurement based on the NDPA and the data using CCMP, and transmits the NDP to the ISTA.

Abstract: A communication system is disclosed in which a ProSe Relay UE allows a remote UE to connect to a base station and core network through the Relay UE. The base station broadcasts that it is capable of supporting ProSe Relay UEs. UEs that are in poor coverage areas can identify that the base station supports ProSe Relaying and can search for a relay UE with which to connect prior to trying to establish a direct connection with the base station. The Relay UE and the base station maintain context information for the relayed UE so that messages can be properly routed through the network and through the Relay UE.

Abstract: Embodiments have a master eNB with a control plane and optional data plane to user equipment and a secondary eNB with a data plane to the user equipment. The user equipment thus uses both the master eNB and the secondary eNB for data communications while receiving control information from only the master eNB. The master eNB and secondary eNB are connected with an X2 interface. When the secondary eNB desires to refresh its security key, it informs the master eNB using the X2 interface. The master eNB then uses its control plane with the user equipment to initiate a security key refresh for the secondary eNB.

Abstract: In some embodiments a wagering game system comprises a personal area network device configured to render media content including results of a wagering game. The system can include a wagering game machine configured to determine and provide the wagering game results to the personal area network device. The wagering game machine can include a personal area network device transceiver configured to exchange data with the personal area network device, the data including the wagering game results, and a personal area network controller configured to detect the personal area network device, to procure an identification code for the personal area network device without player input, and to authenticate the personal area network device by use of the identification code. The system can also include a repository configured to store the identification code in association with a player identifier and to provide the identification code to the wagering game machine upon request.

Abstract: A method includes generating, at a server, an event policy for controlling one or more wireless beacon devices in a network; detecting an event in the network; determining whether the event matches the event policy; when the event matches the event policy, generating programming information for configuring the one or more wireless beacon devices; and forwarding the programming information via one or more wireless access points to the one or more wireless beacon devices for configuring the one or more wireless beacon devices based on the programming information.

Abstract: This specification describes techniques for processing service requests. An electronic credential request including a user identifier is received from a client. An electronic credential that corresponds to the user identifier and a user public key that corresponds to the user are retrieved. A hash operation is performed on the user public key and the electronic credential by using a hash algorithm to obtain a hash value that is signed within a predetermined time period. Server signature information is generated using the hashed credential, and transmitted with the electronic credential to the client. The server signature information is cryptographically verifiable by the client and enables the client to generate a two-dimensional barcode based on the electronic credential.

Abstract: A system and method for authenticating a transaction are provided. In a method at a server computer of an authentication service provider, an authentication request is received which requests authentication of a transaction and includes transaction details describing the transaction. An encryption key being unique to the authentication service provider and a user mobile device is obtained. An authentication prompt including at least some of the transaction details is generated. A payload including the authentication prompt is encrypted using the encryption key to output an encrypted payload. The encrypted payload is provided via a first communication channel to a user for acquisition and decryption by the user mobile device using a decryption key corresponding to the encryption key.

Abstract: A method of security detection for a physical layer authentication system takes into account the signal-discriminating ability of an active adversary. The distance to the active adversary is estimated by an authorized transmitter based on its broadcast signal and, based on the distance estimate, the signal-to-noise ratio (SNR) of the adversary is also estimated.

Abstract: Methods, systems, and devices for wireless communications are described in which sequence groups, and sequence hopping patterns may be used to distinguish concurrent non-orthogonal multiple access (NOMA) transmissions. A wireless device, such as a user equipment (UE), may identify, for a message, a first transmission opportunity from a plurality of transmission opportunities associated with grant-free uplink contention-based transmissions (e.g., NOMA transmissions); select a multiple access (MA) signature sequence from a group of MA signature sequences associated with the first transmission opportunity; identify a hopping pattern associated with the MA signature sequence; and transmit one or more redundancy versions of the message in one or more of the plurality of transmission opportunities comprising the first transmission opportunity according to the MA signature sequence and the hopping pattern.

Abstract: A system, method, and computer-readable medium for resolving an identity of an entity, comprising parsing entity identifier information associated with the entity to provide an entity identifier element, the entity identifier information comprising temporal information; classifying the entity identifier element to provide a classified entity identifier element; normalizing the classified entity identifier element to provide a classified and normalized entity identifier element; and, associating the classified and normalized entity identifier element and the temporal information with the entity to resolve the identity of the entity at a particular point in time.

Abstract: Systems and methods for method for resolving Bluetooth device identity regardless of changes in MAC (Media Access Control) addresses are disclosed. For example, a processing system is disclosed that can establish a set of recognized Bluetooth devices based on a first set of data, receive a second set of data measured during a second time period subsequent to the first time period, and in an instance in which a particular UIADD from the second set of data is not found in the first set of data, determine whether a candidate Bluetooth device that transmitted the particular UIADD is a specific recognized Bluetooth device of the set of recognized Bluetooth devices established based on the first set of data.

Abstract: An authentication system includes a first controller that performs wireless communication with a mobile terminal and a first authentication unit that executes authentication of the mobile terminal including ID authentication and code authentication through the wireless communication performed between the first controller and the mobile terminal. The first authentication unit executes the code authentication by determining whether a terminal-side calculation result obtained by the mobile terminal matches a controller-side calculation result obtained by the first controller. The authentication system further includes a second controller that communicates with the mobile terminal and a second authentication unit that applies encryption communication using a portion of the terminal-side calculation result and a portion of the controller-side calculation result to communication performed between the second controller and the mobile terminal and authenticates the encryption communication.

Abstract: Systems and methods for synchronizing communications between a movable object and first and second control devices are provided. In some exemplary implementations, the systems and methods may synchronize the first control device with the movable object, synchronize the second control device with the first control device, and synchronize the second control device with the movable object based on the synchronization between the second control device and the first control device.

Abstract: The disclosed embodiments are related to securely updating a semiconductor device. In one embodiment, a method comprises receiving a command; generating, by the semiconductor device, a response code in response to the command; returning the response code to a processing device; receiving a command to replace a storage root key of the device; generating a replacement key based on the response code; and replacing an existing key with the replacement key.

Abstract: A communication device, network node and methods therein in for handling network slices in a wireless communication network are disclosed. The communication device encrypts Network Slice Selection Assistance information, NSSAI, using public key cryptography and includes the encrypted NSSAI in a Non Access Stratum, NAS, registration request. Then the communication device sends a Radio Resource Control, RRC, request to the network node including the NAS registration request. The network node receives the RRC connection request from the communication device and selects a network function based on information in the RRC connection request. The network node forwards the NAS registration request to the network function and forwards to the communication device a NAS registration response received from the network function after the network function decrypting the NSSAI using a PLMN private key.

Abstract: The present disclosure relates to a method for user authentication. In particular, the present disclosure relates to a computer implemented method for session based one-time authentication of a client operating an electronic device, typically using one of a biometric data relating to the user and/or information provided at a remote electronic device. The disclosure device server also relates to a corresponding authentication system and to a computer program product.

Abstract: Techniques are disclosed for encrypting internet-of-things (IoT) data of an IoT network only once at its inception until its final consumption without intervening encryption/decryption stages/cycles. The present encrypt-decrypt-once design thus eliminates potential exposure of the IoT data in its plaintext form of a traditional approach employing intervening encryption/decryption cycles. The present design is also efficient and reduces the burden on IoT resources by eliminating the need for encrypting and decrypting the data multiple times. To accomplish these objectives, a number of schemes for device enrollment, authentication, key distribution, key derivation, encryption and encoding are disclosed. The devices employ authenticated encryption because it provides confidentiality, integrity, and authenticity assurances on the encrypted data. The final consumption of the IoT data may be at a designated gateway or a corporate system.

Abstract: A device may receive an indication that a product has arrived at a destination. The product may have been shipped by an entity to the destination. The device may perform an analysis on the product to determine an attribute of the product. The device may perform a comparison of information identifying the attribute of the product and information included in an encrypted record, for the product, of a blockchain, to verify the attribute of the product. The information included in the encrypted record may be related to attributes of the product. The attributes of the product may have been determined by the entity that shipped the product to the destination. The device may determine whether the attribute of the product is verified based on performing the comparison. The device may perform an action based on determining whether the attribute of the product is verified.

Abstract: In one example an apparatus comprises a computer readable memory, a signature logic to generate a signature to be transmitted in association with a message, the signature logic to apply a hash-based signature scheme to the message using a private key to generate the signature comprising a public key, or a verification logic to verify a signature received in association with the message, the verification logic to apply the hash-based signature scheme to verify the signature using the public key, and an accelerator logic to apply a structured order to at least one set of inputs to the hash-based signature scheme. Other examples may be described.

Abstract: Methods, systems, and devices for wireless communications are described. A first node (e.g., a user equipment (UE)) may receive a timing synchronization signal from a second node (e.g., a base station) over a cellular wireless communication link. In some aspects, the timing synchronization signal may indicate mapping information to synchronize the first node with the second node. The mapping information may be for synchronizing a first time of a first clock of the first node to a second time of a second clock of a second node. The first node may synchronize the first time of the first clock to the second time of the second clock based at least in part on the mapping information and the synchronization information. The first node may transmit a timing control based on a timing of the second clock to a device connected to the first node via a local wired interface.

Abstract: This document describes a system and method for a device to communicate efficiently and securely with another device by utilizing two different types of schemes for the generation of data to be transmitted and the handling of received data.

Abstract: The disclosed embodiments include a method for forecasting a coverage area of a candidate site in an anchor network. The method can include obtaining cell site information of anchor networks and of the candidate site (e.g., a donor site of a donor network), simulating a spatial layout of the anchor sites in a virtual network, and estimating a coverage area of the candidate site in the virtual network. The estimated coverage area of the candidate site forms a polygon-shaped coverage area in the spatial layout of the virtual network. The method can further include modifying the polygon-shaped coverage area of the candidate site relative to an intersection with a coverage area of a neighboring site, pruning the modified coverage area of any portion that exceeds a predefined coverage radius, and causing an output including the pruned coverage area of the candidate site as an indication of the forecast coverage area.

Abstract: There is provided a method of fitting a hearing device by using a fitting station, wherein: during pairing a long-term key (LTK) is provided as a shared secret to the fitting station and the hearing device; an identity resolving key (IRK) of the fitting station, which is required for generating and resolving a device address of the fitting station, is generated and provided to the hearing device; an IRK of the hearing device, which is required for generating and resolving a device address of the hearing device, is provided to the fitting station; pairing data including the LTK, the fitting station IRK and the hearing device IRK are stored in a database connected to the first fitting station; the LTK and the fitting station IRK are stored in the hearing device; and a fitting session is conducted via a secure connection between fitting station and hearing device.

Abstract: Methods, systems, and apparatuses are described for secure communications. One of a plurality of keys with respective key types may be used to establish a secure communication between computing devices. Verification of an establishment of the secure communication may be sent to a trusted computing device.

Abstract: A system includes a storage device having a first encryption protocol, and a controller having a second encryption protocol. A processor implements the first encryption protocol or the second encryption protocol based on a strength of each encryption protocol, a topology of the system, a federal information processing standard certification status, a virtualization support, a multi-key support, a multi-band support, and an enterprise key management server support. Storage transactions may be encrypted using the implemented encryption protocol.

Abstract: A request generated by an unmanaged app to access a resource is received from a mobile device. A notification is sent to the mobile device. A device level VPN connection to the mobile device is established. A unique identifier is associated with the device level VPN. App level traffic received via the device level VPN is tagged with the unique identifier. Access to the resource is allowed in response to the request based at least in part on a determination based on the tags that app level traffic from a trusted app and app level traffic from the unmanaged app are associated with the same mobile device.

Abstract: This invention relates generally to blockchain implementations and is suited for, but not limited to, use with the Bitcoin blockchain. It can be used for the implementation of automated processes such as device/system control, process control, distributed computing and storage and others. The invention provides a solution which uses a blockchain to control a process executing on a computing resource. In a preferred embodiment, the computing resource, running simultaneously and in parallel to the blockchain, manages a loop-based operation. The computing resource continuously monitors the state of the blockchain as well as any other off-blockchain input data or source. The execution of the loop is influenced by the state of the blockchain. Each iteration of the loop that is executed by the computing resource is recorded in a transaction that is written to the blockchain. It is stored as a hash within the transaction's metadata.

Abstract: Provided is a machine-implemented method of operating a device, comprising entering the device into a membership relation with a first self-organizing subnet at a first rank in a hierarchy of subnets of the network; receiving at the device a message from a second device making known parameters of a second subnet at a second rank in the hierarchy of subnets of the network; and responsive to receipt of the message, sending a message from the first device making known parameters of the first subnet at the first rank to the second device to render the subnet at the second rank operable to merge with the subnet at the first rank.

Abstract: A communication terminal shares a session key with and sends cipher text to another communication terminal via a server device, including: a common key cipher text obtaining unit that encrypts a message based on a common key to obtain common key cipher text; a function computation result obtaining unit that computes the common key and the session key based on a predetermined first function to obtain a function computation result; a public key cipher text obtaining unit that encrypts the function computation result based on a public key to obtain public key cipher text; and a cipher text sending unit that sends the common key cipher text and the public key cipher text to the server device. The communication terminal can update data previously saved in a server to data that can be decrypted on the communication terminal side using an updated session key, without the server decrypting the data.

Abstract: A system and method are described for performing authentication on a computing device using a mobile device connected over an audio channel to the computing device, in scenarios where smart card authentication may have been traditionally used. An application executing on the computing device receives a request from a user, which request requires authentication of the user before being allowed by the application. An audio transmission containing encoded data including information authenticating the user is received at the computing device from the user's mobile device via a microphone. The audio transmission is decoded and the information authenticating the user is extracted. The information authenticating the user is verified and the request is allowed in the application.

Abstract: An information processing apparatus includes a processor configured to detect a new assignment of a first communication interface, and determines whether a network in which the first communication interface and a second communication interface are connected is a shared network. The determination by the processor is based on whether the first communication interface and the second communication interface communicate with each other when the first communication interface and the second communication interface are connected to an intranet. The processing device changes a security setting of the second communication interface based on a result of the determination.

Abstract: An intrusion prevention device includes a reception unit, a monitoring unit, and a determination unit. The reception unit receives, from a control target device, a notification indicating a state of the control target device. The monitoring unit receives a control command transmitted from a control device to the control target device. The determination unit determines whether to permit or block passage of the control command received by the monitoring unit in accordance with the state of the control target device received by the reception unit.

Abstract: A system and method for securing a communication channel may include obtaining a first value by first and second devices. A second value may be randomly selected by the first device and may be provided to the second device. The first and second devices may independently from one another apply a function to the first and second values and may use a result of the function to secure and authenticate a communication channel between the first and second devices.

Abstract: Embodiments facilitate the management of security certificates for printers that are used in public locales. The system communicates with and manages the printers with the benefits of security certificate protocols on-demand as a user requests to print documents with any particular printer. Once a document is requested to be printed at a printer, the system registers the printer with the network. At registration, a gateway is automatically installed. the gateway requests a security certificate which is stored on the printer or its associated computer. Aspects thus solve an online service's need to install and manage certificates for any printer accessible to the network.

Abstract: Disclosed herein, among other things, are systems and methods for eavesdropping on a data stream for hearing assistance devices. One aspect of the present subject matter includes a hearing assistance system for a wearer including a Bluetooth host device having a transmitter configured to send data including one or more encoded audio streams, and a data channel having an advertisement that includes frequency information, frequency hop sequences, information for decoding audio streams, and security keys for decoding audio stream information. The system also includes one or more Bluetooth slave devices identified by the Bluetooth host device. The Bluetooth slave devices are configured to actively participate in a connection with the host device to aid the host transmitter in deciding which frequencies to use for frequency hopping and in determining which frequencies are being interfered with and should not be included in a channel map, according to various embodiments.

Abstract: A distributed data management method performed by a distributed data management apparatus for holding a plurality of indexes which specify storage positions of data to be distributed in a network system, the method includes steps of: in a case where any one of the held indexes is deleted, adding an identifier of the deleted index to a first invalid list held by the distributed data management apparatus; and in a case where it is determined that an index requested from an information processing apparatus is not held, transmitting the first invalid list to the information processing apparatus.

Abstract: To establish a first protected communication channel between a device D and a first server S, a symmetric key KS is derived at the device D, based on a device identifying key KD and public key information dependent on a first server public key Spublic of the first server S. The symmetric key KS is derived in a corresponding way at a second server T. The symmetric key KS is transmitted from the second server T to the first server S on a second protected communication channel. Communication on the first protected communication channel between the device D and the first server S is protected using a communication key KC which is dependent on the symmetric key KS. This can enable a device D lacking support for asymmetric key cryptography to securely enter into communication with the first server S.

Abstract: A system and method for providing an authentication state of a function execution device to a communication terminal is described. In some examples, the authentication state indicates whether authentication information is needed from the communication terminal before the communication terminal can request performance of one or more functions performable by the function execution device. In other examples, the communication terminal may provide to the communication terminal the authentication information irrespective of whether the function execution terminal has previously provided its authentication state to the communication terminal.

Abstract: In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.

Abstract: A first base station (BS) of a first network for handling a dual connectivity (DC) comprises a storage device and a processing circuit, coupled to the storage device. The storage device stores, and the processing circuit is configured to execute instructions of: transmitting a Secondary Node (SN) Request message comprising a protocol data unit (PDU) Session identity of a communication device, to a second BS of a second network; receiving a SN Request Acknowledge message comprising a first radio resource control (RRC) message, from the second BS, in response to the SN Request message; and transmitting the first RRC message to the communication device, wherein the first RRC message configures a data radio bearer (DRB), a DRB identity and the PDU Session identity of the communication device to communicate with the second BS.

Abstract: A full-vision navigation and positioning method for a smart terminal is proposed. The smart terminal turns on a 3D full visual navigation and performs a network speed test. When a network speed is higher than or equal to a threshold value, the smart terminal turns on a camera to obtain images of a current street view and upload the images. The smart terminal compares the images with a 3D panorama map to feedback a current position and utilizes a 3D navigation system to continue navigation according to the current position.

Abstract: Embodiments of the present disclosure disclose a data transmission method and apparatus. The data transmission method includes: performing, by a Packet Data Convergence Protocol (PDCP) entity, lossless transmission on PDCP protocol data units (PDUs) or PDCP service data units (SDUs), where each of the PDCP PDUs or the SDUs is associated with one serial number. In this embodiment, during lossless transmission, no data packet is lost, thereby ensuring communication quality in an inter-station carrier aggregation scenario and achieving an optimization objective.

Abstract: An electronic apparatus that is configured to detect tampering with predetermined software shifts to one of a power-off mode and a suspended mode based on a power-off instruction. The electronic apparatus performs detection of tampering with the predetermined software at activation of the electronic apparatus from the power-off mode and does not perform detection of tampering with the predetermined software at activation of the electronic apparatus from the suspended mode.