Abstract: Aspects of the subject disclosure may include, for example, a device that includes a processing system and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations such as receiving an extensible authentication protocol (EAP) authentication message addressed to an EAP authentication server from a communication device; extracting information from the EAP authentication message; determining whether to reject a request in the EAP authentication message of the communication device based on the information extracted; and sending an EAP Failure message to the communication device based on the determining indicating that the request should be rejected. Other embodiments are disclosed.

Abstract: This disclosure relates to techniques for performing Wi-Fi authentication in a wireless communication system. Public key cryptography may be used to enhance the confidentiality of the user's permanent identity in transit. In some embodiments, a RSA-OAEP (SHA-256) encryption scheme may be used to protect the permanent identity when the EAP client needs to send the user's permanent identity to the server in the absence of pseudonym or fast re-authentication identity. In some embodiments, a server certificate is used to authenticate a iWLAN tunnel to protect an IMSI during setup of a Wi-Fi call. Using the methods described herein on both or either of the EAP client and server side may offer improved privacy protection.

Abstract: A node receives transmissions associated with a given set of information bits, wherein each of the transmissions use a different polar code and share one or more information bits of the given set of information bits. The node determines, at each of a plurality of polar decoders of the node, soft information for each information bit included in an associated one of the transmissions, wherein each of the plurality of polar decoders is associated with a different transmission of the transmissions. The node provides, from each polar decoder of the plurality to one or more other polar decoders of the plurality, the determined soft information for any information bits shared by their respective associated transmissions, and uses the provided soft information in an iterative decoding process to decode one or more of the received transmissions.

Abstract: This application provides a collaborative node-based positioning method, a to-be-positioned node, and a collaborative node. The method includes: obtaining a collaborative positioning node list corresponding to each collaborative node that can directly communicate with the to-be-positioned node; selecting, according to the collaborative positioning node list corresponding to each collaborative node, a collaborative node corresponding to a collaborative positioning node list in which a quantity of collaborative nodes being the same as that in a target list corresponding to the to-be-positioned node is largest; and performing positioning on the to-be-positioned node by using an anchor node and each monitoring node, where the anchor node is the selected collaborative node, and each monitoring node is each of same collaborative nodes between the collaborative positioning node list corresponding to the anchor node and the target list.

Abstract: A wireless communication system and method includes a first wireless node and a data concentrator configured to provide a new encryption key updated from a current encryption key to the first wireless node. The data concentrator includes first and second transceivers. The data concentrator provides a key update message that includes the new encryption key to the first wireless node via the first transceiver. The key update message is encrypted using the current encryption key. The data concentrator is configured to decrypt first transmissions from the first wireless node via the second transceiver using the new encryption key, and decrypt the first transmissions via the first transceiver using the current encryption key.

Abstract: An information processing system includes a first device and a second device that is configured to perform a short-range wireless communication with the first device. In a case where the first device requests an external authentication apparatus for authentication, the first device sends information regarding the second device to the external authentication apparatus.

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

Abstract: A communication method and a related apparatus are provided. A base station obtains a security policy, where the security policy includes integrity protection indication information, and the integrity protection indication information is used to indicate the base station whether to enable integrity protection for a terminal device; and when the integrity protection indication information indicates the base station to enable integrity protection for the terminal device, the base station sends a target user plane integrity protection algorithm to the terminal device.

Abstract: A smart bandage that serves as a functional bandage includes electronic components that allow the bandage to store large amounts of data. The components can include a processor, battery, data storage media, NFC components, Bluetooth components, and Wi-Fi components. The bandage can remain powered down until receiving an NFC signal, which then causes the bandage to power up its components and communicate using other wireless communications means. Healthcare data compression methods may be used to improve the information storage capabilities of the smart bandage.

Abstract: A system and method are described for an Internet of Things (IoT) gas pump or charging station implementation. For example, one embodiment of a system comprises: an automotive IoT device to be integrated within a vehicle of a user; an IoT service comprising IoT device authentication and management logic to authenticate the identity of the automotive IoT device integrated within the vehicle; an Internet of Things (IoT) hub to be communicatively coupled to a gas pump or charging station, the IoT hub to establish a communication channel with the IoT service, the IoT hub further comprising a local wireless communication interface to establish a local wireless communication channel with the automotive IoT device, the automotive IoT device to establish a secure communication channel with the IoT service through the IoT hub; the IoT service to authenticate the automotive IoT device and responsively transmit a command to the IoT hub authorizing use of the gas pump or charging station.

Abstract: Disclosed herein is an apparatus for enhancing network security, which includes an information collection unit for collecting information about states of hosts that form a network and information about connectivity in the network; an attack surface analysis unit for analyzing attack surfaces by creating an attack graph using the information about the states and the information about connectivity; a security-enhancing strategy establishment unit for establishing a security-enhancing strategy based on the attack graph; and a security-enhancing strategy implementation unit for delivering a measure based on the security-enhancing strategy to a corresponding host, thereby taking a security-enhancing measure.

Abstract: A communication device in dual connectivity with a first base station and a second BS is configured to execute instructions of communicating with the first BS according to a master cell group configuration and communicating with the second BS according to a first secondary cell group configuration when the communication device is in the DC with the first BS and the second BS; receiving a radio resource control message from the first BS; and releasing the first SCG configuration according to an indication indicating release of SCG and communicating with a third BS according to a second SCG configuration, when the RRC message comprises the second SCG configuration and the indication.

Abstract: Methods and arrangements for identifying failed sensors in a system of interconnected devices. A contemplated method includes: utilizing at least one processor to execute computer code that performs the steps of: receiving data from a first plurality of sensors, each sensor being operatively coupled to a device within a system of interconnected devices; associating the data received with an activity; comparing the data received with previously stored data associated with the living activity; detecting, based on the comparing, an anomaly associated with at least one of the first plurality of sensors, wherein the anomaly indicates a problem with the at least one of the first plurality of sensors; and recording, at a data storage location, the anomaly, wherein the data storage location stores data associated with previously identified anomalies. Other variants and embodiments are broadly contemplated herein.

Abstract: A method and an apparatus for non-access stratum (NAS) message processing during handover in an evolved network are provided. The method includes the following steps. An evolved packet core (EPC) receives a message which indicates that a UE is being handed over sent by a source evolved NodeB (S-eNB), and stops sending an NAS message to the UE temporarily. The EPC receives a message which indicates that the UE returns to an S-eNB service area sent by the S-eNB. The EPC sends the NAS message to the UE through the S-eNB, if needed. With the method and the apparatus, the EPC can acquire a location of the UE in time in the case of a handover failure of the UE, a time limit of a retransmission timer is set precisely, and a specific implementation for forwarding an NAS message through an X2 interface is provided.

Abstract: Systems, methods, and devices related to providing content items from a collection of content items. The embodiments disclosed enhance user experience by keeping track of which content items were already played to a user, and skipping those content items automatically. The embodiments disclosed herein also can enable a user to limit playing of content items to those that have been added since the last time contents items from the collection of content items were played. If the user selects to receive additional content items after receiving the newly added items, the system can provide the older unplayed content items after the newly added content news items have been played.

Abstract: A security processing method for a car sharing service includes: a smart terminal encrypting a second random code according to a first smart terminal encryption key, to obtain a first cyphertext, the first smart terminal encryption key having a first random code and order form information from a cloud server; the smart terminal receiving a third random code from a vehicle, the vehicle obtaining the third random code by decrypting the first cyphertext according to a first vehicle encryption key that includes the first random code and the order form information sent by the cloud server; the smart terminal subjecting the second random code and the third random code to comparative verification, to obtain an identity authentication result; the smart terminal sending, if the identity authentication result has passed, encrypted service data to the vehicle; and the vehicle decrypting the service data to execute the service data.

Abstract: A system obtains navigation data for Galileo from at least one terrestrial apparatus. The obtained navigation data corresponds to navigation data transmitted by a Galileo satellite. The system assembles assistance data comprising navigation data for Galileo and further data in an interrelated manner such that a message authentication codes (MACs) included for the navigation data for Galileo is usable for verifying authenticity of the further data as well. The system transmits the information to a device, which verifies the authenticity of the included navigation data for Galileo based on the MACs. Only in case the navigation data for Galileo in the assistance data is determined to be authentic, it considers the further data to be authentic.

Abstract: Embodiments disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

Abstract: Certain aspects of the present disclosure provide techniques for managing security keys for enciphering and deciphering packets transmitted in a wireless communications system. According to certain aspects, a method of wireless communication by a user equipment (UE) is provided. The method generally includes obtaining an indication of a key area identifier (ID) of a first cell node, wherein the key area ID identifies a set of cell nodes that are associated with a network node that uses a first key for enciphering or deciphering messages and communicating a first set of messages with the first cell node using the first key for enciphering or deciphering the first set of messages.

Abstract: The objective of the present disclosure is to provide a method and device for communicating securely between a T-Box device and an ECU device in an Internet of Vehicles system. Specifically, sending, by a T-Box device, a first piece of information to a corresponding ECU device; generating, by the ECU device, a second piece of information; generating, by the T-Box device, a third piece of information; generating, by the T-Box device, a first key; encrypting, by the T-Box device, a to-be-issued instruction based on the first key; generating, by the ECU device, a second key; and decrypting, by the ECU device, the encrypted instruction based on the second key to obtain the instruction. Compared with the prior art, the present disclosure achieves the secure communication between the T-Box device and the ECU device.

Abstract: An electronic device may be provided that includes a first processor and a second processor, the first processor to wirelessly receive a data packet from another device, and to determine a property (or type) of the received data packet. When the property or type of the received data packet is a first property or first type then the first processor to process the data packet. On the other hand, when the property or type of the received data packet is a second property or second type then the second processor to process the data packet.

Abstract: A communication system is described in which user plane communication and control plane communication for a particular mobile communication device can be split between a base station that operates a small cell and a macro base station. Appropriate security for the user plane and control plane communications is safeguarded by ensuring that each base station is able to obtain or derive the correct security parameters for protecting the user plane or control plane communication for which it is responsible.

Abstract: Disclosed aspects relate to authentication management. A first valid authentication input may be established with respect to access enablement to a computing asset. A second valid authentication input may be established with respect to access enablement to the computing asset. A triggering event may be detected. The first valid authentication input may be deactivated based on the triggering event. The second valid authentication input may be activated based on the triggering event. The graphical user interface may be presented which may appear to prompt for the first valid authentication input. The second valid authentication input may be received via the graphical user interface. Access enablement with respect to the computing asset may be authenticated in response to receiving the second valid authentication input.

Abstract: A system and method for facilitating sharing of credentials and other secret data in a networked computing environment. An example embodiment provides for access to data of an external data source by a software application, wherein the external data source requires use of credentials to allow access to the data, but where the credentials themselves are not to be supplied to the software application. An example method includes storing the credentials in a secure data store; providing a token to the application, the token associated with the credentials and with an indication of the external data source; transferring the token from the application to a secure connector; using the secure connector and the token to retrieve the credentials from the secure data store to the secure connector; using the secure connector and the credentials to request data from the external data source to the secure connector before transfer of the requested data to the application via the secure connector.

Abstract: A ground based content server transfers content to an aircraft based content server via courier devices that are transported by aircraft passengers. Content files to be delivered to a target aircraft are identified. Courier devices associated with persons scheduled to become passengers on the target aircraft are identified. Each of the content files are divided into content fragments, where the content fragments collectively contain all data necessary for reassembling the content files. The content fragments are distributed from the ground based content server across the courier devices, so that each courier device is distributed one of the content fragments containing data that is at least partially redundant with data contained in one of the content fragments that is distributed to at least one other one of the courier devices and that is not redundant to data contained in other content fragments distributed to still other ones of the courier devices.

Abstract: In one embodiment, a sortation system at a facility has a conveyor system and a mobile drive unit system. The conveyor system has a conveyor surface that transfers payloads to the mobile drive units, and a controller that communicates a payload identifier for each payload to the mobile drive unit system. The payload identifiers are masked such that information about the local destinations are unknown to the conveyor system. The mobile drive unit system determines the local destinations from the payload identifiers by unmasking the payload identifiers, and delivers the payloads to determined local destinations at the facility.

Abstract: Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.

Abstract: Authenticating a secure session between a first user entity and an identity provider using a second user entity. The method includes receiving a request for a session from an entity that purports to be the first user entity. The method further includes sending authentication context from the request, and wherein the authentication context for the request arrives at the second user entity. The method further includes receiving an indication that the authentication context has been verified. As a result, the method further includes authenticating a secure session between a first user entity and an identity provider or approving a secure transaction.

Abstract: A networked device includes a network input/output and an access control list with a plurality of different available levels of access for entities communicating with the networked device through the network input/output. An access manager is configured to update the access control list from a blockchain via communication with the blockchain through the network input/output.

Abstract: A system and method for secure data communication between one or more senders and recipients is disclosed. The system comprising a server including a processor and a memory in communication with the processor, a database in communication with the server, and a user device associated with each sender and receiver including a storage medium configured to access the server via a network. The server is configured to generate a first key on initiating communication between sender and recipient, and assigns the first key to the recipient. A key generator generates a pair of keys and the pair of keys stored in the storage medium. The server performs encryption and decryption of data communicated between one or more senders and receiver via one or more communication modes.

Abstract: Methods, systems, and storage media are described for generating, regulating, and distributing regulated content playlists. A cloud computing service/system may facilitate a user in creating a regulated content playlist, verify that the regulated content playlist complies with various standards promulgated by regulatory agencies and/or governing bodies, and facilitate and control distribution of the regulated content playlist to various recipients that are permitted to access the regulated content playlist. Other embodiments may be described and/or claimed.

Abstract: A communication device is provided which shares a communication parameter for establishment of wireless connection with a communication target device by first sharing processing to be executed on the basis of information acquired from a captured image. And it is determined whether the communication device makes communication in a first role in which it operates as a base station or the communication device makes communication in a second role in which it operates as a slave station connected to a wireless network constructed by a base station, in accordance with whether or not the communication device captures the image used for the first sharing processing.

Abstract: A terminal, including a processor and a non-transitory computer-readable storage medium storing a program to be executed by the processor. The program includes instructions to generate encrypted capability information of the terminal, receive pre-association index information that is related to the terminal and that is sent by an access point, where the pre-association index information is used by the access point to identify the terminal when no association has been established between the terminal and the access point, send the encrypted capability information of the terminal and an association request message to the access point, where the association request message comprises the pre-association index information, and receive an association response message that is sent by the access point according to capability information of the terminal and the pre-association index information, so that the terminal establishes an association with the access point.

Abstract: A Radio Frequency Identification (RFID) reader containing a reader key authenticates an RFID tag containing a tag key by receiving a tag identifier from the tag; challenging the tag with a tag challenge; receiving a tag response based at least on the tag challenge and the tag key but not including the tag key; sending a second message including at least the tag identifier and the tag response to a verification authority; and receiving a reply from the verification authority. The reader and the verification authority may mutually authenticate each other before, during, or after the tag authentication process. The verification authority may notify a designated party if a response is incorrect.

Abstract: A method for supporting wireless roaming among coverage areas of a plurality of access points may comprise detecting, by a first access point of the plurality of access points, signal strength of signals from a client device that is wirelessly connected to the first access point; comparing the signal strength with a threshold, and if the signal strength is less than the threshold, disconnecting, by the first access point, the client device from the first access point; transmitting, by the first access point, a signal indicating the disconnection of the client device to an access controller; updating, by the access controller, connection status information to indicate the disconnection of the client device from the first access point; transmitting, by the access controller, the connection status information of the client device to the plurality of access points; and connecting the client device with a second access point of the plurality of access points.

Abstract: A secure cell broadcast method entails defining a group of mobile devices, reserving a channel for the group, associating cryptographic key material with the group, notifying the mobile devices of the channel for the group, securely providing the key material to the mobile devices of the group, and broadcasting on the channel a secure broadcast message that is encrypted such that the mobile devices of the group receiving on the channel can receive and decrypt the secure broadcast message using the key material.

Abstract: Example implementations relate to establishing communication Sinks with electronic devices. As an example, a computing device includes a data acquisition device to obtain global unique identifier (GUID) of an electronic device using a first communication protocol. The computing device also includes a processor to authenticate the electronic device based on the GUiD. The processor is also to determine device characteristic information associated with the electronic device based on the GUID. The processor is further to establish a communication link with the electronic device based on the device characteristic information and the GUID, The communication link is implemented based on a second communication protocol that is different from the first communication protocol.

Abstract: Provided is a method of managing keys in a security system of a multicast environment. The key managing method according to the embodiments of the present disclosure enables key management that a key renewal regarding a receiver joining or leaving a group does not affect all groups.

Abstract: A method that connects a User Equipment (UE) to an Internet Protocol Multimedia Subsystem (IMS) network through a web browser for a Web Real-Time Communication (WebRTC) service is provided. The method, and a UE adapted to the method, downloads a web app for a WebRTC service and connects to an IMS network through a WebRTC client. The UE connects to the IMS network and is registered in the IMS network in such a way as to use a Universal Resource Locator (URL) of an enhanced Proxy-Call Session Control Function (eP-CSCF) obtained by establishing a Packet Data Network (PDN) connection of the UE through a web browser in the process of obtaining a URL of the eP-CSCF, or the obtained URL of an eP-CSCF to which the WebRTC client can connect by transmitting Public Land Mobile Network (PLMN) information of a network to which the UE is connected to a WebRTC Web Server Function (WWSF). Therefore, the UE can easily use WebRTC services.

Abstract: The present invention generally relates to one or more line replacement units (“LRUs”) for an airplane. The LRUs can include airline modifiable information (“AMI”) that includes more than one public key certificates, wherein each of the more than one public key certificates uniquely identifies the airplane for ground communication based, at least in part, on a public key or a private key associated with the one or more public/private key pairs generated by a cryptographic key generator.

Abstract: An identity validity verification method is provided. The identity validity verification method is applied to an electronic terminal and includes: acquiring biometric feature data; generating an electronic private key based on the biometric feature data; and sending the electronic private key to the access control system, such that the access control system carries out identity validity verification based on the electronic private key. According to the present application, a dedicated fingerprint identification device does not need to be arranged at a specific position, and thus fingerprint data of a user does not remain on the fingerprint identification device. In this way, convenient is brought to the user and security is enhanced.

Abstract: A method for configuring a mobile terminal to control vehicle functions of a vehicle, where the mobile terminal and the vehicle each have a short-range radio system, includes receiving a request to a server to issue a vehicle key for the use of vehicle functions of the vehicle for a mobile terminal. The method also includes generating the vehicle key by the server, transmitting the vehicle key to a secure element of the mobile terminal, and storing the vehicle key in the secure element of the mobile terminal.

Abstract: A system and method for securely resolving an identity of an audio device. The method includes establishing a wireless connection between an audio device and a remote device. An identity resolving key (IRK) is received in an encrypted state from the audio device via the wireless connection. A data connection between the remote device and a server is established. The IRK is transmitted in the encrypted state to the server via the data connection. transmitting user credentials to the server via the data connection. The IRK is received in a decrypted state from the server via the data connection. An advertising packet broadcast from the audio device is received by the remote device. The advertising packet includes a random resolvable address for the audio device. The random resolvable address is attempted to be resolved using the IRK in the decrypted state to identify the audio device with remote device.

Abstract: A method and system for sending messages in a telecommunications network, in which digital messages which contain information on the desired reply address are mass sent, and messages, which are sent on the basis of the reply-address information are received. The reply-address information of each mass-sent message is converted to correspond to a predefined dialogue, in which the stage of the dialogue defines unequivocally the reply-address information, so that the transmission and reception of the messages are implemented in different parts of the telecommunications system.

Abstract: A method and device for managing an identifier of an embedded universal integrated circuit card (eUICC) is disclosed. The eUICC receives an identifier information request, determines whether there is a network carrier profile in an enabled state, and provides a response with identifier information corresponding to the identifier information request based on the results of the determination. According to the method, it is possible to separately manage the unique identifier of the eUICC and a network carrier ICCID and to dynamically manage the identifier of the eUICC according to the state of the network carrier profile of the eUICC.

Abstract: The present invention relates to a method and a system for securing discovery information being transmitted through a direct radio signal in a wireless communication system which supports a device-to-device service, and a device-to-device communication method of a transmission terminal, according to one embodiment of the present invention, can comprise: synchronizing with a discovery resource cycle number; determining discovery channel logical timing information of a discovery physical channel through which discovery information is to be transmitted; generating security information by using a security key, the determined discovery channel logical timing information and the discovery information to be transmitted; and transmitting the discovery information including the security information through the discovery physical channel.

Abstract: During an automated login process to a wireless network, a mobile device receives, from an access node, a link indication referring to content for presenting at the mobile device.

Abstract: A method and device for providing a key for IoT communication are disclosed. The method includes an embodiment whereby an IoT device modulates a light signal carrying a security code to generate a modulated light signal, emits the modulated light signal to a personal electronic device, derives a security key from the security code, and performs authentication with a control device based on the security key.

Abstract: An exemplary system according to the present disclosure comprises at least one mobility networking module implemented in at least one lower tier radiolet. The mobility network module performs one or more traffic data plane functions. The exemplary system further comprises at least one mobility application module implemented in at least one upper tier radiolet. The mobility application module performs one or more application data plane functions. The exemplary system further comprises at least one mobility cloud module implemented in the at least one lower tier radiolet and the at least one upper tier radiolet. The mobility cloud module performs computing execution functions of a cloud session.

Abstract: In one embodiment, a method by a client device includes receiving from a stage device a first randomized stage address to be used during a pairing session; sending to the stage device a first randomized client address to be used during the pairing session, communicating with the stage device using the first randomized stage address and the first randomized client address to verify that the stage device is in possession of a shared secret data possessed by the client device and to establish at least one common randomization parameter with the stage device; periodically generating, based on the at least one common randomization parameter, a second randomized stage address and a second randomized client address; and communicating with the stage device in a paired communication session using the second randomized stage address and the second randomized client address.