Abstract: A system comprising a first computing device operated by a first driver, a second computing device operated by a second driver, and a server is disclosed. The server may determine one or more characteristics of the first driver based on at least one of listening preferences or telematics data of the first driver. Based on the one or more characteristics of the first driver, the server may assign the first driver to a conference. The server may receive a request from the second computing device for the second driver to participate in conferencing. The server may determine that the second driver has at least one characteristic that matches one of the one or more characteristics of the first driver and may assign the second driver to the conference with the first driver. The server may bridge the first driver and the second driver in the conference.

Abstract: In some implementations, a user device may receive, from a first other device, a first message, wherein the first message includes information indicating an event associated with an account of a user of the user device. The user device may provide, based on receiving the first message, a virtual keyboard for display on a display screen of the user device. The user device may obtain, based on providing the virtual keyboard, particular input. The user device may send to a second other device, and based on the particular input, a second message, wherein sending the second message is to cause the second other device to perform one or more actions associated with the event that is associated with the account of the user.

Abstract: Systems and methods for enhancing the Connectivity Fault Management (CFM) protocol defined in IEEE 802.1Q are provided. In particular, the enhancements include adding a security or safety feature to prevent malicious attacks. A method, according to one implementation, includes the step of operating a Network Element (NE) in a safety mode associated with a link connectivity protocol (e.g., CFM) that involves receiving one or more messages used for detecting link connectivity issues of an Ethernet service in a section of a network and responding to the link connectivity issues. In response to receiving the one or more messages used for detecting link connectivity issues while operating the NE in the safety mode, the method includes the step of storing the one or more messages as one or more untrusted messages in an isolated database of the NE without processing information in the one or more untrusted messages.

Abstract: A security system used by an organization maintains a PKI used for issuing digital certificates (hereinafter for brevity also referred to simply as “certificates”) and provides the PKI to the organization as a network service. In order to simplify the use of the PKI for purposes such as obtaining certificates, the security system additionally provides a mechanism for using a designated flow protocol to interface with whichever MDMs the organization uses. This mechanism permits administrators or other users to provision certificates to their organization's client devices with just a few actions within a user interface.

Abstract: The disclosed technology is directed towards detecting suspected malicious activity involving mobile devices and subscriber identity module (SIM) cards, including discerning benign SIM swap events from likely malicious SIM swap events. In one example, call detail records, radio access network events and billing events are collected and analyzed to detect subscriber identity module swap events between mobile devices. Based on the collected data and related data sources SIM swap events are classified as benign or suspected malicious classifications. Malicious classifications can result in information representative of the suspected as malicious classification being output, e.g., as a type of fraudulent activity. A confidence level can be associated with classification output data, including for types of fraudulent activities and types of benign activities.

Abstract: A system and method for purchasing lottery tickets via a client computing device. A user may access a purchase module via a client computing device and select lottery tickets and lottery numbers to purchase from available lotteries in their state. The user may be notified of the results by the purchase module or a results module. Once notified, the user may withdraw their winnings or use the winnings to purchase lottery tickets future drawings.

Abstract: A method and system for tracking potentially fraudulent activities associated with one or more web sites is disclosed. The system includes a fraud tracking server connected to a fraud tracking database. The fraud tracking server includes a communications module to facilitate the exchange of data between the server and multiple client devices. The fraud tracking server receives data from one or more client devices that identifies a potential spoof site. The fraud tracking server also includes control logic to generate a spoof site tracking record in the fraud tracking database. The spoof site tracking record includes the data identifying the potential spoof site. After the spoof site tracking record has been created, the fraud tracking server notifies an administrator of the potential spoof site by communicating the data received and stored in the fraud tracking database to an administrator.

Abstract: An intermediary server receives a request from a client that identifies an asset that is handled by an origin server. The intermediary server generates an informational response that includes one or more link header fields that reference one or more pieces of content respectively that are predicted by the intermediary server to be linked within a final response for the asset. The intermediary server transmits the generated informational response to the client prior to a final response for the request. The intermediary server transmits the request to the origin server and receives a final response to the request. The intermediary server transmits the final response to the request to the client.

Abstract: A wearable device can establish a verified session with a host device (e.g., by establishing that the wearable device is present in the vicinity of the host device and is currently being worn). The existence of such a verified session can be used to control user access to sensitive information that may be stored in or otherwise accessible to a host device. For example, the host device and/or application programs executing thereon can be configured to restrict a user's ability to invoke program functionality that accesses sensitive information based on whether a verified session with a wearable device is currently in progress.

Abstract: A method for operating a User Equipment (UE) is disclosed, the UE configured to connect to a communication network. The method comprises: indicating to the communication network an Integrity Protection for User Plane (IPUP) mode supported by the UE when requesting registration with the communication network. The IPUP mode comprises one of: use of Integrity Protection for User Plane data exchanged with the UE, non-use of Integrity Protection for User Plane data exchanged with the UE, or use of Integrity Protection for User Plane data, and non-use of Confidentiality Protection for User Plane data.

Abstract: Presented herein are techniques to facilitate delivering standalone non-public network (SNPN) credentials from an enterprise authentication server to a user equipment (UE) using an Extensible Authentication Protocol (EAP) process. In one example, a method may include determining, by an authentication server of an enterprise, that a UE for the enterprise is to receive credentials to enable the UE to connect to a SNPN of the enterprise in which the determining is performed based, at least in part, on connection of the UE to an access network that is different than the SNPN for the enterprise; and performing an authentication process with the UE by the authentication server in which the authentication process includes providing the credentials to the UE via a first authentication message and obtaining confirmation from the UE via a second authentication message that indicates successful provisioning of the credentials for the UE.

Abstract: A multi-factor authentication method and system is provided such that a push notification during an authentication process is only received if a mobile device and user are authenticated prior to receiving the push notification. Either the mobile device itself or a second device sending the push notification may be programmed to either reject or not forward the authentication request. Additionally, using the method of the present invention, enhanced security is provided by requiring the location of the mobile device and the second device to be approximately in the same geographical location.

Abstract: A method for securing a beacon signal in a network comprising a transmitter for broadcasting the beacon signal and one or more receivers for receiving the beacon signal, wherein the beacon signal comprises a data packet (103) including a payload (106) that comprises a first field containing broadcast information from the transmitter and a second field (204) for storing authentication information, the method comprising: computing, using a secret key, a message authentication code over the payload; extracting bytes from the message authentication code to obtain the authentication information; and encrypting the first field using a symmetric cipher which takes as parameter the secret key and a nonce, wherein the nonce comprises the authentication information, the encrypting resulting in an encrypted first field, the resulting secure beacon signal (200) comprising the encrypted first field (203) and the second field (204) with the authentication information.

Abstract: Certain aspects of the present disclosure provide techniques for detecting data errors. A method generally includes receiving a new value as user input for a data field, generating histogram-based approximations of kernel density estimates generated based on valid data and invalid data associated with the data field, determining a likelihood that the new value is a valid value and a likelihood that the new value is an invalid value, computing a likelihood ratio test statistic based on a ratio of the likelihoods, and classifying the new value as valid or invalid based on comparing the likelihood ratio test statistic to a likelihood ratio test threshold.

Abstract: The present disclosure provides details of a system for monitoring an offender during a correctional supervisory program. The system includes an offender communication device that transmit and receive communications via a communication and monitoring center. The offender communication device include a smart phone or tablet that obtains identity information including biometric information from an offender before a communication is transmitted or received. The offender communication device also stores data including metadata, metrics, or content of a communication and transmits the stored data to the communication and monitoring center. The communication and monitoring center transmits and receives communications from the offender communication device and another communication device.

Abstract: A method, system, and apparatus for programming a sensor at a customer location is disclosed. A defective sensor at a customer location is replaced by a new sensor that is programmed at the customer location using a programming device or a transducer coupled to a computing device. The new sensor is programming using the sensor's detector normally used to sense a change in a magnetic field, an RF signal, infra-red light, or some other emission or property.

Abstract: Embodiments of the present disclosure are directed to a network analytic system for tracking and analysis of network infrastructure for network-based digital assets. The network analytic system can detect and track a relationship between assets based on one or more attributes related or shared between any given assets. The network analytic system can analyze network-based digital assets to determine information about a website (e.g., information about electronic documents, such as web pages) that has be used to detect phishing and other abuse of the website. The network analytic system can analyze data about network-based assets to determine whether any are being used or connected to use of unauthorized or malicious activity or known network-based assets. Based on the relationship identified, the network analytic system can associate or link assets together. The network analytic system may provide an interface to view data sets generated by the network analytic system.

Abstract: Certain consumers may not have a credit report and, thus, may not be able to enroll in a credit monitoring service. A credit report monitoring system requests a credit report of consumers that are attempting to enroll in a credit monitoring service. If no credit report is located for the consumer, a credit report of the consumer is automatically periodically requested by the system. When a credit report is later located, the consumer may continue with enrollment in a credit report monitoring service. In this way, the consumer is alerted of the (possibly fraudulent) creation of a credit report and is quickly able to enroll in a credit monitoring service.

Abstract: Architectures, methods and apparatus for providing data services (including enhanced ultra-high data rate services and IoT data services) which leverage existing managed network (e.g., cable network) infrastructure, while also providing support and in 10 some cases utilizing the 3GPP requisite NSA functionality. Also disclosed are the ability to control nodes within the network via embedded control channels, some of which “repurpose” requisite 3GPP NSA infrastructure such as LTE anchor channels. In one variant, the premises devices include RF-enabled receivers (enhanced consumer premises equipment, or CPEe) configured to receive (and transmit) OFDM waveforms via a 15 coaxial cable drop to the premises. In another aspect of the disclosure, methods and apparatus for use of one or more required NSA LTE channels for transmission of IoT user data (and control/management data) to one or more premises devices are provided.

Abstract: A server system is provided for analyzing user interaction in an environment. The server system comprises a memory storing a set of instructions and a processor configured to execute the instructions to perform operations including determine a user has interacted with an item positioned in the environment based on a communication signal received from a hub physically located in the environment indicating an item tag associated with the item is linked with a user tag associated with the user. The server system may identify, based on one or more communication signals received from the hub, at least one metric associated with the user's interaction with the item and compare the at least one metric with a set of rules associated with the type of metric. The server system may provide an indication, based on the comparison, to a display device.

Abstract: An information processing method includes: activating a linkage function from a service of a linkage source to a service of a linkage destination, in response to determining that both of the service of the linkage source and the service of the linkage destination are usable by the contract user; and deactivating use of the linkage function for a login user managed by the contract user, in response to determining that the login user does not have use-permission for using the service of the linkage destination.

Abstract: One or more features of a tracking device can be disabled if the tracking device is lost. A tracking device is associated with a first mobile device, which can remotely control the tracking device via a tracking server. The tracking server receives an instruction from the first mobile device to disable a feature of the tracking device. The tracking server also receives a notification from a second mobile device that the second mobile device is within a communication range of the tracking device. In response to receiving the instruction and the notification, the tracking server transmits the instruction for the tracking device to disable the feature to the second mobile device. The tracking device receives the instruction to disable the feature from the second mobile device. In response to receiving the instruction to disable the feature, the tracking device disables the feature according to the instruction.

Abstract: System, methods, and computer-readable media for a Neutral Host (NH) operation of a 5G radio, whereby a NH operator receives feedback from hosts and determines to partition Physical Resource Block (PRB) resources. Thus, a NH system is provided that enables a third-party to independently operate other channels, whereby individual physical random access channels (PRACH) are operated by independent hosts. The NH system is able to indicate partitioned resources to individual hosts, including PRACH definition and mutually exclusive set of PRBs partitioned between tenants. The hosts operating in the NH system may be operable to implement their own independent schedulers, incorporating host specific logic, that can be configured with the partitioned resources but which may further operate independently of each other.

Abstract: Systems and methods are disclosed for detecting certain online activities associated with a digital identity. A Digital Identity Network may be monitored for potentially fraudulent activities (such as new account openings and certain transactions) related to an enrolled User identification (User ID) without requiring personally identifying information (PII). Corresponding alerts may be generated and sent to inform the associated user of such suspicious activity so that fraudulent account access or transactions may be prevented.

Abstract: A method performed by a network node, for handling User Equipment, UE, capabilities of a UE in a wireless communications network is provided. The network node sends (501) to the AMF node (130), a first indication indicating whether or not the network node (110) has capabilities to store UE capabilities associated with the UE capability ID. The network node receives (502) from an AMF node, a second indication indicating whether or not UE capabilities associated with a capability identity of the UE, UE capability ID, are UE available in the AMF node. The network node decides (503) whether explicit UE capabilities associated with the UE capability ID shall be retrieved from the UE or the AMF node based on the received first and second indication.

Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identify. A server is described that receives a service request to access a secure service provided by another service provider. The server may determine whether an additional secure service is required from a third-party server, and if so, generate a recursive authentication token for delivery to the third-party server. The recursive authentication token is intended to authenticate an identity of the server to the third-party server.

Abstract: A “scannable logo” image contains encoded identity data for the logo brand owner, encoded visual identification characteristics for the logo brand, an encoded GPS data corresponding to manufacturing location for a manufactured item or assembled item, plus additional embodiment dependent data. The image is scanned with the image scanning function of a mobile communication device and the encoded logo brand owner identity data, the encoded visually identifying characteristics for the logo brand, and the encoded GPS location information are decoded with a decoding function. The GPS location information is captured for the mobile communication device with the GPS function of the mobile communication device and compared to the decoded GPS location information. If the decoded information is a geo-proximal match, an authentication application is launched in the computer function of the mobile communication device.

Abstract: A computer-implemented method for providing user data for a user in a cellular network. The method comprises receiving a request for user data from a requesting entity. The method includes providing login credentials associated with the requesting entity to a short message service function (SMSF), and querying the SMSF for user data. The method includes receiving user data in response to the query and parsing the received user data. The method includes converting the received user data to an API response and transmitting the converted user data to the requesting entity.

Abstract: An NFC-enabled apparatus is disclosed. The apparatus includes a touch screen display and a near field communication (NFC) module comprising an NFC antenna and an NFC controller. In response to tagging between the NFC-enabled apparatus and the external NFC terminal, an NFC communication channel is established between the NFC-enabled apparatus and the external NFC terminal for data communication therebetween.

Abstract: Facilitate configuration of authentication information for a service provided over IP network when there is no shared authentication information between IoT device and service provider device for a service used by IoT device, an intermediary device capable of authenticating legitimate access mediates between devices. An example: a cipher key CK stored in intermediary device and IoT device, as a result of SIM authentication of the SIM of the IoT device, is used as master key for services used by IoT device. By generating unique application key for a service used by IoT device on the intermediary device and IoT device on the basis of master key, and sending it to service provider apparatus from intermediary device by secure connection, common keys are set as authentication information to IoT device and service provider apparatus. A SIM authentication process for generating cipher key can suppress SQN attack based on a bad request.

Abstract: An example method of operation may include one or more of identifying an outbound call placed by a mobile device subscribed to a protected carrier network, determining the outbound call is destined for a destination telephone number that was stored in a call history of the mobile device, determining the destination telephone number is a scam call suspect telephone number based on one or more identified call filter parameters associated with the destination telephone number, and forwarding a scam call notification to the mobile device while the outbound call is dialing the destination telephone number.

Abstract: A cloud communication architecture addresses shortcomings of traditional security protocols (e.g., SSL/TLS) in cloud computing, providing security for data-in-transit and authenticity of cloud users (CUs) and cloud service providers (CSPs). The architecture also protects the communication channel against attacks such as man-in-the-middle (MITM) (including eavesdropping, sniffing, identity spoofing, data tampering), sensitive information disclosure, replay, compromised-key, repudiation and session hijacking attacks. The architecture includes a high-performance cloud-focussed security protocol. The protocol efficiently utilizes the strength and speed of features such as symmetric block encryption with Galois/Counter mode (GCM), cryptographic hash, public key cryptography, and ephemeral key-exchange, and provides faster reconnection facility for supporting frequent connectivity and dealing with connection trade-offs. Embodiments have enhanced security against the above-noted attacks, and are superior to TLSv1.

Abstract: A method includes receiving, by an embedded universal integrated circuit card (eUICC), first information from a local profile assistant (LPA), where the first information includes a first certificate issuer (CI) public key identifier, and the first CI public key identifier is a CI public key identifier that the eUICC does not have. The method further includes sending, by the eUICC, second information to an OPS, where the second information includes the first CI public key identifier. The method further includes receiving, by the eUICC, a patch package from the OPS, where the patch package includes at least a first CI public key corresponding to the first CI public key identifier. The method further includes updating, by the eUICC, a CI public key of the eUICC by using the first CI public key.

Abstract: Various embodiments of the present invention relate to an electronic device for providing a service by using a secure element, and an operating method thereof. The electronic device comprises: a processor for acquiring secure state information of the electronic device; and a secure element operating under the control of the processor, receiving the secure state information of the electronic device from the processor, and including a repository for storing the received secure state information of the electronic device, wherein the secure element senses a security-related service request command, acquires the secure state information about the electronic device from the repository, and can process or ignore the sensed security-related service request command on the basis of whether the acquired secure state information of the electronic device satisfies a designated condition. Other embodiments are also possible.

Abstract: Methods and systems for verifying a resource definition include simulating an original resource definition to identify at least one change that is made to the original resource definition by a management service. A signature of a received resource definition is generated, omitting portions of the received resource definition that correspond to the at least one identified change. The signature of the received resource definition is compared to a signature of the original resource definition to find a match and to verify the received resource definition. The received resource definition is implemented, responsive to finding the match.

Abstract: An electronic control unit, which receives a message and a freshness value given to the message via a connectionless communication, includes a storage unit storing a freshness value list, which indicates a predetermined number of freshness values in a descending order from a reference value, which is a largest freshness value among the freshness values received in a past. The electronic control unit compares a received value, which is the received freshness value, with the freshness value list to provide a verification result, and updates the freshness value list so as to hold the received value in response to the verification result indicating that (i) the received value is not larger than the reference value and not smaller than a permissible value which is a smallest freshness value in the freshness value list, and (ii) the received value is not in the freshness value list.

Abstract: Authentication of a networked device with limited computational resources for secure communications over a network. Authentication of the device begins with the supplicant node transmitting a signed digital certificate with its authentication credentials to a proxy node. Upon verifying the certificate, the proxy node then authenticates the supplicant's credentials with an authentication server accessible over the network, acting as a proxy for the supplicant node. Typically, this verification includes decryption according to a public/private key scheme. Upon successful authentication, the authentication server creates a session key for the supplicant node and communicates it to the proxy node. The proxy node encrypts the session key with a symmetric key, and transmits the encrypted session key to the supplicant node which, after decryption, uses the session key for secure communications. In some embodiments, the authentication server encrypts the session key with the symmetric key.

Abstract: In some implementation, a device may execute a web-browsing application installed on the device. The device may scan, by a near-field communication (NFC) reader of the device and in connection with the web-browsing application, an NFC tag of an interaction card associated with an account of a user. The device may receive, from the interaction card, data associated with the account of the user. The device may store the data as coded data in the web-browsing application. The device may generate a uniform resource locator (URL) associated with a partial application having reduced functionality. The URL may include one or more URL parameters containing the coded data. The device may launch the partial application based on a user interaction with a hyperlink associated with the URL. The partial application may parse the URL parameter(s) and may decode the coded data to be used by the partial application.

Abstract: A network node selectively encrypts messages between a user plane node and a control plane node in a network system. The user plane node and the control plane node negotiate a connection and indicate an encryption level for the connection. The encryption level is selected from an Information Element (IE) level, a message level, or a feature level. The user plane node and the control plane node selectively encrypt at least a portion of the messages between the user plane node and the control plane node based on the encryption level for the connection.

Abstract: A method and a device for performing communication by using a virtual subscriber identity module are used to provide a mode in which the device can perform communication without a SIM card. The method includes: receiving, by a first device, a virtual subscriber identity module data package sent by a second device by using a short range communications protocol, where the virtual subscriber identity module data package carries a virtual subscriber identity, and the virtual subscriber identity is used to uniquely identify a user using the first device when the first device performs communication in a network provided by a mobile communications operator; obtaining, by the first device, the virtual subscriber identity by using the virtual subscriber identity module data package; and communicating, by the first device by using the virtual subscriber identity, with another device in the network provided by the mobile communications operator.

Abstract: Apparatuses that provide for secure wireless communications between wireless devices under cover of one or more jamming signals. Each such apparatus includes at least one data antenna and at least one jamming antenna. During secure-communications operations, the apparatus transmits a data signal containing desired data via the at least one data antenna while also at least partially simultaneously transmitting a jamming signal via the at least one jamming antenna. When a target antenna of a target device is in close proximity to the data antenna and is closer to the data antenna than to the jamming antenna, the target device can successfully receive the desired data contained in the data signal because the data signal is sufficiently stronger than the jamming signal within a finite secure-communications envelope due to the Inverse Square Law of signal propagation. Various related methods and machine-executable instructions are also disclosed.

Abstract: An Internet Key Exchange protocol message indicating a first Internet Protocol Security traffic flow is to be established via a first device is obtained at the first device. The Internet Key Exchange protocol message is forwarded from the first device to a second device. An encryption key used to transmit traffic via the first Internet Protocol Security Traffic flow is received at the first device from a key value store. The key value store is populated with the encryption key in response to the second device obtaining the Internet Key Exchange protocol message. A first data packet to be transmitted via the first Internet Protocol Security traffic flow is obtained at the first device. The first device provides the first data packet encrypted with the encryption key of the first Internet Protocol Security traffic flow.

Abstract: Methods and systems are provided for providing a mobile communications device with access to a provider with a plurality of security levels. The security state of the device varies according to severity levels of device security events. The mobile communications device generates data regarding security events and provides the data to the provider, which compares that security state to a policy associated with the provider. The mobile communications device is allowed to access to a provider service where the device's current security state meets or exceeds the security state required for the provider service.

Abstract: A communication system is disclosed. The communication system includes a first core network that is mobile, and a radio access network, which includes a first central unit and one or more distributed units. The first central unit includes a first router containing a multi-level security guard configured to route user plane data and control plane data to the first core network. The first central unit further includes a transceiver, a control plane interface coupled to the core network, and a second router configured to communicate user plane data and control plane data to one or more first distributed units. The central unit configures at least one network function of radio resource control (RRC). The one or more distributed units configures at least one network function of packet data convergence protocol (PDCP), radio link control (RLC), medium access control (MAC), and physical link (PHY) network functions.

Abstract: In a process for adding a base station as a secondary base station, and for example in 5 response to a UE Context Setup Request or a UE Context Modification Request, a distributed unit of a base station selects a feature set, and informs a central unit of the base station of the selected feature set.

Abstract: A method of blockchain-based data management of distributed binary objects includes identifying a binary object to be stored in a first data store. The method further includes encrypting, by a processing device, the binary object using a cryptographic function of a blockchain to generate an encrypted binary object. The method further includes storing the encrypted binary object in the first data store. The method further includes storing a reference to the encrypted binary object on the blockchain.

Abstract: Disclosed are various embodiments for interfaces for creating radio-based private networks. In one embodiment, a request is received via an interface to create a radio-based private network for a customer. The request indicates a quantity of wireless devices that will connect to the radio-based private network. A quantity of radio units to serve the radio-based private network is determined based at least in part on the quantity of wireless devices. The radio units are preconfigured to implement a radio access network for the radio-based private network. A shipment is initiated to the customer of the radio units that have been preconfigured. Resources in a cloud provider network are provisioned to function as a core network for the radio-based private network.

Abstract: Methods and apparatus for detecting and handling evil twin access points (APs). The method and apparatus employ trusted beacons including security tokens that are broadcast by trusted APs. An Evil twin AP masquerades as a trusted AP by broadcasting beacons having the same SSID as the trusted AP, as well as other header field and information elements IE in the beacon frame body containing identical information. A sniffer on the trusted AP or in another AP that is part of a Trusted Wireless Environment (TWE) receives the beacons broadcasts by other APs in the TWE including potential evil twin APs. The content in the header and one or more IEs in received beacons are examined to determine whether a beacon is being broadcast by an evil twin.

Abstract: A cloud server collects and stores context data from mobile devices. Data collected for a mobile device is compared to the historical data. A security policy is selected for the mobile device based on the comparison. The selected policy is deployed to the mobile device. A status of the deployment is tracked by the cloud server.

Abstract: Methods and apparatus for detecting and handling evil twin access points (APs). The method and apparatus employ trusted beacons including security tokens that are broadcast by trusted APs. An Evil twin AP masquerades as a trusted AP by broadcasting beacons having the same SSID as the trusted AP, as well as other header field and information elements IE in the beacon frame body containing identical information. A sniffer on the trusted AP or in another AP that is part of a Trusted Wireless Environment (TWE) receives the beacons broadcasts by other APs in the TWE including potential evil twin APs. The content in the header and one or more IEs in received beacons are examined to determine whether a beacon is being broadcast by an evil twin.