Abstract: Authentication of a networked device with limited computational resources for secure communications over a network. Authentication of the device begins with the supplicant node transmitting a signed digital certificate with its authentication credentials to a proxy node. Upon verifying the certificate, the proxy node then authenticates the supplicant's credentials with an authentication server accessible over the network, acting as a proxy for the supplicant node. Typically, this verification includes decryption according to a public/private key scheme. Upon successful authentication, the authentication server creates a session key for the supplicant node and communicates it to the proxy node. The proxy node encrypts the session key with a symmetric key, and transmits the encrypted session key to the supplicant node which, after decryption, uses the session key for secure communications. In some embodiments, the authentication server encrypts the session key with the symmetric key.

Abstract: Embodiments of the present disclosure are directed to a network analytic system for tracking and analysis of network infrastructure for network-based digital assets. The network analytic system can detect and track a relationship between assets based on one or more attributes related or shared between any given assets. The network analytic system can analyze network-based digital assets to determine information about a website (e.g., information about electronic documents, such as web pages) that has be used to detect phishing and other abuse of the website. The network analytic system can analyze data about network-based assets to determine whether any are being used or connected to use of unauthorized or malicious activity or known network-based assets. Based on the relationship identified, the network analytic system can associate or link assets together. The network analytic system may provide an interface to view data sets generated by the network analytic system.

Abstract: An interface device may provide a first wireless network and a second wireless network in a user's premise. The interface device may encourage some user devices to connect to the second wireless network without controlling the user devices. For example, the interface device may receive a request from a device to access its first wireless network. The interface device may then determine whether the device is a premise device by, for example, searching a database of device registration information. The interface device may determine that the device is a premise device and deny the request to access the first wireless network. The device may then be available to access the second wireless network.

Abstract: The described embodiments set forth techniques for transferring an electronic subscriber identity module (eSIM) with the same integrated circuit card identifier (ICCID) value from a source mobile wireless device to a target mobile wireless device directly with a mobile network operator (MNO) provisioning server. The target mobile wireless device downloads the eSIM from the MNO provisioning server after deletion of the eSIM on the source mobile wireless device and reassignment of the eSIM with the same ICCID value to the target mobile wireless device.

Abstract: A pipeline intruder locator system is provided. The pipeline intruder locator system comprises a comprehensive mapping system, such as fiber-optic sensors and satellite surveillance, to delineate the entire pipeline right of way (ROW). Equipped with sensors, the mapping system detects unauthorized presence within the ROW, tags the intruder, and assigns a unique identification number to each intruder detected. A follow-on locator system continues to track the intruder's movements inside or outside the ROW in real-time using geolocation technologies. This real-time tracking information is transmitted to security agencies for prompt action, allowing for the effective arrest and prosecution of the intruders.

Abstract: The subject matter describes devices, networks, systems, media, and methods to create secure communications between wireless devices and cellular networks, where the wireless devices communicate with the cellular networks via multi-hopping methods in wireless networks.

Abstract: A method to establish and activate an MA PDU session for data transmission over a selected access is proposed. UE initiates a UE-requested PDU session establishment procedure. Once the UE receives a PDU SESSION ESTABLISHMENT ACCEPT message with ATSSS container IE, the UE can consider the MA PDU session has been activated and user plane resources are successfully established on the selected access. A method to convert an SA PDU session to an MA PDU session for data transmission over a selected access is proposed. UE initiates a UE-requested PDU session modification procedure. Once the UE receives a PDU SESSION MODIFICATION COMMAND message with ATSSS container IE, the UE can consider the MA PDU session has been converted from the SA PDU session and user plane resources are successfully established on the selected access.

Abstract: One or more features of a tracking device can be disabled if the tracking device is lost. A tracking device is associated with a first mobile device, which can remotely control the tracking device via a tracking server. The tracking server receives an instruction from the first mobile device to disable a feature of the tracking device. The tracking server also receives a notification from a second mobile device that the second mobile device is within a communication range of the tracking device. In response to receiving the instruction and the notification, the tracking server transmits the instruction for the tracking device to disable the feature to the second mobile device. The tracking device receives the instruction to disable the feature from the second mobile device. In response to receiving the instruction to disable the feature, the tracking device disables the feature according to the instruction.

Abstract: A system, method, and computer-readable medium are disclosed for providing auditability of a distributed ledger technology (DLT) of de-identified data of entities, stored in the DLT. In certain embodiments, data related to an entity is de-identified. The de-identified data is stored in the DLT. Access to the de-identified data is determined. Instances of access to the de-identified data is recorded to the DLT. In certain embodiments, information used to re-identify the de-identified data is store on the DLT. Access to the information can also be determined and recorded to the DLT.

Abstract: A container includes a body. The body has a cavity for storage of cargo. The container includes a transceiver coupled to the body. The container also includes processing circuitry coupled to the body and the transceiver. The processing circuitry is configured to, subsequent to determination of a route for delivery of first cargo, detect a re-route condition. The processing circuitry is configured to, in response to detection of the re-route condition, determine an updated route for delivery of the first cargo. The processing circuitry is also configured to send a command to cause the transceiver to transmit a signal to cause the container to be deployed from a first location to a second location of the updated route.

Abstract: Novel tools and techniques are provided for implementing data and source validation for equipment output data and/or for equipment failure predict. In various embodiments, in response to receiving a first request for first data that is output by first equipment, a computing system might retrieve and analyze the first data to determine whether the first data can be trusted. If so, the computing system might send the first data to the requesting device. If not, the computing system might send a second request for identifying a blockchain containing a block containing a copy of the first data. In response to the blockchain system identifying such a blockchain, the computing system might receive the identified blockchain; might abstract the block containing the copy of the first data from the identified blockchain; might abstract the first data from the block; and might send the first data to the requesting device.

Abstract: A head-mounted device (HMD) of a first user has a transparent display. The HMD determines location information of a second user relative to the HMD of the first user. The second user is located within a predefined distance of the HMD. The location information identifies a distance and a direction of the second user relative to the HMD. The HMD receives audio content from the second user, generates augmented reality (AR) content based on the audio content, and displays the AR content in the transparent display based on the location information of the second user. The AR content appears coupled to the second user.

Abstract: A communication method and a communications device, where the communication method includes: When a user equipment roams from a first network to a second network, a first core network device receives a first request, where the first request is a user authentication request or an authentication data request, where the first request carries an authentication vector request indication, where the second network is a 5G standalone network, where the first network is a 5G non-standalone network, and where the first core network device is in the first network. The first core network device generates an authentication vector quintet based on the authentication vector request indication, where a 0th bit of an authentication management field in the authentication vector quintet is set to 1. The first core network device sends a response to the first request, where the response to the first request carries the authentication vector quintet.

Abstract: Provided are a method and an apparatus for authenticating a terminal, a computer device, and a storage medium. The method includes: receiving an authentication request of a request terminal including a first media access control address and a first message integrity code of the request terminal; determining a target key-value pair from key-value pairs based on the first media access control address, and determining at least one first preshared key corresponding to the first media access control address from the target key-value pair, the media access control address in any of the key-value pairs being a historical successfully-authenticated address; generating a second message integrity code corresponding to each of the at least one first preshared key, one first preshared key corresponding to one second message integrity code; and authenticating the request terminal based on the first message integrity code and the at least one second message integrity code.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may relay sidelink data between a first remote UE and a second remote UE. The UE may facilitate end-to-end physical layer security for the sidelink data relayed between the first remote UE and the second remote UE based at least in part on a first link key associated with a first link between the first remote UE and the UE and a second link key associated with a second link between the UE and the second remote UE. Numerous other aspects are described.

Abstract: A television receiver may present live television programming along with a sports gaming interface that indicates various betting options that are selectable by a television viewer via a remote control. The television receiver may receive a selection of a betting option presented in the sports gaming interface. A request may then be sent to a mobile device of the television viewer. The television receiver may in response to the selection, transmit a bet identifier of the selected betting option and an account identifier to the television service provider system. After a user has funded the bet and completed the transaction via a mobile device, the sports gaming interface may indicate the active bet.

Abstract: A display method according to one or more aspects may be a method used in a sample analyzer comprising holders configured to hold reagent containers of reagents used for an analysis of a sample. The display method may include: displaying, on a display unit, icons respectively associated with the holders; receiving selection of icons from the icons displayed on the display unit; and receiving an instruction for a predetermined operation relevant to the selected icons.

Abstract: A communication method and system for converging a 5th generation (5G) communication system for supporting higher data rates beyond a 4th generation (4G) system with a technology for Internet of things (IoT) are provided. The communication method and system include intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method of a user equipment (UE) for performing a vehicle-to-everything (V2X) sidelink communication is provided.

Abstract: A system and method for determining physical locations associated with activities detected on mobile devices is disclosed. The method includes accessing at least one enterprise rule set which is based on a plurality of security vulnerability events, and for monitoring at least one application used on the mobile devices. Device data indicative of one or more actions performed on a mobile device and a time associated with each action is used to detect whether actions performed on the mobile device breach a rule of the enterprise rule set. Geolocation information associated with the mobile device at the time associated with the breach is received based on an identifier associated with the mobile device or with wireless network access points in range of the mobile device. The received geolocation information, enterprise rules, and device data is used determine if a security vulnerability is associated with the mobile device.

Abstract: The described technology is generally directed towards an automated security hangar for private cellular networks. In response to detecting that a user equipment is departing a geographic area served by a private cellular network, the user equipment can encrypt its data and send it to a private cellular network server. The server can receive and securely store the encrypted data, and the server can provide a code to the user equipment. The user equipment can store the code, disconnect from the private cellular network, and depart the geographic area. When the user equipment returns to the geographic area and reconnects to the private cellular network, the user equipment can present the code to the server. The server can validate the code, the user equipment, and/or the operator of the user equipment, and the server can return the encrypted data to the user equipment.

Abstract: Apparatuses, methods, and systems for coordinating satellite and terrestrial base station resource block suppression are disclosed.

Abstract: Embodiments of the present disclosure are directed to systems and methods for group-based filtering of user devices on a wireless network. Upon a request from a user device to access a requested network service, a device specific identifier associated with the user device is used to determine one or more groups associated with the user device. Based on any access restrictions for the one or more groups associated with the user device, the requested network service may be selectively authorized or provided.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a cellular modem may transmit, to an applications processor, an indication to use a non-Third Generation Partnership Project (non-3GPP) interworking function (N3IWF) for non-access stratum (NAS) signaling. Accordingly, the cellular modem may establish a first virtual interface with the applications processor. The cellular modem may further perform an Internet Key Exchange (IKE) procedure with a core network using the first virtual interface and the N3IWF and transmit a key generated during the IKE procedure to the applications processor. Numerous other aspects are described.

Abstract: Aspects disclosed herein facilitate security handling of 5GS to EPC reselection are disclosed herein. An example method at a UE includes transmitting a first TAU request, the first TAU request encoded using a first security context associated with a first RAT, the first TAU request being integrity protected using a first uplink count based on the first security context, and the first TAU request including a first set of information including an identifier mapped to a second RAT associated with the first network entity. The example method also includes transmitting a second TAU request, the second TAU request including the first set of information, the second TAU request being integrity protected using a second uplink count. The example method also includes communicating based on a mapped security context based on the first security context and at least one of the first uplink count or the second uplink count.

Abstract: Systems and methods for tracking mobile devices are provided. One system comprises at least one processor and memory storing code which when executed by the at least one processor configure the at least one processor to perform a method of tracking a mobile device. The method comprises receiving a disassemble international mobile subscriber identity (IMSI) attach message from a base station, identifying the identified mobile device within a location area using the IMSI and LAI, receiving a decode and capture message from the base station, and identifying the unidentified mobile device as being the identified mobile device within the location area. The disassemble IMSI attach message includes an IMSI and a location area identity (LAI) associated with an identified mobile device. The decode and capture message includes a temporary mobile subscriber identity (TMSI) and LAI associated with an unidentified mobile device.

Abstract: A computer implemented method of selective transmission of a communications message from a home telecommunications network to a visited telecommunications network for delivery to a subscriber device roaming via the visited network includes receiving the message at the home network; identifying a communications component of the visited network to which the messages is to be routed; defining an input vector for a classifier, the input vector encoding parameters of the communications component; executing the classifier to classify the communications component to determine a reliability state of the communications component; and forwarding the message to the communications component of the visited network for delivery to the subscriber device in dependence on the classified reliability state.

Abstract: Methods and systems for managing AMF re-allocation is provided. The method for managing AMF reallocation during UE registration procedure with a 5G network comprises: determining if the first AMF may send a routing assistance information to the UE, on the first AMF determining that the first AMF is not a right AMF to serve the UE; sending a routing assistance information, to the UE, as response to a first registration request message; receiving routing assistance information from the first AMF; sending a second registration request message to a 5G RAN of the 5G network comprising a portion of content included in the routing assistance information; and routing the second registration request message to a second AMF of the 5G network, wherein the second AMF is determined by the 5G RAN based on the portion of content included in the routing assistance information.

Abstract: Systems and methods for dynamically encrypting requests in accordance with embodiments of the invention are disclosed. In one or more embodiments, a computer-implemented method includes obtaining an updated private key been issued for a third-party service, storing, in a caching system, a routing entry comprising a security token for the third-party service, receiving a request to access the third-party service, and redirecting the client device to the third-party service.

Abstract: Unauthorized tracking devices, including those that change their identification information periodically, are detected to protect an individual's privacy. A mobile device of a user detects a first advertisement signal from an unknown wireless device, the first advertisement signal containing information representative of the unknown device. Multiple advertisement signals may be received as the mobile device moves a distance greater than a broadcast range away from the location where the first signal was detected. Responsive to detecting a second advertisement signal containing the same identity information after the mobile device has moved at least the distance greater than the broadcast range away from the location where the first signal was detected, the system generates an interface on the mobile device. The generated interface indicates to a user of the mobile device the presence of an unknown device.

Abstract: Embodiments described herein relate to wireless communications, including methods and apparatus for configuring synthetic electronic subscriber identity module (eSIM) profiles for wireless devices based on user credentials. A synthetic eSIM profile is generated at a wireless device based on transformation of user credentials that include a user identity and user cryptographic information. The user identity can include an identifier for a user account, and the user cryptographic information can include a password for the user account. The wireless devices can use the synthetic eSIM profile to obtain and load one or more fully functional eSIM profiles to an embedded universal integrated circuit card (eUICC) to without requiring a bootstrap eSIM profile or non-cellular wireless access.

Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.

Abstract: Disclosed are various embodiments for preventing unauthorized access to materials presented in a meeting room. In one example, a system comprises a computing device that is configured to identify a list of invited users for a meeting occurring in a meeting room and to detect a client device of an uninvited user that has entered the meeting room. An uninvited user notification is transmitted to a remote computing device. A suspension command is received for the meeting room from the remote computing device based on the uninvited user notification. The computing device is configured to enforce a suspension action on a meeting room device located in the meeting room based on the suspension command.

Abstract: The present disclosure may be related to a pre-5G or 5G communication system to be provided for supporting higher data rates Beyond 4G communication system such as LTE. A method, for a UE in a network comprising the UE and an AMF entity, is disclosed. The method comprises: transmitting, to the AMF, a control plane service request (CPSR) message comprising data of a first type, receiving, from the AMF, a security mode command message indicating that an integrity check related to the CPSR message has failed, in response to receiving the security mode command message, identifying whether the CPSR message comprises the data of the first type including data of a second type, or the CPSR message comprises the data of the first type excluding the data of the second type, and transmitting the CPSR message excluding the data of the first type except the data of the second type.

Abstract: A device includes a link layer configured to use a first link layer address and a second link layer address, maintain the first link layer address unchanged for a duration of an association of the device with a wireless network, and change the second link layer address from a first value to a second value during the duration.

Abstract: Systems, methods, and computer program products are provided for automatically assigning resource permission levels. The method includes assigning a user to a user group based on one or more job characteristics. The user group includes one or more users associated with a common job type. The method also includes determining a resource permission level for one or more resources based on the user group of the user. Each of the users in a user group receive the same resource permission level for at least one of the one or more resources. The method further includes allowing the user access to one or more resources on a user device associated with the user.

Abstract: A method for use in a wireless communication system comprising a transmitter and a receiver, the method comprising receiving, in the receiver, data comprising a plurality of channel-distorted synchronization codes and plurality of channel-distorted cipher codes, generating a receiver cipher sequence at the receiver, the receiver cipher sequence comprising a plurality of receiver cipher codes, analysing the received data to identify correlations between the plurality of channel-distorted cipher codes in the received data and the plurality of receiver cipher codes, accumulating the identified correlations as accumulator data in an accumulator, identifying one or more peaks in the accumulator data, identifying a first correlation peak in the accumulator data that meets one or more criteria and using the first correlation peak to identify the first path of a data packet from the transmitter.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. Embodiments disclose a method and system for handling a network slice specific authentication and authorization (NSSAA) process in a wireless network system.

Abstract: Methods and systems can protect information shown on a screen of a device. A user associated with the device can be authenticated, e.g., using photo identification of the user. In response to authenticating the user, data can be displayed on the device. A camera associated with the device can be automatically activated to take one or more images in response to a triggering event, a predetermined time interval, or randomly generated time intervals. An enhanced privacy environment is detected by analyzing the one or more images to identify that there are more than a threshold number of faces or people in the picture, or by identifying that the user is not in the picture based on a comparison of the picture to the photo identification of the user. In response to detecting the enhanced privacy environment, a privacy mode is enabled. The privacy mode can include various security measures such as concealing sensitive content or providing various security notifications.

Abstract: An unauthorized communication prevention system includes a communication device that is arranged in an operation subject and configured to wirelessly communicate with a terminal. The system further includes a notification unit that transmits unique authentication information of the operation subject when the terminal and the communication device establish communication; a checking unit that checks, with the authentication information, whether the terminal and the operation subject are a proper pair; and an actuation unit that performs a process for determining a positional relationship of the terminal relative to the operation subject in accordance with a check result of the checking unit.

Abstract: An access control system and a method for operating an access control system are provided. The access control system includes an access control device. The method provides a step for initiating the transmission of the advertising signal by a communication module of the access control device, the advertising signal being received by a mobile device. The method provides a step for automatically receiving an access credential from the mobile device to the communication module of the access control device. The method provides a step for comparing, in an authentication module, the access credential with an authorized access credential (e.g., stored in a memory of the access control device).

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media for a platform orchestrator to use verified add-on resources. One of the methods includes receiving, by a platform orchestrator, an add-on resource API command that references an add-on resource installed on one or more software platforms launched by the platform orchestrator. A request to execute the add-on resource API command is provided to a platform controller of a software platform of the one or more software platforms launched by the platform orchestrator. The add-on resource API command is executed including identifying one or more instances of the add-on resource referenced by the add-on resource API command that are executed as workloads on the software platform launched by the platform orchestrator.

Abstract: There is provided a method for handling a service request. The method is performed by a first service communication proxy (SCP) node. If no response is received from a second network function (NF) node of a service producer to a first request transmitted towards the second NF node via the first SCP node, where the first request is for the second NF node to execute a service requested by a first NF node of a service consumer, transmission of information is initiated towards the first NF node. The information is indicative that no response is received from the second NF node to the first request.

Abstract: A card registry system is configured to automatically identify financial card information in one or more credit files associated with a consumer and populate a card registry account of the consumer with the identified financial card information. Once the financial card information has been obtained from the credit file(s), the card registry system may transmit cancellation and/or reissuance requests to the respective card issuers in the instance that one or more cards are compromised, so that the financial cards may be easily and efficiently cancelled and/or reissued at the request of the consumer.

Abstract: Methods and systems for offload of data from a wireless sensing device to a gateway device. A certificate that is generated by the management server in response to a determination that the gateway device is associated with a wireless sensing device is received during an initial connection with the management server. In response to confirming, based on the certificate, that the gateway device is authorized to connect to the wireless sensing device, the certificate is transmitted to the wireless sensing device; and data is received from the wireless sensing device in response to confirming that the wireless sensing device is authorized to connect with the gateway device based on the certificate.

Abstract: This application provides a communication method and a communications device. The method includes: A first device receives a first message sent by a second device. The first message is used to indicate a bearer configuration of a bearer of the first device and an initial status of the bearer configuration, and the bearer configuration includes a first bearer configuration and/or a second bearer configuration. The first device determines the bearer configuration and the initial status of the bearer configuration based on the first message. According to the technical solutions in embodiments of this application, a bearer configuration of a terminal device and an initial status of the bearer configuration of the terminal can be indicated. Because both the bearer configuration of a bearer of the terminal and the initial status of the bearer configuration of the terminal are indicated, communication efficiency is improved.

Abstract: In some implementations, a user device may receive, from a first other device, a first message, wherein the first message includes information indicating an event associated with an account of a user of the user device. The user device may provide, based on receiving the first message, a virtual keyboard for display on a display screen of the user device. The user device may obtain, based on providing the virtual keyboard, particular input. The user device may send to a second other device, and based on the particular input, a second message, wherein sending the second message is to cause the second other device to perform one or more actions associated with the event that is associated with the account of the user.

Abstract: A system comprising a first computing device operated by a first driver, a second computing device operated by a second driver, and a server is disclosed. The server may determine one or more characteristics of the first driver based on at least one of listening preferences or telematics data of the first driver. Based on the one or more characteristics of the first driver, the server may assign the first driver to a conference. The server may receive a request from the second computing device for the second driver to participate in conferencing. The server may determine that the second driver has at least one characteristic that matches one of the one or more characteristics of the first driver and may assign the second driver to the conference with the first driver. The server may bridge the first driver and the second driver in the conference.

Abstract: Systems and methods for enhancing the Connectivity Fault Management (CFM) protocol defined in IEEE 802.1Q are provided. In particular, the enhancements include adding a security or safety feature to prevent malicious attacks. A method, according to one implementation, includes the step of operating a Network Element (NE) in a safety mode associated with a link connectivity protocol (e.g., CFM) that involves receiving one or more messages used for detecting link connectivity issues of an Ethernet service in a section of a network and responding to the link connectivity issues. In response to receiving the one or more messages used for detecting link connectivity issues while operating the NE in the safety mode, the method includes the step of storing the one or more messages as one or more untrusted messages in an isolated database of the NE without processing information in the one or more untrusted messages.

Abstract: A system and method for purchasing lottery tickets via a client computing device. A user may access a purchase module via a client computing device and select lottery tickets and lottery numbers to purchase from available lotteries in their state. The user may be notified of the results by the purchase module or a results module. Once notified, the user may withdraw their winnings or use the winnings to purchase lottery tickets future drawings.

Abstract: The disclosed technology is directed towards detecting suspected malicious activity involving mobile devices and subscriber identity module (SIM) cards, including discerning benign SIM swap events from likely malicious SIM swap events. In one example, call detail records, radio access network events and billing events are collected and analyzed to detect subscriber identity module swap events between mobile devices. Based on the collected data and related data sources SIM swap events are classified as benign or suspected malicious classifications. Malicious classifications can result in information representative of the suspected as malicious classification being output, e.g., as a type of fraudulent activity. A confidence level can be associated with classification output data, including for types of fraudulent activities and types of benign activities.