Abstract: The embodiments described herein recite a geo-location based community of interest (COI) system and method which add the capability to configure Network Connect Devices (NCD) to identify the location of the source and destination IP addresses. The NCDs would then drop any packets that are destined to an IP address outside of its predefined radius. For any sent/received packets, the geo-location position of the remote IP-address on the wide area network (WAN) may be determined. The distance between two points on the earth given their latitudes and longitudes of the devices may be determined. If the distance is greater than the predefined range, the data packets may be denied. If the distance falls within the pre-determined range, the data packets are allowed to reach their destination.

Abstract: The exemplary embodiment relates to a system and method for restricting the disclosure of information employing a mobile terminal, which restricts the disclosure of information using a mobile terminal. In an aspect, the exemplary embodiment provides a mobile terminal, including a short-range communication module performing the short-range communication channel, memory storing authorization information for allowing access to unaccessible information stored in the information device, and a controller transmitting the authorization information through the short-range communication module.

Abstract: A method of detecting a transmitting device within an obstruction rich environment is disclosed. The method may involve detecting the transmitting device with a wireless transmission detection facility; communicating signal information relating to the detected transmitting device from the wireless transmission detection facility to a central unit; determining the location of the transmitting device; displaying information of the detection and location of the transmitting device through a user interface; and providing an action facility for causing actions related to the detected transmitting device.

Abstract: A system and method for recognizing patterns in wireless device locations using wireless device location data derived from a communications signaling network is provided. By using wireless network supported signaling operations and messages, location data concerning the whereabouts of wireless devices, and hence wireless device users, may be obtained. The location data derived from the communications signaling network may be statistically analyzed to reveal potential geographic patterns that may indicate meaningful behaviors of the purported users of the wireless devices.

Abstract: A public wireless access point network includes authorized access points sharing the same SSID and connected to a network core which implements centralized authentication so that wireless client devices can roam between authorized access points. Each authorized access point is adapted to detect the presence of unauthorized rogue access points posing as authorized access points. The authorized access points inspect data packets received from wireless client devices which have roamed into range and from the addressing information in the MAC layer and IP layer can determine whether the wireless device has previously connected to a rogue access point. If such a determination is made, the user of the device is alerted that their confidential information may have been compromised.

Abstract: A computer implemented method can determine validity of web-based interactions. Web-based interaction data relating to a web-based interaction may be accessed. The web-based interaction data may include aggregate measure data that may include a number of unique queries per web-based session. The validity of the web-based interaction may be determined based on the aggregate measure data.

Abstract: A number inventory system is disclosed. The number inventory system manages the relationships between SIM cards, IMSI numbers, and MSISDN for a mobile telecommunications service provider. The number inventory system provides the software and hardware for receiving SIM card inventory data, including associated IMSI numbers, and efficiently stores the SIM card inventory data in a database. The number inventory system further provides for the opening of a range of available MSISDN. SIM cards, IMSI and MSISDN may be assigned to customer orders, and the number inventory system manages the associations between IMSI numbers and MSISDN and monitors the status of SIM cards, IMSI numbers and MSISDN. The number inventory system may also manage an MSISDN classification system for identifying MSISDN numbers having various desirable sequence characteristics.

Abstract: An approach is provided for determining that a device has been placed on a hold status during a communication session, wherein hold media is presented to the device during the hold status. The approach involves determining that the device and/or the communication session is registered for a hold music service that provides media from a content provider. The approach also involves requesting personalized media from the content provider. The approach further involves presenting the personalized media to the device as the hold media during the hold status.

Abstract: Certain aspects direct to systems and methods for securing an internet of things (IoT) based entrance for a designated area with multi-factor authentication. The system includes an IoT based entrance having an IoT device, which stores a secret key for generating a time-based password. An authenticated identification device may also have the same secret key. When the IoT device receives a request from an identification device to establish a secured connection, the IoT device first verifies the wireless address of the identification device. Once the wireless address is verified, the IoT device establishes the secured connection with the identification device through the wireless network. Then the IoT device uses the secret key and a current access time to generate the time-based password, and receive a second time-based password from the identification device through the secured connection. If both time-based passwords match each other, the identification device is authenticated.

Abstract: The invention creates a mobile station comprising a mobile end device (ME) with a secured runtime environment (TEE) and a removable or firmly implemented security element (SE), with an end device send server (TEE-TSM) arranged in the security element (SE), which is arranged to send to the secured runtime environment (TEE) end device messages which can be received by the secured runtime environment (TEE). The end device messages are sent by a trusted service manager (SE-TSM), which is provided for the security element (SE), to the security element (SE), thereby higher efficiency being guaranteed at maintained security.

Abstract: A mobility management entity (MME) receives a request for a key to establish a security context for communication between a base station and a user equipment in response to the user equipment requesting connectionless service with the base station. In response to receiving the request, the MME transmits a cookie to identify the security context stored by the base station.

Abstract: A communication apparatus includes a communication unit that connects with an external device in a one-to-one relationship, the external device storing certificate information required for connection with a network; an acquisition unit that acquires the certificate information from the external device connected with the communication unit; and a connection request unit that sends a request for connection with the network to a communication management device, the request including the certificate information acquired by the acquisition unit, so that the communication management device determines whether to permit the connection with the network in response to the request received from the communication apparatus.

Abstract: This disclosure relates to authenticating and providing transport security over unsecured IP networks to network subscribers. The system includes an authentication service that authenticates network subscribers. The authentication service can dynamically define expiry times for network authentication.

Abstract: Various embodiments include a method for binding a secure software application to a mobile device wherein the mobile device includes a processor and a subscriber identity module (SIM) card, including transmitting, by the processor, an authentication challenge to the SIM card; receiving an authentication response from the SIM card; verifying the authentication response from the SIM card; and enabling the secure software application when the authentication response from the SIM card is verified.

Abstract: When authorized, a user of a computing device, such as a smart phone, may place a communication using an originating number that is different from the number assigned to the computing device. An IMS application server that handles requests for the computing device associated with the originating number is notified when the telephone number assigned to the computing device is used by a different computing device. The notification to the IMS application server might include, but is not limited to device information, location information, and the like. After being notified of the communications terminated by other computing devices that are associated with the device number, accurate call records may be provided regarding the communications involving the originating number.

Abstract: It is provided an apparatus, comprising CSG (closed subscriber group) determining means adapted to determine one of plural CSG types to which the apparatus belongs, based on a CSG entry stored by the apparatus, wherein the plural CSG types are related to a closed subscriber group advertisement received from a cell of a base station; selecting means adapted to select one of plural EAB (extended access barring) parameter sets based on the determined one of the plural CSG types, wherein the plural EAB parameter sets are received from the cell and wherein each of the plural EAB parameter sets is related to one of the plural CSG types; applying means adapted to apply extended access barring to an access of the apparatus to the cell based on the selected EAB parameter set.

Abstract: A first terahertz storage device and a second terahertz storage device may be placed within an effective distance to each other, and, by connection and pairing between the first terahertz storage device and the second terahertz storage device, data in the first terahertz storage device may be transmitted to the second terahertz storage device via a terahertz wireless signal. Accordingly, rapid and secure transmission of data is facilitated between two storage devices. Transmission and exchange of data is, thereby, facilitated in a scenario in which a transmission medium cannot be released.

Abstract: A communication system according to the present invention includes a plurality of terminal devices that are able to communicate mutually. Each of the terminal devices includes a voice input conversion device, a voice transmitting device, a voice receiving device, and a voice reproducing device. When there is a plurality of voice signals which has not been completed reproduction, the voice reproducing device reproduces after arranging the voice signals so that respective voices corresponding to the respective voice signals do not overlap.

Abstract: Systems and methods for activating a mobile device for use with a service provider are described. In one exemplary method, a mobile device having a currently inserted SIM card may be prepared for activation using a signing process in which an activation server generates a signed activation ticket encoded with SIM policy data that corresponds to the combination of the device and one of a number of SIM cards belonging to a set of SIM cards defined by the SIM policy data. The activation ticket is securely stored on the mobile device. In another exemplary method the mobile device may be activated in an activation process in which the device verifies an activation ticket against information specific to the device and SIM card in accordance with the SIM policy in the activation ticket, and initiates activation when the verification of the activation ticket is successful.

Abstract: Representative embodiments of secure authentication to a resource in accordance with a predefined, electronically stored quorum-based authentication policy include causing electronic interaction among multiple devices that constitute a quorum in accordance with the policy, computationally determining whether the interaction satisfies the policy, and if so, electronically according access to the resource to one or more individuals associated with the interacting device(s).

Abstract: A method is disclosed for blocking a cloned mobile device by a processor of a network. The processor receives a first registration from a first mobile device at a first location. The first registration includes a device identifier and a phone number. The processor then confirms that a second registration from a second mobile device at a second location includes the device identifier and the phone number and calculates a first fraud score for the first mobile device and a second fraud score for the second mobile device. The processor then determines that the second mobile device is the cloned mobile device, when the second fraud score exceeds the first score, and blocks the cloned mobile device from registering on the network.

Abstract: A technique of performing knowledge based authentication (KBA) involves collecting activity data and time data based on operation of a mobile device, the activity data identifying an activity performed by the mobile device, and the time data identifying a time of the activity. The technique further involves generating a KBA question based on the activity data and the time data. The technique further involves providing the KBA question to a user to authenticate the user. Such a technique is capable of being performed by a remote server which communicates with the mobile device over time (e.g., in response to certain events, periodically, combinations thereof, etc.). Accordingly, the remote server is able to accumulate activity and time data which is not stored permanently (or perhaps even at all) by the mobile device, and then generate KBA questions based on that data.

Abstract: Methods and systems are described for controlling an automation and security system. According to at least one embodiment, an apparatus for data storage in an automation and security system includes a processor, a memory in electronic communication with the processor, and instructions stored in the memory. The instructions are executable by a processor to receive data at a first device, store a copy of the data on the first device, fragment the data into a plurality of data fragments, transmit the plurality of data fragments to a plurality of remote devices, and store some of the plurality of data fragments on each of the plurality of remote devices.

Abstract: This disclosure provides a method, performed in a wireless device 60, for enabling a secure provisioning of a credential from a server 70. The wireless device 60 stores a device public key and a device private key. The server 70 stores the device public key. The method comprises receiving S1 an authentication request from the server 70; generating S2 a device authentication and integrity, DAI, indicator; and transmitting S3 an authentication response to the server 70. The authentication response comprises the DAI indicator. The method comprises receiving S4 a credential message from the server 70, the credential message comprising a server authentication and integrity, SAI, indicator. The SAI indicator provides a proof of the server's possession of the device public key. The method comprises verifying S5 the received credential message using the device public key.

Abstract: Provided are a method and an apparatus for monitoring a paging message in machine-to-machine (M2M) communications. An M2M device receives a paging setup for initiating an idle mode from a base station. The paging setup includes information indicating a paging cycle, a first paging offset, and a second paging offset. In the idle mode, the M2M device monitors the transmission of a paging message at the first paging offset of the paging cycle. If the paging message is not received at the first paging offset, the M2M device monitors the transmission of the paging message at the second paging offset of the paging cycle.

Abstract: The invention disclosed is a new system and method for providing the mutual sharing of resources devoted to customer service. The system utilizes a telecommunications switching apparatus to rout incoming customer contacts to one or more pools of customer service agents. The system provides for a universal customer service interface that allows customer service agents to assist customers of other related companies. The automated system for sharing customer service resources includes a mutual assistance routing system in communication with requesting users of customer service agents, responding providers of customer service agents, databases containing customer information, thereby allowing customers who contact the requesting user to be served by shared agents.

Abstract: A wireless network access method includes: sending, by a first terminal, a wireless network access request to a server, the wireless network access request carrying identification information of the first terminal and property information of a to-be-accessed wireless network; generating, by the server according to the wireless network access request, an image verification code and returning the image verification code to the first terminal for display; scanning, by a second terminal, the image verification code displayed by the first terminal, generating access authentication information, and sending the information to the server; and performing, by the server, wireless network access authentication according to the access authentication information, and connecting the first terminal and the second terminal to the wireless network after the authentication succeeds.

Abstract: An objective of the present invention is to provide a method and apparatus for performing roaming traffic charging for a user equipment; receiving a roaming traffic charging request about the user equipment, wherein the user equipment roams to a visited network, the roaming traffic charging request includes roaming traffic-related information of the user equipment; if the roaming traffic-related information satisfies a first charging condition, forwarding the roaming traffic charging request to an OCS of an alternative roaming provider corresponding to the user equipment so as to perform the roaming traffic charging for the user equipment, wherein the alternative roaming provider corresponds to a home network of the user equipment.

Abstract: A method for reduced overhead paging by an access point is described. The method includes assigning at least one paging identifier to at least one station. The method also includes partitioning a paging identifier space into paging identifier sets. The method further includes generating a paging message based on at least one of the paging identifier sets and the at least one paging identifier. The method additionally includes sending the paging message.

Abstract: A method for performing security control includes selectively controlling at least one camera module of an electronic device to capture at least one image and outputting the at least one image, for security of the electronic device. For example, the method includes: activating a screen lock function that is associated with a password; and when it is detected that a string that differs from the password is entered, controlling the module to capture the image and outputting the image. In another example, the method includes: activating a remote control function, allowing the electronic device to be remotely controlled, through at least one of a telecommunication network and a wireless local area network, by an application that runs on a processor of another electronic device; and based upon remote control of the application, controlling the camera module to capture the image and outputting the image. An associated apparatus is also provided.

Abstract: The present invention relates to a method and an apparatus for single sign-on in a mobile communication system. A method in which a browsing agent performs single sign-on in a mobile communication system according to the present invention comprises: a step of transmitting user-supplied identifier to a relay party (RP); a step of receiving, from said RP, a message indicating that a browser should be re-directed to said RP; a step of transmitting an identifier of an authentication agent to an open ID provider (OP)/network application function (NAF); and a step of transmitting, to the authentication agent, the identifier of the authentication agent or a message that triggers to make an inquiry into the identifier of the authentication agent. According to the present invention, a single sign-on procedure may be performed in a safer manner.

Abstract: A method of rejecting a Bluetooth communications request is disclosed. A portable device receives a Bluetooth communications request from a computing device. The communications request includes a device identification of the computing device. A list of trusted device identifications stored in a memory resource of the portable device is automatically accessed. The Bluetooth communications request is rejected in response to determining that the device identification is not in the list of trusted device identifications.

Abstract: Disclosed is a system and method for broadcasting one or more contents to a recipient device. The system comprises a web server accessed by a sender device via a web browser, a content repository, an OJC server and an XMPP server accessed by a recipient device, an XMPP client. The web server receives, via the web browser, a broadcasting request from the sender device, wherein the broadcasting request comprises contents to be broadcasted to the XMPP client. The web server stores the contents in the content repository. The OJC server detects a connection request received from the XMPP client via the XMPP server. The connection request is received to initiate broadcasting of the contents to the XMPP client. The OJC server retrieves the contents from the content repository based upon the receipt of the connection request and thereafter transmits the contents to the XMPP client via the XMPP server.

Abstract: A system and method for establishing a pairwise temporal key (PTK) between two devices based on a shared master key and using a single message authentication codes (MAC) algorithm is disclosed. The devices use the shared master key to independently compute four MACs representing the desired PTK, a KCK, and a first and a second KMAC. The Responder sends its first KMAC to the Initiator, which retains the computed PTK only if it verifies that the received first KMAC equals its computed first KMAC and hence that the Responder indeed possesses the purportedly shared master key. The Initiator sends a third message including the second KMAC to the Responder. The Responder retains the computed PTK only if it has verified that the received second KMAC equals its computed second KMAC and hence that the Initiator indeed possesses the purportedly shared master key.

Abstract: In some implementations, a computing device includes an identifier that is embedded into a firmware of the computing device. The identifier uniquely identifies the computing device from other computing devices. The computing device may send a request to a server to provide credentials to enable the computing device to access a secured resource, such as secured data or a secured system. The computing device may provide the server with the identifier to enable the server to determine whether the computing device is authorized to access the secured resource. If the server determines that the computing device is authorized, the server may provide the credentials to the computing device. If the server determines that the computing device is unauthorized, the server may cause the computing device to perform one or more actions to render the computing device inoperable and/or render the resource inaccessible.

Abstract: A firmware image is received at an information handling system. A symmetric key is generated and stored at a trusted platform module (TPM). The firmware image is encrypted using the symmetric key. The encrypted firmware image is stored in a non-volatile memory.

Abstract: A network surveillance system including a deception management server within a network, including a deployment module managing and planting decoy attack vectors in network resources, wherein an attack vector is an object in memory or storage of a first resource that may be used to access a second resource, and decoy servers accessible from resources in the network via decoy attack vectors, each decoy server including a forensic alert module causing a real-time forensic application to be transmitted to a destination resource in the network when the decoy server is being accessed by a specific resource in the network via a decoy attack vector, wherein the forensic application, when launched in the destination resource, identifies a process running within the specific resource that is accessing that decoy server, logs the activities performed by the thus-identified process in a forensic report, and transmits the forensic report to the deception management server.

Abstract: A method begins by a processing module of a social network identifying an affected area of an adverse event and identifying a user device of a plurality of user devices of the social network potentially associated with the affected area of the adverse event. The method continues with the processing module issuing a safety notification to the user device, where the safety notification includes one or more of the affected area of the adverse event and a safety status request. The method continues with the processing module receiving, from the user device, a safety status response, where the safety status response includes at least one of location information generated by the user device and a safety status level generated by the user device. The method continues with the processing module indicating the safety status level.

Abstract: Methods, devices, and systems are provided for optimizing the dissemination of information in various types of systems such as an access control system. More specifically, there are provided herein various mechanisms to provide a modified agent path such that an agent following the modified agent path, may update at least one non-networked reader. The update of the at least one non-networked reader not occurring if the agent follows an unmodified agent path.

Abstract: A mobile terminal including a wireless communication unit configured to provide wireless communication; a display unit including a touch sensor and a fingerprint recognition sensor overlapped with the touch sensor; and a controller configured to deactivate the fingerprint recognition sensor, receive a finger touch input on the display unit, extract, from the touch sensor, touch information related to a touch region where the finger touch input has been applied on the display unit, activate the fingerprint recognition sensor when the extracted touch information indicates a sufficient finger touch input has been received, sense fingerprint information of the finger using the activated fingerprint recognition sensor, and perform fingerprint authentication with respect to the sensed fingerprint information based on the extracted touch information.

Abstract: Various aspects include methods for profiling access points for a mobile communication device that includes a modem controlling a first radio access technology (RAT) and a second RAT. The device modem may establish a first level of communications with a potential network access point and obtain a first set of observed parameters of the potential network access point through the first level of communications. The modem may determine whether the first set of observed parameters of the potential network access point matches expected parameters for a network access point, and establish a second level of communications with the potential network access point in response to determining that the first set of observed parameters matches expected parameters of the network access point.

Abstract: A minutes making assistance device according to the present invention includes: a sound processing unit that performs processing regarding a voice and determines whether or not speaking is started; an operation processing unit that performs processing regarding an operation and determines whether or not the operation is performed; a display processing unit that performs processing regarding a display; and a control unit that stores speaking start time and warning time in a memory when the sound processing unit determines that the speaking is started, performs warning processing when the current time becomes the warning time, and terminates the processing when the operation processing unit determines that the operation is performed before the warning time.

Abstract: Briefly, embodiments of methods and/or systems of services access through progressive registration via a mobile device.

Abstract: Variable subscriber identifiers (V-SubIds) for protecting subscriber privacy are generated and managed. In one aspect, an Anonymous Customer Reference Services (ACRS) component generates a V-SubId, which is a short-lived subscriber identifier that is inserted in a request received from a user equipment during request enrichment. Moreover, a different V-SubId can be inserted in subsequent request from the user equipment and thus, cross-site behavior tracking can be mitigated. In one aspect, the V-SubId can be exchanged for a subscriber identifier (SubId) associated with the user equipment, upon query by trusted systems/applications. Further, the V-SubId can be exchanged for a site-specific Anonymous Customer Reference (ACR) upon query by untrusted systems/applications, if user authorization is received. Moreover, the life cycle of the ACR is managed by the ACRS component, based on subscriber input.

Abstract: A system and methods for determining whether to participate in reception reporting procedures for an eMBMS service. Multiple applications on a receiver device can consume the same file download or streaming eMBMS service, and can have conflicting opt in/opt out settings for reporting in middleware. Algorithms are provided that take into account the different opt statuses of applications, and allow middleware components to determine whether to log reception metrics for a service and/or whether a reception report should be uploaded after a service session of the service.

Abstract: A wireless communication device for use in a cellular network. The device comprises a radio interface for enabling communication between the device and a base station of the cellular network over a radio link, and a transfer entity for exchanging user data packets with a core network node of said cellular network over a signalling connection within a Non Access Stratum, via said radio link. The device further comprises a data transmission verification entity for using a verifiable acknowledgement, received from said core network node over a signalling connection within a Non Access Stratum, to confirm delivery of a user data packet sent to the core network node over a signalling connection, the data transmission verification entity being configured to selectively include with a user data packet sent to said core network node across a signalling connection, a request to return to the device a verifiable acknowledgement for the sent user data packet.

Abstract: A method for receiving a radio resource control (RRC) message by a user equipment (UE) is described. The method includes receiving, from a first evolved Node B (eNB), an RRC connection reconfiguration (RRCConnectionReconfiguration) message including data radio bearer (DRB) configuration parameters for remapping a DRB that is established on a master cell group (MCG) to a secondary cell group (SCG).

Abstract: A data application method and system of radio-frequency identification (RFID) tags are provided. The method includes: when a first-type RFID tag is within a readable range of a first-type RFID reader, acquiring, by the first-type RFID reader, data of the first-type RFID tag; obtaining, by an RFID emulator, the data of the first-type RFID tag, converting the data of the first-type RFID tag to data of a second-type RFID tag according to a predetermined data conversion protocol, and providing the data of the second-type RFID tag for a second-type RFID reader; and forming, by the second-type RFID reader, a second-type RFID signal according to the data of the second-type RFID tag and sending the second-type RFID signal. The data application method and system expand applications of RFID tags.

Abstract: An apparatus for the detection of unlicensed user equipment may include a processor and memory storing executable computer program code that cause the apparatus to at least perform operations including receiving user equipment capabilities from a user equipment and comparing the received user equipment capabilities with the expected user equipment capabilities. The expected user equipment capabilities may be obtained based on a user equipment identifier received from the user equipment. The processor and memory storing computer program code may further cause the apparatus to send a notification if the compared user equipment capabilities are different. Corresponding methods and computer program products are also provided.

Abstract: The communication device comprising a voice communication implementer, a multiple & real-time & chronological speech-to-text implementer, and a device vibration implementer.