Abstract: The present invention provides a method and associated system. A computing device determines that a mobile application has been downloaded onto a first primary portable communication device of a user, wherein paired devices are the first primary portable communication device paired to a secondary portable communication device. The computing device receives an acknowledgment by the user of a notification enabled by the mobile application, the notification being received by the first primary portable communication device and shared with the secondary portable communication device, wherein the acknowledgment includes device identifications of the paired devices. The computing device stores, into a memory of the computing device and in response to the acknowledgment, the device identifications of the paired devices.

Abstract: A non-transitory computer-readable storage medium storing a set of instructions executable by a processor. The set of instructions is operable to receive a request from a node to join a trusted ad hoc network. The set of instructions is further operable to authenticate the node to join the trusted ad hoc network. The authentication is performed based on a verification that the node will comply with a security policy of the trusted ad hoc network. The set of instructions is further operable to send, to the node, a verification that the trusted ad hoc network complies with the security policy. The set of instructions is further operable to add the node to the trusted ad hoc network.

Abstract: This application provides a network authentication method, a network device, a terminal device, and a storage medium. In one aspect, in this application, a network device generates a symmetric key by itself, and generates a correct sequence number of a terminal device in real time by using a first sequence number. In other words, in this application, the network device does not need to store the symmetric key and the correct sequence number of the terminal device, but generates the symmetric key and the correct sequence number of the terminal device in real time. Therefore, storage load of an HSS in the prior art can be reduced.

Abstract: Described systems and methods allow executing complex software applications on a wearable electronic device such as a smartwatch, while reducing energy consumption. Instead of installing the complete code necessary to carry out all aspects of the respective application, some embodiments install a subset of program instructions on the wearable device, and dynamically fetch selected fragments of code from a remote server computer system onto the wearable device, as needed to carry out specific operations. Such code fetches may be triggered, for instance, by the user's pressing a button of the wearable device, or by a gesture of the user.

Abstract: A mobile network operator (MNO) may receive a request to provide an embedded Subscriber Identity Module (eSIM) profile to an embedded Universal Integrated Circuit Card (eUICC) of a user device. The user device is configured to receive telecommunication services from the MNO. Thus, if it is determined that a particular remote SIM provisioning (RSP) platform of a plurality of RSP platforms is able to provide the eSIM profile, the particular RSP platform is directed to provision the eUICC of the user device with the eSIM profile. However, if a condition that affects an ability of the particular RSP platform to provide the eSIM profile is detected, an alternative RSP platform may be directed to provide the eUICC of the user device with the eSIM profile.

Abstract: Disclosed are systems and methods for updating a system device in a cloud-based system for monitoring and controlling physical environments. A system comprises a computing cloud with a project service module for responding to requests to access project data, an update module for providing access to data associated with a project hierarchy, and an images repository module for providing data identifying the location of update data. The system also comprises a building server communicatively coupled with the computing cloud, a gateway communicatively coupled with the building server and associated with the system device in need of an update.

Abstract: A security keys broker residing on a core mobile communication network may manage security keys associated with network-enabled devices, such as Internet-of-Things devices. The security keys broker may authenticate, encrypt, or decrypt communications with the network-enabled devices using the associated security keys. Characteristics of the communications with the network-enabled devices may be determined, and the security keys broker may determine insecure communications based on the characteristics. Responsive to determining that an insecure communication has occurred, the security keys broker may update one or more of the security keys.

Abstract: In a system and method for audio analysis in a cloud-based computerized an authentication (RTA) manager micro-service may send an audio packet to a voice processor micro-service. The voice processor may extract features of the audio. The RTA manager may obtain the extracted features from the voice processor; calculate, based on the extracted features, a quality grade of the audio packet, and send the extracted features to an at least one voice biometrics engine if the quality grade is above a threshold. Each of the at least one voice biometrics engines may be configured to generate a voiceprint of the audio packet, based on the extracted features of the audio packet and to perform at least one of: authenticate a speaker, detect fraudsters, and enrich a previously stored voiceprint of the speaker with the voiceprint of the audio packet.

Abstract: A wireless communications system includes a radiofrequency (RF) front end and a computing platform. The RF front end includes a base station, an amplifier connected to the base station, an RF distribution device connected to the amplifier, and one or more antennas connected to the RF distribution devices. The computing platform includes a non-transitory, computer-readable storage medium storing a program of machine instructions and a processor. The processor executes the machine instructions to control the RF front end to receive from the RF front end, location updates from wireless devices, determine a wireless access technology of each wireless device, lock each wireless device to the system, determine an access category of each wireless device, release first category wireless devices from the system lock, and maintain the system lock for second category wireless devices.

Abstract: A security protection method and an apparatus to implement security protection for a plurality of non-access stratum (NAS) connection links. The method includes determining, by a terminal, a first parameter, where the first parameter is used to indicate an access technology used to transmit a non-access stratum NAS message. The terminal can support at least two access technologies, and can separately maintain a corresponding NAS COUNT for each of the at least two access technologies. The method further includes performing, by the terminal, security protection on the NAS message based on the first parameter, a NAS key, and a NAS COUNT corresponding to an access technology used to transmit the NAS message. This application is applicable to a process of performing security protection on a NAS message.

Abstract: A network system detects lost client devices based on a comparison of geospatial locations transmitted by user and provider client devices during and after a service. The network system assigns a service status indicating that a service from a start location to a destination location is in progress and monitors the locations of the user and provider client devices during the duration of the service and for a specified period of time after the service ends. In response to determining that the user and provider client devices remain in proximity to each other after the service has ended, the network system notifies the user of the lost device.

Abstract: A method performed in a network server system of a service provider providing a service comprising media streaming. The method comprises receiving a detection message from a mobile radio device running the service for a user registered with the service provider, wherein the message comprises an indication that the radio device has detected that it is within a predefined geographical area. The method also comprises determining that the predefined geographical area is registered with the service provider and associated with one or more actions. The method also comprises electing an action of the one or more actions. The method also comprises sending an instructions message to the radio device, comprising instructions to modify the service such that the radio device performs the elected action.

Abstract: Aspects of the subject disclosure may include, for example, associating a global-to-local network profile with a user profile of a first communications network and detecting a number of local networks managed separately from the first communications network. The local networks include local user profiles, wherein access to resources of a local network is based on credentials available by way of a local user profile associated with the user. A location of the user is determined and a proximity of the user to a first local network is determined based on the location of the user. Information is transferred between the global-to-local network profile and a local user profile based on the proximity of the user to the first local network, wherein the transferring of the information supports a registration status of the user with the first local network of the plurality of local networks. Other embodiments are disclosed.

Abstract: One feature pertains to a method operational at a device. The method includes performing key agreement with a core network device, and generating an authentication session key based in part on a secret key shared with a home subscriber server (HSS), where the authentication session key is known to the core network device. The method further includes generating a mobility session key based in part on the authentication session key, where the mobility session key is known to a mobility management entity (MME) served by the core network device and serving the device. The method also includes cryptographically securing data sent from the device to a wireless communication network using the mobility session key.

Abstract: A method, system or apparatus including a server that may receive information from a computer, store the information in a database at the server, determine a reader device to receive the information based on an analysis of a reader device identifier, and transmit viral data to a mobile device where the viral data includes at least a portion of the information.

Abstract: An embodiment includes a method executed by at least one processor comprising: determining a first environmental factor for a mobile communications device; determining a first security authentication level based on the determined first environmental factor; and allowing access to a first module of the mobile communications device based on the first security authentication level. Other embodiments are described herein.

Abstract: A system and method for pairing a mobile device with a computer for password-less login using a network service is provided. The method may include sending a pairing request to a network server from a computing device, wherein the pairing request includes computer authentication data and a computer public key. The network server may pair the mobile device with the computing device; wherein, the computing device may generate a pairing secret key and an associated QR image, which the user is prompted to scan using the mobile device. A pairing agent within the mobile device may validate the computer authentication data and parse the computer public key therefrom. In some embodiments a PIN could be displayed by the computer and entered by the user into the mobile device or silently exchanged between the computer and the mobile device, when proximate to each other, for the mutual authentication data validation.

Abstract: A device may scan for a carrier that includes an embedded Universal Integrated Circuit Card (eUICC), wherein the carrier is associated with a Mobile Network Operator (MNO). The device may hop on the carrier, authenticate with a network of the MNO without using an MNO profile stored in the eUICC, and gain limited access to the network in response to the authentication. The device may also register with the network while attached to the network. The registering may include downloading an operational MNO profile to the eUICC in the device and storing the MNO profile on the eUICC.

Abstract: A system for use with a mobile cellular device comprising an Internet browser and an embedded subscriber identity module (“eSIM”) card. The eSIM card stores an application and a first profile. The system includes a web server configured to generate a web portal comprising a plurality of service plans. The first profile establishes communication over a first network with the web server, which transmits the web portal to the Internet browser over the first network. The web portal receives a selection of one of the service plans from the Internet browser. The web server sends the selection to a subscription manager configured to select an operational profile based on the selection and cause the operational profile to be transmitted to the application. The mobile cellular device is configured to communicate over a second network using the operational profile after the operational profile has been received and activated by the application.

Abstract: A system that incorporates teachings of the subject disclosure may include, for example, a method for facilitating, at a system including at least one processor, establishment of a communication session with a device coupled to a Universal Integrated Circuit Card (UICC) by way of network equipment of a default Mobile Network Operator (MNO), receiving, at the system, information descriptive of an MNO selection, selecting, at the system, from a database of credentials of a plurality of MNOs first credential information according to the received information, wherein the first credential information is associated with a first MNO of the plurality of MNOs, and transmitting, from the system, the first credential information to the UICC over the communication session by way of the device to cause the UICC to facilitate establishment of communications with network equipment of the first MNO according to the first credential information. Other embodiments are disclosed.

Abstract: The present invention shows a gesture verification method, network gesture verification system and verification method. The gesture verification method includes the following steps: S1. A system gives an image containing a randomly generated reference trajectory and presets a minimal match degree; S2. Displaying the image to the user; S3. The user draws an resemblant trajectory to match the reference trajectory; S4. Scaling the resemblant trajectory to adapt to the size of the reference trajectory. S5. Matching the scaled resemblant trajectory with the reference trajectory, if the match degree is lower than the minimal match degree, the verification fails; if the match degree is equal to or higher than the minimal match degree, the verification succeeds. The present invention (VAPTCHA) is safer and more user-friendly than the existing CAPTCHAs, which can be applied to PCs, mobile phones and other embedded devices.

Abstract: A remote programming system for engine control units of vehicles operates by coupling an onboard diagnostic interface device with an engine control unit of a vehicle, communicatively linking the interface device with a hand held device, communicatively linking the hand held device with a back end programming machine that is remotely located from the vehicle, communicating identifying information about the vehicle to the programming machine via the interface device, the hand held device, and the communication network(s), determining an action and programming information needed to program the engine control unit of the vehicle to accept a replacement key, sending the action and programming information from the programming machine to the hand held device via the communication network(s), and programming the engine control unit of the vehicle to accept the replacement key to activate the vehicle using or responsive to use of the action and programming information.

Abstract: The present invention relates to a method to install a terminal profile in a wireless communication system, and the method may comprise the steps of: displaying a list including one or more mobile network providers; detecting a selection with respect to any one of the one or more mobile network providers; obtaining connection-related information with respect to the selected mobile network provider from a discovery server based on information related to the selected mobile network provider; and transmitting identification information of a universal integrated circuit card (UICC) and identification information of the discovery server to a server of the selected mobile network provider based on the connection-related information, in order to download a UICC-related profile from a profile administrator. However, the present invention is not limited to this embodiment and other embodiments are possible.

Abstract: The disclosed technology includes systems and methods for determining secondary authentication of a user's log-in attempts by comparing received behavioral biometric data and/or received scenario-specific data to saved behavioral biometric data and/or saved scenario-specific data, respectively. Responsive to determining that the received behavioral biometric data and/or received scenario-specific data is above a predetermined threshold of similarity with respect to the saved behavioral biometric data and/or saved scenario-specific data, respectively, the systems and methods can determine that the corresponding log-in attempt is secondarily authenticated. of a user device via behavioral biometric data. Responsive to determining that the level of similarity is not above the predetermined threshold, the systems and methods can initiate a secondary authentication method and can associate the received behavioral biometric data with a second user model.

Abstract: The techniques described herein involve determining a context-based Quality of Experience based upon client device Quality of Experience diagnostic files in combination with client device equipment dynamics. Client device Quality of Experience (QoE) diagnostic files may indicate a reduced QoE at a client device, such as reduced signal strength or an increased number of dropped packets. User behavior during a reduced QoE event may be reflected as equipment dynamics, which may be included in equipment dynamics files. A service provider may receive information from the client device and may analyze the information to determine, with an increased confidence level, that the user device experiences a reduced QoE. Network resources may be allocated in response to the reduced QoE determination, thereby increasing a functioning of the computing network and an associated device's Quality of Experience.

Abstract: The present invention relates to a forensic analysis method performed on a Distributed Computing System (DCS) (10) comprising a server (18) and at least one client machine (14). The method comprises collecting data in a client machine (14) of the DCS (10) to form a first data set, the collected data being a function call to a resource comprised in the DCS. The method further comprises applying a data reduction model to the first data set to form a second data set and processing the second data set in the server (18) of the DCS (10) to provide for detection of suspect behaviour at the client machine (14). The data reduction model is configured to extract a subset of data from the first data set to form the second data set, the subset of data comprising: user account identifier; and process and object identifier.

Abstract: Techniques for operator identification on a shared communication medium are disclosed. An access point may determine an operator identifier for an operator associated with an access point and configure a set of resource elements to carry an operator identifier reference signal embedded with the operator identifier. The access point may then transmit the operator identifier reference signal using the configured set of resource elements. An access terminal may receive signaling from an access point on a set of resource elements and monitor the signaling for an operator identifier reference signal. The access terminal may then determine an operator identifier for an operator associated with the access point based on the operator identifier reference signal.

Abstract: An advertisement request identifying a user may be received by a computing device of an electronic marketplace provider. User information for the user may be determined based on the advertising request. An advertisement featuring an item offered on an electronic marketplace may be selected. The advertisement may be provided for placement within content of a third-party network page provider. A first plurality of user input options configured to elicit a level of interest of the user with respect to the first advertisement may also be provided within the content of the third-party network page provider. User interaction information indicating the level of interest of the user with respect to the advertisement may be received. A second plurality of user input options may be determined based on the item of the advertisement and the first plurality of user input options. The second plurality of user input options may be provided to the content.

Abstract: In one embodiment a transportation request is received from a computing device of a first subscriber to a transportation service. It is determined that the transportation request is authorized by a second subscriber to the transportation service. One or more details associated with the transportation request and location information of the computing device of the first subscriber are communicated to a computing device of a driver associated with the transportation service to allow the driver to fulfill the transportation request.

Abstract: The present disclosure relates to systems and methods for communicating between devices using short-range communication links. More specifically, the present disclosure relates to systems and methods for communicating access-right data between devices for verification or transfer.

Abstract: Embodiments of this application relate to the field of network security, and disclose a wireless network connection method, apparatus, and system. A method for establishing wireless network connection includes receiving, by an authorization server, an access request sent by a radio access point. The access request carries user information of a user terminal that attempts to access the radio access point. The method then includes determining whether the radio access point is a trusted radio access point, performing a first identity authentication on the user terminal when the radio access point is determined to be the trusted radio access point, generating a master key for the user terminal based on the user information, sending the master key to the user terminal when the first identity authentication succeeds and sending the master key to the radio access point.

Abstract: A computer readable medium, apparatus, system, and method for performing identification (ID) operations using a processor or programmable circuitry. The processor configures ID federations between a federation server and applications. The processor is further configured to receive a first authentication request for authenticating a first user who has been authenticated on a first application among the applications with a first user ID using an ID federation. The processor is also configured to check the first user ID to determine whether the first user is authorized to access information of a second user on a second application and send a second authentication request to a second application, the second authentication request for authenticating the first user with a second user ID, which is associated with the second user, using an ID federation between the federation server and the second application.

Abstract: Disclosed herein are system, method, and computer program product embodiments for a data transfer and resource management system. An embodiment operates by retrieving both data and a schema from a table. A first offset corresponding to the retrieved data indicating a retrieval time of the retrieved data and a number of records is identified. It is determined that the retrieved data corresponds to the schema. The data is stored on a messaging platform and made available to one or more end users prior to a transfer to one or more cloud servers. A second offset corresponding to a number of records of the data retrieved by the one or more end users from the messaging platform is determined. It is validate that the second offset corresponds to the first offset. The records and the schema retrieved from the intermediary messaging platform are transferred to the one or more cloud servers.

Abstract: Methods and systems for targeted advertisement include transmitting a pre-filter to a user device, responsive to contextual information supplied by the user device to determine one or more inferences based on physical browsing information, collected at the user device, in compliance with one or more privacy policies of the user. One or more targeted advertisements are determined, using a processor, based on the one or more inferences. The one or more targeted advertisements are transmitted to the user device.

Abstract: A system for issuing a certificate to permit access to information, the system including: an identification service to receive dynamic biometric and contextual data regarding an individual located within an area, and to receive at least one of stored identity, biometric, and contextual data for a given individual to provide an identity estimate and a level of certainty indicator of a match based on comparison of the biometric and contextual data regarding the individual to the biometric and contextual data regarding the subscribers; a registration authority to receive the identity estimate and the level of certainty indicator, and to determine whether a certificate should be issued to an individual based on the level of certainty indicator; and a certificate authority to issue the certificate upon determining that the certificate should be issued, wherein the certificate will allow an individual to use the computing device to access an information system.

Abstract: Embodiments of the present disclosure allow third-parties to collect data at a utility flow meter without substantial interference with the utility's ability to collect data for its own purposes. In an exemplary embodiment, a sub-meter interrupter is included that has a default position to allow for utility reading of a utility flow meter and a second position that allows for third-party reading of the utility flow meter. A third-party flow monitor or interrupter can also monitor attempted “reads” by the utility while the third-party flow monitor is reading the utility flow meter and can switch to the default (e.g., utility read setting) so as to allow the utility to conduct its read.

Abstract: A resource management method and apparatus allows or restricts use of some or all of the resources of entities of a wireless communication system. A radio resource management method of a radio access point includes receiving a measurement report from a terminal, selecting another radio access point for serving the terminal in cooperation with the serving radio access point based on the measurement report and a Handover Restriction List (HRL), and transmitting a request for serving the terminal to the selected another radio access point.

Abstract: The present disclosure discloses an access point (AP) connection method, a terminal, and a server, and relates to the field of network technologies. The method includes: scanning a graphic identifier of a target AP, to obtain address information of the target AP, where the address information includes at least an identity of the target AP; acquiring, according to the identity and an operating system identifier of a terminal, target AP connection information prestored in a server; and connecting to the target AP according to the target AP connection information.

Abstract: One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

Abstract: A method includes: receiving an operational command directed to a solid-state drive (SSD) and a security credential; issuing an asynchronous event from the SSD to an authentication agent including the security credential and a security certificate, wherein the security certificate is encoded based on the security credential and is stored in the SSD; forwarding the security credential and the security certificate from the authentication agent to an authentication server; validating the security certificate based on the security credential at an authentication server; providing a validation response from the authentication server to the authentication agent; forwarding the validation response from the authentication agent to the SSD; and executing the operational command based on the validation response.

Abstract: A wireless communication method is provided. The method includes sending, by a wireless communication device, a broadcast message to a terminal device. The broadcast message may include device identification information of the wireless communication device. The method may further include receiving, by the wireless communication device, a scan request message sent by the terminal device. The method may further include sending, by the wireless communication device, a scan response message to the terminal device in response to receiving the scan request message. The scan response message may include attribute data associated with the wireless communication device, and the attribute data may include identification information of content associated with a physical location of the wireless communication device.

Abstract: A watch-type mobile terminal includes a short-range communication module configured to perform short-range communication with a mobile terminal around the watch-type mobile terminal, an output unit configured to output a sound pattern or a vibration pattern, and a control unit configured to control the output unit to output a connection pattern for pairing with the mobile terminal and control the short-range communication module to perform pairing with the mobile terminal based on the output connection pattern, wherein the connection pattern is any one of a sound pattern and a vibration pattern.

Abstract: A method and system are provided for associating a user with a wearable device. The method includes: obtaining physiological information of a user of a wearable device; comparing the obtained physiological information against a stored physiological profile, wherein the stored physiological profile is built up over time from obtained physiological information; and, based on the comparison, updating a confidence parameter indicating the extent to which the obtained physiological information matches the physiological profile.

Abstract: A computer readable medium, apparatus, system, and method for performing identification (ID) operations using a processor or programmable circuitry are provided. The processor configures ID federations between a federation server and applications. The processor is further configured to receive a first authentication request for authenticating a first user who has been authenticated on a first application among the applications with a first user ID using an ID federation. The processor is also configured to check the first user ID to determine whether the first user is authorized to access information of a second user on a second application and send a second authentication request to a second application, the second authentication request for authenticating the first user with a second user ID, which is associated with the second user, using an ID federation between the federation server and the second application.

Abstract: The present disclosure relates to a computer implemented method for identifying potentially fraudulent usage of a user identifier of an information or communication service. The method comprises: receiving from a user device at least one address book entry related to a person. The address book entry includes the user identifier. The address book entry may he stored. Behavior information about the person's behavior when using at least one service in combination with the user identifier may be received from the user device. It may be determined based on a change of the behavior information whether or not the user identifier has been assigned to a different person and, if so, a warning indication may he generated for indicating that the user identifier is potentially used fraudulently.

Abstract: Techniques are provided for enabling server-based file sharing that supports recipient-location criteria. Specifically, users that desire to share files are able to include recipient-location criteria in the sharing criteria for the files that the users provide for sharing. Before sharing a file that is associated with recipient-location criteria, the file sharing server determines whether the current location of the recipient device satisfies the recipient-location criteria associated with the file. If the current location of the device does not satisfy the recipient-location criteria associated with the file, then the file is not shared with the given device even if all other sharing criteria for the file is satisfied. On the other hand, if the current location of the recipient device satisfies the recipient-location criteria associated with the file, and all other sharing criteria of the file are satisfied, then the file is shared with the given device.

Abstract: Various embodiments of the present invention provide a terminal and a processing method after an access failure of the terminal. The method includes: establishing, by a terminal, an RRC connection with a first cell, where the first cell is a cell containing a PLMN selected by the terminal; and logging, by the terminal, an access failure PLMN list when the terminal fails to establish the RRC connection with the first cell, where the access failure PLMN list includes the PLMN selected by the terminal. According to the embodiments of the present invention, the accuracy of the logging may be achieved, thereby reporting to a correct PLMN.

Abstract: Systems and methods for identifying at risk building sites. The security system includes a processing circuit configured to receive building security data from the plurality of building sites, the building security data indicating one or more vulnerability time periods for each of the plurality of building sites and determine an average vulnerability time period associated with each of the plurality building sites based on the one or more vulnerability time periods. The processing circuit can also be configured to determine a tunable threshold associated with the average vulnerability time period; determine whether each of the plurality of building sites are at risk by determining whether a current vulnerability time period for each building site is greater than the tunable threshold associated with the average vulnerability time period; and generate a report indicating one or more of the plurality of building sites that are at risk.

Abstract: Described is a flexible and customizable physical access control system that allows for a smart device to execute an authentication application that users subscribe to for various physical locations with pre-determined rule sets that correspond to registration information of the physical location's qualifications and rules sets. A user's smart device is used as a credential for large number of locations so long as that location is in the subscriber network.

Abstract: Systems and methods for secure provisioning and management of computerized devices. The system may include a distributor appliance that is communicatively connected to the computerized device, and that is operable to receive a digital asset and to load the digital asset into the computerized device. It may include an optional digital asset management system that is connected via a secure communication channel to the distributor appliance, and that is operable to transmit the digital asset to the distributor appliance; and a provisioning controller that is connected via a secure communication channel to the distributor appliance and is connected via another secure communication channel to the optional digital asset management system, and that is operable to directly or indirectly transmit the digital asset to the distributor appliance. The computerized device is not fully functional before the digital asset is loaded into it.