Abstract: Systems and techniques that facilitate centralized request validation are provided. In various embodiments, a central validation server can comprise an input component. In various cases, the input component can receive a validation instruction from a gateway service. In various aspects, the validation instruction can be based on a request received by the gateway service from a client. In various instances, the request can be handleable by an operational flow path through a plurality of domain services that are downstream of the gateway service. In various embodiments, the central validation server can comprise a central validation specification component. In various aspects, the central validation specification component can store a plurality of request validation specifications respectively corresponding to the plurality of domain services. In various embodiments, the central validation server can comprise an output component.

Abstract: The present invention provides a method of how the serving base station notifies UE of the encryption information used in the re-establishment process, how the serving base station finds the UE context information and authenticates the UE, in the 5G architecture. By means of the method of the present invention, the message between the RRC message and the base station can be optimized, the UE is correctly authenticated, and the re-establishment failure is avoided.

Abstract: A system and method are presented for the generation and configuration of a software-defined network (SDN) utilizing highly adaptable multi-purpose gateway modules (xGWs) capable of speciation in order to fulfill various specific roles within the SDN, thereby providing an enhanced ability for data packet and data stream management that optimizes network performance while xGWs in the SDN are governable by a logically centralized orchestrator application which exercises comprehensive and autonomous control.

Abstract: The present disclosure may describes systems and methods for continuous biometric authentication for an electronic device. A continuous biometric authentication may include biometric sensors, processing systems, biometric data, an accelerometer, and other input/output devices. An accelerometer or other input/output devices may be configured to capture information concerning an electronic device, such as an acceleration of the electronic device, and/or information concerning an area surrounding the electronic device, such as ambient light intensity. Based on captured information, a triggering event associated with, for example, a theft, a change in location, or a transfer of possession may be detected by a processing system. Once a triggering event occurs, systems of the present disclosure may initiate additional biometric authentication procedures.

Abstract: Methods and apparatus for small data communications over a user plane in a wireless communication network. A method performed by a wireless device comprises receiving, from mobility management network equipment (e.g., implementing an AMF), control signaling indicating that the wireless device is to horizontally derive a base security key and/or that the wireless device is to derive a small data transfer, SDT, security key from the base security key. The base security key may be included in a non-access stratum, NAS, security context at the wireless device and at the mobility management network equipment. The method may further comprise, responsive to receiving the control signaling, deriving the SDT security key from the base security key and a freshness parameter.

Abstract: According to an example aspect of the present invention, there is provided a method comprising, receiving, by an intermediary network function, a subscription request from a network function consumer requesting data of a network function producer, wherein the subscription request comprises a client credential assertion of the network function consumer and an access token, authorizing and authenticating, by the intermediary network function, the network function consumer upon successful validation of the access token and the client credential assertion validation and transmitting, by the intermediary network function, an access token request to an authorization server to get another access token, wherein said another access token is to be used to validate the network function consumer to access services of the network function producer, and the access token request comprises the client credential assertion of the network function consumer requesting data of the network function producer.

Abstract: This application provides a communication method, an access network device, a terminal device, and a core network device. In a process in which the terminal device is handed over from a first access network device to a second access network device, the second access network device learns of first service progress of the first access network device based on a first sequence number of a data packet forwarded by the first access network device, without introducing additional progress exchange information between the two access network devices.

Abstract: It is described a method, a control device, and a computer program for enabling/disabling at least one near field communication (NFC) function of a mobile device (MD). It is further described such a MD. The method comprises (a) associating the at least one NFC function to be enabled/disabled with a corresponding secure application (SA) installed in a secure element (SE) system; (b) checking whether the SA complies with a predefined secure condition; (c) if the SA complies with the predefined secure condition, transmitting a notification from the SA to the NFC control system (NFCC) via an interface between the SE system and the NFCC; and (d) enabling/disabling, by the NFCC, the at least one NFC function based on information comprised by the transmitted notification.

Abstract: A vehicle control system, including: a vehicle control section and a control server, wherein: the vehicle control section generates a common key for special mode control by random number generation, outputs the generated common key to the control server, and stores the generated common key in secure storage including a function that protects integrity and confidentiality of data; the control server stores the common key, applies the common key to a control signal to generate a message authentication code, and outputs the message authentication code and the control signal; the vehicle control section applies the common key to the control signal to generate a message authentication code and, when the message authentication code matches the message authentication code, implements control according to the control signal in the special mode; and when control in the special mode ends, the control server erases the stored common key.

Abstract: Various techniques related to authenticating and verifying the integrity of data received by a computer system from an external source (such as a sensor) are disclosed. Hardware circuits are disclosed that, along with the computer processor, allow for error-checking and authentication of data received by the computer system. For instance, the hardware circuits may generate a separate authentication code that can be compared to the authentication code in the data itself to determine whether or not the message is authentic and whether or not there is an error in the data. The disclosed techniques reduce the processing requirements of a computer system and can be implemented using simple hardware circuit designs.

Abstract: A method for managing communication in a user equipment including a plurality of subscriber identity modules (SIMs). The method includes detecting that a network service is unavailable to a first SIM among the plurality of SIMS and that a network service is available to a second SIM among the plurality of SIMS; detecting an availability of an in-device hotspot; and providing, to the first SIM for sending data to a network, an access to the in-device hotspot for using the network service available to the second SIM.

Abstract: Certain aspects of the present disclosure provide techniques for securing physical (PHY) layers in wireless communication. Certain aspects are directed to a method for wireless communication by a user equipment (UE). In some examples, the method includes obtaining a key and using the key during physical layer signal processing of a physical uplink control channel (PUCCH) transmission having more than one symbol to provide security for the PUCCH transmission.

Abstract: Methods to operate a wireless device in a wireless communication network are discussed. Respective signal qualities of a plurality of cells of the wireless communication network are determined. The plurality of cells are ranked based on the respective signal qualities of the plurality of cells. Measurement information for at least one of the plurality of cells is logged in memory of the wireless device based on ranking the plurality of cells, wherein the measurement information includes a cell identity and beam information for the at least one of the plurality of cells. A report is transmitted to the wireless communication network, wherein the report includes the measurement information. Related wireless devices and computer programs are also discussed.

Abstract: Embodiments of this application provide example methods for accessing a core network by using a fixed access device. One example method includes: receiving, a network registration request sent by customer-premises equipment; sending a network registration request message for the CPE to a mobile core network based on the network registration request; receiving an authentication request message; performing physical location authentication for the CPE based on a physical location identifier; in response to determining that the physical location authentication succeeds, sending an authentication response to the mobile core network; receiving a registration success message sent by the mobile core network; notifying, based on the registration success message, the CPE that network registration succeeds; and sending a service parameter to the CPE.

Abstract: Various examples of device and system implementations and methods for performing end-to-end attestation operations for multi-layer hardware devices are disclosed.

Abstract: Secure communication in accessing a network is described herein. An example apparatus can include a memory and a processor coupled to the memory. The processor can be configured to receive an identity public key from the identity device. The identity public key can be received in response to providing, to the identity device, a request to modify content of the identity device. The processor can be further configured to encrypt data corresponding to subscriber information using the identity public key, provide (to the identity device) the encrypted data to store the subscriber information in the identity device, and access a network operated by a network operator via the data stored in the identity device.

Abstract: Methods and systems for managing unlocking of an electronic device are provided. A method includes receiving an unlocking input from a user, authenticating the unlocking input, generating a first pre-wakeup command of initializing a progress action for the electronic device, generating a second pre-wakeup command of whether to complete the progress action or to retrogress the progress action based on the authenticating of the unlocking input, and determining whether to unlock the electronic device based on the second pre-wakeup command.

Abstract: Disclosed embodiments relate to systems and methods for securely providing secrets. Techniques include receiving, from an entity, trigger information indicative of an action to be performed by at least one service based on the trigger information; identifying at least one secret expected to be used by the at least one service to perform the action, the at least one secret being identified based on information correlating the trigger information to the at least one secret; and causing the at least one secret to be provided to the at least one service, wherein the at least one secret is provided to the at least one service independent of any request for the at least one secret.

Abstract: The disclosed technology provides systems and methods for dynamically locking and unlocking wireless communication devices by enforcing updateable subscriber identity module (SIM) and public land mobile network (PLMN) policy information. A device receives policy information from a policy server, compares the policy information against information in the SIM and dynamically updates a lock state of the device based on the policy information, potentially overriding a factory lock state of the device. The policy information can include a whitelist indicating the SIMs that the device can accept. The device can also obtain and apply branding information when the SIM information matches the received policy information, and block access to certain device functionality when the SIM information does not match the policy information.

Abstract: Using a pressure sensor of a mobile device to improve the accuracy of determined contexts. Particular embodiments described herein include machines that determine a context of a mobile device, and determine if the determined context is accurate using multiple measurements of pressure from a pressure sensor of the mobile device.

Abstract: A first edge device mounted on a vehicle includes a processor that communicates sensing information in a real time or near real time to a central cloud server, where sensing information includes position information of the first edge device and a time-of-day. Based on the time-of-day and a specific initial access information obtained from the central cloud server, the processors sets the following: a first beam index at the first edge device for an uplink communication and a second beam index at the first edge device for a downlink communication, a specific physical cell identity which indicates a first base station to which the first edge device is to be connected, a first wireless carrier network (WCN) from amongst a plurality of different WCNs at the edge device, and a beam configuration to service one or more user equipment in a surrounding area of the first edge device.

Abstract: A vehicle network system employing a controller area network protocol includes a bus, a first electronic control unit, and a second electronic control unit. The first electronic control unit transmits, via the bus, at least one data frame including an identifier relating to data used for a calculation for obtaining a message authentication code indicating authenticity of transmission content. The second electronic control unit receives the at least one data frame transmitted vis the bus and verifies the message authentication code in accordance with the identifier included in the at least one data frame.

Abstract: In some embodiments, an exemplary access controlling network architecture may include: a computing device, configured to: receive application program instruction to display an access controller interface element and a multi-part multi-functional access control, where the access controller interface element is: communicatively coupled to a cellular network hosted access controlling schema and operationally linked to at least one access-restricted digital resource; where the multi-part multi-functional access control sequence includes: a symbol, an access code, and a particular access control digital key; transmit an access request having: the multi-part multi-functional access control sequence and an identity linked to the computing device; receive, in response to the access request, a program instruction to unlock the at least one access-restricted digital resource for accessing via the computing device after the access code has been accepted by the cellular network hosted access controlling schema and the pa

Abstract: Computer systems and methods are provided for training a machine learning system to determine an authentication decision and explanation information corresponding to the authentication decision. First authentication information for a first authentication request including a first image is received. First validation information corresponding to the first image and including a first authentication decision and first explanation information is received. Data storage of a machine learning system stores the first image and the first validation information. The machine learning system updates an authentication model based on the stored first image and first validation information. Second authentication information for a second authentication request is received. The machine learning system determines second validation information, including second explanation information, based on the updated authentication model. The second explanation information is provided for display to a user device.

Abstract: Disclosed herein are systems and techniques for using a content delivery network to perform various functions within a digital advertising ecosystem, in ways that yield technological benefits such as improved security, efficiency, and speed (for example, reduction in publisher load times). As one specific example, a content delivery network can be used for the creation of electronic tokens for user identity protection between demand side platforms, supply side platforms, content creators (for example, advertisers), and publishers.

Abstract: A method for providing a key derivation function (KDF) negotiation in a 5G network is provided. The method which includes: selecting a specific KDF at a UE and at the network for at least one security related key derivation; and transmitting, said selected KDF to the UE and to other network functions to indicate said selected KDF for generating specific security key at a receiver side.

Abstract: A strength meter in a relay attack determination device is disposed on a portable device and measures a reception strength by a plurality of times in each of a request signal and a request signal received from an in-vehicle device. A comparator executes a comparative process of the request signal and the request signal by using average values of the reception strength measured by the strength meter. A variation calculator calculates variation in the reception strength measured by a plurality of times in the strength meter regarding the request signal. The comparator, in a case where the variation in the reception strength exceeds a threshold value indicating a communication failure in the request signal, determines the relay attack regardless of a result of the comparative process.

Abstract: Authenticating a mobile user device with a mobile network operator in advance of an MNO authentication request from the mobile user device can be done by a satellite network sending an authentication request to the MNO system, obtaining a set of authentication vectors related to the mobile user device, storing them into a proxy home location register, receiving the MNO authentication request from the mobile user device, generating an authentication request response based on the authentication vectors, sending the authentication request response to the mobile user device, receiving an authentication response including a received signed response, comparing the received signed response with the stored signed response, and if the received signed response and stored signed response match, deem that to be a successful authentication, add an MNO location update message to a request queue and forward the MNO location update message to the MNO system over the channel when available.

Abstract: Systems and methods for tracking the privacy policy of an electronic device in a network having a privacy policy server and an authentication server are provided. In one aspect a privacy policy server receives a connection request from the electronic device, queries an authentication server for the device's privacy policy acceptance state. If the device had not accepted the network's privacy policy, the privacy policy server sends a URL to the device so the device may accept or reject the policy. The authentication server locates a network session identifier representing the device's connection with the network and response to the policy server indicating the device's current privacy policy acceptance state if applicable. Advantageously, a network session identifier can track a device's privacy policy acceptance state when the device reconnects with the network. The systems and methods are applicable in wireless networks, such as 802.11.

Abstract: A UE can enable a VoWIFI service, receive hidden SSID information, and register with a core network via a RAN. The UE can monitor a first signal strength of a first signal from the RAN. The UE can scan for a second signal from a WLAN, and when found, can measure a second signal strength of the second signal. The UE can determine whether the first signal strength is at or below a first threshold. If so, and if the WLAN is untrusted, the UE can probe it with the hidden SSID information. If the untrusted WLAN responds, the UE can send an access request to an untrusted WLAN access point. The UE can receive, via the untrusted WLAN access point, an authentication challenge from an ePDG. If the UE passes the authentication challenge, the UE can register with the core network via the untrusted WLAN and the ePDG.

Abstract: A system includes a memory and a processor configured to execute computer instructions stored in the memory that when executed cause the system to perform operations. The operations include receiving transaction data associated with a transaction via a transaction component. The operations include incorporating at least a portion of the transaction data into a security process associated with challenge-response authentication of a data block for the transaction data. The data block includes cryptographic hash data for another data block in a blockchain associated with the data block. The operations include validating the data block associated with the blockchain based on the security process.

Abstract: In 5G cell (230) of 5G system (200), upon detecting that access to the 5G system (200) is barred, the 5G system (200) is congested, 5G core network (220) of the 5G system (200) does not support IMS-type communication service, or fallback to 4G system (300) is instructed, UE (100) selects 4G cell (330) of the 4G system (300) as a target cell for connection. The UE (100) transmits a connection request signal for the IMS-type communication service to the target cell for connection.

Abstract: A method and a wireless communication device for providing communication service to devices connected to the wireless communication device. By establishing a starter wireless carrier connection using a starter SIM from a plurality of local SIMs, the wireless communication device establishes one or more logical data connections with one or more SIM banks. Remote-SIMs are selected from the one or more SIM banks and used to establish further wireless carrier connections to allow communication service to be provided to the devices over wireless carrier connections.

Abstract: Data exchanges between an ultra-wide band communication module and a secure element are controlled such that the data exchanges pass through a near-field communication router. The near-field communication router controls routing of the data exchanges so that the data exchanges do not pass through a host circuit that is also coupled to the near-field communication router.

Abstract: Systems and methods that update configuration parameters on a UE using control plane functionalities. In one embodiment, an AMF element of a mobile network receives a control plane message from a UDM element that includes a UE configuration parameter update for the UE. The UE configuration parameter update is security protected via a secured packet, integrity protection, etc. The AMF element is configured to transparently send the UE configuration parameter update to the UE. Thus, AMF element inserts the UE configuration parameter update (that is security protected) in a container of a Non-Access Stratum (NAS) message, and sends the NAS message to the UE. The UE may then update its configuration parameters based on the update when security checks are complete.

Abstract: Systems and methods for global account identifier translation. Embodiments described herein include a service provider system configured to receive API calls that include an initial identifier, which may be issued by the service provider system and/or associated with a third-party entity. The service provider system may use the initial identifier from the API call to obtain a primary identifier associated with an account. The primary identifier is then used to service the API call to obtain an API call result. The API call result may be transmitted to the device from which the API call was received.

Abstract: Techniques are described herein that are capable of establishing multiple infrastructure connections to multiple access points via a single wireless network interface controller (WNIC). Capability information is analyzed to determine combination(s) of identified frequency bands over which the WNIC is capable of communicating simultaneously. Availability information is analyzed to determine signal qualities associated with respective available frequency bands. A primary infrastructure connection is established to a first access point via the WNIC based at least in part on a first frequency band associated with the first access point being included among the identified frequency bands and being associated with a relatively high signal quality.

Abstract: Embodiments of the present disclosure are directed to systems and methods for improving wireless network services by carrying out various procedures to identify and filter suspect user devices. A network function may monitor a plurality of network service requests from a particular user device and determine, based on the plurality of network services requests, that the requesting user device is engaged in suspicious activity. Upon such a determination, the network function may initiate one or more enforcement actions by communicating an instruction to an equipment identity register to add the requesting user device to a suspect device list stored on a unified data repository.

Abstract: Methods, devices, and systems for changing a layer 2 (L2) identifier (ID) during an ongoing vehicle-to-everything (V2X) session between a source wireless transmit/receive unit (WTRU) and a peer WTRU include communicating between the source and a peer WTRUs based on an existing layer 2 (L2) identifier (ID). On a condition that a trigger event occurs, the source WTRU generates a new source L2 ID, communicates the new source L2 ID to the peer WTRU, receives from the peer WTRU a message that responds to the new source L2 ID, and communicates between the source WTRU and the peer WTRU based on the new source L2 ID.

Abstract: The present disclosure provides a fingerprint collection method. When a fingerprint sensor is integrated on any function key of a terminal, a failure of a fingerprint application function that is caused when a user unintentionally operates a function key can be avoided. The method includes: obtaining, by a terminal, a fingerprint collection instruction, where the fingerprint collection instruction is used to instruct to collect a fingerprint by using a fingerprint sensor integrated on a function key; collecting, by the terminal by using the fingerprint sensor based on the fingerprint collection instruction, fingerprint information recorded by a user on the function key; obtaining, by the terminal on the function key at any moment of collecting the fingerprint information, a first key event triggered by the user, where the first key event is any operation other than a fingerprint recording event; and discarding, by the terminal, the first key event.

Abstract: Embodiments described herein disclose technology for verifying authorization of an application download. The system can receive from a device associated with a user, a request to download an application. In response to a first instance of the application being downloaded on the device, the system can assign a unique identifier to the first instance of the application. After the application is downloaded and prior to granting the person requesting the application download access to the first instance of the application, the system can request via the first instance of the application identification information and particular authentication information to verify that the person requesting the application download is authorized to do so. In response to verifying that the person requesting the application download is authorized, the unique identifier can be associated with the account, user and/or device to result in a verified download of the first instance of the application.

Abstract: Operating a data network of a motor vehicle, the data network being used by at least one mobile terminal that is external to the vehicle. Respective identification data of at least one terminal are recorded, on the basis of the identification data for the at least one terminal, a respective selection element is displayed and each terminal, the associated selection element of which is selected, is registered and each registered terminal is entered in a blocking function of an Internet routing service.

Abstract: A server includes a management module that includes a memory device and that is configured to be connected to multiple data storage devices. The management module is configured to perform an initialization procedure, in which the management module obtains multiple pieces of storage identifier information corresponding to the data storage devices, determines, for each of the pieces of storage identifier information, whether the piece of storage identifier information matches any piece of default identifier information contained in a list stored in the memory device, and generates piece(s) of log data for matched piece(s) of storage identifier information.

Abstract: Methods for cellular network authentication utilizing unlinkable anonymous credentials are disclosed. In embodiments, a method includes: contacting, by a computing device, a mobile device network with a request to connect to the mobile device network; conducting, by the computing device, an interactive credential issuance protocol with an Issuer of the mobile device network to generate an unlinkable anonymous credential; and connecting, by the computing device, to the mobile device network based on a Verifier of the mobile device network verifying the computing device based on the unlinkable anonymous credential.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. According to one embodiment of the present invention, provided is a method comprising the steps of: receiving a first control signal transmitted from a base station; processing the received first control signal; and transmitting, to the base station, a second control signal generated on the basis of the processing.

Abstract: An example operation includes one or more of receiving a request into a transport network comprising at least one transport for a proposed use of personal data associated with the at least one transport prior to the at least one transport entering an area; receiving into the transport network a deletion time of the personal data, prior to the at least one transport entering the area; providing, from the transport network an acknowledgement of the deletion time; and providing, from the transport network, the personal data when the at least one transport is in the area based on the received acknowledgement. This enables an occupant of a transport to share personal data relating to the transport with confidence that the data will be deleted by an agreed time.

Abstract: A fingerprint recognition method includes, when a fingerprint authentication module is in a disabled state, receiving a touch operation used to trigger an application program. If fingerprint authentication is not required for execution of the application program, the fingerprint recognition module is kept in a disabled state, and after the application program has been executed for specific duration, the fingerprint authentication module is enabled again, to perform the fingerprint authentication.

Abstract: In non-limiting examples of the present disclosure, systems, methods, and devices for cross-platform multi-transport remote code activation are provided. A first device operating on a first platform receives a wake initiation that indicates code for activation on a second device operating on a second platform. The first device identifies compatible transports for transmitting a wake message indicating the code for activation to the second device. The first device selects at least one transport and transmits the wake message over the transport to the second device. The second device, upon receiving the wake message, processes the wake message and activates the code, which was not executing prior to activating.

Abstract: Subscriber identity modules can be bound to devices and utilized for authentication. An initial or additional subscriber identity module can be bound to a user device, for instance after successful user authentication by way of an alternate mechanism. A subscriber identity module of a device can be identified, and carrier data associated with the subscriber identity module can be requested and received. A determination can be made regarding whether the subscriber identity module is linked to the device, for instance by an original linkage. A user profile can be automatically updated with the carrier data to bind the user to the user device based on the subscriber identity module when the subscriber identity module is verified to be linked to the user device. Subsequently, the subscriber identity module can be utilized as a basis for authentication.

Abstract: A wireless device receives one or more configuration parameters indicating a physical uplink shared channel (PUSCH) resource for transmission of a message A (MsgA) payload of a contention-free two-step random-access procedure. The wireless device receives, from a radio resource control (RRC) layer of the wireless device, a request to reset a medium access control (MAC) layer of the wireless device. In response to the request and based on the configuration parameter indicating the PUSCH resource, the PUSCH resource for the MsgA transmission of the contention-free two-step random-access procedure is cleared.