Abstract: A communication method according to one embodiment comprises the steps of transmitting capability of a radio terminal, which is a pedestrian user equipment (UE), from the radio terminal to a base station, receiving, by the base station, the capability of the radio terminal from the radio terminal, and individually transmitting, from the base station to the radio terminal, information of a radio resource pool for direct terminal-to-terminal communication based on the capability of the radio terminal. The information of the radio resource pool is information of a resource pool based on a geographical zone.

Abstract: A security device includes at least one non-volatile memory element and a key memory having at least one non-volatile memory element including at least one data field. The security device provides a physical interface for the data exchange with a key memory, the range of the physical interface being spatially restricted, and the key memory being location-bound. The security device includes at least one calculation unit, which dynamically ascertains in particular the check-sum information from the parameter data record.

Abstract: A paging method, a terminal, a network device, and a computer readable storage medium are provided. The paging method includes: transmitting, by a network device to a terminal, monitoring indication information used to indicate whether a paging message needs to be monitored or not; receiving, by the terminal the monitoring indication information transmitted by the network device and used to indicate whether the paging message needs to be monitored or not, and monitoring, by the terminal, the paging message according to the monitoring indication information.

Abstract: In a Citizens Broadband Radio Service (CBRS) system, high-power customer premises equipment (HP-CPE) transmits a registration request to a spectrum access system (SAS), which determines a CPE device type for the HP-CPE and transmits a positive registration response to the HP-CPE. The HP-CPE transmits a grant request to the SAS, which transmits a positive grant response to the HP-CPE. The HP-CPE transmits a heartbeat request to the SAS, which relies on the CPE device type to approve the heartbeat request without relying on a corresponding Coordinated Periodic Activity among SASs (CPAS) process, and transmits a positive heartbeat response to the HP-CPE. In one method, the SAS determines the CPE device type using a database that maps FCC model numbers to device types. In another method, the registration request contains a field with the CPE device type. Both methods enable immediate HP-CPE authorization without the delay of a CPAS process.

Abstract: If a first SIM card in a terminal device has been registered with a first service provider, when needs to subscribe to a second service provider for registration, the terminal device sends a subscription indication and a subscription identity to a second service provider server. The second service provider server acquires service registration information from a first service provider server according to the subscription indication and the subscription identity, generates a second profile for accessing a second service provider network based on the service registration information which is used by the first SIM card to access a first service provider network. The second profile is generated based on existing service registration information, so the terminal device subscribes to the second service provider for registration. After performing subscription for registration once, no need to submit an identity for verification again, user operations are simplified and user experience is improved.

Abstract: Methods, systems, and devices for recovery techniques for subscriber identification module (SIM) detection error are described. A user equipment (UE) may determine an operating mode for the UE based on a SIM card switch occasion. The SIM card switch occasion may be a “hotswap” occasion of a SIM card while the UE is powered on. The UE may power a SIM card associated with the UE based on the operating mode for the UE and a previous status of a SIM slot associated with the UE. The UE may detect a presence of the SIM card in the SIM slot based on powering the SIM card. The UE may set a SIM sensing operation at the UE based on the detected presence of the SIM card.

Abstract: System, device, and method of Augmented Reality based mapping of a venue and navigation within a venue. A method includes: performing a crowd-sourced mapping process, that maps a retail store and maps particular products sold within that retail store, based on computer-vision analysis of a plurality of images captured by a plurality of end-user devices of customers within that retail store; and generating a representation of a store map reflecting actual real-time location of particular products within that retail store. Turn-by-turn walking directions are provided, to guide the user from his current in-store location towards a destination product within that retail store. Augmented Reality promotions, advertisements and marketing content elements, route guidance, and other content are generated and displayed on the end-user device.

Abstract: A packet processing method includes receiving, by an aggregation gateway, a first tunnel establishment request message sent by a home gateway, and sending a first tunnel establishment success message to the home gateway; receiving, by the aggregation gateway, a second tunnel establishment request message sent by the home gateway, and sending a second tunnel establishment success message to the home gateway; associating, by the aggregation gateway, a first tunnel with a second tunnel according to an identifier of the home gateway; and sending a downlink packet to the home gateway by using the first tunnel and/or the second tunnel. The embodiments of the present application may increase bandwidth.

Abstract: One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

Abstract: Systems and methods for remote SIM unlocking are disclosed. The systems and methods can include detecting that a user equipment is eligible to be unlocked. The unlocking of the user equipment may allow the use of the user equipment on another cellular network. An enterprise unlock server verifies eligibility with a policy engine, and if eligible, sends a push command to the user equipment to execute the unlock process. The user equipment, upon receipt of the command, initiates the unlock process. In some examples, the user equipment can prompt the enterprise unlock server to check if the user equipment is eligible.

Abstract: In one embodiment, a method for providing access to wireless networks may include receiving, by a wireless network access provider from a user device, a request to access a wireless network. The method may include obtaining data representing a policy applicable to the access request, sending the access request, augmented with the policy, to an identity provider associated with the user and having no pre-existing relationship with the access provider, and receiving, from the identity provider, an access request response indicating whether or not the policy is met. The method may include communicating, to the wireless device, an indication that the access request has been accepted, if the policy is met, or an indication that the access request has been rejected, if the policy is not met. The access provider and identity provider may be members of an identity and access federation that communicate over a dynamically established secure connection.

Abstract: Disclosed herein are various embodiments for a data transfer and resource management system. An embodiment operates by retrieving both data and a schema from a table. A first offset corresponding to the retrieved data indicating a retrieval time of the retrieved data and a number of records is identified. It is determined that the retrieved data corresponds to the schema. The data is stored on a messaging platform and made available to be pulled by one or more end users prior to a transfer to one or more cloud servers. A second offset corresponding to a number of records of the data retrieved by the one or more end users from the messaging platform is determined. It is validate that the second offset corresponds to the first offset. The records and the schema retrieved from the intermediary messaging platform are transferred to the one or more cloud servers.

Abstract: The present invention relates to a system and method for communicating across multiple network types. In particular, the system and method is suitable for, but not limited to, initiating communication through a suitable network based on a set of rules. Further, the system and method is suitable for, but not limited to, using a single number when delivering the communication to prevent recipients from confusing plural numbers of senders.

Abstract: A messaging application configured to provide a messaging interface on which outgoing messages from a user, to contacts can be composed and incoming messages from the contacts can be viewed. Moreover, the messaging application is configured to store message data in an encrypted form as a database file. Furthermore, the messaging application is configured to require the user to input a predetermined access code before giving access to the messaging interface. Moreover, the messaging application is configured to provide a first mode in which the user is given access to all message data when a first predetermined access code is input, and a second, secret mode in which the user is given access to only a subset of all the message data, when a second predetermined access code is input by the user.

Abstract: A wireless communication method is provided. The method includes sending, by a wireless communication device, a broadcast message to a terminal device. The broadcast message may include device identification information of the wireless communication device. The method may further include receiving, by the wireless communication device, a scan request message sent by the terminal device. The method may further include sending, by the wireless communication device, a scan response message to the terminal device in response to receiving the scan request message. The scan response message may include attribute data associated with the wireless communication device, and the attribute data may include identification information of content associated with a physical location of the wireless communication device.

Abstract: A method for the confidential verification of an electronic identity includes applying block chain. The method allows an acting party to recognize a block-chain identity while at the same time a level of confidentiality of the respective identity and its identity attributes is maintained. A correspondingly adapted identity system and a computer program product with control commands are arranged to implement the method and/or operate the proposed system arrangement.

Abstract: Techniques for dynamic RF site configuration are provided. Historical association data is collected from a plurality of access points in a physical environment, and a machine learning model is trained to predict future association events, based on the historical association data. Current association data is then collected from the plurality of access points, and at least one predicted association event is generated by processing the current association data using the trained machine learning model. The plurality of access points is allocated to a plurality of radio frequency (RF) sites based on the at least one predicted association event. Finally, at least one of the plurality of RF sites is configured based on the predicted association event.

Abstract: A method for mobile device security of a mobile device. The mobile device includes a global positioning system (GPS) tracker for locating the mobile device. A first zone and a second zone are established in a monitoring area. The mobile device is maintained in a first operating mode when the mobile device is located in the first zone and a second operating mode when the mobile device is located in the second zone. One or more characteristics of the first zone are received from a management system. Upon the mobile device being located outside the first zone for longer than a predetermined time period, one or more first actions are performed. Upon the mobile device returning to the first zone, one or more second actions are performed.

Abstract: Disclosed herein is a method and system for establishing secure communication between a terminal device and a target system. The method comprises validating the terminal device and the target system based on a communication request received from the terminal device. Upon validation, the terminal device is signaled to generate a Quick Response (QR) code corresponding to the communication request. Subsequently, the QR code generated at the terminal device is processed using a predetermined verification interface configured in a user device for establishing the secure communication between the terminal device and the target system. In an embodiment, the present disclosure helps users in completing a transaction based on the QR code generated at the terminal device, and thereby eliminates requirement of using a credit card/debit card and the like for completing the transaction.

Abstract: A Universal Packet Signaling Messaging System (UPSMS) system extends a message received from a messaging system based on a message signaling protocol extension that extends the message signaling protocol by including an indication that the UPSMS service is supported for a respective subscriber, and forwards the extended message to a subscription and location server. The subscription and location server authenticates a subscriber based on the subscriber identity, identifies a packet core network, and delivers the extended message via the identified packet core network to a user equipment (UE).

Abstract: Methods and apparatuses for managing spoofed calls to a mobile device are described, in which the mobile device receives a call transmitted over a cellular or mobile network. The call may include a set of information associated with the network, such as a geological location of a device that generated the call, a hardware device identifier corresponding to the device, an internet protocol (IP) address associated with the device, or a combination thereof. The mobile device may determine whether the call is spoofed or genuine based on the set of information. Subsequently, the mobile device may assist a user of the mobile device to manage the call, such as blocking the call from reaching the user, informing the user that the call is spoofed, facilitating the user to report the call as spoofed to an authority and/or a service provider of the network.

Abstract: A system and method (600) of securely and accurately connecting mobile devices (110) to wireless networks in vehicles (210) for a predetermined work assignment by using encrypted wireless network configurations based on vehicle specific data is disclosed herein. The system comprises a vehicle (210) comprising an on-board computer (232) with a memory (231) having a vehicle identification number (233), a connector plug (235), and an motorized engine (234), a connected vehicle device (130) comprising a processor, a WiFi radio, a BLUETOOTH radio, a memory, and a connector for mating with the connector plug of the vehicle (210), and a mobile device (110) comprising a graphical user interface (335), a processor (310), a WiFi radio (307), a BLUETOOTH radio (306), and a cellular network interface (308).

Abstract: A computing system may automatically classify applications that are used via a communication network. Application classification may include identifying a signature or group of signatures that belongs to an application or service associated with data flow through a network. The computer system of the network may collect data regarding the application from a mobile device, from the network, and/or from a digital distribution service accessible via the network. The system may combine such data together to identify and classify the application.

Abstract: A method performed by an authentication server for provisioning a user equipment (1), UE. The method comprises: obtaining a message authentication code, MAC, based on a provisioning key specific to the UE to the UE and a privacy key of a home network (3) of the UE, wherein the provisioning key is a shared secret between the authentication server (14) and the UE and the privacy key comprises a public key of the home network; and transmitting the privacy key and the MAC to the UE. Methods performed by a de-concealing server and the UE, respectively are also disclosed as well as authentication servers, de-concealing servers and UEs. A computer program and a memory circuitry (13) are also disclosed.

Abstract: In some implementations, a user equipment may provide an authentication request, including a detection code associated with a subscriber identification and an authentication identifier, to a subscription manager. The user equipment may receive, via a mobile network operator, an authentication response that includes an embedded universal integrated circuit card (eUICC) identifier (EID) based on providing the authentication request. The user equipment may generate, based on an activation code generated based on the authentication response, an activation request that includes the EID. The user equipment may provide the activation request to activate a wireless communication service that is provided by the mobile network operator.

Abstract: A secure mechanism for adding network devices uses an unsecure guest network and a secure network both coupled to a secure hub. When an unknown device is introduced, it is initially connected to the guest network and can only communicate with the hub and with a wide area network (WAN). The unknown device is prohibited from communicating with the secure network and any device connected to the secure network. The unknown device provides credentials to the hub, which are verified with a secure database, such as a blockchain ledger, that provides manufacturer device information and certification. Upon authentication, the hub permits the identified device to connect to the secure network. The hub may also configure the now identified device for security and operational parameters. The hub may also retrieve network traffic pattern information from the secure database and use such information to monitor normal expected activity from the identified device.

Abstract: Mutual authentication techniques are described in this patent document. For example, when a first person calls a second person, neither of them know that the other person is who he or she says he or she is. Thus, after a second person receives the call, the second person is asked to authenticate himself or herself using a user device. After the second person logs into his or her account, the second person can input on the user device a one-time passcode to authenticate the first person. The user device sends the passcode to an authentication server that allows the first person to send back the inputted one-time passcode to the second person. Upon receiving the inputted one-time passcode, the second person can use his or her user device to indicate that the one-time passcode is correct so that the second person can be authenticated to access the first person's account.

Abstract: Systems and methods are provided for activating an embedded subscriber identity module (eSIM) device. One method may include initiating at least one device comprising an eSIM; connecting the eSIM to at least one of an entry point of a Mobile Network Operator (MNO) and an entitlement configuration server (ECS); activating, authenticating, and/or authorizing the eSIM; and connecting the eSIM with a cellular data service or a data network of the MNO.

Abstract: The present disclosure relates to mobile communications technologies, and in particular, to a mobile communication method, apparatus, and device. The method includes: receiving, by user equipment UE, a non-access stratum NAS security mode command message from a mobility management entity MME, where the NAS security mode command message carries first verification matching information used to verify UE capability information received by the MME; determining, by the UE based on the first verification matching information, whether the UE capability information received by the MME is consistent with UE capability information sent by the UE to the MME; and if the UE capability information received by the MME is consistent with the UE capability information sent by the UE to the MME, sending, by the UE, a NAS security mode complete message to the MME.

Abstract: Disclosed are methods, devices and media for obtaining and for providing access information of wireless access points. The method comprises: searching for wireless access points to obtain identification information of one or more wireless access points; encoding the identification information of the one or more wireless access points according to a preset data short message encoding format to generate a query request data short message; sending the query request data short message to a designated network device; and receiving an access information data short message which is returned by the designated network device in response to the query request data short message and is encoded and generated according to the preset data short message encoding format. Thus, the terminal device is able to access the wireless access point when mobile data is unavailable, and security of information during transmission can also be guaranteed.

Abstract: Provided are a method and device for performing authentication using a hardware security module (HSM) in a one machine-to-machine (oneM2M) environment. The method of performing authentication using an HSM in a oneM2M environment includes extracting a symmetric key stored in the HSM using a security application programming interface (API), generating a first value and a second value using the extracted symmetric key, and performing mutual authentication with an M2M enrolment function (MEF) server through transport layer security pre-shared key ciphersuites (TLS-PSK) using the first value and the second value.

Abstract: A method includes maintaining a question repository in which each question corresponds to a set of decision trees. A distance matrix encodes a distance between each pair of questions. In response to a request for a new question, the method converts the new question into a set of tokens. For each question of the existing questions, the method determines a minimum distance between each token of the new question and the tokens of the question and sums the minimum distances to calculate a distance between the question and the new question. The method includes performing cluster analysis on the distance matrix. Performing cluster analysis includes normalizing the distance matrix and applying a hierarchical clustering process to the normalized distance matrix. Based on the cluster analysis, the method transmits an alternative question proposal or adds the new question to the question repository.

Abstract: In accordance with an embodiment, an electronic device includes a secure element configured to implement a plurality of operating systems; and a near field communication module coupled to the secure element by a plurality of buses.

Abstract: Systems, devices, and techniques for V2X communications using multiple radio access technologies (RATs) are described herein. A communication associated with one or more of the multiple RATs may be received at a device. The device may include a transceiver interface with multiple connections to communicate with multiple transceiver chains. The multiple transceiver chains can be configured to support multiple RATs. Additionally, the multiple transceiver chains may be controlled via the multiple connections of the transceiver interface to coordinate the multiple RATs to complete the communication.

Abstract: In accordance with at least some aspects of the present disclosure, an illustrative method for authenticating a user is disclosed. A plurality of biometric modalities are displayed for authenticating the user. A selection of one or more of the biometric authentication modalities may be received. User authentication data may be received for each of the one or more selected authentication modalities. The user authentication data may be compared with previously-determined biometric data. An authentication score may be determined based on the comparison of the user authentication data with the previously-determined biometric data. A determination may be made whether to authenticate the user based on the authentication score.

Abstract: Providing authentication servers (e.g. a RADIUS server) combined with a distributed data store (e.g. a memory cache) for storing a time-limited trust relationship message to establish/enable a time-limited trust between the authentication servers during network roaming of a user device. This circumvents the need for the traditional method of synchronous authentication messaging sequences, permitting transmission of authentication messaging sequences in a more time-efficient asynchronous manner.

Abstract: An embodiment disclosed herein is related to computing systems and method for a computing system to generate an access token that includes an IP address from a request. In the embodiment, a request is received for access to one secured data items. The request may include user credentials that specify that a user making the request is permitted to access the secured data items. The user credentials are validated and an Internet Protocol (IP) address that the request was sent from is determined. An access token is generated that includes the IP address that the request was sent from.

Abstract: There is provided mechanisms for updating a private key of a host entity. The private key is based on parameters negotiated between the host entity and a key issuer. The host entity further has a group public key that is generated by the key issuer and associated with the private key. A method is performed by the host entity. The method comprises obtaining a need to acquire a new private key. The method comprises, in response thereto, performing a private key update procedure with the key issuer using the public key and the current private key, wherein parameters for the new private key are negotiated with the key issuer. The method comprises generating the new private key using the negotiated parameters.

Abstract: A message authentication code, for a message transmitted and received over a communications network, is formed by applying inputs to an integrity algorithm acting on the message. The inputs comprise: an integrity key; a value indicating a transfer direction; and a frame-dependent integrity input, wherein the frame-dependent integrity input is a frame-dependent modulo count value that also depends on a random value and on a frame-specific sequence number.

Abstract: A method is provided for providing various operational states based on user input type. In particular, an example method may include providing for operation in a first operational state, receiving a user input, and determining if the user input is of a first input type. A second operational state based on the user input may be determined in response to the user input being of the first input type. Methods may include providing for operation in the second operational state, different from the first operational state, in response to receiving the user input of the first input type, where the second operational state precludes input of a second input type and allows input of a first input type, where the first and second input types are different from one another.

Abstract: This application describes various embodiments to manage multiple security certificates in a wireless device, including switching between different security certificates to support different functions, including supporting connectivity for multiple industry sectors that use different certificate authorities, and/or supporting different operational modes that require different security certificates for performing administrative functions. The wireless device includes a smart secure platform (SSP) or an embedded Universal Integrated Circuit Card (eUICC) that stores multiple security certificates to use for different industry sectors and/or for different operational modes.

Abstract: The present invention discloses methods and systems for communicating at a cellular router between a first wireless communication module and a first subscriber identity module (SIM). The cellular router receives a first request from a first wireless communication module and encapsulates the first request in a first modified request. The cellular router then sends the first modified request to a first SIM card in a first communication apparatus and waits for a first modified reply. While waiting for the first modified reply the cellular router sends at least one halt message to the first wireless communication module after a first time threshold. After receiving the first modified reply, the cellular router decapsulates the first modified reply to retrieve a first reply and sends the first reply to the first wireless communication module where the first modified reply is a reply to the first modified request.

Abstract: There are provided mechanisms for registering and subsequently communicating with classified subscribers in an IMS environment. The method comprises replacing an IMS Public -and Private User identity (IMPU/IMPI) with randomized temporary identifiers. Parties, in particular parties with 5 access to network entities outside the home-network cannot relate the observed IMPU/IMPI to the subscriber's original IMPU/IMPI as provisioned, and as the temporary IMPU changes frequently, there is no pattern (registration nor call) to be allocated to the subscriber's UE.

Abstract: An authentication system to authenticate at least one application accessible by a user via a computer for which access is controlled by an authentication datum includes a main mobile device and a main token in which the authentication datum is recorded. The main mobile device is configured to recover the authentication datum of the main token using a pairing key that is segmented into a plurality of segments. A first segment is recorded on the main mobile device and at least one additional segment is recorded on a secondary mobile device and/or a secondary token. The main mobile device is configured to recover the additional segment or segments in order to reconstitute the pairing key and to present the reconstituted pairing key to the main token.

Abstract: Apparatuses, systems, and methods for user equipment (UE) devices to perform more efficient frequency scans for potential base stations. According to techniques described herein, the UE may determine that it does not have cellular service and determine first information based on a last camped cell. A time period during which the first information was acquired may be determined and one or more frequency scans may be performed. The frequency scans may be limited to a set of frequencies based in part on the time period. Thus, if the time period is less than a first value, the set of frequencies may include a first set of frequencies and if the time period is greater than the first value but less than a second value, the set of frequencies may include the first set of frequencies and a second set of frequencies.

Abstract: An apparatus comprising circuitry configured to generate a user equipment identifier which is unique on Anchor cell level or which is unique in RAN notified area level.

Abstract: Systems and methods for providing online access to multiple mobile station international subscriber directory numbers (MSISDNs), or mobile numbers, with compatible internet-connected user equipment (UEs). The system can include a web portal through which users can send and receive voice calls, video calls, text messages, e-mails, and other communications via multiple authorized mobile numbers. The system can include a graphical user interface (GUI) to enable users to select a mobile number to place a call or send a text, for example, with the call or text appearing to be sent from the mobile number. The system can also route incoming calls and texts to both the UE associated with the mobile number and the web portal. Thus, an incoming call, for example, can ring on both the UE and a tablet or laptop computer substantially simultaneously.

Abstract: A user equipment device (UE) may communicate according to a new device category satisfying specified QoS (quality of service) requirements while also satisfying specified link budget requirements, and additional optimization requirements. The UE may use physical channels and procedures (e.g. it may receive and decode control channels) in a manner compatible with and not infringing on the operation of other UEs operating in the same network, while allowing the network more flexibility to assign resources. Specifically, resources for EPDCCH on UE-specific SS and EPDCCH on common SS may be shared. That is, the resources for two search spaces may be overlaid partially or in full, giving the network more flexibility in allocating resources. Furthermore the DCI formats for MPDCCH may be extended to devices operating according to the new device category, which enables the coverage enhancement of MTC for these devices.

Abstract: Systems, methods and apparatus for enabling access to secure data. A first module is arranged to generate a limited use passcode and make the passcode available to a user. A second module and a third module are arranged to communicate whereby to enable detection of the third module being in proximity to the second module. A fourth module is arranged to receive a passcode via user input. The apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module.

Abstract: Methods, systems, and computer-readable storage media for receiving, by a service, a request for data, transmitting, by the service, a data request to a data source, determining, by the service, that usable data is stored within a fuzzy cache of the service, and in response: calculating supplemental data based on the usable data, and transmitting an initial response including the supplemental data, the initial response being displayed at a client that had transmitted the request for data, and receiving, by the service and from the data source, requested data in response to the request for data, and transmitting, by the service, an updated response including the requested data.