Abstract: A method for the confidential verification of an electronic identity includes applying block chain. The method allows an acting party to recognize a block-chain identity while at the same time a level of confidentiality of the respective identity and its identity attributes is maintained. A correspondingly adapted identity system and a computer program product with control commands are arranged to implement the method and/or operate the proposed system arrangement.

Abstract: A method for mobile device security of a mobile device. The mobile device includes a global positioning system (GPS) tracker for locating the mobile device. A first zone and a second zone are established in a monitoring area. The mobile device is maintained in a first operating mode when the mobile device is located in the first zone and a second operating mode when the mobile device is located in the second zone. One or more characteristics of the first zone are received from a management system. Upon the mobile device being located outside the first zone for longer than a predetermined time period, one or more first actions are performed. Upon the mobile device returning to the first zone, one or more second actions are performed.

Abstract: Techniques for dynamic RF site configuration are provided. Historical association data is collected from a plurality of access points in a physical environment, and a machine learning model is trained to predict future association events, based on the historical association data. Current association data is then collected from the plurality of access points, and at least one predicted association event is generated by processing the current association data using the trained machine learning model. The plurality of access points is allocated to a plurality of radio frequency (RF) sites based on the at least one predicted association event. Finally, at least one of the plurality of RF sites is configured based on the predicted association event.

Abstract: Disclosed herein is a method and system for establishing secure communication between a terminal device and a target system. The method comprises validating the terminal device and the target system based on a communication request received from the terminal device. Upon validation, the terminal device is signaled to generate a Quick Response (QR) code corresponding to the communication request. Subsequently, the QR code generated at the terminal device is processed using a predetermined verification interface configured in a user device for establishing the secure communication between the terminal device and the target system. In an embodiment, the present disclosure helps users in completing a transaction based on the QR code generated at the terminal device, and thereby eliminates requirement of using a credit card/debit card and the like for completing the transaction.

Abstract: A Universal Packet Signaling Messaging System (UPSMS) system extends a message received from a messaging system based on a message signaling protocol extension that extends the message signaling protocol by including an indication that the UPSMS service is supported for a respective subscriber, and forwards the extended message to a subscription and location server. The subscription and location server authenticates a subscriber based on the subscriber identity, identifies a packet core network, and delivers the extended message via the identified packet core network to a user equipment (UE).

Abstract: A computing system may automatically classify applications that are used via a communication network. Application classification may include identifying a signature or group of signatures that belongs to an application or service associated with data flow through a network. The computer system of the network may collect data regarding the application from a mobile device, from the network, and/or from a digital distribution service accessible via the network. The system may combine such data together to identify and classify the application.

Abstract: Methods and apparatuses for managing spoofed calls to a mobile device are described, in which the mobile device receives a call transmitted over a cellular or mobile network. The call may include a set of information associated with the network, such as a geological location of a device that generated the call, a hardware device identifier corresponding to the device, an internet protocol (IP) address associated with the device, or a combination thereof. The mobile device may determine whether the call is spoofed or genuine based on the set of information. Subsequently, the mobile device may assist a user of the mobile device to manage the call, such as blocking the call from reaching the user, informing the user that the call is spoofed, facilitating the user to report the call as spoofed to an authority and/or a service provider of the network.

Abstract: A method performed by an authentication server for provisioning a user equipment (1), UE. The method comprises: obtaining a message authentication code, MAC, based on a provisioning key specific to the UE to the UE and a privacy key of a home network (3) of the UE, wherein the provisioning key is a shared secret between the authentication server (14) and the UE and the privacy key comprises a public key of the home network; and transmitting the privacy key and the MAC to the UE. Methods performed by a de-concealing server and the UE, respectively are also disclosed as well as authentication servers, de-concealing servers and UEs. A computer program and a memory circuitry (13) are also disclosed.

Abstract: A system and method (600) of securely and accurately connecting mobile devices (110) to wireless networks in vehicles (210) for a predetermined work assignment by using encrypted wireless network configurations based on vehicle specific data is disclosed herein. The system comprises a vehicle (210) comprising an on-board computer (232) with a memory (231) having a vehicle identification number (233), a connector plug (235), and an motorized engine (234), a connected vehicle device (130) comprising a processor, a WiFi radio, a BLUETOOTH radio, a memory, and a connector for mating with the connector plug of the vehicle (210), and a mobile device (110) comprising a graphical user interface (335), a processor (310), a WiFi radio (307), a BLUETOOTH radio (306), and a cellular network interface (308).

Abstract: In some implementations, a user equipment may provide an authentication request, including a detection code associated with a subscriber identification and an authentication identifier, to a subscription manager. The user equipment may receive, via a mobile network operator, an authentication response that includes an embedded universal integrated circuit card (eUICC) identifier (EID) based on providing the authentication request. The user equipment may generate, based on an activation code generated based on the authentication response, an activation request that includes the EID. The user equipment may provide the activation request to activate a wireless communication service that is provided by the mobile network operator.

Abstract: Mutual authentication techniques are described in this patent document. For example, when a first person calls a second person, neither of them know that the other person is who he or she says he or she is. Thus, after a second person receives the call, the second person is asked to authenticate himself or herself using a user device. After the second person logs into his or her account, the second person can input on the user device a one-time passcode to authenticate the first person. The user device sends the passcode to an authentication server that allows the first person to send back the inputted one-time passcode to the second person. Upon receiving the inputted one-time passcode, the second person can use his or her user device to indicate that the one-time passcode is correct so that the second person can be authenticated to access the first person's account.

Abstract: A secure mechanism for adding network devices uses an unsecure guest network and a secure network both coupled to a secure hub. When an unknown device is introduced, it is initially connected to the guest network and can only communicate with the hub and with a wide area network (WAN). The unknown device is prohibited from communicating with the secure network and any device connected to the secure network. The unknown device provides credentials to the hub, which are verified with a secure database, such as a blockchain ledger, that provides manufacturer device information and certification. Upon authentication, the hub permits the identified device to connect to the secure network. The hub may also configure the now identified device for security and operational parameters. The hub may also retrieve network traffic pattern information from the secure database and use such information to monitor normal expected activity from the identified device.

Abstract: The present disclosure relates to mobile communications technologies, and in particular, to a mobile communication method, apparatus, and device. The method includes: receiving, by user equipment UE, a non-access stratum NAS security mode command message from a mobility management entity MME, where the NAS security mode command message carries first verification matching information used to verify UE capability information received by the MME; determining, by the UE based on the first verification matching information, whether the UE capability information received by the MME is consistent with UE capability information sent by the UE to the MME; and if the UE capability information received by the MME is consistent with the UE capability information sent by the UE to the MME, sending, by the UE, a NAS security mode complete message to the MME.

Abstract: Systems and methods are provided for activating an embedded subscriber identity module (eSIM) device. One method may include initiating at least one device comprising an eSIM; connecting the eSIM to at least one of an entry point of a Mobile Network Operator (MNO) and an entitlement configuration server (ECS); activating, authenticating, and/or authorizing the eSIM; and connecting the eSIM with a cellular data service or a data network of the MNO.

Abstract: Disclosed are methods, devices and media for obtaining and for providing access information of wireless access points. The method comprises: searching for wireless access points to obtain identification information of one or more wireless access points; encoding the identification information of the one or more wireless access points according to a preset data short message encoding format to generate a query request data short message; sending the query request data short message to a designated network device; and receiving an access information data short message which is returned by the designated network device in response to the query request data short message and is encoded and generated according to the preset data short message encoding format. Thus, the terminal device is able to access the wireless access point when mobile data is unavailable, and security of information during transmission can also be guaranteed.

Abstract: Systems, devices, and techniques for V2X communications using multiple radio access technologies (RATs) are described herein. A communication associated with one or more of the multiple RATs may be received at a device. The device may include a transceiver interface with multiple connections to communicate with multiple transceiver chains. The multiple transceiver chains can be configured to support multiple RATs. Additionally, the multiple transceiver chains may be controlled via the multiple connections of the transceiver interface to coordinate the multiple RATs to complete the communication.

Abstract: A method includes maintaining a question repository in which each question corresponds to a set of decision trees. A distance matrix encodes a distance between each pair of questions. In response to a request for a new question, the method converts the new question into a set of tokens. For each question of the existing questions, the method determines a minimum distance between each token of the new question and the tokens of the question and sums the minimum distances to calculate a distance between the question and the new question. The method includes performing cluster analysis on the distance matrix. Performing cluster analysis includes normalizing the distance matrix and applying a hierarchical clustering process to the normalized distance matrix. Based on the cluster analysis, the method transmits an alternative question proposal or adds the new question to the question repository.

Abstract: In accordance with at least some aspects of the present disclosure, an illustrative method for authenticating a user is disclosed. A plurality of biometric modalities are displayed for authenticating the user. A selection of one or more of the biometric authentication modalities may be received. User authentication data may be received for each of the one or more selected authentication modalities. The user authentication data may be compared with previously-determined biometric data. An authentication score may be determined based on the comparison of the user authentication data with the previously-determined biometric data. A determination may be made whether to authenticate the user based on the authentication score.

Abstract: In accordance with an embodiment, an electronic device includes a secure element configured to implement a plurality of operating systems; and a near field communication module coupled to the secure element by a plurality of buses.

Abstract: Provided are a method and device for performing authentication using a hardware security module (HSM) in a one machine-to-machine (oneM2M) environment. The method of performing authentication using an HSM in a oneM2M environment includes extracting a symmetric key stored in the HSM using a security application programming interface (API), generating a first value and a second value using the extracted symmetric key, and performing mutual authentication with an M2M enrolment function (MEF) server through transport layer security pre-shared key ciphersuites (TLS-PSK) using the first value and the second value.

Abstract: A message authentication code, for a message transmitted and received over a communications network, is formed by applying inputs to an integrity algorithm acting on the message. The inputs comprise: an integrity key; a value indicating a transfer direction; and a frame-dependent integrity input, wherein the frame-dependent integrity input is a frame-dependent modulo count value that also depends on a random value and on a frame-specific sequence number.

Abstract: There is provided mechanisms for updating a private key of a host entity. The private key is based on parameters negotiated between the host entity and a key issuer. The host entity further has a group public key that is generated by the key issuer and associated with the private key. A method is performed by the host entity. The method comprises obtaining a need to acquire a new private key. The method comprises, in response thereto, performing a private key update procedure with the key issuer using the public key and the current private key, wherein parameters for the new private key are negotiated with the key issuer. The method comprises generating the new private key using the negotiated parameters.

Abstract: An embodiment disclosed herein is related to computing systems and method for a computing system to generate an access token that includes an IP address from a request. In the embodiment, a request is received for access to one secured data items. The request may include user credentials that specify that a user making the request is permitted to access the secured data items. The user credentials are validated and an Internet Protocol (IP) address that the request was sent from is determined. An access token is generated that includes the IP address that the request was sent from.

Abstract: Providing authentication servers (e.g. a RADIUS server) combined with a distributed data store (e.g. a memory cache) for storing a time-limited trust relationship message to establish/enable a time-limited trust between the authentication servers during network roaming of a user device. This circumvents the need for the traditional method of synchronous authentication messaging sequences, permitting transmission of authentication messaging sequences in a more time-efficient asynchronous manner.

Abstract: A method is provided for providing various operational states based on user input type. In particular, an example method may include providing for operation in a first operational state, receiving a user input, and determining if the user input is of a first input type. A second operational state based on the user input may be determined in response to the user input being of the first input type. Methods may include providing for operation in the second operational state, different from the first operational state, in response to receiving the user input of the first input type, where the second operational state precludes input of a second input type and allows input of a first input type, where the first and second input types are different from one another.

Abstract: This application describes various embodiments to manage multiple security certificates in a wireless device, including switching between different security certificates to support different functions, including supporting connectivity for multiple industry sectors that use different certificate authorities, and/or supporting different operational modes that require different security certificates for performing administrative functions. The wireless device includes a smart secure platform (SSP) or an embedded Universal Integrated Circuit Card (eUICC) that stores multiple security certificates to use for different industry sectors and/or for different operational modes.

Abstract: The present invention discloses methods and systems for communicating at a cellular router between a first wireless communication module and a first subscriber identity module (SIM). The cellular router receives a first request from a first wireless communication module and encapsulates the first request in a first modified request. The cellular router then sends the first modified request to a first SIM card in a first communication apparatus and waits for a first modified reply. While waiting for the first modified reply the cellular router sends at least one halt message to the first wireless communication module after a first time threshold. After receiving the first modified reply, the cellular router decapsulates the first modified reply to retrieve a first reply and sends the first reply to the first wireless communication module where the first modified reply is a reply to the first modified request.

Abstract: There are provided mechanisms for registering and subsequently communicating with classified subscribers in an IMS environment. The method comprises replacing an IMS Public -and Private User identity (IMPU/IMPI) with randomized temporary identifiers. Parties, in particular parties with 5 access to network entities outside the home-network cannot relate the observed IMPU/IMPI to the subscriber's original IMPU/IMPI as provisioned, and as the temporary IMPU changes frequently, there is no pattern (registration nor call) to be allocated to the subscriber's UE.

Abstract: Apparatuses, systems, and methods for user equipment (UE) devices to perform more efficient frequency scans for potential base stations. According to techniques described herein, the UE may determine that it does not have cellular service and determine first information based on a last camped cell. A time period during which the first information was acquired may be determined and one or more frequency scans may be performed. The frequency scans may be limited to a set of frequencies based in part on the time period. Thus, if the time period is less than a first value, the set of frequencies may include a first set of frequencies and if the time period is greater than the first value but less than a second value, the set of frequencies may include the first set of frequencies and a second set of frequencies.

Abstract: An authentication system to authenticate at least one application accessible by a user via a computer for which access is controlled by an authentication datum includes a main mobile device and a main token in which the authentication datum is recorded. The main mobile device is configured to recover the authentication datum of the main token using a pairing key that is segmented into a plurality of segments. A first segment is recorded on the main mobile device and at least one additional segment is recorded on a secondary mobile device and/or a secondary token. The main mobile device is configured to recover the additional segment or segments in order to reconstitute the pairing key and to present the reconstituted pairing key to the main token.

Abstract: Systems and methods for providing online access to multiple mobile station international subscriber directory numbers (MSISDNs), or mobile numbers, with compatible internet-connected user equipment (UEs). The system can include a web portal through which users can send and receive voice calls, video calls, text messages, e-mails, and other communications via multiple authorized mobile numbers. The system can include a graphical user interface (GUI) to enable users to select a mobile number to place a call or send a text, for example, with the call or text appearing to be sent from the mobile number. The system can also route incoming calls and texts to both the UE associated with the mobile number and the web portal. Thus, an incoming call, for example, can ring on both the UE and a tablet or laptop computer substantially simultaneously.

Abstract: An apparatus comprising circuitry configured to generate a user equipment identifier which is unique on Anchor cell level or which is unique in RAN notified area level.

Abstract: Systems, methods and apparatus for enabling access to secure data. A first module is arranged to generate a limited use passcode and make the passcode available to a user. A second module and a third module are arranged to communicate whereby to enable detection of the third module being in proximity to the second module. A fourth module is arranged to receive a passcode via user input. The apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module.

Abstract: A user equipment device (UE) may communicate according to a new device category satisfying specified QoS (quality of service) requirements while also satisfying specified link budget requirements, and additional optimization requirements. The UE may use physical channels and procedures (e.g. it may receive and decode control channels) in a manner compatible with and not infringing on the operation of other UEs operating in the same network, while allowing the network more flexibility to assign resources. Specifically, resources for EPDCCH on UE-specific SS and EPDCCH on common SS may be shared. That is, the resources for two search spaces may be overlaid partially or in full, giving the network more flexibility in allocating resources. Furthermore the DCI formats for MPDCCH may be extended to devices operating according to the new device category, which enables the coverage enhancement of MTC for these devices.

Abstract: A method for granting access for a user to a domain which is subject to an access restriction, wherein the user belongs to a group of one or more user shaving an access privilege in relation to the domain. The method comprises acquiring a first set of biometric data associated with the user. A first identification is successful if a comparison of the first set of biometric data to previously acquired data relating to the user, or to the group of users, indicates that the user belongs to the group. The method also comprises acquiring a second set of biometric data associated with the user responsive to the first identification being successful. A second identification is successful if a comparison of the second set of biometric data to previously acquired data relating to the user indicates that the user has the access privilege.

Abstract: A system, method, and computer program are provided for activating an eSIM from a SIM card or another eSIM. In one implementation, a request to activate an eSIM from a SIM card or another eSIM is received. Additionally, responsive to the request, first information associated with the SIM card or the other eSIM and second information associated with the eSIM is accessed. Further, at least one action to activate the eSIM from the SIM card or the other eSIM is caused to be performed, where the at least one action is based on the first information and the second information.

Abstract: A communication device includes an integrated smart card and a software profile management module. The software profile management module is configured to store profiles in the smart card, receive an operation request that includes an indication of a requested operation and an identifier of the smart card, check whether the operation request corresponds to an identifier of the smart card that is available in a repository server, and perform the requested operation only if the operation request is available in the repository server.

Abstract: A method and a device for activating an operating system of a mobile terminal. The method includes steps of: activating, when a gravity sensor provided on a first display screen of the mobile terminal is in a first state, a first operating system of the mobile terminal corresponding to a first display screen to illuminate the first display screen; activating, when the gravity sensor is in a second state, a second operating system of the mobile terminal corresponding to a second display screen to illuminate the second display screen.

Abstract: Methods, systems, and computer-readable storage media for receiving, by a service, a request for data, transmitting, by the service, a data request to a data source, determining, by the service, that usable data is stored within a fuzzy cache of the service, and in response: calculating supplemental data based on the usable data, and transmitting an initial response including the supplemental data, the initial response being displayed at a client that had transmitted the request for data, and receiving, by the service and from the data source, requested data in response to the request for data, and transmitting, by the service, an updated response including the requested data.

Abstract: Techniques for securely generating and using a “fingerprint” for authentication. A server computer receives a first data set from a user device (including a first fuzzy hash of first user data on the user device). The server computer generates a first fingerprint value based on the first data set. The server computer detects an event corresponding to a user in association with the user device. The server computer identifies a baseline fingerprint value (generated based on a baseline fuzzy hash of user data on the user device). The server computer compares the first fingerprint value to the baseline fingerprint value to generate a similarity score. The server computer may determine that the similarity score exceeds a threshold value but does not represent an exact match, and, based on the similarity score, authenticate the user and update the baseline fingerprint value based on the first fingerprint value.

Abstract: An object of the present invention is to provide a terminal authentication device that can suppress a troublesome operation to authenticate a terminal when the terminal is connected to a network. A reception unit receives a beacon signal broadcasted from a terminal. A position determination unit determines the position of the terminal using the received beacon signal. A connection control unit controls the terminal to be connected to a mesh network in the case where the determined position of the terminal is within a predetermined authentication possible region.

Abstract: The subject matter of this specification can be embodied in, among other things, a method that includes receiving at a computing device that is in a locked state, one or more user inputs to unlock the device and to execute at least one command that is different from a command for unlocking the device. The method further includes executing in response to the user inputs to unlock the device an unlocking operation by the device to convert the device from a locked state to an unlocked state. The method further includes executing the at least one command in response to receiving the user inputs to execute the at least one command. The at least one command executes so that results of executing the at least one command are first displayed on the device to a user automatically after the device changes from the locked state to the unlocked state.

Abstract: A circuit breaker is for protecting a low-voltage circuit when current or current-time limits are exceeded in the low-voltage circuit. The circuit breaker includes an electronic trip unit which initiates an interruption or reduction of the current flow in the low-voltage circuit when first current or current-time limits are exceeded, and second current or current-time limits stored in the electronic trip unit, which are characterized by lower current limits or lower current-time limits, the second limits being activatable by an initiated switchover. A communication unit connected to the electronic trip unit is provided, which enables wireless communication, and the circuit breaker is designed such that when a wireless communication signal is received that exceeds a field strength value, the second limits are activated.

Abstract: The present disclosure relates to product activation of products purchased online or through electronic commerce platforms. The disclosure provides methods, systems, and computer program products that enable secure activation of products using user identity data. The disclosure implements secure activation based on activation records maintained in an activation server and a unique registrant ID corresponding to an intended user of the product that is generated and maintained at an identity verification platform.

Abstract: A Radio Access Network (RAN) node instructs a wireless device having a connection to the RAN node to transition from a connected Radio Resource Control (RRC) state to an inactive RRC state in which key information supporting the connection, and a further connection to a Core Network (CN) node serving the wireless device, are maintained. Responsive to the wireless device returning to the connected RRC state, the RAN node requests new key material from the CN node, and replaces the key material supporting the connection with the new key material received from the CN node.

Abstract: Disclosed as a method of controlling access to a network in a wireless communication system and an apparatus therefor. Specifically, a method of performing access to a network by a user equipment (UE) in a wireless communication system may include receiving first information on whether a specific access identity is valid in a specific public land mobile network (PLMN) from the network, when the UE selects a PLMN and attempts access, determining whether the specific access identity is valid in the PLMN selected by the UE based on the first information, selecting an access identity based on the determination, and performing an access control procedure based on the selected access identity.

Abstract: In an example of this disclosure, a method may include receiving, by a database server, a data write request. The data write request may include authentication information corresponding to a first call session and first additional information. The method may include generating, by the database server, a first unique identifier based on the first additional information. The authentication information may correspond to the first unique identifier. The method may include storing the first unique identifier and the authentication information in a data structure in a memory of the database server.

Abstract: A vehicular camera module includes a metal front housing, a printed circuit board housed by the metal front housing, a lens holder disposed at the metal front housing with the lens aligned with an imager at the printed circuit board, a metal rear housing joined with the metal front housing, and a coaxial connecting element. With the metal rear housing joined with the metal front housing, an inward-extending portion of the coaxial connecting element extends inward of the metal rear housing towards the metal front housing and electrically connects with circuitry at the printed circuit board. With the metal rear housing joined with the metal front housing, a plurality of spring tabs make, via spring contact, an electrical connection between the circuitry at the printed circuit board and the metal rear housing. An outward-extending portion of the coaxial connecting element is configured for coaxial electrical connection to a vehicle connector.

Abstract: An apparatus and a method to apply 5G communication systems to IoT networks is provided. The apparatus includes technologies, such as a sensor network, machine type communication (MTC), and machine-to-machine (M2M) communication may be implemented by beamforming, multiple-input multiple-output (MIMO), and array antennas. Application of a cloud radio access network (RAN) as the above-described big data processing technology may also be considered to be as an example of convergence between the 5G technology and the IoT technology. The disclosure relates to a method and an apparatus for controlling network access in a next generation mobile communication system.

Abstract: The present invention provides a programmable long-range wireless signal remote control device that receives a wireless signal through a processor, performs a verification procedure on the wireless signal by using a signal packet data protocol entity, and then utilizes a control transmission interface to transmit the control signal in the wireless signal to a processing component. A sequence data control interface transmits a data signal in the wireless signal externally, and a programmable entity controls a number of sequences and the time of transmitting the wireless signal or a control signal externally, thereby achieving the effect of information preservation and data identification, the reception and transmission of stable signals, transmission of the control signal in a one-to-many time-series interval manner, and the provision of the control signal and the data signal to a controlled device.