Embodiments of the invention are directed to enabling access transaction systems to accept different communication protocols. In some embodiment, an access device receives, from a portable device, an indication that a transaction is to be performed by exchanging transaction information between the portable device and a remote computer, wherein the remote computer is configured to communicate using a first communication protocol. Next, the access device determines that the portable device is configured to communicate using a second communication protocol. The access device then converts communications between the portable device and the remote computer from the second communication protocol to the first communication protocol to assist the portable device and the remote computer in exchanging the transaction information.

A user equipment is configured to receive an extensible authentication protocol (EAP) request from a session management function (SMF) that serves as an EAP authenticator for secondary authentication of the user equipment. The secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment. The user equipment is also configured to, responsive to the EAP request, transmit an EAP response to the SMF.

Methods, apparatuses, and computer-readable medium for directional security are provided. An example method may include receiving, from a wireless device, a configuration for a set of shared keys. The example method may further include receiving, from a second UE, at least one message or signal including a location of the second UE, the received at least one message or signal being associated with an angle of arrival. The example method may further include configuring a key from the set of shared keys based on at least one of the received configuration, the location of the second UE, the AoA of the received at least one message or signal, or a location of the first UE. The example method may further include generating one or more ranging signals based on the configured key, the one or more ranging signals being directionally secure based on the location of the second UE.

Data is received that characterizes a computing architecture including at least one web-based server and an associated cryptographic web protocol to be implemented on such computing architecture according to a desired formal specification. Thereafter, a plurality of inattentive variants complying with the web protocol are generated without associated security checks. Messages to and from each inattentive variant are then monitored while executing the associated security checks. At least one security monitor is generated based on the monitored messages that is configured to address security vulnerabilities in the computing architecture relative to the formal specification. At least one generated security monitor can be later deployed in the computing architecture. Related apparatus, systems, techniques and articles are also described.

In one aspect, a computerized method for implementing dual-layer computer-system security in a private enterprise computer network includes the step of generating a user profile, wherein the user has access to the private enterprise computer network, wherein the user profile comprises an information comprises a specified user usage of the private enterprise computer network. The computerized method includes the step of setting a specified trigger value with respect to the specified user usage of the private enterprise computer network. The computerized method includes the step of detecting that the user usage exceeds the trigger value. The computerized method includes the step of modifying an access privilege of the user to the private enterprise computer network.

Methods, systems, and devices for wireless communications are described. In some wireless communications systems, a user equipment (UE) may receive, from a base station, control signaling identifying a configuration of a set of time intervals for communication with the base station, the set of time intervals including a subset of the time intervals for which the UE is to perform a physical layer security procedure. In some cases, the UE may activate a timer associated with performing the physical layer security procedure in response to a trigger. The UE and the base station may communicate one or more messages using the physical layer security procedure, for example, in the subset of the time intervals identified by the control signaling, while the timer is active, or both. The physical layer security procedure may involve the UE performing physical layer security encoding, signal jamming, or both.

Aspects of the present disclosure are directed to controlling access to resources in a network. In an embodiment, a gateway system receives a packet requesting access to a resource in the network, and identifies access control policies to be applied in determining whether or not to permit access to said first resource. The gateway system applies a higher-layer policy and then a lower-layer policy on the packet to determine whether or not to forward the packet to the network and forwards the packet to the network only if it is determined to forward the packet. The higher-layer policy and lower-layer policies are according to respective layers of a networking model.

A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed outside of the first host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that a hidden process exists and corrective action can be taken.

Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.

Methods, systems, and devices for wireless communications are described. A base station may transmit, to a user equipment (UE), a control message that includes an identification of a set of protection levels corresponding to different degrees of physical layer security for securing communications between the UE and the base station. The base station may transmit, to the UE, an indication of an identified protection level of the set of protection levels to be used by the UE for securing the communications between the UE and the base station. The UE may communicate with the base station in accordance with the identified protection level.