Systems and methods are provided for a content-based security for computing devices. An example method includes identifying content rendered by a mobile application, the content being rendered during a session, generating feature vectors from the content and determining that the feature vectors do not match a classification model. The method also includes providing, in response to the determination that the feature vectors do not match the classification model, a challenge configured to authenticate a user of the mobile device. Another example method includes determining a computing device is located at a trusted location, capturing information from a session, the information coming from content rendered by a mobile application during the session, generating feature vectors for the session, and repeating this until a training criteria is met. The method also includes training a classification model using the feature vectors and authenticating a user of the device using the trained classification model.

A network communications method utilizing a network watermark for providing security in the communications includes creating a verifiable network communications path of nodes through a network for the transfer of information from a first end node to a second end node; verifying the network communications path of nodes, by the first end node, before communicating by the first end node information intended for receipt by the second end node; and once the network communications path of nodes is verified by the first end node, communicating by the first end node, via the verified communications path of nodes, the information intended for receipt by the second end node; wherein the network watermark represents the verifiable network communications path of nodes.

A network communications method utilizing a network watermark for providing security in the communications includes creating a verifiable network communications path of nodes through a network for the transfer of information from a first end node to a second end node; verifying the network communications path of nodes, by the first end node, before communicating by the first end node information intended for receipt by the second end node; and once the network communications path of nodes is verified by the first end node, communicating by the first end node, via the verified communications path of nodes, the information intended for receipt by the second end node; wherein the network watermark represents the verifiable network communications path of nodes.

A method (200) for operating a User Equipment (UE) is disclosed, the UE configured to connect to a communication network. The method comprises: indicating to the communication network an Integrity Protection for User Plane (IPUP) mode supported by the UE when requesting registration with the communication network (202). The IPUP mode comprises one of: use of Integrity Protection for User Plane data exchanged with the UE (202a), non-use of Integrity Protection for User Plane data exchanged with the UE (202b), or use of Integrity Protection for User Plane data, and non-use of Confidentiality Protection for User Plane data (202c). Also disclosed are an apparatus for operating a UE, methods and apparatus for operating a radio access node and a core node of a communication network, and a computer program operable to carry out methods for operating a UE, a radio access node and/or a core node of a communication network.

The present disclosure relates to a 5th generation (5G) or pre-5G communication system for supporting a higher data transfer rate beyond a 4th generation (4G) communication system, such as long-term evolution (LTE). According to various embodiments of the present disclosure, a security method of a mobility management apparatus of a second system in a wireless environment may comprise the steps of: receiving a handover request for a terminal connected to a first system; transmitting the handover request to a base station of the second system; and receiving a handover ACK including security information generated by the base station of the second system and transmitting the same to the first system.

An anti-theft protection disablement solution is provided to authorized users and authorized customer service representatives. An anti-theft protection disablement request message from a recovery application on a user device may be received via a cloud messaging service or a binary messaging service. In turn, an anti-theft protection disablement message may be transmitted to the user device via the cloud messaging service or the binary messaging service when the anti-theft protection disablement request message is authenticated. The anti-theft protection disablement message may disable an anti-theft protection function on the user device that calls for an input of an anti-theft protection authentication credential for a factory reset of the user device.

Plural Internet of Things (IoT) gateways detect, secure against and remediate malicious code with an autonomous communication of tokens between the IoT gateways on a time schedule. Detection of an invalid token or a token communication outside of a scheduled time indicates that malicious code may have interfered with token generation or communication. Once malicious code is verified on an IoT gateway, the failed gateway is remediated to an operational state, such as with a re-imaging by another IoT gateway through an in band communication or a re-imaging by a server information handling system through an out of band communication.

Plural Internet of Things (IoT) gateways detect, secure against and remediate malicious code with an autonomous communication of tokens between the IoT gateways on a time schedule. Detection of an invalid token or a token communication outside of a scheduled time indicates that malicious code may have interfered with token generation or communication. Once malicious code is verified on an IoT gateway, the failed gateway is remediated to an operational state, such as with a re-imaging by another IoT gateway through an in band communication or a re-imaging by a server information handling system through an out of band communication.

A method and apparatus for sending uplink control information by a multi-mode wireless transmit/receive unit (WTRU) capable of operating on multiple component carriers of a plurality of radio access technologies (RATs) for multi-RAT operation are disclosed. The WTRU may generate uplink control information (UCI) pertaining to a first RAT and a second RAT, wherein the UCI may include a first plurality of hybrid automatic repeat request acknowledgements (HARQ-ACKs) pertaining to a plurality of downlink (DL) transmissions of the first RAT and a second plurality of HARQ-ACKs pertaining to a plurality of DL transmissions of the second RAT. The WTRU may multiplex at least part of the generated UCI pertaining to the first RAT and at least part of the generated UCI pertaining to the second RAT onto a physical channel on a component carrier of the second RAT.

In general, in one aspect, a method includes receiving software code with an invalid characteristic, repeatedly attempting to execute the software code with the invalid characteristic on a device, and in response to successful execution of the software code with the invalid characteristic, taking an action. The action may include an action to remediate the device.