Systems and methods for analyzing applications (“apps”) on a mobile device for security risks for a company while maintaining the mobile device owner's privacy and confidentiality concerning the applications. The mobile device may be a user's personal device (a “bring your own device”). In an example method, a process generates one or more cryptographic representations of application information for each application on the mobile device. The cryptographic representations may comprise a hash or composite hash. The cryptographic representations may be transmit outside the mobile device to a system which makes a determination and provides an indication whether the application is permitted or not permitted for use at the company. The company can be associated with a hashed permitted or not permitted list. The application information can include application name, executable code, and a version number. The method may include automatically remediating the application if it matches a known risk.

Systems, devices, methods, and computer readable media are provided in various embodiments having regard to authentication using secure tokens, in accordance with various embodiments. An individual's personal information is encapsulated into transformed digitally signed tokens, which can then be stored in a secure data storage (e.g., a “personal information bank”). The digitally signed tokens can include blended characteristics of the individual (e.g., 2D/3D facial representation, speech patterns) that are combined with digital signatures obtained from cryptographic keys (e.g., private keys) associated with corroborating trusted entities (e.g., a government, a bank) or organizations of which the individual purports to be a member of (e.g., a dog-walking service).

The disclosed computer-implemented method for proactive call spam/scam protection may include intercepting network traffic by the at least one processor employing a network extension feature of an operating system of a computing device. The method may additionally include capturing, by the at least one processor employing the network extension feature, a phone number in the network traffic. The method may also include comparing, by the at least one processor employing the network extension feature, the phone number to a plurality of entries in a spam/scam repository. The method may further include performing, by the at least one processor, a security action in response to the comparison. Various other methods, systems, and computer-readable media are also disclosed.

The disclosed computer-implemented method for proactive call spam/scam protection may include intercepting network traffic by the at least one processor employing a network extension feature of an operating system of a computing device. The method may additionally include capturing, by the at least one processor employing the network extension feature, a phone number in the network traffic. The method may also include comparing, by the at least one processor employing the network extension feature, the phone number to a plurality of entries in a spam/scam repository. The method may further include performing, by the at least one processor, a security action in response to the comparison. Various other methods, systems, and computer-readable media are also disclosed.

Slice control elements in a 5G slicing framework are instantiated in trusted hardware to provide for sealed data transmission in a trusted slice. In addition to sealing the data plane in the trusted slice, the control plane for the slice may be secured by the instantiation into the trusted hardware of layer 2 (medium access control—MAC) scheduling functions for radio resources (e.g., subcarriers and time slots). Layer 1 (physical—PHY) may also be configured to further enhance security of the trusted slice by isolating its PHY layer from that of other trusted and non-trusted slices. Such isolation may be implemented, for example, by using dedicated PHY resources, or by limiting resource time sharing to provide temporal isolation.

Slice control elements in a 5G slicing framework are instantiated in trusted hardware to provide for sealed data transmission in a trusted slice. In addition to sealing the data plane in the trusted slice, the control plane for the slice may be secured by the instantiation into the trusted hardware of layer 2 (medium access control—MAC) scheduling functions for radio resources (e.g., subcarriers and time slots). Layer 1 (physical—PHY) may also be configured to further enhance security of the trusted slice by isolating its PHY layer from that of other trusted and non-trusted slices. Such isolation may be implemented, for example, by using dedicated PHY resources, or by limiting resource time sharing to provide temporal isolation.

Embodiments of this application provide a key generation method, applied to a scenario in which a base station is divided into a centralized unit and a distributed unit and a control plane and a user plane of the centralized unit are separated. And the control plane entity of the centralized unit obtains a root key, generates a user plane security key based on the root key, and sends the first user plane security key to the user plane entity of the first centralized unit. According to this application, key isolation between different user plane entities is implemented. Further, in an actual operation, the control plane entity or the user plane entity of the centralized unit may be flexibly selected to generate the user plane security key.

Embodiments of this application provide a key generation method, applied to a scenario in which a base station is divided into a centralized unit and a distributed unit and a control plane and a user plane of the centralized unit are separated. And the control plane entity of the centralized unit obtains a root key, generates a user plane security key based on the root key, and sends the first user plane security key to the user plane entity of the first centralized unit. According to this application, key isolation between different user plane entities is implemented. Further, in an actual operation, the control plane entity or the user plane entity of the centralized unit may be flexibly selected to generate the user plane security key.

This disclosure describes systems, methods, and devices related to long training field (LTF) sequence security protection. A device may determine a null data packet (NDP) frame comprising one or more fields. The device may determine a first long training field (LTF) and a second LTF, the first LTF and the second LTF being associated with a first frequency band of the NDP frame, wherein time domain LTF symbols of first LTF and the second LTF are generated using different LTF sequences. The device may determine a third LTF and a fourth LTF, the third LTF and the fourth LTF being associated with the a second frequency band of the NDP frame, wherein time domain LTF symbols of third LTF and the fourth LTF are generated using different LTF sequences. The device may cause to send the NDP frame to an initiating or a responding device. The device may cause to send a location measurement report (LMR) frame to the initiating or the responding device, wherein the LMR comprises timing information associated with the first frequency band and the second frequency band.

One or more embodiments described herein disclose methods and systems that are directed at providing enhanced privacy, efficiency and security to distributed ledger-based networks (DLNs) via the implementation of zero-knowledge proofs (ZKPs) in the DLNs. ZKPs allow participants of DLNs to make statements on the DLNs about some private information and to prove the truth of the information without having to necessarily reveal the private information publicly. As such, the disclosed methods and systems directed at the ZKP-enabled DLNs provide privacy and efficiency to participants of the DLNs while still allowing the DLNs to remain as consensus-based networks.