Apparatus and methods for content- and context-based biometric authentication are provided. The apparatus and methods may include using multiple biometric sensors and an authentication engine that decides which sensor(s) to use through a content- and/or context-based analysis. The apparatus and methods may include requesting authentication, analyzing the request to determine which sensor(s) is appropriate, prompting a user to use the sensor(s) and comparing the data received with data stored in a database to provide authentication.

It is recognized herein that current messaging protocols for internet of things (IoT) architectures are often weak from a security perspective, and are often poorly suited for resource-constrained devices. An example IoT system described herein combines device authentication and application-layer key establishment using facilities of IoT messaging protocols. The IoT system may include a Trust Broker, which acts as a registration point for devices, and an edge gateway, which manages communication between a given device and the trust broker (and IoT servers). The edge gateway may acquire a trusted role, such that it may be a secure intermediary for device-server messaging, and such that it can facilitate authentication of devices to services.

Provided are an apparatus and method for providing security in a wireless communication system. A user equipment (UE) may transmit a registration request message to an access and mobility management function (AMF), in response to reception of a registration reject message from the AMF, transmit an attach request to a mobility management entity (MME), and receive an attach accept from the MME, wherein, when the AMF and the UE have a security context, a security-protected registration reject message may be transmitted by the AMF to the UE, a registration request from the UE may be redirected from the AMF to the MME, and when at least one of the AMF and the UE does not have security context information, the attach request may include security verification information.

Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may identify a set of security levels for a set of physical uplink channels, wherein the set of physical uplink channels are overlapping in time. The UE may transmit one or more of the set of physical uplink channels based at least in part on the set of security levels for the set of physical uplink channels. Numerous other aspects are described.

A UE can enable a VoWIFI service, receive hidden SSID information, and register with a core network via a RAN. The UE can monitor a first signal strength of a first signal from the RAN. The UE can scan for a second signal from a WLAN, and when found, can measure a second signal strength of the second signal. The UE can determine whether the first signal strength is at or below a first threshold. If so, and if the WLAN is untrusted, the UE can probe it with the hidden SSID information. If the untrusted WLAN responds, the UE can send an access request to an untrusted WLAN access point. The UE can receive, via the untrusted WLAN access point, an authentication challenge from an ePDG. If the UE passes the authentication challenge, the UE can register with the core network via the untrusted WLAN and the ePDG.

A method for authenticating a network entity to access restricted information. The method includes receiving a request to generate a visual voicemail message based on an analysis of network entity profile data and contextual information relating to the network entity. The method includes generating the visual voicemail message based on the network entity profile data and the contextual information, sending the visual voicemail message to the network entity and requesting authentication information included with the visual voicemail message. In response to receiving the requested authentication information, the network entity is authenticated to access to the restricted information.

An access control system is provided and includes a control device disposed to restrict access to a secured resource and a networked device disposed in signal communication with the control device. The networked device requests authentication of a user from a trusted device responsive to a presentation of credentials to the control device in a request for access to the secured resource, the credentials are associated with access rights of the user, the networked device is receptive of the authentication, and the control device permits a level of access to the secured resource in accordance with the access rights upon the reception of the authentication.

Systems, devices, and techniques described herein relate to use of an optimized security mode command (SMC) procedure for securing communications. When connecting to a different cellular network (e.g., from a 5.sup.th generation (5G) Radio Access Network (RAN)) to a different cellular network (e.g., a 4.sup.th generation (4G) RAN), a User Equipment (UE) performs the SMC procedure without processing subsequent commands until a period of time has elapsed. Instead of allowing the UE to process subsequent commands received close in time to receiving the SMC, the subsequent commands may be delayed/suspended so that the UE has time to perform the SMC procedure and establish secure communications with the 4G LTE network. According to some examples, the delay is set to a period of time (e.g., 1 ms, 10 ms, or some other value) such that the subsequent command does not interfere with performing the SMC procedure.

Embodiments of present disclosure relates to an apparatus and method for managing security context related to a UE. Initially, registration of a UE with a new AMF in a communication network is identified. Further, generation of new security context by new AUSF selected by the new AMF for authentication of the UE is detected. Further, presence of one or more old security contexts elated to the UE and generated by one or more old AUSFs selected by one or more old AMFs for one or more previous authentications of the UE, is detected. Upon the detection, de-registration of the UE with the one or more old AUSFs is initiated for managing security context related to the UE in the communication network. Thus, stale and inactive security context related to the UE may be deleted in the network and security of communication with the UE is enhanced.

The present disclosure describes providing an attestation level to a received communication. The attestation level may be used to communicate a level of security to a network or a called party that receives the communication. The attestation level associated with the communication may indicate to a destination network and/or recipient that the phone number associated with the communication is secure and/or the telephone number has not been spoofed. Determining the attestation level comprises comparing information associated with the communication with stored information and assigning a code based on the comparison. The code may be translated to a tag value that is used to direct the communication to a signing server for attesting the communication at the determined attestation level.