The present disclosure describes a method for adaptive WiFi roaming, where an electronic device and an access point advertise their networking capability. The networking capability may be, for example, the capability to support at least one enterprise feature. Based on the advertisements transmitted by the electronic device, the access point can determine that the electronic device can support the at least one enterprise feature and may selectively enable the at least one enterprise feature. Additionally, based on advertisements transmitted by the access point, the electronic device can determine that the access point can support the at least one enterprise feature. Based on this mutual determination, the access point and electronic device may continue an association process based on the at least one enterprise feature.

A communication device (UE) conducting wired and/or wireless communications may issue service requests using zero-round-trip-time (zero-RTT) connectivity. The UE may obtain, prior to initiating an application, an address corresponding to a service and a security credential for use in accessing the service. The UE may receive, after initiating the application, an instruction to issue a service request, and generate the service request that may include a service identifier corresponding to the service, the address corresponding to the service, and the security credential for use in accessing the service. The UE may then transmit the service request to an edge server associated with the service. The edge server may route the service according to the service identifier. Multiple data centers/servers may advertise their services to the edge server associated with the service, facilitating fast routing of the service request by the edge server associated with the service.

Flexible authentication technologies customized to particular tenants of a data center network can be implemented. For example, an administrator can specify a primary authentication server and specify at which data centers different applications are to be hosted for a given tenant. End users can be shielded from the complexities of implementing such configuration details. For example, single sign-on authentication can be implemented, even when applications are configured to be hosted in different data centers. Enterprise tenants can thus control where applications are hosted and enforce data containment scenarios without encumbering users with additional tasks. Collaboration and application-to-application authentication can be achieved.

Flexible authentication technologies customized to particular tenants of a data center network can be implemented. For example, an administrator can specify a primary authentication server and specify at which data centers different applications are to be hosted for a given tenant. End users can be shielded from the complexities of implementing such configuration details. For example, single sign-on authentication can be implemented, even when applications are configured to be hosted in different data centers. Enterprise tenants can thus control where applications are hosted and enforce data containment scenarios without encumbering users with additional tasks. Collaboration and application-to-application authentication can be achieved.

A method and apparatus for providing information relating to delivery of a service from a server to a mobile device. A node in a Radio Access Network (RAN) receives from an interaction device an instruction message indicating that the mobile device is authorised to exchange service delivery information relating to delivery of the service from the server to the mobile device with the node in the RAN. The node can then exchange service delivery information with the mobile device. The interaction device need not maintain state, as it simply authorises the mobile device to interact directly with the node in the RAN. Furthermore, signalling between the interaction device and the node in the RAN is reduced.

There is provided a new message flow for improving security without backhaul connection to an EPC. In this message flow, an NeNB (20) updates PS UE list when an authorized PS UE (10) joins or leaves an Isolated E-UTRAN. Further, The NeNB (20) performs UE authentication based on pre-configured credentials. Further, the NeNB (20) can retrieve information necessary for the UE authentication from another NeNB to which the UE (10) previously attached. The NeNB (20) establish secure connection with the UE (10) based on pre-configured IOPS group key.

Flexible authentication technologies customized to particular tenants of a data center network can be implemented. For example, an administrator can specify a primary authentication server and specify at which data centers different applications are to be hosted for a given tenant. End users can be shielded from the complexities of implementing such configuration details. For example, single sign-on authentication can be implemented, even when applications are configured to be hosted in different data centers. Enterprise tenants can thus control where applications are hosted and enforce data containment scenarios without encumbering users with additional tasks. Collaboration and application-to-application authentication can be achieved.

Various embodiments of the technology described herein alleviate the need to specifically request enrollment information from a user to enroll the user in a passive voice authentication program. The system can receive one or more spoken words from a user. The system can determine that a voice profile is usable for user authentication. The system can select at least one word from the one or more spoken words to enroll the user into a voice authentication program without requiring further interaction from the user. The voice authentication program enables access to secure data in response to receiving the at least one word spoken by the user. After enrollment of the user into the voice authentication program, at least one word spoken by the user is received, and the user is authenticated based on the at least one word.

Techniques are disclosed relating to contextual authentication across different applications based on user communications. In some embodiments, a user is preauthenticated to certain actions on a second application based on the user's communication via a first application. The user's communication via a first application provides contextual information that may be used to preauthenticate a request to perform an action on the second application. Contextual information may include the user's communication itself, communications characteristics that are determined from the user's communications, or both. In some embodiments, the degree of preauthentication progressively increases or decreases with the degree of use on the first application; that is, the user is preauthenticated to greater or fewer portions of an authentication procedure, to perform greater or fewer actions, or to perform actions more or less critical to security, as additional information regarding the user's communication on the first application becomes available. In some embodiments, preauthentication may be revoked as additional contextual information becomes available on the first application.

Techniques are disclosed relating to contextual authentication across different applications based on user communications. In some embodiments, a user is preauthenticated to certain actions on a second application based on the user's communication via a first application. The user's communication via a first application provides contextual information that may be used to preauthenticate a request to perform an action on the second application. Contextual information may include the user's communication itself, communications characteristics that are determined from the user's communications, or both. In some embodiments, the degree of preauthentication progressively increases or decreases with the degree of use on the first application; that is, the user is preauthenticated to greater or fewer portions of an authentication procedure, to perform greater or fewer actions, or to perform actions more or less critical to security, as additional information regarding the user's communication on the first application becomes available. In some embodiments, preauthentication may be revoked as additional contextual information becomes available on the first application.