Systems and methods for PKI certificate and key allocations to wireless base station radio units are provided. In one embodiment, a system for obtaining PKI credentials for a remote unit for a wireless base station, the system comprises: a remote unit, the remote unit configured to implement a radio frequency (RF) interface; a gateway coupled to the remote unit, the gateway communicatively coupled to an online provision service (OPS) certificate authority (CA); wherein the gateway is configured to generate an AuthToken unique to the remote unit, wherein the remote unit is configured to request a RU digital certificate and private key from an OPS CA based on the AuthToken.

Differentiated service in a federation-based access network is provided by receiving, with a request for access to a wireless network offering at least a two different service levels based on user identities, a set of user credentials from a User Equipment (UE); forwarding, for authentication, the set of user credentials to an identity provider in an identity federation with the wireless network, wherein the identity provider is independent from the wireless network; in response to determining that the set of user credentials indicate a realm known to be associated with a given service level, providing network access to the UE according to the given service level; and in response to determining that the given service level is not a highest service level in the wireless network, transmitting a list of preferred realms to the UE that are associated with higher service levels than the given service level.

Systems and methods for authenticating a user requesting access to a resource in a cloud-computing system. The methods comprise, by a resource service: receiving an access request for accessing a resource associated with the resource service from a computing device associated with a user, determining context information corresponding to the access request, and using the determined context information for identifying an authentication protocol for authenticating the user. The authentication protocol includes at least one authentication scheme. The methods further comprise generating an authentication challenge and transmitting the authentication challenge to the computing device. The authentication challenge includes an initial token and authentication parameters corresponding to the identified authentication protocol.

Various embodiments are directed to securely generating and managing passwords using a near-field communication (NFC) enabled contactless smart card. For example, a secure password may be generated by generating a random number via a random number generator of the contactless smart card and converting the random number to one or more human-readable characters. In another example, a secure cryptographic hash function of the contactless smart card may generate a hash output value, which may be converted to one or more human-readable characters. The human-readable characters may be used as the secure password or it may be transformed to add more layers of security and complexity.

A method for controlling access to a restricted resource is provided. The method may include receiving, by a cloud server, an identifier from a user device over a long range wireless channel. Further, the method may include comparing the identifier with a plurality of identifiers registered with an access control device. Further, the method may include authenticating the user device based on the comparing and subsequently transmitting a code to the user device upon successful authenticating. Thereafter, the user device may transmit the code to the access control device over a short range wireless channel. Further, the access control device may be configured to provide access to the restricted resource based on receiving of the code. Further, the method may include transmitting the code to the access control device over a long range wireless channel so that the access control device may authenticate the user device.

Techniques for caller verification in Rich Communication Services (RCS) for text messaging are discussed herein. A communication client can be the communication client designated to receive incoming communications for the user equipment. The user equipment may use the communication client to send, to a network device, a Session Initiation Protocol (SIP) instance to set communication client. The SIP instance may include a primary designator and a Universally Unique Identifier (UUID) associated with the client. The network device may store the information for the user equipment including the UUID and capability set. A second user equipment may poll the network device for the communications capabilities of the first user equipment before establishing a connection.

The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.

Provided is an apparatus for managing user authentication in a blockchain network and the apparatus comprises a processor configured to transmit, to a server, a request for a snapshot identifier (ID) with user data comprising at least one of one-time password, biometric data, context data, routine data, or device metadata, receive the snapshot ID generated based on the user data, initiate a transaction with the snapshot ID in the blockchain network comprising a blockchain server which authenticates the snapshot ID, and output blockchain transaction data associated with the transaction based on the authentication of the snapshot ID.

A device includes memory and a processor. The device receives biometric information. The device receives location information. The device analyzes the received biometric information with stored biometric information. The device analyzes the received location information with stored location information. The device determines whether the received biometric information matches the stored biometric information. The device determines whether the received location information matches the stored location information. The device sends an electronic communication that indicates whether the received biometric information matches the stored biometric information and whether the received local information matches stored geographic location that is not within a particular distance of another geographic location.

One or more devices may include a credentials server. The credentials server may be configured to: receive primary Standalone Non-Public Network (SNPN) credentials for a User Equipment device (UE) and SNPN information. The primary SNPN credentials and the SNPN information are associated with the UE and an SNPN. The devices may be configured to generate temporary SNPN credentials based on the primary SNPN credentials and the SNPNN information. The devices may forward the temporary SNPN credentials to the SNPN.