Techniques are disclosed for security management during an onboarding process for user equipment. For example, from a perspective of an onboarding network, a method comprises authenticating, via the onboarding network, user equipment based on an onboarding record previously configured for the user equipment or a set of user equipment and maintained by the onboarding network. Upon successful authentication, a communication session is established from the onboarding network to a provisioning server for remote provisioning of the user equipment. Advantageously, the onboarding process is performed without a default credential server.

A method is disclosed. The method includes receiving a broadcast signal from a beacon device, the broadcast signal encoding a first credential associated with a first entity. In response to receipt of the broadcast signal, the mobile communication device transmits the received first credential to an authentication system. The authentication system determines if the first entity associated with the broadcast signal is authentic and generates a confirmation message confirming the authenticity of the first entity. The mobile communication device then receives the confirmation message indicating that the first entity is authentic. The mobile communication thereafter receives and transmits a second credential for the mobile communication device to the beacon device, which transmits the second credential to the authentication system. The authentication system then confirms the authenticity of the mobile communication device. Then, the beacon device can initiate an interaction process with the user of the mobile communication device.

Systems and methods are described for a cyber-physical vehicle management system generated by an Integrated Secure Device Manager (ISDM) Authority configured to manage licensing and approval of Cyber-Physical Vehicle (CPV)s, a public/private key pair and a unique ID for the Authority, create a self-signed Authority token signed by the private key, send the Authority token to a plurality of ISDM Node device configured to verify Module device authenticity and in communication with the Authority, store, by each Node, the Authority token, and mark, by each Node, the Authority token as trusted.

A security system that provides for secure communication from a remote system operating on an unsecure network without the need for encrypting the packets related to the communication. The packets for the communications are sent over the network in clear text, which are readable by any systems on the network, however, only the systems that are authorized are able to determine what packets are the correct packets and what packets are the imitation packets. Moreover, a remote secure network may be utilized such that any system operating on an unsecure network may send packets through the remote secure network in a randomized routing in order to aid in hiding the systems sending and receiving the packets and the relays through which the packets are being sent.

A security system that provides for secure communication from a remote system operating on an unsecure network without the need for encrypting the packets related to the communication. The packets for the communications are sent over the network in clear text, which are readable by any systems on the network, however, only the systems that are authorized are able to determine what packets are the correct packets and what packets are the imitation packets. Moreover, a remote secure network may be utilized such that any system operating on an unsecure network may send packets through the remote secure network in a randomized routing in order to aid in hiding the systems sending and receiving the packets and the relays through which the packets are being sent.

Disclosed is a technique for verifying the validity of security certificates received by a mobile device. The technique can involve diverting a security certificate into a secure environment, such as a payment application, by modifying an import address table (e.g., implementing a “hook”) that is accessed by the security layer of the mobile device. Once diverted, the payment application can create a copy of the security certificate. The copy may be stored in a list of security certificates that is subsequently uploaded to a payment processing system for authentication. In some embodiments, a checksum is generated for the import address table using a cryptographic hash function. The checksum allows the payment application or the payment processing system to determine whether an unauthorized modification of the import address table is present.

Disclosed is method and an evolved NodeB (eNB) for use in a Long Term Evolution (LTE) network including establishing an X2 interface between the eNB and another eNB and communicating information between the eNB and the another eNB via the X2 interface.

Disclosed is method and an evolved NodeB (eNB) for use in a Long Term Evolution (LTE) network including establishing an X2 interface between the eNB and another eNB and communicating information between the eNB and the another eNB via the X2 interface.

Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.

Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.