Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Apparatus and method for device and data authentication in a computer network, such as but not limited to an IoT (Internet of Things) network. In some embodiments, a trust hub device is coupled to an interconnectivity device. The trust hub device includes a controller and non-volatile memory (NVM), and may be a network capable data storage device. The interconnectivity device is configured as an Internet of Things (IoT) or Operational Technology (OT) device, and includes a controller and a sensor. Data from the sensor are transferred from the interconnectivity device to the trust hub device. The trust hub device proceeds to attest a provenance of the data from the sensor to a remote entity associated with the interconnectivity device. The trust hub device includes a firewall to the external network, establishes a root of trust for the local interconnectivity device, and performs enrollment and signing services for the interconnectivity device.

Misconfigured user equipment (UE) can cause additional traffic generation to server devices (e.g., 911 server device) and overload the server devices. Thus, detecting these UEs and blocking them before they hit the application servers in the mobility network can be facilitated via an identification and blocking approach. The system can comprise an identification correlator that can correlate S1 interface application protocol identification (S1-APID) associated with the UE to an international mobile subscriber identity (IMSI) of the UE. When the identification correlator collects data feeds from a network, the identification correlator can share this data with a call data record engine to determine if the UE is a misconfigured UE and prompt the network core to drop/block the misconfigured UE from a communication.

Systems, methods, and computer-readable storage media for automatic port identification. The present technology can involve determining that a wireless device has connected to a network device on a network, and determining which of the ports on the network device the wireless device has connected to. The determining the port connected to the wireless device can involve determining respective traffic patterns to be provided to selected ports on the network device, determining a traffic pattern transmitted by the wireless device, determining that the traffic pattern transmitted by the wireless device has a similarity to a traffic pattern from the respective traffic patterns, and based on the similarity, determining that a port associated with the traffic pattern is connected to the wireless device. The present technology can also involve selecting a port policy for the port.

Systems, methods, and computer-readable storage media for automatic port identification. The present technology can involve determining that a wireless device has connected to a network device on a network, and determining which of the ports on the network device the wireless device has connected to. The determining the port connected to the wireless device can involve determining respective traffic patterns to be provided to selected ports on the network device, determining a traffic pattern transmitted by the wireless device, determining that the traffic pattern transmitted by the wireless device has a similarity to a traffic pattern from the respective traffic patterns, and based on the similarity, determining that a port associated with the traffic pattern is connected to the wireless device. The present technology can also involve selecting a port policy for the port.

A communication system includes a mediation apparatus communicating with a device via a local network and an information processing apparatus communicating with the mediation apparatus through firewall. The information processing apparatus including a first control device. The mediation apparatus includes a second control device transmitting to the information processing apparatus through the firewall a first request for requesting transmission of a first command for the device, and a second request for requesting transmission of a second command for the mediation apparatus. In response to receiving the first command, the second controller transmits to the device via the local network a device command. In response to receiving the second command, the second controller performs a second-command dependent instruction. In response to receiving the first request and the second request, the first control device transmits respectively the first command and the second command to the mediation apparatus.

A method for automatic steering of client devices accessing a network to a different access point on the network is provided. A network controller of the network device automatically identities a pre-determined type of electronic client device gaining access to the network and automatically designates the client device as non-steerable when identified as the predetermined type of electronic client device. Thus, when the network controller selects a client device for being steered to a different access point of the network during a steering event, client devices designated as non-steerable by the network controller are prevented from being steered and only client devices that are not designated as non-steerable are available as candidates to be steered. A network device is also provided.

Techniques for cross-domain routing using a fractionated cross-domain solution (F-CDS) are disclosed. A first intermediate node operating in a first physical device in an assured pipeline of the F-CDS receives a data item originating at a source node in a first security domain. The first intermediate node applies a first data filter to determine that the data item complies with a data security requirement of the F-CDS. The first intermediate node transmits the data item to a second intermediate node operating in a second physical device in the assured pipeline of the F-CDS. The second intermediate node applies a second data filter to redundantly determine that first data item complies with the data security requirement of the F-CDS. The second intermediate node transmits the data item to a recipient node in a second security domain via the assured pipeline.

Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device’s location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

The exemplary embodiments of the present disclosure provide a method and an apparatus for detecting an abnormal roaming request which acquires information of user equipment which sends a roaming request message, calculates a risk of the roaming request message using a roaming request location and a roaming request time of the user equipment, and safely processes the request according to the risk.