The present technology is directed to providing fault management with dynamic restricted access in a tenant network. The tenant network can be a private 5G cellular network or other wireless communication network. The present technology can identify a fault event within the tenant network based on received telemetry data, associate the fault event with a vendor component included in the tenant network, and generate a vendor fault context. The vendor fault context can be generated to include only the portion of telemetry data that is determined to be related to the fault event or the vendor component. The present technology can further use the vendor fault context to create a time-bound user account for remotely accessing the tenant network for fault triage and management. The time-bound user account can be associated to a static role-based access control (RBAC) scheme configured with access restrictions determined based on the vendor fault context.

In an example implementation, a print supply cartridge comprises a microcontroller to receive a timing challenge and enable authentication of the cartridge by providing a challenge response. The challenge response is provided in a challenge response time that falls within an expected time window.

A communication system implemented providing a service based on ProSe under the management of a network operator. Processing based on a discovery request procedure for discovering a proximity terminal is performed based on authentication of a server device operated by the network operator. In addition, the network operator updates the processing based on the discovery request procedure in accordance with a policy of the network operator.

A communication system implemented providing a service based on ProSe under the management of a network operator. Processing based on a discovery request procedure for discovering a proximity terminal is performed based on authentication of a server device operated by the network operator. In addition, the network operator updates the processing based on the discovery request procedure in accordance with a policy of the network operator.

A system includes processing circuitry; and a memory device including instructions embodied thereon, wherein the instructions, which when executed by the processing circuitry, configure the processing circuitry to perform operations comprising: accessing input data, at an aggregator node, the input data including sensor data from a plurality of sensor nodes, each sensor data having a respective signature; validating the sensor data by using respective cryptographic hash functions on the sensor data and evaluating the respective result using the respective signature; performing an aggregation function on the sensor data to produce aggregate data; executing a hash function on the aggregate data to produce a hash value for the aggregate data; bundling the sensor data, respective signatures of the sensor data, aggregate data, and hash value for the aggregate data in a data structure; and exposing the data structure to subscriber nodes on the IoT network.

Described systems and methods allow protecting multiple wireless Internet-of-things (IoT) devices against impersonation attacks. In some embodiments, a security appliance detects an availability notification (e.g., a Bluetooth® Low Energy advertisement) emitted as part of a protocol of establishing a wireless connection between two devices. The security appliance may then determine whether the detected notification fits a baseline notification pattern of the apparent sender. When no, the security appliance may attack the sender device by replying to the respective availability notification and initiating a handshake.

Described systems and methods allow protecting multiple wireless Internet-of-things (IoT) devices against impersonation attacks. In some embodiments, a security appliance detects an availability notification (e.g., a Bluetooth® Low Energy advertisement) emitted as part of a protocol of establishing a wireless connection between two devices. The security appliance may then determine whether the detected notification fits a baseline notification pattern of the apparent sender. When no, the security appliance may attack the sender device by replying to the respective availability notification and initiating a handshake.

A method for creating single-use authentication messages includes creating, at a consumer network function of a core network of a telecommunications network, a message hash of at least a subset of a request message. The method includes adding, at the consumer network function, the message hash to a client credentials assertion (CCA) token for the consumer network function. The method includes sending, from the consumer network function, the request message with the CCA token to a producer network function.

Systems and methods for PKI certificate and key allocations to wireless base station radio units are provided. In one embodiment, a system for obtaining PKI credentials for a remote unit for a wireless base station, the system comprises: a remote unit, the remote unit configured to implement a radio frequency (RF) interface; a gateway coupled to the remote unit, the gateway communicatively coupled to an online provision service (OPS) certificate authority (CA); wherein the gateway is configured to generate an AuthToken unique to the remote unit, wherein the remote unit is configured to request a RU digital certificate and private key from an OPS CA based on the AuthToken.

Systems and methods for PKI certificate and key allocations to wireless base station radio units are provided. In one embodiment, a system for obtaining PKI credentials for a remote unit for a wireless base station, the system comprises: a remote unit, the remote unit configured to implement a radio frequency (RF) interface; a gateway coupled to the remote unit, the gateway communicatively coupled to an online provision service (OPS) certificate authority (CA); wherein the gateway is configured to generate an AuthToken unique to the remote unit, wherein the remote unit is configured to request a RU digital certificate and private key from an OPS CA based on the AuthToken.