Many mobile devices are used for documenting different scenarios that are encountered by the users as they go about their daily lives. In many situations, a mobile device may be used to document the scenario. This data may be of significant forensic interest to an investigator. In many situations, the owner of the phone may be willing to provide the investigator access to this data (through a documented consent agreement). Such consent is usually contingent upon the fact that not all the data available on the phone may be extracted for analysis, either due to privacy concerns or due to personal reasons. Courts have also opined in several cases that investigators must limit data extracted, so as to focus on only “relevant information” for the investigation at hand. Thus, only selective (or filtered) data should be extracted as per the consent available from the witness/victim (user). Described herein is the design and implementation of such a targeted data extraction system (TDES) for mobile devices. The TDES assumes consent of the user and implements state of the art filtering using machine learning techniques. This system can be used to identify and extract selected data from smart phones, in real time at the scene of the crime.

An advance pairing system preemptively pairs a phone to a vehicle using a backend cloud system prior to establishing the connection with the vehicle, such as during the time that a user is purchasing a vehicle, or just after the user enters the vehicle for the first time. The system includes a mobile application for automated advance pairing with the vehicle's automotive computer. The mobile app sends a request for advance pairing to a server that assigns a set of unique keys to the account for secure pairing of the mobile device and the vehicle. The server pushes an encrypted payload to both the mobile device app and the vehicle advance pairing app operating on the automotive computer. The encrypted payload can include a unique vehicle ID, a unique mobile device ID, and one or more encryption keys. The mobile device and the vehicle use the encrypted advance pairing information to establish a secured connection with minimal user input.

Embodiments described herein relate to credential wrapping for secure transfer of electronic SIMs (eSIMs) between wireless devices. Transfer of an eSIM from a source device to a target device includes re-encryption of sensitive eSIM data, e.g., eSIM encryption keys, financial transaction credentials, transit authority credentials, and the like, using new encryption keys that include ephemeral elements applicable to a single, particular transfer session between the source device and the target device. The sensitive eSIM data encrypted with a symmetric key (K.sub.s) is re-wrapped with a new header that includes a version of K.sub.s encrypted with a new key encryption key (KEK) and information to derive KEK by the target device. The re-encrypted sensitive SIM data is formatted with additional eSIM data into a new bound profile package (BPP) to transfer the eSIM from the source device to the target device.

A system for cryptographic wireless detection and authentication of fluids includes a computing device configured to receive, from a transmitter attached to a container, a unique identifier associated with a fluid contained in the container, locate, at an immutable sequential listing, at least an identifier-specific record using the unique identifier, and a lot identifier associated with the unique identifier, retrieve, from the immutable sequential listing, at least a lot-specific record using the lot identifier, capture, from the container, at least a secondary datum describing the container, generate an authenticity probability score as a function of the at least an identifier-specific record, the at least a lot-specific record, and the at least a secondary datum, and display to a user an output based on the authenticity probability score.

The disclosure discloses a method and apparatus for mutual authentication between two smart security media for bundle transfer between the security media. According to an embodiment of the disclosure, a first device for providing a bundle for the second device includes a transceiver; and at least one processor, wherein the at least one processor is configured to obtain information about a bundle to be transmitted to the second device, control the transceiver to transmit identification information of the bundle to the second device, control the transceiver to receive, from the second device, authentication information relating to bundle transfer of a second smart secure platform (SSP) of the second device, determine whether a second secondary platform bundle loader (SPBL) of the second SSP is a Spbl which is able to receive the bundle based on the authentication information relating to bundle transfer of the second SSP, and control the transceiver to transmit the bundle to the second device based on a result of the determining.

Blockchain algorithms may be used to authenticate frequency changes and create a log of when DSS frequencies were modified. This approach may allow for a secure log that will detail the history of when frequencies were changed by the frequency owner or a delegated third party to perform spectrum access sharing (SAS) services.

A tracking device stores identification values unique to the tracking device for use in authenticating the tracking device. When activated, the tracking device provides a first identification value to a first owner and a different identification value to a tracking system. The identification of the tracking device can only be authenticated by combining the identification values given to the owner and tracking system. If a second owner resets the tracking device, the tracking device stores a second version the identification values for use in authenticating the tracking device. In the case that the second owner is illegitimate, (for instance, the tracking device is stolen by the second owner) the first owner can report the tracking device stolen. Upon being reported stolen, the identification value provided to the first owner is transmitted to the tracking system for use with the tracking system identification value to authenticate the first owner, enabling the first owner to locate and recover their stolen device.

Techniques are disclosed relating to authentication using public key encryption. In one embodiment, a computing device includes a secure circuit, a processor, and memory. The secure circuit is configured to generate a public key pair usable to authenticate a user of the computing device. The memory has program instructions stored therein that are executable by the processor to cause the computing device to perform operations including authenticating the user with a server system by sending authentication information supplied by the user. The operations further include, in response to the server system verifying the authentication information, receiving a first token usable to register the public key pair with the server system and sending, to the server system, a request to register the public key pair for authenticating the user. In such an embodiment, the request includes the first token and identifies a public key of the public key pair.

A terminal device may obtain a third public key of a communication device, in a case where the third public key is obtained, send a third authentication request in which the third public key is used to the communication device, receive a third authentication response from the communication device, and send third connection information to the communication device. The third connection information may include a first identifier and a second identifier, the first identifier for identifying a first wireless network in which a first access point operates as a parent station, and the second identifier for identifying a second wireless network in which a second access point operates as a parent station.

In general, one innovative aspect of the subject matter described in this specification may be embodied in methods that may include validating user data pages extracted from a digital identification in circumstances where a user device that includes the digital identification is either unavailable or presently lacks network connectivity. For instance, an authorized device may be used to extract user data pages from the digital identification by either exchanging communications with the user device using a proximity-based data exchange protocol, or by using a physical identification card to identify the digital identification on a user record. The user data pages may then be validated by comparing checksums associated with user data pages against the checksums within the user record, and decrypting the user data pages using a decryption key that is variably designated by a security status assigned to the digital identification.