Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource.

An application executing on a user device can receive a request to access a remote computer system. The application can automatically obtain an authentication code that is generated based at least in part on a seed value, which can be stored in the user device. The application can automatically generate an authentication request based at least in part on the access information and the authentication code, and transmit the authentication request to remote computer system.

A method for operating a system on chip (SoC) comprising a bootable processor, wherein the method includes executing a bootloader and measuring electrical power consumed by the processor during booting to derive a unique power characteristic data, verifying the unique power characteristic data, and reconstructing an device key from the unique power characteristic data and helper dater derived during an enrolment of the system on chip, where the measured power trace of the processor constitutes a unique signature of the SoC device executing specified software such that the solution secures the running software by itself.

A computer readable medium having executable code that causes one or more processors to: receive at least one of a first image of the user or a first representation of a face of the user; if a first image of the user was received, then generate a generated representation of the face of the user using the first image; capture a second image of the user and generate a second representation of the face of the user using the second image; receive an authentication factor; determine validity of the authentication factor; reduce a confidence threshold based on the authentication factor; determine a likelihood of a match between the second representation and at least one of the first representation and the generated representation; and permit access by the user to a secure asset in instances where the likelihood of a match meets the confidence threshold.

Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

An information processing apparatus for authenticating a user includes a wireless communication unit configured to obtain predetermined information from a wireless tag; a wireless authentication unit configured to authenticate the wireless tag based on the predetermined information; a capturing unit configured to capture an image; an image authentication unit configured to authenticate the user captured in the image; an image determination unit configured to determine whether an object of determination is a living body that satisfies a predetermined condition; and an apparatus authentication unit configured to permit the user to use the information processing apparatus in a case in which the image determination unit determines that the object of determination is the living body that satisfies the predetermined condition, and the user of the wireless tag which is authenticated by the wireless authentication unit and the user who is authenticated by the image authentication unit are the same.

Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource.

The present application provides a method and an apparatus for networking an unmanned aerial vehicle and a system for controlling an unmanned aerial vehicle. The method for networking an unmanned aerial vehicle includes: generating a service set identifier and a password; sending the generated service set identifier and password to a control end by means of short-distance wireless communication; judging the status of a connection to the control end; when the connection is disconnected, returning to the step of generating a service set identifier and a password, where the service set identifier and the password that are generated each time are both different from the previously generated service set identifier and password; and when the connection is not disconnected, continuing to judge the status of the connection to the control end.

Disclosed herein is a device and method for validating users, such as for entry into a given area. The method includes transmitting a plurality of access control tokens from an access control system to a portable device, and detecting proximity a user portable device associated with one of the plurality of access control tokens to the portable device. A symbolic representation of the access control token associated with the user portable device is generated by and displayed on the portable device. Selection of the displayed symbolic representation is accepted at the portable device. The access control system is notified of selection of the displayed symbolic representation, thereby indicating identification of a user associated with the access control token symbolically represented by the symbolic representation. The venue symbolic representation includes at least one pictograph.

A method for assessing a message transmitted between at least: two parties via a previously unknown third party in a decentralized communication network, wherein all parties share a common trust architecture, includes publishing, on-behalf-of indication and public, security information of the third party; publishing, the message of the first party; evaluating the published information to extract published content of the first party by the second party as intended receiver of the message; verifying a real-world-identity of the third party and/or the signature of the third party based on the previously received trust information and/or based on the self-certifying name and the public security information of the third party; checking a trust information chain according to the common trust architecture from the second party to the third party; and assessing the content of the first party based on the checked trust chain.