A trusted device responsible for evaluating trustworthiness of unknown devices is provided. Trust evaluation rules usable to determine whether to authorize unknown devices to access a resource are received. A request to access the resource and device evaluation attributes are received from an unknown device. The trustworthiness of the unknown device is evaluated based upon the device evaluation attributes using the trust evaluation rules. In response to determining that the unknown device is trustworthy, a credential for accessing the resource is provided to the unknown device, and the device evaluation attributes of the unknown device and an identification of the unknown device are sent to a registrar for the resource.

Techniques are disclosed for enhancing mobile subscriber privacy in telecommunications networks. In some embodiments, in the course of a registration process, a user device and an associated telecommunications network exchange trust indicators (TrIs), and respectively verify them. The user device and telecommunications network also transmit personally identifiable information (PII), such as an International Mobile Subscriber Identity (IMSI), in an encrypted form, and use a pseudo IMSI in place of the IMSI for the duration of the session.

An access control system is provided and includes a control device disposed to restrict access to a secured resource and a networked device disposed in signal communication with the control device. The networked device requests authentication of a user from a trusted device responsive to a presentation of credentials to the control device in a request for access to the secured resource, the credentials are associated with access rights of the user, the networked device is receptive of the authentication, and the control device permits a level of access to the secured resource in accordance with the access rights upon the reception of the authentication.

In accordance with some embodiments, an apparatus for privacy protection is provided. The apparatus includes a housing arranged to hold a personal communication device and a peripheral interface supported by the housing, where the peripheral interface is connectable to a supplemental functional device. The apparatus further includes a local communication device coupled to the peripheral interface and supported by the housing, where the local communication device includes a personal communication device interface modem operable to provide a communication channel between the peripheral interface and the personal communication device. The apparatus further includes a controller coupled to the peripheral interface and the local communication device, where the controller is operable to manage the communication channel between the supplemental functional device and the personal communication device.

A method includes storing, by a secure data conveyance device, a certified data object for a user computing device. The method further includes receiving a request from the user computing device that at least a portion of the certified data object be conveyed to a target computing entity. When authenticated, the method further includes data translating the at least a portion from a first data representation into a universal data representation, sending the universal data representation to a trusted data securing device, and data translating the universal data representation into a specific data representation. The method further includes sending the specific data representation to the secure data conveyance device, where the secure data conveyance device adds an expiration time frame and forwards it to user computing device. The method further includes conveying, by the user computing device, the specific data representation with the expiration time frame to target computing entity.

Technologies are shown for secure management of evaluation data that involves receiving an evaluation value signal from a source, the evaluation value signal relating to an evaluation entity having an evaluation score secured on an evaluation data blockchain and verifying whether the source is identified in trusted source data. If the source is trusted, then the technology involves obtaining a weight associated with the source, obtaining the evaluation score for the evaluation entity from a first evaluation data block in the evaluation data blockchain, where the first evaluation data block is a most recent evaluation data block in the evaluation data blockchain, calculating a new evaluation score based on the evaluation score obtained from the first evaluation data block and the received valuation signal weighted according to the weight associated with the source, and securely committing the new evaluation score to the evaluation data blockchain in another evaluation data block

A registry apparatus is provided for maintaining a device registry of agent devices for communicating with application providing apparatus. The registry comprises authentication information for uniquely authenticating at least one trusted agent device. In response to an authentication request from an agent device, the authentication information for that device is obtained from the registry, and authentication of the agent device is performed. If the authentication is successful, then application key information is transmitted to at least one of the agent device and the application providing apparatus.

Systems, methods, and software can be used to provide secure sensor data. In some aspects, a computer-implemented method includes: receiving, at a sensor security evaluation application executing on a device, sensor data from a sensor on the device; determining, by the sensor security evaluation application, a security confidence score associated with the sensor data; and transmitting, from the sensor security evaluation application, the security confidence score and the sensor data to a smart machine processor on the device.

A method of providing continuous user authentication for resource access control includes launching a continuous authentication service at a boot time of a first device, wherein the first device includes a processor, a memory, and one or more sensors configured to collect authentication information. Additionally, the method includes receiving authentication information comprising one or more of explicit authentication information or implicit authentication information, and receiving a request for access to a resource of the first device. Further, the method includes the operations of determining, by the continuous authentication service, a current value of a security state, the current value of the security state based in part on a time interval between a receipt time of the authentication information and a current time and controlling access to the resource based on the current value of the security state.

A device (110) arranged for wireless communication (130) according to a communication protocol has a processor (112) to execute a connection sequence according to a discovery protocol. The connection sequence comprises determining a current cluster identity and a current discovery window timing used by the device. Next, at least one other device (120,120) within wireless range is detected, while further determining a detected cluster identity and a detected discovery window timing of the detected other device. Then it is detected whether the detected device is operating in a different cluster than the device by comparing the current cluster identity with the detected cluster identity or comparing the current discovery window timing with the detected discovery window timing. Finally, upon detecting said different cluster, a security process is executed, which may warn the user or abort the connection sequence. Thereby, a malicious device trying to manipulate the connection sequence is detected.