A set of distance measurable encrypted feature vectors can be derived from any biometric data and/or physical or logical user behavioral data, and then using an associated deep neural network (“DNN”) on the output (i.e., biometric feature vector and/or behavioral feature vectors, etc.) an authentication system can determine matches or execute searches on encrypted data. Behavioral or biometric encrypted feature vectors can be stored and/or used in conjunction with respective classifications, or in subsequent comparisons without fear of compromising the original data. In various embodiments, the original behavioral and/or biometric data is discarded responsive to generating the encrypted vectors. In another embodiment, distance measurable or homomorphic encryption enables computations and comparisons on cypher-text without decryption of the encrypted feature vectors. Security of such privacy enabled embeddings can be increased by implementing an assurance factor (e.g., liveness) to establish a submitted credential has not been spoofed or faked.

This specification discloses devices and methods for a security concept that includes an immobile hardware token (e.g., a “wall token” that is fixed within a wall) which ensures that the more sensitive actions of electronic banking (e.g., money transfers of large sums to foreign bank accounts) can only be done from the account owner's home, but not from a remote place. However, other less sensitive (and lower security risk) actions can still be done from anywhere else. In some embodiments, the hardware token includes sensors to ensure that the token is not moved or tampered with, interfaces to provide distance bounding, and a crypto-processor to provide secure authentication. The distance bounding can be used to determine if the authentication device is in close proximity to the hardware token, which can in turn ensure that the authentication device is within the account owner's home.

System, methods, and other embodiments described herein relate to securing wireless communications for passive keyless entry (PKE) to an asset. In one embodiment, a method includes, responsive to acquiring sensor data about at least a surrounding environment of a vehicle that provides access according to wireless communications with a remote device, analyzing the sensor data to define operating conditions identifying security characteristics of the vehicle and interactions of the remote device with the vehicle. The method includes activating a countermeasure from an available group of countermeasures according to at least the operating conditions. The method includes wirelessly communicating, by the vehicle with the remote device, according to the countermeasure.

A mobile device securely communicates with an electronic device within an automobile. The mobile device transmits encrypted spatial state information and the electronic device provides commands to the automobile in response. Spatial state information may include location, motion, or the like. Commands to the automobile may include door unlock commands, remote start commands, horn honk commands, or the like.

Systems and methods include, responsive to a Wi-Fi client device providing a password for a zone of a Wi-Fi network, determining a status of the Wi-Fi client device; when the status is unknown, placing the client device in a holding area associated with the zone, wherein the client device is connected to the Wi-Fi network while in the holding area and has restricted access that is less than full access to the zone in an allowed zone; responsive to placing the client device in the holding area, causing a notification to an administrator that the client device is in the holding area; and with the client device in the holding area, one of moving the Wi-Fi client device to the allowed area, moving the client device to a rejected area for the zone, and leaving the client device in the holding zone, based on any input or lack thereof.

Systems and methods include, responsive to a Wi-Fi client device providing a password for a zone of a Wi-Fi network, determining a status of the Wi-Fi client device; when the status is unknown, placing the client device in a holding area associated with the zone, wherein the client device is connected to the Wi-Fi network while in the holding area and has restricted access that is less than full access to the zone in an allowed zone; responsive to placing the client device in the holding area, causing a notification to an administrator that the client device is in the holding area; and with the client device in the holding area, one of moving the Wi-Fi client device to the allowed area, moving the client device to a rejected area for the zone, and leaving the client device in the holding zone, based on any input or lack thereof.

Internet-of-things (IOT) devices can be identified based on specific behavioral patterns when their identification data is unknown. Previously identified IOT devices with similar behavioral patterns can be used as a baseline from which to compare data that is available about unknown IOT devices. For example, an IOT device can be pooled with a group of IOT devices based on the frequency with which they connect to a wireless network. Additionally, a confidence level of the unknown device being associated with the group of IOT devices can be generated based on such comparison data.

In accordance with one or more embodiments, aspects of the disclosure provide efficient, effective, and convenient ways of uploading and authenticating content. In particular, a user device may receive validating information from a wireless networking device. The user or client device may record a content item, and may insert a validation tag based on the validating information. The user or client device may then send the content item to the wireless networking device. The wireless networking device may receive the content item at a first location and may determine the validity of the content item based on the validating information. The user device may continually interact with wireless networking devices as it travels to continually upload content items while establishing the validity of the time and location of the content items.

A node server for autonomously authenticating a user is disclosed that comprises a node database for storing authentication data associated with the user and an authentication SDK configured to perform authentication using data from the node database. The node server also includes a node API for creating and maintaining the node server and for routing payment to a cloud service that is hosting the node server. A communication interface is configured to process communication with a user device, such that the user device is executing software associated with a user account. An access module is configured to permanently and irrevocably prevent access from external servers or devices not associated with a user account, after creation and activation of the node server.

It is provided a method for enabling access control for access to a physical space secured by a lock device. The method is performed in a security device and comprises the steps of: obtaining at least one image captured using a first camera of a portable key device, the at least one image being captured in a vicinity of the lock device; receiving a template decryption key from a lock device over a short-range communication link; obtaining a credential associated with the lock device; matching the at least one image with a plurality of templates, each template being associated with a lock device, which comprises obtaining the plurality of templates by decrypting encrypted templates using the template decryption key; and wherein a positive match is a necessary condition for opening the lock device.