A computing device determines whether or not to authorize a network request. In particular, responsive to the computing device receiving the network request from a mobile device, the computing device controls a plurality of light fixtures to each optically transmit a respective challenge code. The computing device approves or rejects the network request based respectively on whether or not a group of the challenge codes is received from the mobile device, each challenge code in the group being optically receivable at a location authorized for approving the network request.

A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag (308) is enabled to generate a Tag Authentication Cryptogram (TAC) and include the TAC in a data signature transmitted (S305) to a reading device (304). The data signature can be forwarded by the reading device (304) to an authentication service (340) that will issue a valid signature certificate (S309) if the TAC is determined to be unique and correct. Upon receiving the valid signature certificate, the reading device (304) can validate other data read from the smart tag (308) based on the increased trust relationship between the smart tag (308) and reading device (304).

Providing secure radio information transfer over a mobile radio bearer by generating one or more secret keys, applying symmetric encryption to unencrypted radio information to generate encrypted radio information, applying a keyed hash operation to the unencrypted radio information using the generated one or more secret keys to generate a message digest, and transmitting both the encrypted radio information and the message digest over a network.

A device, system, and method gives temporary control of a user device using location based grants. The method performed by a control server of a third party is performed when the user device is in a predetermined area. The method includes transmitting authentication data to the user device, the authentication data configured to authenticate the third party to the user device, the predetermined area being associated with the third party. The method includes receiving a request from the user device for command data, the command data configured to be executed on the user device to provide the third party with a limited control over the user device while the user device remains in the predetermined area. The method includes transmitting the command data to the user device.

A current operating system that is stored in a persistent storage circuit of a secure element is replaced by receiving a set of migration rules that specify changes to a set of data object types. Based upon the set of migration rules, a migration engine identifies data objects stored in a persistent storage circuit and corresponding to the set of data object types. For each of the identified data objects: a subset of the migration rules are selected that correspond to a data object type that corresponds to a particular data object, and based upon the selected subset, the particular data object is transformed. A new operating system can then be enabled.

Authenticating a secure session between a first user entity and an identity provider using a second user entity. The method receiving a request for a session from an entity that purports to be the first user entity. The method further includes sending authentication context from the request, and wherein the authentication context for the request arrives at the second user entity. The method further includes receiving an indication that the authentication context has been verified. As a result, the method further includes authenticating a secure session between a first user entity and an identity provider or approving a secure transaction.

A method of protecting a secret may include, by a client electronic device, identifying a secret, identifying a unique identifier associated with the secret, splitting the secret into shares so that the secret can only be reconstructed with an authorized subset of shares, identifying a share from the plurality of shares to store, and identifying a unique identifier associated with the identified share. A short range communication receiver of the client electronic device may detect a presence of a target electronic device, where the target electronic device is operating in a discoverable mode by using a short range communication transmitter to broadcast a signal within a communication range of the short range communication receiver. The short range communication transmitter of the client electronic device may transmit the identified share, the unique identifier associated with the secret, and the unique identifier associated with the identified share to the target electronic device.

A method and apparatus for controlling connection between devices includes detecting a first device, determining whether the first device is included in a device list, obtaining information related to the first device from a second device, and establishing a connection with the first device based on the information from the second device.

In accordance with an example aspect of the present invention, there is provided an apparatus comprising at least one receiver configured to receive, via a first channel, a secret value and an identifier of a local node and, via a second channel, a random value, and at least one processing core configured to cause transmission to the local node of a first message comprising a hash value, the hash value being derived based on a set comprising the secret value, the random value, and an instruction.

A security key device, a security authentication system, and a security authentication method are provided. The security key device includes a communication module, a security processing unit, and a processing unit. The security processing unit executes an authentication module, a bridge module, and a management module. The authentication module is configured to operate according to a Fast IDentity Online protocol. The management module is configured to operate according to a Public Key Infrastructure protocol. The authentication module receives through the communication module an input command provided based on the Fast IDentity Online protocol by a web authentication module of a browser executed by an electronic device. According to a header of the input command, the authentication module determines that the input command is used to be executed by the authentication module or used to access the management module through the bridge module.