This disclosure describes systems and techniques for using controlling access to user information using ephemeral user identifiers. In one aspect, a method includes determining, for a given domain, engagement by a user with content provided by the given domain for display by an application at a client device of the user. A determination is made, based on the engagement by the user, to extend, for the given domain, a linkage between user identifiers for a user of the application. In response to determining to extend, for the given domain, the linkage between the user identifiers for the user of the application, one or more future domain-specific ephemeral user identifiers for the user and the given domain are obtained. An attestation record that includes a current domain-specific ephemeral user identifier and the one or more is generated and sent to the given domain.

A tracking device stores identification values unique to the tracking device for use in authenticating the tracking device. When activated, the tracking device provides a first identification value to a first owner and a different identification value to a tracking system. The identification of the tracking device can only be authenticated by combining the identification values given to the owner and tracking system. If a second owner resets the tracking device, the tracking device stores a second version the identification values for use in authenticating the tracking device. In the case that the second owner is illegitimate, (for instance, the tracking device is stolen by the second owner) the first owner can report the tracking device stolen. Upon being reported stolen, the identification value provided to the first owner is transmitted to the tracking system for use with the tracking system identification value to authenticate the first owner, enabling the first owner to locate and recover their stolen device.

A tracking device stores identification values unique to the tracking device for use in authenticating the tracking device. When activated, the tracking device provides a first identification value to a first owner and a different identification value to a tracking system. The identification of the tracking device can only be authenticated by combining the identification values given to the owner and tracking system. If a second owner resets the tracking device, the tracking device stores a second version the identification values for use in authenticating the tracking device. In the case that the second owner is illegitimate, (for instance, the tracking device is stolen by the second owner) the first owner can report the tracking device stolen. Upon being reported stolen, the identification value provided to the first owner is transmitted to the tracking system for use with the tracking system identification value to authenticate the first owner, enabling the first owner to locate and recover their stolen device.

This document describes methods, devices, systems, and means to ensure end-to-end encryption of location information that is forwarded through a potentially untrustworthy cloud service that serves to forward the location information from a sighting device to an owner of a sighted device. The end-to-end encryption of location information preserves the privacy of location information that is provided by sighter devices that are not associated with the owner as the location information traverses network nodes from the sighter to the owner.

The present disclosure relates to credential management for mobile devices that can be used for access to secured physical environments. One aspect comprises a computer implemented method comprising a mobile computing device: receiving, from a server system, and storing, on the mobile computing device: one or more application sequence counter values, one or more limited use credentials (LUCs), each LUC being bound to a corresponding one of the application sequence counter values; one or more emergency credentials, and an account token; subsequently receiving an authentication request from a terminal; in response to receiving the authentication request, determining that no LUC is available for fulfilling the request; and in response to determining that no LUC is available for fulfilling the request: transmitting, to the terminal, the account token and an application cryptogram generated from an emergency credential of said one or more emergency credentials; and updating a current application sequence counter.

The present disclosure relates to credential management for mobile devices that can be used for access to secured physical environments. One aspect comprises a computer implemented method comprising a mobile computing device: receiving, from a server system, and storing, on the mobile computing device: one or more application sequence counter values, one or more limited use credentials (LUCs), each LUC being bound to a corresponding one of the application sequence counter values; one or more emergency credentials, and an account token; subsequently receiving an authentication request from a terminal; in response to receiving the authentication request, determining that no LUC is available for fulfilling the request; and in response to determining that no LUC is available for fulfilling the request: transmitting, to the terminal, the account token and an application cryptogram generated from an emergency credential of said one or more emergency credentials; and updating a current application sequence counter.

There is provided an authentication method and system where protection of user equipment (UE) privacy and network security can be improved. The system includes a third party communicatively trusted by and connected to the UE and one or more network entities, the third party configured to obtain identity information indicative of identity of the UE or the network entities and verify the UE and the network entities on whether the UE and the network entities are authorized to perform communications in the communication network. The third party is further configured to create mapping information, the mapping information including mappings between each identity indicated by the identity information and a respective temporary authentication identifier (ID) and according to the mapping information, transmit the respective temporary authentication ID to each of the UE and the network entities that are verified successfully by the third party. The system further includes the one or more network entities to which the UE is authenticated to access, each of the network entities configured to communicate with the UE or other network entities based on their respective temporary authentication ID.

Described herein are embodiments that provide out-of-band authentication for vehicular communications using Joint Automotive Radar Communications (“JARC” if singular, “JARCs” if plural). A method includes receiving, by a directional radio of a connected vehicle, a directional communication having a payload that includes the first temporary identifier and sensor data for a purported transmitter of the directional communication. The method includes initiating, by the directional radio and a radar of the connected vehicle, a set of JARCs with the purported transmitter to determine an authenticity status of the first temporary identifier. The method includes executing a vehicular action for the payload of the directional communication responsive to the authenticity status.

Described herein are embodiments that provide out-of-band authentication for vehicular communications using Joint Automotive Radar Communications (“JARC” if singular, “JARCs” if plural). A method includes receiving, by a directional radio of a connected vehicle, a directional communication having a payload that includes the first temporary identifier and sensor data for a purported transmitter of the directional communication. The method includes initiating, by the directional radio and a radar of the connected vehicle, a set of JARCs with the purported transmitter to determine an authenticity status of the first temporary identifier. The method includes executing a vehicular action for the payload of the directional communication responsive to the authenticity status.

A method for managing a wireless connection of an electronic device, and apparatus for supporting same are provided. The electronic device may comprise a communication circuit, at least one processor, and a memory. The at least one processor is configured to: based on detection of a first event associated with an external device, identify first information relating to Bluetooth usage of the electronic device and second information relating to a wireless network resource state; determine a number of connectable devices, based on the first information and the second information; identify state information of one or more external devices registered in the electronic device; determine a priority of the one or more external devices, based on the state information; determine at least one external device, from among the one or more external devices, as a device to be connected, based on the number of connectable devices and the priority; and control the communication circuit to connect a channel with the at least one external device determined as the device to be connected.