Abstract: A vehicle may include rear ground traction members, front ground traction members, a rear drive system to drive the rear ground traction members, a continuously variable speed front drive system to drive the front ground traction members and a controller. The variable speed front drive system may include a hydraulic pump, a hydraulic motor driven by the hydraulic pump and operably coupled to the front ground traction members by a planetary gear assembly. The planetary gear assembly may include a sun gear coupled to and driven by the hydraulic motor, a ring gear operably coupled to the rear ground traction members and a planet carrier carrying planet gears intermeshing between the ring gear and the sun gear. The planet carrier has an output shaft operably coupled to the front ground traction members. At least one sun brake is actuatable by the controller to retard rotation of the sun gear.

Abstract: A method, computer system and computer program product for authenticating a transaction is provided. A service provider receives a transaction between a user and a website displayed on a first device. The service provider identifies a first geolocation of the first device. The service provider generates a code for display on the first device. The service provider receives credential information to identify the user and the code from a second device. The service provider identifies a second geolocation of the second device, and determines a level of risk for the transaction based at in part on the first geolocation and the second geolocation. In response to the level of risk being an acceptable level of risk, the service provider authenticates the user. The service provider generates information to enable the user on the first device to perform the transaction with the website, and sends the information to the website.

Abstract: A middlebox includes at least one processor and a memory storing one or more executable instructions that, when executed by the least one processor, cause the at least one processor to receive, from a server, a middlebox key that includes an indication of a lifetime of the middlebox key, receive, from a client device, one or more data packets including encrypted header data and a client device identifier, and determine whether to permit a transmission of the one or more data packets to the server or prevent a transmission of the one or more data packets to the server based on the middlebox key, the encrypted header data, and the client device identifier.

Abstract: A middlebox includes at least one processor and a memory storing one or more executable instructions that, when executed by the least one processor, cause the at least one processor to receive, from a server, a middlebox key that includes an indication of a lifetime of the middlebox key, receive, from a client device, one or more data packets including encrypted header data and a client device identifier, and determine whether to permit a transmission of the one or more data packets to the server or prevent a transmission of the one or more data packets to the server based on the middlebox key, the encrypted header data, and the client device identifier.

Abstract: A method includes executing a mobile threat detection function to determine whether an electronic device is corrupt. The method also includes when determining that the electronic device is not corrupt, identifying whether an encrypted user key (UKc-Enc) is stored in the electronic device. The method further includes when the UKc-Enc is not stored in the electronic device, decrypting an application key (AKc) and transmitting the AKc and a unique universal identifier (UUID) that is associated with the application to a gateway for establishing a secure application specific communication channel between the electronic device and the gateway. In addition, the method includes when the UKc-Enc is stored in the electronic device, decrypting the UKc-Enc to form a user key (UKc), extracting a UUID from the UKc, and transmitting the UUID from the UKc to the gateway for establishing the secure application specific communication channel between the electronic device and the gateway.

Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.

Abstract: A method includes executing a mobile threat detection function to determine whether an electronic device is corrupt. The method also includes when determining that the electronic device is not corrupt, identifying whether an encrypted user key (UKc-Enc) is stored in the electronic device. The method further includes when the UKc-Enc is not stored in the electronic device, decrypting an application key (AKc) and transmitting the AKc and a unique universal identifier (UUID) that is associated with the application to a gateway for establishing a secure application specific communication channel between the electronic device and the gateway. In addition, the method includes when the UKc-Enc is stored in the electronic device, decrypting the UKc-Enc to form a user key (UKc), extracting a UUID from the UKc, and transmitting the UUID from the UKc to the gateway for establishing the secure application specific communication channel between the electronic device and the gateway.

Abstract: A method includes executing a mobile threat detection function to determine whether an electronic device is corrupt. The method also includes when determining that the electronic device is not corrupt, identifying whether an encrypted user key (UKc-Enc) is stored in the electronic device. The method further includes when the UKc-Enc is not stored in the electronic device, decrypting an application key (AKc) and transmitting the AKc and a unique universal identifier (UUID) that is associated with the application to a gateway for establishing a secure application specific communication channel between the electronic device and the gateway. In addition, the method includes when the UKc-Enc is stored in the electronic device, decrypting the UKc-Enc to form a user key (UKc), extracting a UUID from the UKc, and transmitting the UUID from the UKc to the gateway for establishing the secure application specific communication channel between the electronic device and the gateway.

Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.

Abstract: A method, a computer system, and a computer program product for authenticating a transaction are provided. An authentication system receives the transaction over a particular channel of a plurality of support channels. A risk score is determined for the transaction based on a number of contextual risk factors. An authentication scheme is determined from a number of authentication schemes for authenticating an identity of the user within an authentication context. The authentication scheme is determined based on the particular channel and the risk score. In response to successfully authenticating the identity of the user within the authentication context, the authentication system determines whether the transaction is a permitted transaction based on an assurance level associated with the authentication context. In response to determining that the transaction is the permitted transaction, the transaction is authenticated.

Abstract: A method includes executing a mobile threat detection function to determine whether an electronic device is corrupt. The method also includes when determining that the electronic device is not corrupt, identifying whether an encrypted user key (UKc-Enc) is stored in the electronic device. The method further includes when the UKc-Enc is not stored in the electronic device, decrypting an application key (AKc) and transmitting the AKc and a unique universal identifier (UUID) that is associated with the application to a gateway for establishing a secure application specific communication channel between the electronic device and the gateway. In addition, the method includes when the UKc-Enc is stored in the electronic device, decrypting the UKc-Enc to form a user key (UKc), extracting a UUID from the UKc, and transmitting the UUID from the UKc to the gateway for establishing the secure application specific communication channel between the electronic device and the gateway.

Abstract: An apparatus includes a computing system that is configured to receive, from an electronic device, a verification message indicating that the electronic device is not corrupt. The computing system is also configured to receive, from the electronic device, a unique universal identifier (UUID) that is associated with an application stored in a memory of the electronic device. The computing system is further configured to receive, from a management server of the one or more management servers, a server key stored in a credential store and that is associated with the UUID received from the electronic device. In addition, the computing system is configured to establish one or more secure channels for electronic data communication with the electronic device based on the received UUID and the server key.

Abstract: A method for leveraging a secure communication channel between a first agent and a second agent to authenticate an activity outside of the secure communication channel. The method includes receiving with the first agent a communication request through an insecure channel from the second agent. The method further includes receiving with the first agent an indicator of a relative identity relationship from the second agent. The method further includes sending with the first agent a request to authenticate the activity outside of the secure communication channel to the second agent. The method further includes authenticating the activity outside of the secure communication channel using the secure communication channel.

Abstract: Techniques are disclosed for making an electronic document easier to use based on prior interactions with the same or a similar document by other users. An electronic document is presented to one or more users in an interactive environment. Interactions between the users and the document can be recorded as usage data. The usage data may represent one or more operations performed on the electronic document by the users. Based on the usage data, an enhanced user interaction feature associated with the document is configured. The electronic document and the enhanced user interaction feature are then presented to another user in another interactive environment. The enhanced user interaction feature makes using the document easier than it would be if the feature was not present, particularly for users who are unfamiliar with the document.

Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.

Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.

Abstract: An apparatus includes a computing system that is configured to receive, from an electronic device, a verification message indicating that the electronic device is not corrupt. The computing system is also configured to receive, from the electronic device, a unique universal identifier (UUID) that is associated with an application stored in a memory of the electronic device. The computing system is further configured to receive, from a management server of the one or more management servers, a server key stored in a credential store and that is associated with the UUID received from the electronic device. In addition, the computing system is configured to establish one or more secure channels for electronic data communication with the electronic device based on the received UUID and the server key.

Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.

Abstract: A middlebox includes at least one processor and a memory storing one or more executable instructions that, when executed by the least one processor, cause the at least one processor to receive, from a server, a middlebox key that includes an indication of a lifetime of the middlebox key, receive, from a client device, one or more data packets including encrypted header data and a client device identifier, and determine whether to permit a transmission of the one or more data packets to the server or prevent a transmission of the one or more data packets to the server based on the middlebox key, the encrypted header data, and the client device identifier.

Abstract: A method for leveraging a secure communication channel between a first agent and a second agent to authenticate an activity outside of the secure communication channel. The method includes receiving with the first agent a communication request through an insecure channel from the second agent. The method further includes receiving with the first agent an indicator of a relative identity relationship from the second agent. The method further includes sending with the first agent a request to authenticate the activity outside of the secure communication channel to the second agent. The method further includes authenticating the activity outside of the secure communication channel using the secure communication channel.