Abstract: Methods and systems for an online charging service to selectively rejecting Charge Control Requests (CCRs) which it receives and which are associated with charging for the provision of telecommunication services when the online charging system is in an overload state are described.

Abstract: Provided herein are systems and methods for an efficient method of replicating share objects to remote deployments. For example, the method may comprise modifying a share object of a first account of a data exchange into a global object wherein the share object includes grant metadata indicating share grants to a set of objects of a database. The method may further comprise creating, in a second account of the data exchange, a local replica of the share object on the remote deployment based on the global object, wherein the second account is located in a remote deployment. The set of objects of the database may be replicated to a local database replica on the remote deployment and the share grants may be replicated to the local replica of the share object.

Abstract: Techniques for an application interaction platform are described. In at least some implementations, an instance of a first application can initiate a launch of an instance of a second application. In a scenario where the second application is a multiuser application, the second application can be launched as either a multiuser instance or a single user instance depending on a launch context. Implementations also enable communication among applications, such as to enable applications to exchange state information and modify their execution based on the information.

Abstract: A platform provides for developers of applications, such as devices, with natural language interfaces to configure the availability of vertical domain modules in applications. Modules can include grammars for parsing natural language expressions and interfaces to data sources. Third party developers can create modules with pricing models for their usage or access to their data. Device developers can browse or search available modules and test their performance for specific queries. The platform provides for devices users to access the chosen modules as configured by device developers and for charging and payment between users, application developers, and module developers.

Abstract: Systems and methods for automatically authenticating an incoming call are disclosed. In one implementation a method for automatically authenticating an incoming call includes receiving a call from a calling device. The call includes an identifier associated with the calling device. The method further includes receiving, separately from the call, authentication data associated with a device or a user, determining, using the identifier and the authentication data, that the authentication data is associated with the same calling device that initiated the call, verifying the authentication data, and based on a result of the verification, determining that the call is initiated by an authenticated device or user.

Abstract: Aspects of the present disclosure relate to wireless communication management. A set of sensor data can be collected by a first device paired to a second device using a wireless communication (WC) protocol. The set of sensor data can be analyzed to determine whether a rule for adjusting a WC activation threshold is satisfied, the WC activation threshold defining a distance at which the first device and second device are permitted to transfer data to each other. The WC activation threshold can be adjusted in response to determining that the rule for adjusting the WC activation threshold is satisfied.

Abstract: In certain aspects, a method for sending data over a bus comprises: calculating a parity check code for a new data code, wherein the new data code comprises a number of bits in the new data code; calculating a Hamming distance between the new data code and a prior data code; and if the Hamming distance is greater than half of the number of bits in the new data code: inverting the new data code and the parity check code to obtain an inverted new data code and an inverted parity check code; and sending the inverted new data code and the inverted parity check code to the bus.

Abstract: A method, computer system, and a computer program product for access control is provided. The present invention may include requesting a random gesture challenge, wherein the requested random gesture challenge includes an expected response associated with an authorized user. The present invention may include, in response to receiving a video data, determining whether the received video data includes a user response matching the expected response. The present invention may include determining whether a first heartbeat signal of a user matches a second heartbeat signal measured based on the received video data. The present invention may include, in response to determining a first match between the user response included in the received video data and the expected response and a second match between the first heartbeat signal and the second heartbeat signal, authenticating the user as the authorized user of the user device.

Abstract: Systems, methods and devices are provided for provisioning a computerized device. The system may include a distributor computer that is connected to the computerized device and is operable to receive a first digital asset and transmit it to the computerized device, a server that is connected to the distributor computer, and that transmits the first digital asset to the distributor computer when a first authorizing condition is met, the first digital asset being configured to cause the computerized device to become partially provisioned, and a provisioning controller that is connected to the distributor computer and that determines whether the first authorizing condition is met, the server transmits a second digital asset to the computerized device, and the computerized device is functional after the second digital asset is transmitted to the computerized device.

Abstract: Embodiments described herein disclose technology for verifying authorization of an application download. The system can receive from a device associated with a user, a request to download an application. In response to a first instance of the application being downloaded on the device, the system can assign a unique identifier to the first instance of the application. After the application is downloaded and prior to granting the person requesting the application download access to the first instance of the application, the system can request via the first instance of the application identification information and particular authentication information to verify that the person requesting the application download is authorized to do so. In response to verifying that the person requesting the application download is authorized, the unique identifier can be associated with the account, user and/or device to result in a verified download of the first instance of the application.

Abstract: Systems and methods for performing authentication may include encrypting, by a server computing system, a question based on a first password associated with a user and based on successful verification of user identification to generate an encrypted question; transmitting, by the server computing system, the encrypted question to a user computing system; receiving, by the server computing system, an encrypted response from the user computing system, the encrypted response associated with the encrypted question; decrypting, by the server computing system, the encrypted response based on the first password to generate a response; and establishing, by the server computing system, a login session with the user computing system based on successful verification of the response.

Abstract: A method for downloading a profile by a terminal and the terminal for performing the same are provided. The method includes acquiring information including an access token for transmitting a profile request to a profile server, transmitting a first message including the access token and a universal integrated circuit card (UICC) information of the terminal to the profile server, receiving a second message including a verification result from the profile server, and receiving a profile package corresponding to the access token from the profile server. The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for internet of things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology.

Abstract: An approach is disclosed that transmits a command from an initiating device, the command being directed to a target device and the initiating device is disconnected from the target device. The command is sent through any number of receiving devices to eventually be received by the target device with the other receiving devices being intermediate devices. The approach identifies a set of connectivity conduits between the receiving devices where at least one of the connectivity conduits is between one of the intermediate devices and the target device. The initiating device receives a confirmation from one of the intermediate device that the command was transmitted to the target device by the intermediate device.

Abstract: A system for a vehicle includes a modem and a telematics controller. The modem is configured to operate in a normal service mode in which the modem connects to a mobile network whenever possible according to a subscriber identity module (SIM) configuration of the modem, and in an emulated limited service mode in which the modem emulates network conditions of a limited service mode by refraining from providing data or voice connectivity outside of emergency services. The telematics controller is programmed to responsive to receipt of an indication to transition from the normal service mode to the limited service mode, wait for any active data or voice connections to the mobile network to terminate, and responsive to termination of any active data or voice connections to the mobile network, transition the modem from the normal mode to the emulated limited service mode.

Abstract: Methods and devices enable connecting devices to cellular networks using the devices' hardware identifiers. Subscriber records include a hardware identifier assigned when the devices are manufactured. A target hardware identifier included in an attachment request is associated with an International Mobile Subscriber Identity, IMSI, available to the cellular network if, according to subscriber records, the device is registered.

Abstract: A cryptowallet includes a microcontroller configured to communicate with a cryptowallet application running on a host; a touch display connected to the microcontroller and used to input a PIN code and a mnemonic seed for the cryptowallet for each cryptocurrency, and to output a destination address for a transaction and the mnemonic seed; a secure cryptoprocessor having storage and cryptographic logic. The storage stores a file system representing multiple cryptocurrencies. The file system is a tree that stores a private key for each cryptocurrency. The cryptowallet application is configured to communicate with a cryptocurrency network communication component, for carrying out transactions using the cryptocurrencies, that are authorized by using the private key upon providing the PIN code and the destination address of the transaction to the cryptoprocessor. The cryptographic logic implements cryptographic functions required by the cryptocurrencies.

Abstract: A false-touch-wakeup prevention apparatus touch sensing, proximity sensing, NAND logic, AND logic and application processing devices. First, second input ends and output end of the AND logic are coupled to the touch sensing device, an output end of the NAND logic device, and the application processing device, respectively; first and second input ends of the NAND logic are coupled to the proximity sensing device, and the application processing device, respectively; when an initial state of the application processing is standby, the second input end of the NAND logic device inputs a first input value; when the initial state of the application processing is wakeup, the second input end of the NAND logic device inputs a second input value different from the first input value.

Abstract: A method for operating a user equipment (UE) includes deriving security keys for a signaling radio bearer (SRB) in accordance with a first message received from an access node, initiating security for the SRB in accordance with the first message, receiving, from the access node, a second message including at least one security parameter for at least one data radio bearer (DRB), wherein the at least one security parameter is associated with a session that includes the at least one DRB, and wherein the second message is secured with the security keys for the SRB, and initiating security for the at least one DRB in accordance with the at least one security parameter.

Abstract: An application login password input method and a terminal, where the method includes, obtaining, by the terminal, biometric feature information of a user, determining, according to the biometric feature information, whether the user has login permission, obtaining voice information of the user, determining, according to the voice information after it is determined that the user has the login permission, password information corresponding to the voice information, and inputting the password information into a password input box of the application. Hence, in combination with the biometric feature information of the user, password information input security is ensured, password information input accuracy can be improved, an operation is easy and convenient, and burdens of the user can be reduced.

Abstract: A wireless network environment includes a plurality of access points, a wireless local area network (WLAN) controller, and a plurality of client devices. The client devices attempt to authenticate with the WLAN controller to gain access to wireless services provided by the WLAN controller and/or the access points. To authenticate with the WLAN controller, the WLAN controller obtains a request to establish a wireless network connection from one or more of the client devices. The WLAN controller then provides a response to the request. The response indicates whether the WLAN controller supports performing password-mapped simultaneous authentication of equals (SAE). The WLAN controller then obtains a message including a password-mapped identifier from the client device. The WLAN controller then establishes a connection with the client device based on the password obtained with password-mapped identifier mapping at WLC.

Abstract: Automatically detecting that a software application has received, over a network, advertising code that is configured to display an advertisement within the software application; intercepting the received advertising code; wrapping the intercepted advertising code with program code that is configured to: scan the advertising code for malicious content, and allow or prevent the display of the advertisement within the software application based on the scanning; delivering the wrapped advertising code to the software application as if the wrapped advertising code was received directly from the server, such that, when the wrapped advertising code is executed in the software application: the advertising code is scanned, and the display of the advertisement is allowed or prevented based on the scanning.

Abstract: The techniques provide a wireless communication carrier with the ability to efficiently add a device that is currently provisioned for a different carrier. Identification information is received for a mobile device to be switched from a first mobile network operator to a second mobile network operator. From a user interface executing on the mobile device, authorization is received to switch the mobile device. A token is generated that is usable to access unique identification data for an embedded Universal Integrated Circuit Card (eUICC) installed on the mobile device. Based in part on the tokens, subscription credentials are generated for accessing a mobile communications network operated by the second mobile network operator. Using the subscription credentials, the mobile device is provisioned to communicate on the mobile communications network operated by the second mobile network operator without further user input.

Abstract: In one aspect, the present disclosure relates to a method for method for efficient allocation of bandwidth in a wireless network. The method can include: identifying a plurality of network interfaces on a first user device; initializing a virtual network resource associated with the plurality of network interfaces; receiving, at the virtual network resource, data packets from an app executing on the first user device, the data packets destined for a remote device; sending a first portion of the data packets to the remote device via a first one of the plurality of network interfaces; and sending a second portion of the data packets to the remote device via a second one of the plurality of network interfaces. An aggregation platform can be configured to receive and reconstitute the first and second portions of the data packets, and to transmit the reconstituted data packets to the remote device.

Abstract: In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for binding a GET/AUTHORIZE URL to a proxy through a native application may include: (1) receiving, at a native application executed by an electronic device, an applink call or a universal link call from a third-party application executed by the electronic device, the redirect comprising at least one parameter; (2) providing a Get/Authorize call with the at least one parameter to an API gateway; (3) receiving a 302 redirect from the API gateway; (4) providing authentication information to an authorization platform; (5) receiving an authorization code from the authorization platform; and (6) redirecting the third-party application with the redirect URL and authorization code.

Abstract: Wireless network specific (WN-specific) key can be used to provide access protection over the radio access link. A WN-specific key may be associated with (or assigned to) a wireless network, and distributed to access points of the wireless network, as well as to user equipments (UEs) following UE authentication. The WN-specific key is then used to encrypt/decrypt data transported over the radio access link. The WN-specific key can be used in conjunction with the UE-specific keys to provide multi-level access protection. In some embodiments, WN-specific kays are shared between neighboring wireless networks to reduce the frequency of key exchanges during handovers. Service-specific keys may be used to provide access protection to machine to machine (M2M) services. Group-specific keys may be used to provide access protection to traffic communicated between members of a private social network.

Abstract: Secure operations are performed on encrypted code. A processor in a first operating mode obtains encrypted code. The processor switches from the first operating mode to a second operating mode, and decrypts the encrypted code to obtain decrypted code. The decrypted code is executed, based on the processor being in the second operating mode, to provide a result. The result is encrypted, and the encrypted result is sent to a user, based on the processor switching back to the first operating mode.

Abstract: There is provided mechanisms for obtaining initial cellular network connectivity. A method is performed by a terminal device. The method comprises obtaining an activation code for a network subscription and MNO specific information. The method comprises identifying at least one MNO from the MNO specific information. The method comprises wirelessly authenticating with an MNO node of one of the at least one identified MNO by using the MNO specific information to obtain the initial cellular network connectivity.

Abstract: An IoT network management method and an IoT network server and a terminal applying the same are provided. According to the IoT network management method, when a network joining request is received from the terminal, the IoT network server determines whether to allow the corresponding terminal to join, and, when an environment configuration request is received from the terminal, the IoT network server transmits environment configuration information which is information regarding a communication environment of the corresponding terminal. Accordingly, the terminal and the IoT network server can efficiently manage a network while following the LoRaWAN standards, and also, can change a network path to an effective network path when the surrounding network environment changes or a gateway breaks down, and can achieve stable data transmission by minimizing a data collision between large-scale facilities within a predetermined distance.

Abstract: The disclosed technology includes a method and system for preventing or reducing cyber-attacks in a 5G network. The system can register a connected device with the 5G network, monitor the connected device by the computing device associated with the 5G network, and detect or determine that the connected device is at risk of a cyber-attack based on one or more conditions. The conditions can include detecting that the connected device is obsolete or unmaintained, the connected device fails to respond to status checks, or a service provider associated with the connected device is not supporting the connected device or is out of business. In response to detecting or determining that the connected device is at risk of the cyber-attack, the system can deauthorize the connected device.

Abstract: A vehicle network system employing a controller area network protocol includes a bus, a first electronic control unit, and a second electronic control unit. The first electronic control unit transmits, via the bus, at least one data frame including an identifier relating to data used for a calculation for obtaining a message authentication code indicating authenticity of transmission content. The second electronic control unit receives the at least one data frame transmitted via the bus and verifies the message authentication code in accordance with the identifier included in the at least one data frame.

Abstract: The disclosed technology is generally directed to smart contract technology. In one example of the technology, responsive to a smart contract subscription request from a requestor to a first smart contract, a registry entry is added to a first smart contract registry such that the added registry entry includes requestor information associated with the requestor, and subscription information associated with at least one exposed interface of the first smart contract. Responsive to a change occurring that is associated with at least one exposed interface of the first smart contract, based on the registry, any subscribers to the first smart contract that have a subscription to which the change pertains are determined. Responsive to determining subscribers to the first smart contract that have a subscription to which the change pertains, the determined subscribers are caused to be notified of the change.

Abstract: There are provided measures for venue owner-controllable per-venue service configuration. Such measures could comprise configuring a per-venue service model of services of a network operator for terminal devices of subscribers of the network operator on the basis of an input by a venue owner of a venue, the per-venue service model including at least one configurable parameter for defining a venue-based service for terminal devices of subscribers residing in a specified venue area of the venue, and controlling provision of services of the network operator to terminal devices or subscribers of terminal devices in accordance with the per-venue service model depending on applicability thereof for the service provision.

Abstract: An access control system includes a first controller having a first antenna interface for broadcasting identifying data to local devices, for receiving ephemeral ID signals, token signals or payload data from local devices, and a first processor for determining a first authentication when an ephemeral ID signal or a token from a first local device is determined to be valid, for determining a second authentication when an ephemeral ID signal or a token from a second local device is determined to be valid, and for instructing a peripheral to perform a user-perceptible action in response to the first authentication, and a second controller coupled to the first controller having a second processor for receiving payload data for the second local device in response to the second authentication, and a second antenna interface for outputting at least a portion of the payload data to the remote server in response to the second authentication.

Abstract: A method of controlling screen lock and a mobile terminal employing the same is provided. The mobile device includes a User Interface (UI) for setting a screen unlock mode using a wireless device other than the mobile terminal and stores IDentifier (ID) information of the wireless device designated by the UI corresponding to the screen unlock mode. The mobile terminal is capable of detecting a wireless device. After the ID information of the wireless device is stored, if the wireless device is detected by the mobile terminal and ID information of the detected wireless device is identical to the stored ID information, the mobile terminal controls not to display an unlock requesting screen when the display unit of the mobile terminal is turned on.

Abstract: Systems and methods of managing payments for services or products are disclosed. Billing system data is extracted or accessed to provide business intelligence and. Visit charges from multiple billing systems can be aggregated to guarantor accounts within or across multiple billing systems and provide a single statement of charges for a given time period. Accounts are accessible online. Accounts can be linked to delegate management authority of a first guarantor's account to a second (manager) guarantor. Visit charges for linked accounts are included in the manager guarantor's statement an online access. Open charges balances can be brokered or transferred to a new asset holder. Pre-determined payment options can be configured by a provider, asset holder, and/or potential asset holder. The pre-determined payment options can include an option for financing a balance. A configurable financing option may enable a guarantor to request terms and receive automatic approval, subject to authorized terms.

Abstract: The disclosure relates to, among other things, systems and methods for facilitating the secure recording and use of assertions made by entities regarding other entities. Embodiments of the disclosed systems and methods provide mechanisms to make assertions in an authentic and authoritative manner and enable discovery and reliance on those assertions using trusted distributed ledgers and/or derivatives of the same. Various embodiments may be used in connection with establishing security associations and/or secure communication channels between entities and/or the secure management of governed electronic resources.

Abstract: Content visibility on a computing device is controlled based at least in part on the proximity of a wearable device to the computing device. When the wearable device is in close proximity to the computing device and the computing device is unlocked, the computing device operates in a full content visibility mode. In the full content visibility mode all user-selectable content on the computing device is displayed. When the wearable device is not in close proximity to the computing device and the computing device is unlocked, the computing device operates in a reduced content visibility mode. In the reduced content visibility mode content visibility on the computing device screen is reduced, such as by limiting which applications (e.g., application icons or widgets) are displayed.

Abstract: A system and method for secure authentication of user entity and user entity device identity. The system and method described herein allows an identity to be continuously proven because of user entity's behavior and their biometrics. With all the fraud and risk that exists today, if someone has a user entity's driver's license they can do a lot of harm. By tying a user entity's identity to their user entity device (e.g., a mobile smartphone), then when a user entity enters a location (e.g., airport, hotel, bank), the user entity device announces through a wireless “I Am Here” signal which starts a process of continuous authentication while the user entity device interacts with the services offered by the location.

Abstract: Various embodiments are disclosed for a services policy communication system and method. In some embodiments, a communications device stores a set of device credentials for activating the communications device for a service on a network; and sends an access request to the network, the access request including the set of device credentials.

Abstract: A social network data processing and profiling system analyzes messages from a plurality of social networks to identify bad content and users posting bad content. The messages analyzed include primary posts and secondary messages which are posted in response to the primary posts. Keywords are initially obtained from the messages via applying content processing techniques. The keywords are used to categorize the messages into one or more of a plurality of categories. Sentiments are extracted from the messages. The messages are scored based at least on the contents and sentiments of the messages in addition to the actions represented by the messages if the messages are secondary messages. Messages with non-zero scores are aggregated to identify trends in the social networks and to identify users posting the messages.

Abstract: There is provided mechanisms for handling a reconfiguration request for a communications device. A method is performed by the communications device. The method comprises wirelessly receiving the reconfiguration request from a radio access network node. The reconfiguration request originates from a server and is received together with digitally signed radio access layer information of the radio access network node. The method comprises verifying the digitally signed radio access layer information using an authorization process. The method comprises accepting the reconfiguration request only when having successfully verified the digitally signed radio access layer information.

Abstract: Methods and apparatus to calibrate media ratings based on return path data are disclosed. An apparatus includes a processor and memory including instructions that, when executed, cause the processor to: determine an initial rating for the media provided in a first geographic area based on return path data (RPD) tuning information obtained from RPD devices in subscriber households in the first geographic area; determine a first panelist rating for the media provided in a second geographic area based on first panel tuning information obtained from first metering devices in a first subset of panelist households in the second geographic area; determine a nonsubscriber calibration factor based on the first panelist rating; and determine a final rating for the media in the first geographic area by modifying the initial rating based on the nonsubscriber calibration factor.

Abstract: A mobile wallet computer system coupled to a merchant computer system and a mobile device associated with a user includes one or more processors coupled to one or more non-transitory memory devices. The one or more non-transitory memory devices include instructions stored therein that are executable by the one or more processors to cause operations including receiving, from the mobile device, a request to perform a transaction between the user and a merchant associated with the merchant computer system. The operations also include generating and providing to the mobile device a code comprising mobile wallet account information associated with the user. The operations also include receiving, from the merchant computer system, the code, bank account information associated with the merchant, and a purchase amount associated with the transaction. The operations also include authenticating the transaction between the user and the merchant by decoding the code.

Abstract: Disclosed are systems and methods for passively authenticating users of a native application running on a mobile communications device. The user may be applying for a service, product, access, etc. from a provider computing system. A unique device identifier of the device may be acquired and provided to a first computing system. A mobile telephone number associated with the device may be received at the device. User information may be accepted from the user via a user interface of the device for entry into a set of fields. The mobile telephone number may be verified by determining, via a second computing system that is different from the first computing system, that the mobile telephone number is associated with the user information. The service/product/access for the user may be approved in response to verification of the mobile telephone number. The user may be authenticated without challenge questions.

Abstract: Aspects of the disclosure provide for mechanisms for booting and operating a computing device at a target location. A method of the disclosure includes: checking, using a first near-field communication (NFC) device associated with a computing device, presence of a second NFC device; in response to detecting the presence of the second NFC device, acquiring credential information from the second NFC device; performing a validation process to authenticate the second NFC device using the credential information; and performing a process for the computing device in response to authenticating the second NFC device. In some embodiments, the process may include a boot process for booting the computing device.

Abstract: Systems and methods for displaying one or more submissions are described. One such exemplar method includes: (i) accepting, from a client device associated with a reviewer, a representation of the reviewer's presence at a represented location; (ii) receiving location coordinates of a location-enabled device when the reviewer represents being present at the represented location and the location-enabled device is proximate and/or in possession of the reviewer; (iii) deeming the reviewer as an authorized reviewer of the represented location if the location coordinates of the location-enabled device are within a predefined threshold area around the represented location when the reviewer represents being present at the represented location; and (v) causing to be displayed, on one or more of the client devices, one or more submissions relating to the represented location received from the authorized reviewer of the represented location.

Abstract: A method for virtual subscriber identity module (SIM) sharing. The method can include a service provider receiving a request including service details from a first UE. The service provider can verify the request and then generate a first SIM over-the-air (OTA) message. The first virtual SIM-OTA message can be sent to the first UE and causes the first UE to dynamically provision a virtual SIM. The service provider can also generate and transmit a first unique identifier to the first UE. The method can further include the service provider receiving a second unique identifier from a second UE. After determining the first unique identifier matches the second unique identifier, the service provider can generate and transmit a second SIM-OTA message to the second UE. The service provider can then provide the service to the first UE and second UE according to the service details.

Abstract: Various embodiments of a technique to securely process and transfer a token in a distributed chain database are described herein. The technique includes receiving a valid call to a transfer function to execute a transfer, intercepting the transfer function call and routing a check function to an authorization service that is executed on a chain database, and determining in the authorization service whether the transfer is authorized. The authorization service includes a state that is controlled by a process that is executed off the chain database and returns a value that indicates whether the transfer can proceed. The system then determines whether to validate or invalidate the transfer in response to the returned value.

Abstract: Systems and methods for improved security authentication are disclosed. In some embodiments, an improved system for security authentication may include a plurality of computing devices, and a server system communicatively coupled to the plurality of computing devices. The server system may be configured to receive a request for security authentication, determine an authorization providing computing device from among the plurality of computer devices based on authentication preferences stored in a database communicatively coupled to the server system, generate and transmit authentication information to the determined authorization providing computing device, receive, from an initiating computing device an authentication input, determine whether the received authentication input matches the transmitted authentication information, and complete the request for security authentication when the received authentication input matches the generated and transmitted authentication information.

Abstract: A wearable device enables access to VPN endpoint devices for secure data communication and privacy for a computing device. The wearable device stores VPN configuration information for a user, which includes the user's VPN credentials for each of one or more remote VPN endpoint devices. When the wearable device is in close proximity to a computing device and is being worn by a user that is authenticated to at least one of the wearable device and the computing device, the wearable device communicates the configuration information to the computing device. The computing device can then use this VPN configuration information to establish a VPN connection to a VPN endpoint device.