Abstract: A device attestation server and method for attesting to the integrity of a mobile device is provided. An attestation request is sent from a mobile device to a device attestation server. The device attestation server runs an attestation method that is supported by the mobile device. The device attestation server creates an attestation token that includes a validation result and a plurality of attributes. The device attestation server sends the attestation token to the mobile device, which performs a validation method using the attestation token.

Abstract: Provisioning device certificates for electronic processors. One example method includes receiving a flashloader at the electronic processor. The method also includes validating the flashloader with the electronic processor. After validating the flashloader, the method includes receiving an encrypted provisioned key bundle at the electronic processor. The method also includes decrypting the encrypted provisioned key bundle with the electronic processor using a provisioning key to create a decrypted provisioned key bundle. The method further includes executing a provisioning process on the electronic processor using the decrypted provisioned key bundle.

Abstract: A method and mobile device for identifying a current user of the mobile device as a trusted user is provided. The mobile device determines that a current user of the mobile device is not the owner of the mobile device. The mobile device obtains a biometric sample of the current user and transmits an identification request message to a distributed identification system. The distributed identification system includes a group of mobile devices, each one that includes biometric data the owner of the device. The identification request message includes the biometric sample of the current user. If the biometric sample matches the sample of one of the mobile devices in the distributed identification system, that device sends an identity response to the originating mobile device. Upon receiving the identity response, the original mobile unit determines if the identity in the identity response matches a known identity of the mobile device, such as a member in the contact list.

Abstract: Provisioning device certificates for electronic processors. One example method includes receiving a flashloader at the electronic processor. The method also includes validating the flashloader with the electronic processor. After validating the flashloader, the method includes receiving an encrypted provisioned key bundle at the electronic processor. The method also includes decrypting the encrypted provisioned key bundle with the electronic processor using a provisioning key to create a decrypted provisioned key bundle. The method further includes executing a provisioning process on the electronic processor using the decrypted provisioned key bundle.

Abstract: System and method of providing administrative access to an endpoint server. In one example, the method includes receiving, at an admin server, a request for performing an admin operation on the endpoint server and a first portion of an admin key from a microservice server. The method also includes receiving, at the admin server, a second portion of the admin key. The method further includes generating, at the admin server, a copy of the admin key based at least in part on the first portion and the second portion of the admin key. The method also includes performing, via the admin server, the admin operation on the endpoint server using the copy of the admin key. The method further includes deleting the copy of the admin key on the admin server after performing the admin operation on the endpoint server.

Abstract: A method and is provided for obtaining a vetted certificate for a microservice in an elastic cloud environment. The microservice receives a one-time authentication credential. The microservice utilizes the one-time authentication credential to obtain a client secret. The microservice obtains an access token and CSR (Certificate Signing Request) attributes using the client secret and constructs a CSR utilizing the CSR attributes. The microservice requests a vetted certificate from a Certificate Authority (CA) and includes the access token and the CSR in the request. If the access token and the CSR pass vetting at the CA, the CA sends a vetted certificate to the microservice.

Abstract: A device attestation server and method for attesting to the integrity of a mobile device is provided. An attestation request is sent from a mobile device to a device attestation server. The device attestation server runs an attestation method that is supported by the mobile device. The device attestation server creates an attestation token that includes a validation result and a plurality of attributes. The device attestation server sends the attestation token to the mobile device, which performs a validation method using the attestation token.

Abstract: A method and apparatus for issuing an incident-issued credential for an incident area network. One embodiment provides an identity server including an electronic processor configured to receive an agency-issued credential and retrieve a first set of attributes from the agency-issued credential. The electronic processor is also configured to map the first set of attributes to a scope of a service available through an incident area network. The electronic processor is further configured to generate the incident-issued credential for the incident area network including the scope and issue the incident-issued credential to a user device.

Abstract: System and method of providing administrative access to an endpoint server. In one example, the method includes receiving, at an admin server, a request for performing an admin operation on the endpoint server and a first portion of an admin key from a microservice server. The method also includes receiving, at the admin server, a second portion of the admin key. The method further includes generating, at the admin server, a copy of the admin key based at least in part on the first portion and the second portion of the admin key. The method also includes performing, via the admin server, the admin operation on the endpoint server using the copy of the admin key. The method further includes deleting the copy of the admin key on the admin server after performing the admin operation on the endpoint server.

Abstract: A device, system and method for sharing sensor data is provided. A request to access sensor data is received at a receiver device, from a requestor device, the sensor data acquired by sensors associated with the receiver device. The receiver device determines a status of the receiver device. The receiver device determines, from the status of the receiver device, a subset of the sensor data to share with the requestor device. The receiver device determines one or more override contextual conditions associated with one or more of the requestor device and the receiver device. When the one or more override contextual conditions meets one or more override threshold conditions, the receiver device causes the subset of the sensor data to be shared with the requestor device.

Abstract: A method of enabling a lock screen of an electronic device operating an electronic device that includes an electronic processor and a display screen. The method includes receiving, by the electronic processor, a request to unlock the electronic device. The method further includes determining, by the electronic processor, an authentication state for the electronic device. The method further includes, determining, by the electronic processor, a lock screen authentication mode based on the authentication state, and displaying, on the display screen, a lock screen including the lock screen authentication mode. The electronic device includes a display screen and an electronic processor. The electronic processor is configured to receive a request to unlock the electronic device.

Abstract: An evidentiary electronic processor receives identifying data associated with respective ones of a plurality of communication devices associated with an incident. The evidentiary electronic processor determines an assignment status of each communication device using the respective identifying data. The assignment status indicates that a communication device is one of assigned to the incident, unassigned to the incident and associated with a first profile that is relevant to the incident, or unassigned to the incident and associated with a second profile that is irrelevant to the incident. The evidentiary electronic processor receives sensor data associated with the incident from a sending communication device out of the plurality of communication devices. The evidentiary electronic processor processes the sensor data based on a respective assignment status associated with the sending communication device.

Abstract: A method and apparatus for issuing an incident-issued credential for an incident area network. One embodiment provides an identity server including an electronic processor configured to receive an agency-issued credential and retrieve a first set of attributes from the agency-issued credential. The electronic processor is also configured to map the first set of attributes to a scope of a service available through an incident area network. The electronic processor is further configured to generate the incident-issued credential for the incident area network including the scope and issue the incident-issued credential to a user device.

Abstract: A method of enabling a lock screen of an electronic device operating an electronic device that includes an electronic processor and a display screen. The method includes receiving, by the electronic processor, a request to unlock the electronic device. The method further includes determining, by the electronic processor, an authentication state for the electronic device. The method further includes, determining, by the electronic processor, a lock screen authentication mode based on the authentication state, and displaying, on the display screen, a lock screen including the lock screen authentication mode. The electronic device includes a display screen and an electronic processor. The electronic processor is configured to receive a request to unlock the electronic device.

Abstract: A user interface for monitoring a number of parameters of a system includes an electronic display element and a display driver for controlling the electronic display element so as to display a data graph thereon. The data graph includes a bounded area divided into a plurality of segments, each segment representing one of the parameters; and a number of concentric portions formed in each segment, each concentric portion representing a state or value of the parameter represented by its corresponding segment. The display driver receives data representative of a current state or value of each of the parameters and indicates the current state or value of the parameters by marking the concentric portions that represent the current states or values.

Abstract: Methods and apparatus are provided for communicating a flow of packets with a requested quality of service. An exemplary method involves receiving a first packet of a flow, determining a first reference value for the packet flow identification field of the first packet using a key value, and facilitating the requested quality of service for the first packet when the received value of the packet flow identification field of the first packet matches the first reference value. The method continues by receiving a second packet of the flow, determining a second reference value for the packet flow identification field using the key value, and facilitating the requested quality of service for the second packet when the received value of the packet flow identification field of the second packet matches the second reference value.

Abstract: An apparatus for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration key to the first device based on the first identity token or user authentication. The first device generates and sends a collaboration credential based on the collaboration key to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract: A system for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration credential to the first device based on the first identity token or user authentication. The first device sends the collaboration credential generated by the server to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract: A network device is configured to authenticate a collaborative session between at least two communication devices. The network component receives an indication that at least two devices located within a predefined physical range are attempting to collaborate. The network component determines, based on the indication, that the two devices are authentic and that the two devices are attempting to collaborate. Responsive to determining that the two devices are authentic and attempting to collaborate, the network component determines that the two devices are authorized to collaborate and a level on which the two devices are authorized to collaborate. The network component sends an authorization response to at least one of the at least two devices, wherein if the two devices are authorized to collaborate the authorization response includes the level on which the two devices are authorized to collaborate.

Abstract: An apparatus for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration key to the first device based on the first identity token or user authentication. The first device generates and sends a collaboration credential based on the collaboration key to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.