Abstract: A method operates a server that is coupled to a network controlling door actuators at physical geo-locations. The server receives through a wireless communication network a request to enable physical access at a portal using a secure channel and a geo-location estimate from a mobile device. A circuit of the mobile device receives radio signal magnitude, phase, and power from at least one transmitter and authentication input from a user interface. Dual secured communications paths protect the server on its separately provisioned request channel and actuator command channel. Each legacy electronically controlled access portal is enabled to support smartphones without installing a replacement multi-band radio frequency reader at the geo-location.

Abstract: A personal electronic device enables access to and occupancy of a secure space by providing measures of behaviors, personal attributes, history of transactions and movements that are used to validate continuous authentication and authorization of the device's possessor. This addresses the vulnerability of a misplaced, lost, or stolen electronic credential. An anchor point is a physical measurement of personal physical identity such as voice recognition, fingerprint, iris scan, chemistry, or other biometric. Continuity from an anchor point is measured by GPS way points, financial transactions at familiar vendors, outgoing text messages or passphrases, gait analysis, heart rate, EKG rhythm, or transit time. A request for access is presented upon a challenge based on proximity to a portal location. A digital credential is used to encrypt two or more of the continuity milestones and an anchor point which can be matched against a previously stored or dynamically generated expected value.

Abstract: A method operates a server that is coupled to a network controlling door actuators at physical geo-locations. The server receives through a wireless communication network a request to enable physical access at a portal using a secure channel and a geo-location estimate from a mobile device. A circuit of the mobile device receives radio signal magnitude, phase, and power from at least one transmitter and authentication input from a user interface. Dual secured communications paths protect the server on its separately provisioned request channel and actuator command channel. Each legacy electronically controlled access portal is enabled to support smartphones without installing a replacement multi-band radio frequency reader at the geo-location.

Abstract: An unattended physical delivery access control system includes a wireless mobile agent which journeys from multiple supply originations to many unattended delivery destinations through one or more waypoints. In the vicinity of waypoints specified in an itinerary, the agent transacts tokens which are verified by a cloud server or within the agent. As the agent approaches the unattended delivery destination, the agent presents its credentials and journal of waypoints. A portal actuator is operated by a physical access control server to enable delivery upon arrival and secure the portal upon departure. The agent is credentialed by each supply origination apparatus and receives destination, itinerary routing, and transit tokens. Waypoint identifiers may be recorded into the transit tokens by the agent. Other waypoints may actively acquire a token from the agent and relay it to the cloud server for validation.

Abstract: Provided herein are methodologies where a glycosylated protein or peptide is subjected to peptide bond cleavage to produce a glycan amino acid complex wherein the N-linked or O-linked glycan is attached. A derivatization reagent is then attached to the N terminus of the amino acid to provide a labeled glycan amino acid complex. The labeled glycan amino acid complex is then separated from the matrix via one or more methods including HILIC SPE, and injected directly onto an LC or LC/MS system for analysis, detection and characterization of the glycosylated protein or the peptide.

Abstract: A personal electronic device enables access to and occupancy of a secure space by providing measures of behaviors, personal attributes, history of transactions and movements that are used to validate continuous authentication and authorization of the device's possessor. This addresses the vulnerability of a misplaced, lost, or stolen electronic credential. An anchor point is a physical measurement of personal physical identity such as voice recognition, fingerprint, iris scan, chemistry, or other biometric. Continuity from an anchor point is measured by GPS way points, financial transactions at familiar vendors, outgoing text messages or passphrases, gait analysis, heart rate, EKG rhythm, or transit time. A request for access is presented upon a challenge based on proximity to a portal location. A digital credential is used to encrypt two or more of the continuity milestones and an anchor point which can be matched against a previously stored or dynamically generated expected value.

Abstract: An unattended physical delivery access control system includes a wireless mobile agent which journeys from supply originations to unattended delivery destinations through one or more waypoints. In the vicinity of waypoints specified in an itinerary, the agent transacts tokens which are verified by a cloud server or within the agent. As the agent approaches the unattended delivery destination, the agent presents its credentials and journal of waypoints. A portal actuator is operated by a physical access control server to enable delivery upon arrival and secure the portal upon departure. The agent is credentialed by each supply origination apparatus and receives destination, itinerary routing, and transit tokens. Waypoint identifiers may be recorded into the transit tokens by the agent. Other waypoints may actively acquire a token from the agent and relay it to the cloud server for validation.

Abstract: A server is coupled to a network controlling door actuators at physical geo-locations. The server receives through a wireless communication network a request to enable physical access at a portal using a secure channel and a geo-location estimate from a mobile device. A circuit of the mobile device receives radio signal magnitude, phase, and power from at least one transmitter and authentication input from a user interface. Dual secured communications paths protect the server on its separately provisioned request channel and actuator command channel. Each legacy electronically controlled access portal is enabled to support smartphones without installing a replacement multi-band radio frequency reader at the geo-location.

Abstract: A method operates a server that is coupled to a network controlling door actuators at physical geo-locations. The server receives through a wireless communication network a request to enable physical access at a portal using a secure channel and a geo-location estimate from a mobile device. A circuit of the mobile device receives radio signal magnitude, phase, and power from at least one transmitter and authentication input from a user interface. Dual secured communications paths protect the server on its separately provisioned request channel and actuator command channel. Each legacy electronically controlled access portal is enabled to support smartphones without installing a replacement multi-band radio frequency reader at the geo-location.

Abstract: A server is coupled to a network controlling door actuators at physical geo-locations. The server receives through a wireless communication network a request to enable physical access at a portal using a secure channel and a geo-location estimate from a mobile device. A circuit of the mobile device receives radio signal magnitude, phase, and power from at least one transmitter and authentication input from a user interface. Dual secured communications paths protect the server on its separately provisioned request channel and actuator command channel. Each legacy electronically controlled access portal is enabled to support smartphones without installing a replacement multi-band radio frequency reader at the geo-location.

Abstract: The present invention provides, in one aspect, a system and method for managing authentication tokens that operate across multiple types or physical resources binding the tokens to one or more external electronic Identity Providers; generating tokens; authenticating the tokens at multiple physical resources; managing access to physical resources by linking the tokens to the electronic identities; translating the tokens to the appropriate physical token type based on infrastructure services available at the point of service; validating tokens at the physical resource; tracking and conveying usage information; and making use of social group relationships and other data defined by individual usage to, among other things, simplify the process of granting user-generated credentials to persons connected to a given individual via the Identity Provider or an external social network, for example.

Abstract: The present invention provides, in one aspect, a system and method for managing authentication tokens that operate across multiple types or physical resources binding the tokens to one or more external electronic Identity Providers; generating tokens; authenticating the tokens at multiple physical resources; managing access to physical resources by linking the tokens to the electronic identities; translating the tokens to the appropriate physical token type based on infrastructure services available at the point of service; validating tokens at the physical resource; tracking and conveying usage information; and making use of social group relationships and other data defined by individual usage to, among other things, simplify the process of granting user-generated credentials to persons connected to a given individual via the Identity Provider or an external social network, for example.

Abstract: The present invention provides, in one aspect, a system and method for managing authentication tokens that operate across multiple types of physical resources binding the tokens to one or more external electronic Identity Providers; generating tokens; authenticating the tokens at multiple physical resources; managing access to physical resources by linking the tokens to the electronic identities; translating the tokens to the appropriate physical token type based on infrastructure services available at the point of service; validating tokens at the physical resource; tracking and conveying usage information; and making use of social group relationships and other data defined by individual usage to, among other things, simplify the process of granting user-generated credentials to persons connected to a given individual via the Identity Provider or an external social network, for example.

Abstract: The present invention provides, in one aspect, a system and method for managing authentication tokens that operate across multiple types of physical resources binding the tokens to one or more external electronic Identity Providers; generating tokens; authenticating the tokens at multiple physical resources; managing access to physical resources by linking the tokens to the electronic identities; translating the tokens to the appropriate physical token type based on infrastructure services available at the point of service; validating tokens at the physical resource; tracking and conveying usage information; and making use of social group relationships and other data defined by individual usage to, among other things, simplify the process of granting user-generated credentials to persons connected to a given individual via the Identity Provider or an external social network, for example.

Abstract: Systems and methods for determining the identity of entities who meet trust requirements of a privilege grantor include an identity and trust management system including at least one computing device in communication with at least one entity, at least one privilege grantor, and at least one authoritative source. At least one rule is received from the at least one privilege grantor that must be satisfied for the at least one privilege grantor to trust an entity. A database is established of at least one entity with information about the at least one entity. The at least one authoritative source is queried to determine whether at least a portion of the information about the at least one entity is correct. A response is received from the at least one authoritative source as to whether or not the portion of information is correct. The database stores a result of the query without storing data underlying the result.

Abstract: Systems and methods for determining the identity of entities who meet trust requirements of a privilege grantor include an identity and trust management system including at least one computing device in communication with at least one entity, at least one privilege grantor, and at least one authoritative source. At least one rule is received from the at least one privilege grantor that must be satisfied for the at least one privilege grantor to trust an entity. A database is established of at least one entity with information about the at least one entity. The at least one authoritative source is queried to determine whether at least a portion of the information about the at least one entity is correct. A response is received from the at least one authoritative source as to whether or not the portion of information is correct. The database stores a result of the query without storing data underlying the result.