Abstract: A method in an electronic device includes comparing, with one or more processors, at least one image with one or more predefined reference images and determining whether the at least one image comprises a depiction of a mien expressed by the object. When the object is authenticated as the authorized user of the electronic device and the at least one image fails to comprise the depiction of the mien expressed by the object, the one or more processors grant limited operational access to features, applications, or data of the electronic device. When the object is authenticated as the authorized user of the electronic device and the at least one image comprises the depiction of the mien expressed by the object, the one or more processors can grant full operational access to the features, the applications, or the data of the electronic device.

Abstract: Systems and methods for authenticating a user of a mobile electronic device to use a FIDO (fast identification online) compliant application in the device are provided. These entail receiving a user authentication input at the mobile electronic device and caching the authentication input. While the authentication input remains cached, the user is authenticated to use the mobile electronic device via the authentication input. The mobile electronic device is then unlocked and the FIDO compliant application is opened. Secure delayed FIDO authentication is then executed by providing the cached authentication input to the FIDO compliant application to open an authenticated session of the user on the FIDO compliant application.

Abstract: A method in an electronic device includes comparing, with one or more processors, at least one image with one or more predefined reference images and determining whether the at least one image comprises a depiction of a mien expressed by the object. When the object is authenticated as the authorized user of the electronic device and the at least one image fails to comprise the depiction of the mien expressed by the object, the one or more processors grant limited operational access to features, applications, or data of the electronic device. When the object is authenticated as the authorized user of the electronic device and the at least one image comprises the depiction of the mien expressed by the object, the one or more processors can grant full operational access to the features, the applications, or the data of the electronic device.

Abstract: Systems and methods for authenticating a user of a mobile electronic device to use a FIDO (fast identification online) compliant application in the device are provided. These entail receiving a user authentication input at the mobile electronic device and caching the authentication input. While the authentication input remains cached, the user is authenticated to use the mobile electronic device via the authentication input. The mobile electronic device is then unlocked and the FIDO compliant application is opened. Secure delayed FIDO authentication is then executed by providing the cached authentication input to the FIDO compliant application to open an authenticated session of the user on the FIDO compliant application.

Abstract: A method, telecommunication apparatus, and electronic device for securely creating an identity data block are disclosed. A secure memory 208 may store a unique private key 326 associated with a unique public key 328. A processor 204 may generate the identity data block 332 in the secure memory 208 using the unique private key 326. The processor 204 may erase the unique private key 326 from the secure memory 208.

Abstract: A method, telecommunication apparatus, and electronic device for securely using a subscriber identity module are disclosed. A secure memory 308 may store a secure international mobile subscriber identity. A subscriber identity module interface 312 may receive an unlocking international mobile subscriber identity. A processor 304 may erase a cache temporary mobile subscriber identity if the unlocking international mobile subscriber identity does not match the secure international mobile subscriber identity.

Abstract: A method, telecommunication apparatus, and electronic device for securely creating an identity data block are disclosed. A secure memory 208 may store a unique private key 326 associated with a unique public key 328. A processor 204 may generate the identity data block 332 in the secure memory 208 using the unique private key 326. The processor 204 may erase the unique private key 326 from the secure memory 208.

Abstract: A method, telecommunication apparatus, and electronic device for securely using a subscriber identity module are disclosed. A secure memory 308 may store a secure international mobile subscriber identity. A subscriber identity module interface 312 may receive an unlocking international mobile subscriber identity. A processor 304 may erase a cache temporary mobile subscriber identity if the unlocking international mobile subscriber identity does not match the secure international mobile subscriber identity.

Abstract: Techniques are provided for preventing replacement of a one-time-programmable (OTP) component. The OTP component can be part of a wireless device. The wireless device is configured such that programming of a new IMEI code into the OTP component is permitted only when the wireless device is in a secure-mode state. A challenge-response protocol is used to place the wireless device in this secure-mode state.

Abstract: A server, e.g., a client (105, 107, 109), receives a request for a digital signature to be applied to digital information, obtains a representation of the information, determines a designation of key pair(s) to be applied thereto; and transmits a request for the digital signature to a front end server (103a, 103b). The front end server determines one or more of whether the client is authentic and authorized, the user identifier is authentic, and the user identifier is permitted to make the request. If so, the front end server transmits a request to generate a digital signature to a back end server (101). The back end server determines one or more of whether the front end server is authentic and the designated key pair correspond to the requesting front end server. If so, the back end server generates the digital signature based on the information and the key pair(s).