Abstract: A device attestation server and method for attesting to the integrity of a mobile device is provided. An attestation request is sent from a mobile device to a device attestation server. The device attestation server runs an attestation method that is supported by the mobile device. The device attestation server creates an attestation token that includes a validation result and a plurality of attributes. The device attestation server sends the attestation token to the mobile device, which performs a validation method using the attestation token.

Abstract: A method for recovering a digital file from a locked device is provided. An identity token is received at a recovery app on the locked device. The recovery app retrieves a digital file from the locked device and sends the digital file and the identity token to a service external to the device.

Abstract: Systems and methods of enforcing device policies. One example method includes receiving, with an electronic processor and from a host virtual machine server, information regarding an electronic client device operating a guest virtual machine, and receiving, with the electronic processor, a policy check request from a server to the host virtual machine server. The policy check request includes a first set of policies generated by the server. The method also includes generating, with the electronic processor, a second set of policies based on information received from the host virtual machine server, and sending, from the electronic processor the second set of policies to the host virtual machine server.

Abstract: Method, server, and communication device for updating identity-based cryptographic private keys of compromised communication devices. One method includes receiving, at a server, a security status indicating that the security of a first communication device has been compromised. The first communication device is associated with a user and includes a first identity-based cryptographic private key and a first user identifier. The method also includes, responsive to receiving the security status, determining, with the server, a second user identifier based on the first user identifier. The method further includes determining, with the server, a second identity-based cryptographic private key based on the second user identifier. The method also includes distributing, via the server, the second identity-based cryptographic private key to a second communication device. The second communication device is associated with the user.

Abstract: A device attestation server and method for attesting to the integrity of a mobile device is provided. An attestation request is sent from a mobile device to a device attestation server. The device attestation server runs an attestation method that is supported by the mobile device. The device attestation server creates an attestation token that includes a validation result and a plurality of attributes. The device attestation server sends the attestation token to the mobile device, which performs a validation method using the attestation token.

Abstract: Method and management server for revoking group server identifiers of compromised group servers. One method includes determining, with a management server, an identity-based cryptographic signing key based on a group server identifier. The method also includes distributing, via the management server, the identity-based cryptographic signing key to a group server. The method further includes receiving, at the management server, a security status indicating that the security of the group server is compromised. The method also includes, responsive to receiving the security status, distributing, via the management server, a revocation of the group server identifier to a plurality of communication devices.

Abstract: An electronic processor is configured to determine sensor data reliability at an incident scene for real-time and post-incident processing. The electronic processor receives primary sensor data from a primary data source, retrieves secondary data associated with the primary sensor data, calculates a reliability index for the primary sensor data using the secondary data; compares the reliability index to a threshold and one of executes a particular action and applies a particular policy as a function of the comparison.

Abstract: Method and server for issuing a cryptographic key. One method includes distributing a first group key to a first communication device and a second communication device. The method also includes distributing a security request to the first communication device. The method further includes receiving a security status from the first communication device responsive to transmitting the security request. The method also includes determining when security of the first communication device is compromised based on the security status. The method further includes distributing, via a server, the cryptographic key to the first communication device when the security of the first communication device is not compromised. The method also includes distributing, via the server, a second group key to the second communication device when the security of the first communication device is compromised and the first communication device cannot be fixed or deactivated.

Abstract: A method for recovering a digital file from a locked device is provided. An identity token is received at a recovery app on the locked device. The recovery app retrieves a digital file from the locked device and sends the digital file and the identity token to a service external to the device.

Abstract: An electronic processor is configured to determine sensor data reliability at an incident scene for real-time and post-incident processing. The electronic processor receives primary sensor data from a primary data source, retrieves secondary data associated with the primary sensor data, calculates a reliability index for the primary sensor data using the secondary data; compares the reliability index to a threshold and one of executes a particular action and applies a particular policy as a function of the comparison.

Abstract: A device, system and method for sharing sensor data is provided. A request to access sensor data is received at a receiver device, from a requestor device, the sensor data acquired by sensors associated with the receiver device. The receiver device determines a status of the receiver device. The receiver device determines, from the status of the receiver device, a subset of the sensor data to share with the requestor device. The receiver device determines one or more override contextual conditions associated with one or more of the requestor device and the receiver device. When the one or more override contextual conditions meets one or more override threshold conditions, the receiver device causes the subset of the sensor data to be shared with the requestor device.

Abstract: A method of transitioning a wireless networking device from a non-access point mode to an access point mode includes receiving a find network request from another wireless networking device and sending a find network response including beacon data and an identifier. The method includes receiving a join network request from the other wireless networking device and associating with the other networking device by transitioning from a default mode to an access point mode. The other wireless networking device then operates as a client device. Each wireless networking device in the default mode listens for other wireless networking devices seeking an access point for the wireless network. In the access point mode the wireless networking device periodically broadcasts beacons. Each wireless networking device transitions to a client-only mode, when limiting conditions are present.

Abstract: A method of enabling a lock screen of an electronic device operating an electronic device that includes an electronic processor and a display screen. The method includes receiving, by the electronic processor, a request to unlock the electronic device. The method further includes determining, by the electronic processor, an authentication state for the electronic device. The method further includes, determining, by the electronic processor, a lock screen authentication mode based on the authentication state, and displaying, on the display screen, a lock screen including the lock screen authentication mode. The electronic device includes a display screen and an electronic processor. The electronic processor is configured to receive a request to unlock the electronic device.

Abstract: An evidentiary electronic processor receives identifying data associated with respective ones of a plurality of communication devices associated with an incident. The evidentiary electronic processor determines an assignment status of each communication device using the respective identifying data. The assignment status indicates that a communication device is one of assigned to the incident, unassigned to the incident and associated with a first profile that is relevant to the incident, or unassigned to the incident and associated with a second profile that is irrelevant to the incident. The evidentiary electronic processor receives sensor data associated with the incident from a sending communication device out of the plurality of communication devices. The evidentiary electronic processor processes the sensor data based on a respective assignment status associated with the sending communication device.

Abstract: Systems and methods of enforcing device policies. One example method includes receiving, with an electronic processor and from a host virtual machine server, information regarding an electronic client device operating a guest virtual machine, and receiving, with the electronic processor, a policy check request from a server to the host virtual machine server. The policy check request includes a first set of policies generated by the server. The method also includes generating, with the electronic processor, a second set of policies based on information received from the host virtual machine server, and sending, from the electronic processor the second set of policies to the host virtual machine server.

Abstract: Method and management server for revoking group server identifiers of compromised group servers. One method includes determining, with a management server, an identity-based cryptographic signing key based on a group server identifier. The method also includes distributing, via the management server, the identity-based cryptographic signing key to a group server. The method further includes receiving, at the management server, a security status indicating that the security of the group server is compromised. The method also includes, responsive to receiving the security status, distributing, via the management server, a revocation of the group server identifier to a plurality of communication devices.

Abstract: Method, server, and communication device for updating identity-based cryptographic private keys of compromised communication devices. One method includes receiving, at a server, a security status indicating that the security of a first communication device has been compromised. The first communication device is associated with a user and includes a first identity-based cryptographic private key and a first user identifier. The method also includes, responsive to receiving the security status, determining, with the server, a second user identifier based on the first user identifier. The method further includes determining, with the server, a second identity-based cryptographic private key based on the second user identifier. The method also includes distributing, via the server, the second identity-based cryptographic private key to a second communication device. The second communication device is associated with the user.

Abstract: Method and server for issuing a cryptographic key. One method includes distributing a first group key to a first communication device and a second communication device. The method also includes distributing a security request to the first communication device. The method further includes receiving a security status from the first communication device responsive to transmitting the security request. The method also includes determining when security of the first communication device is compromised based on the security status. The method further includes distributing, via a server, the cryptographic key to the first communication device when the security of the first communication device is not compromised. The method also includes distributing, via the server, a second group key to the second communication device when the security of the first communication device is compromised and the first communication device cannot be fixed or deactivated.

Abstract: A method of enabling a lock screen of an electronic device operating an electronic device that includes an electronic processor and a display screen. The method includes receiving, by the electronic processor, a request to unlock the electronic device. The method further includes determining, by the electronic processor, an authentication state for the electronic device. The method further includes, determining, by the electronic processor, a lock screen authentication mode based on the authentication state, and displaying, on the display screen, a lock screen including the lock screen authentication mode. The electronic device includes a display screen and an electronic processor. The electronic processor is configured to receive a request to unlock the electronic device.

Abstract: A method and apparatus are provided, for accessing a data-capture device in a different domain, by public safety wireless communications equipment, for the purpose of obtaining information at an incident. A dispatch controller of a public safety wireless communications system receives an access token from a server of a non-public-safety network, when an incident occurs. The token allows access to a data-capture device, and is associated with the incident. The dispatch controller sends the token to the data-capture device, receives a data stream, and forwards the data stream to a public safety wireless communication device. The public safety wireless communication device may itself discover and access the data-capture device, and may receive the data stream directly from the data-capture device. The public safety wireless communication device may forward the data stream and/or the access token to other public safety wireless communication devices.