Abstract: A system is disclosed along with a method for operating the system. In one non-limiting embodiment, the disclosed ticketing system employs a trusted tag service, which enables a customer to safely load ticketing credit onto their mobile device and provide a proof of purchase via the mobile device. The ticketing system is also disclosed as including a transport operator application that can interface with the customer's mobile device to verify payment for a journey.

Abstract: Mechanisms are provided to manage personal identification numbers and data objects residing in a communication system. In particular, solutions are described which allow a PIN associated with a data object to be stored with the data object for later authentication and verification purposes without disclosing the pin. In at least one embodiment, an operation is performed wherein a signature or digest of a data object is altered utilizing a user's entered pin. The altered signature is then stored. Upon verification and authentication, an operation is performed on the stored altered signature and the result is compared to a signature of the data object. If both signatures match, then the PIN can be used to authenticate and verify the data object.

Abstract: A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag (308) is enabled to generate a Tag Authentication Cryptogram (TAC) and include the TAC in response (S303) to a read request (S301). Accordingly, each response generated by the smart tag (308) will include a different TAC. It follows that interactions between the smart tag (308) and a reading device (304) can be authenticated as unique interactions if the TAC is validated as a unique and correct TAC.

Abstract: A data-carrying device and methods of authenticating the same are disclosed. The data-carrying device is described as being capable of communicating via the Near Field Communications (NFC) protocol and may have one or more NFC Data Exchange Format (NDEF) records stored in its memory. The data-carrying device also comprises or has the ability to generate a signature that proves the data-carrying device is the authorized device for storing the one or more NDEF records. A data-carrying device that attempts to transmit an NDEF record without a valid signature may be identified as an unauthorized data-carrying device.

Abstract: A mobile provisioning system, method, and apparatus are provided. The mobile provisioning method is disclosed to enable a first mobile device to provision or write one or more guest identification objects to a second mobile device. The guest identification objects may be written only if the first mobile device has the appropriate permissions and may further be limited in their use as compared to non-guest identification objects.

Abstract: Methods, systems, and devices for managing energy consumption in multi-room facilities are provided. In particular, intelligent mechanisms for determining a location of a mobile device (124) associated with a room (112a, 112b . . . 112n) and then for managing energy settings, especially setback controls, of that room (112a, 112b . . . 112n) are provided. Some logic for implementing these mechanisms may be provided in a mobile device (124) and in-room device, such as a motion detector, thermostat, HVAC controller, door, lock, television, set top box, etc.

Abstract: A system and method for determining presence information for mobile devices (104) are disclosed. Specifically, the presence information for a mobile device (104) can be determined based on whether or not the mobile device (104) is having a unique interaction with a smart tag (108). If a unique interaction is detected, then the mobile device (104) can be said to be within the presence of the smart tag (108) and the location or presence information for the mobile device (104) can be correlated to location information known for the smart tag (108).

Abstract: Mechanisms are provided to sequence one or more access control keys residing on a mobile device to be used with an access control reader. In particular, solutions are described which allow a mobile device to receive one or more access control keys and receive additional sequence data. The sequence data may be created for a particular route or course such that a user is require to present the received access control keys to an access control reader in a particular order to gain access to a protected asset.

Abstract: A tag used for storing information related to chain of custody of an object is described. The tag is at least one of attacked to a physically associated with the object and the tag includes memory that has custody claim entries written thereto. When custody of the object is transferred from one entity to another entity or when an entity relinquishes custody of the object, a release record is also written to the tag. The custody claim entries and release records written to the tag can be used to verify the chain of custody of the object.

Abstract: Methods and systems are provided for enabling a user to enroll with a security system and create access credentials via a mobile device. In particular, a mobile device user may use the mobile device to enter user information, including identification information, communicate the information to a manufacturer for creating access credentials associated with the user. The user information may be verified before it is sent to manufacturing. Verification may be based on rules stored in memory and can be configured to prevent fraud. In addition, aspects of the present disclosure anticipate that a user may monitor a status of manufacturing associated with the access credentials.

Abstract: A tag and a method of writing data to memory of a tag are provided. The tag includes memory that stores data elements as well as an access control list that maps access keys to the data elements. An authentication protocol is employed by the tag to determine whether a data element received from a writing device will be written to the memory.

Abstract: Managing access by a user includes requesting an access code from an external server, the external server providing the access code to the user only if the user is authorized for access, the access code being provided to an input unit, and the user being granted access by a security component if the access code is valid. The input unit may be a keypad. The access code maybe provided using RF communication, such as NFC, Bluetooth, and/or Bluetooth Smart. The device may request the access code from the external server. The device may be a mobile device. Managing access by a user may also include the user entering a PIN in addition to the access code. The pin may be entered by the user's device. The access may be to a physical area and the user may be granted access by having a door open.

Abstract: A trusted authority, validation system and method are provided. The system and method may employ Near Field Communication (NFC) technologies to prepare and write signed validation signatures to tags as well as read and analyze validation signatures from tags. An NFC-enabled phone is also provided as a mechanism for facilitating the trusted authority and validation services described herein.

Abstract: Methods, systems, and devices for updating access permissions of users in an access control system are described. The access permissions are capable of being updated based on rules and thresholds that include as at least one variable presence or contextual information associated with a user. The presence or contextual information associated with a user may be analyzed to trigger a credential update process for that user or other users within the access control system.

Abstract: Methods, systems and devices for employing the Near Field Communications (NFC) protocol are described. Specifically, a safe or similar in-room security device is configured to exchange communications with one or more NFC-enabled devices in accordance with the NFC protocol. Based on the exchange of information with the NFC-enabled devices, the safe is configured to make one or more access control decisions.

Abstract: The present invention is directed toward secure access systems. Specifically, a method and system is provided that enhances the security of unidirectional communication protocols used in access control systems, such as the Wiegand protocol. The enhancements may include obfuscation of data, a two-way packet-mode communications, and blind synchronization of pseudo-random number generators.

Abstract: The present invention is directed toward secure access systems. Specifically, a method, system, and device are described that employ a synchronized pseudo-random number generator to secure communications between endpoints involved in a communication. If synchronization is lost between two devices, the two devices can regain synchronization by switching to use of a different pseudo-random number generator that is used for resynchronization instead of communications.

Abstract: A reader configured to perform dual-factor authentication is provided. The reader is configured to analyze credential data as well as event-based user inputs. The event-based user inputs are received in response to the reader presenting one or more events to a user and monitoring the user's reaction thereto. Utilization of an event-based user input enables the reader to perform dual-factor authentication without necessarily being provided with a keyboard or other advanced user input device.

Abstract: Mechanisms are provided for transferring sensitive information, such as cryptographic keys, between entities. Particularly, a device is provided with a user input connected directly to a secure element. The device enables a user to enter sensitive information in the user input which is then passed directly to the secure element without traversing any other element such that the secure element can encode and/or encrypt the sensitive information. Once the sensitive information has been encoded and/or encrypted by the secure element, the now secure sensitive information can be shared with other entities using familiar and popular, yet relatively unsecure, transfer methods.

Abstract: The present invention is directed toward secure access systems. Specifically, a method and system is provided that enhances the security of unidirectional communication protocols used in access control systems, such as the Wiegand protocol. The enhancements may include obfuscation of data, a two-way packet-mode communications, and blind synchronization of pseudo-random number generators.