Abstract: Example implementations include a method, apparatus, and computer-readable medium for configuring a device in a physical security system via an open architecture. The device receives a command from an application via a publish-and-subscribe broker. The command includes: a type field indicating the command, a source field indicating the application, a timestamp, and a payload including a list of objects, each object including one or more parameters defined by a field name, a datatype, one or more possible values, and a mandatory status. The device transmits an event message to the application via the publish-and-subscribe broker, the event message includes a type field identifying the event message, a source field identifying the device, a timestamp, and a payload including a type field identifying a type of event.

Abstract: Example implementations include a method, apparatus, and computer-readable medium for configuring a device in a physical security system via an open architecture. The device establishes an application message layer session by exchanging certificates with a publish-and-subscribe broker and subscribing to a first topic from the application to the device. The device receives a configuration for the device from the application via the publish-and-subscribe broker through one or more command messages on the topic, wherein the one or more command messages carry a plurality of objects that are in clear text at the application message layer and are protected at a transport layer. The device transmits for each object, an event message that indicates a status of the object. The device maintains the application message layer session by periodically sending heartbeat event messages.

Abstract: Example implementations include a method, system, and computer-readable medium, comprising collecting environment information by a first reader device configured to control access to a first secure area via ultrasound communications. The implementations further include determining first input information based on the environment information, the first input information. Additionally, the implementations further include determining, via a machine learning model, access intention information identifying the first secure area or a second secure area as an object of interest based on the first input information and second input information, wherein the second input information is associated with a second reader device that controls access to the second secure area and is co-located with the first reader device. Additionally, the implementations further include providing, based on the access intention information, access to one of the first secure area or the second secure area.

Abstract: Example implementations include a method, system, and computer-readable medium, comprising collecting environment information by a first reader device configured to control access to a first secure area via ultrasound communications. The implementations further include determining first input information based on the environment information, the first input information. Additionally, the implementations further include determining, via a machine learning model, access intention information identifying the first secure area or a second secure area as an object of interest based on the first input information and second input information, wherein the second input information is associated with a second reader device that controls access to the second secure area and is co-located with the first reader device. Additionally, the implementations further include providing, based on the access intention information, access to one of the first secure area or the second secure area.

Abstract: Example aspects include techniques for efficient updates in IoT event driven architectures. These techniques may include receiving, from a source application via a publish/subscribe broker service a first block using a first IoT messaging session, the first block including a first portion of a file and a first plurality of communication parameters, and transmitting a first acknowledgement corresponding to the first block, the first acknowledgement approving a proposed parameter of the first plurality of communication parameters. Further, the techniques may include receiving, based on the proposed parameter, from the source application via the publish/subscribe broker service, a second block using a second IoT messaging session, the second block including a second portion of the file and a second plurality of communication parameters, and transmitting a second acknowledgement corresponding to the second block.

Abstract: Example implementations include a method, system, and computer-readable medium, comprising collecting environment information by a first reader device configured to control access to a first secure area via ultrasound communications. The implementations further include determining first input information based on the environment information, the first input information. Additionally, the implementations further include determining, via a machine learning model, access intention information identifying the first secure area or a second secure area as an object of interest based on the first input information and second input information, wherein the second input information is associated with a second reader device that controls access to the second secure area and is co-located with the first reader device. Additionally, the implementations further include providing, based on the access intention information, access to one of the first secure area or the second secure area.

Abstract: An apparatus and method for performing authenticated communications that includes receiving, by a gateway device, a password associated with an application. The gateway device is in communication with a plurality of access control devices associated with the application. Access to each device in a cluster formed by the gateway device and the plurality of access control devices requires a user authentication associated with the password. The gateway device generates a plurality of different matching pairs of salt values and hash values and deletes the password. In addition, the gateway device transmits different sets of mismatched pairs of the salt values and the hash values to at least two devices of the cluster for storage. The user authentication is based on a salt value and a hash value from the plurality of different matching pairs of salt values and hash values stored at two different devices of the cluster.

Abstract: A system may be configured to perform secure low-latency and low-throughput support of REST APIs in IoT devices. In some aspects, the system may establish a first encrypted communication channel with an application of a management device, receive a certificate signing request including a public key of the application via the private channel, sign the public key of the application using read-only birth secret information to generate first signed certificate, and transmit the first signed certificate vis the private channel. Further, the system may receive an authentication request including a second signed certificate via a second encrypted communication channel, determine that the second signed certificate matches the first signed certificate via the read-only birth secret information, and transmit an application credential to the application via the second encrypted communication channel.

Abstract: Aspects of the present disclosure include methods, apparatuses, and computer readable media for controlling access including generating a random string or pseudorandom string, acoustically broadcasting a beacon message comprising the random string or pseudorandom string, acoustically receiving, in response to acoustically broadcasting the beacon message, an authentication message comprising a user identification and an authentication string, obtaining a password associated with the user identification, computing a verification string using the password and the random string or pseudorandom string, verifying the authentication string in the authentication message using the verification string, and transmitting, in response to successfully verifying the authentication string in the authentication message, an unlocking message to the access controlled point to unlock the access controlled point.

Abstract: An apparatus and method for performing authenticated communications that includes receiving, by a gateway device, a password associated with an application. The gateway device is in communication with a plurality of access control devices associated with the application. Access to each device in a cluster formed by the gateway device and the plurality of access control devices requires a user authentication associated with the password. The gateway device generates a plurality of different matching pairs of salt values and hash values and deletes the password. In addition, the gateway device transmits different sets of mismatched pairs of the salt values and the hash values to at least two devices of the cluster for storage. The user authentication is based on a salt value and a hash value from the plurality of different matching pairs of salt values and hash values stored at two different devices of the cluster.

Abstract: Aspects of the present disclosure include methods, systems, and non-transitory computer readable media that perform the steps of transmitting a token to a gateway, receiving a response token including an encrypted message, decrypting the encrypted message using a decryption key associated with the token to generate a decrypted message, validating content of the decrypted message, transmitting a certificate request in response to successfully validating the content of the decrypted message, receiving a certificate in response to the request, validating the certificate against a certification authority, and transmitting encrypted data via a secured connection in response to successfully validating the certificate.

Abstract: A system may be configured to perform secure low-latency and low-throughput support of REST APIs in IoT devices. In some aspects, the system may establish a first encrypted communication channel with an application of a management device, receive a certificate signing request including a public key of the application via the private channel, sign the public key of the application using read-only birth secret information to generate first signed certificate, and transmit the first signed certificate vis the private channel. Further, the system may receive an authentication request including a second signed certificate via a second encrypted communication channel, determine that the second signed certificate matches the first signed certificate via the read-only birth secret information, and transmit an application credential to the application via the second encrypted communication channel.

Abstract: A system may be configured to perform enhanced detection of occluded objects in a multiple object detection system. In some aspects, the system may transmit, by an application to an internet of things (IoT) device, an actual representational state transfer (REST) request including a parameter and an application authentication credential for authenticating to the IoT device, determine, based on an expected REST response to the actual REST request, one or more conditional parameters for configuring the IoT device, transmit, without waiting for the expected REST response, a predictive REST request including the one or more conditional parameters, and receive an actual response indicating success of the configuring the IoT device.

Abstract: Aspects of the present disclosure include methods, apparatuses, and computer readable media for controlling access including generating a random string or pseudorandom string, acoustically broadcasting a beacon message comprising the random string or pseudorandom string, acoustically receiving, in response to acoustically broadcasting the beacon message, an authentication message comprising a user identification and an authentication string, obtaining a password associated with the user identification, computing a verification string using the password and the random string or pseudorandom string, verifying the authentication string in the authentication message using the verification string, and transmitting, in response to successfully verifying the authentication string in the authentication message, an unlocking message to the access controlled point to unlock the access controlled point.

Abstract: Aspects of the present disclosure include methods, systems, and non-transitory computer readable media that perform the steps of transmitting a token to a gateway, receiving a response token including an encrypted message, decrypting the encrypted message using a decryption key associated with the token to generate a decrypted message, validating content of the decrypted message, transmitting a certificate request in response to successfully validating the content of the decrypted message, receiving a certificate in response to the request, validating the certificate against a certification authority, and transmitting encrypted data via a secured connection in response to successfully validating the certificate.

Abstract: A system that traverses Web Real-Time Communication (“WebRTC”) data over a tunnel establishes the tunnel between a tunneling client of a user equipment (“UE”) and a tunneling server. The system receives the WebRTC data and encapsulates the WebRTC data into frames. The system detects that one or more of the frames includes media. The system then transmits the frames over the tunnel while, for the frames detected as media, applying enhancement features to the transmitting of the media frames.

Abstract: A system that implements multihoming for real-time communications receives a request to establish a tunnel by a tunneling server with a tunneling client of user equipment, where the request includes two or more network addresses for the tunnel. The system establishes the tunnel and sends a list of the allocated two or more network addresses for the tunnel. The system then receives encapsulated media that corresponds to at least two different network addresses over the tunnel.

Abstract: A system that transmits frames by establishing a tunnel between a tunneling client of a user equipment and a tunneling server enables a redundant header removal functionality for an inner socket of the tunnel. The system receives a frame that includes an Internet Protocol (“IP”) header and removes redundant information from the IP header, the removed redundant information including a source address of the frame. The system transmits the frame with a modified header after the removed redundant information over the inner socket of the tunnel.

Abstract: A system for transmitting encapsulated media over tunnels, in response to a first request from a first application, establishes a first tunnel between a first tunneling client of a user equipment (“UE”) and a tunneling server and establishes a first outer transport layer and a first outer network layer and establishes a local tunneling proxy. Further, the system, in response to a second request from a second application, establishes a second tunnel between the first tunneling client and the tunneling server, where the second request includes a request to use the first outer transport layer and the first outer network layer established in conjunction with the first tunnel, and the second request is forwarded to the tunneling server via the local tunneling proxy.

Abstract: A system performs tunneling for real-time communications (“RTC”). The system determines a quantity of available tunnels at a tunneling server. The system then determines that the quantity of available tunnels is below a threshold, and that two or more tunnels established with the tunneling server correspond to a user equipment (“UE”). The system indicates to the UE to consolidate the two or more tunnels into a target tunnel within the two or more tunnels, and performs the RTC with the UE over the target tunnel.