Abstract: Described herein is a framework to monitor traffic congestion. In accordance with one aspect of the framework, the framework receives vehicle data from vehicle data sources located in a region of interest. The framework may determine a sample size and an average speed for an edge of the region of interest based on the vehicle data. Congestion probability may then be determined based on the sample size and average speed. A report may be presented based on the congestion probability.

Abstract: A system and method for generating virtual objects, the data for the virtual object is retrieved at least in part from a tag. The tag comprises a transparent physical surface and a visually imperceptible structure constructed in the transparent physical surface. The tag encodes the data for the virtual objects in the visually imperceptible structure. When detected by the appropriately configured capture devices, the visually imperceptible structure produces a depth pattern that is reflected in phase shifts between regions in the tag.

Abstract: A device management system that is capable of scheduling connected devices and personnel for tasks, monitoring the ability of the devices to perform the scheduled task by checking in with the devices based on their uses and locations, and to modify the functioning of the devices according to the tasks scheduled for the devices and their uses. Additionally, the system can incorporate uncommunicated “dumb” devices into the scheduling of tasks and track and manage those devices.

Abstract: The present invention discloses a resource allocation method and user equipment, where the method includes: determining, by first user equipment, a first resource; and sending, by the first user equipment, at least one occupation signal on the first resource, where the at least one occupation signal is used to indicate occupation of the first resource. According to the resource allocation method and the user equipment in embodiments of the present invention, an occupation signal is sent on a selected to-be-occupied resource to indicate occupation of the resource, so as to effectively avoid resource contention between different user equipment or between different user groups and effectively improve user experience.

Abstract: A biometric sensor apparatus for authenticating a user using images (1) of patterns of blood vessels (30) of the user, comprising: a wrist strap (12); a clasp (4); a camera (3) arranged for capturing said images; a mechanism for detecting an opening of said clasp (4); a module programmed for authenticating said user when said images match reference images of said user, and for revoking said authentication when an opening of the clasp has been detected.

Abstract: In one embodiment, a method includes receiving a request for an object; retrieving one or more rules to evaluate whether to allow or deny access to the object, wherein a first rule is of an allow-type or a deny-type; evaluating the first rule by executing one or more of its operations, wherein when any of the executed operations of the first rule returns a result that is not definitive, if the first rule is of the allow-type, assigning a final result as an indication to skip evaluation of the rule, and if the rule is of the deny-type, assigning the final result to the first rule as an indication to deny access to the object; determining final results for the one or more rules; and based on the final results, allowing or denying access to the object.

Abstract: The invention relates to a method for reading at least one attribute stored in an ID token, wherein the ID token is assigned to a user, comprising the following steps: authenticating the user with respect to the ID token, authenticating a first computer system with respect to the ID token, after successful authentication of the user and the first computer system with respect to the ID token, read-access by the first computer system to the at least one attribute stored in the ID token for transfer of the at least one attribute to a second computer system.

Abstract: Networked electric vehicle charging stations for charging electric vehicles are coupled with an electric vehicle charging station network server that performs authorization for charging session requests while the communication connection between the charging stations and the server are operating correctly. When the communication connection is not operating correctly, the networked electric vehicle charging stations enter into a local authorization mode to perform a local authorization process for incoming charging session requests.

Abstract: A typical system environment comprises a terminal device, a secure storage subsystem, and an interconnectivity component. The terminal device has a network connectivity subsystem enabled for data connectivity with a wireless communications network. The secure storage subsystem has a secure storage memory for securely storing contents and is enabled for local RF connectivity through a local RF communication subsystem. The secure storage subsystem is operable as a contactless smartcard in accordance with any contactless technology. The interconnectivity component is adapted to enable communication of the secure storage subsystem through the network connectivity subsystem with the network. The interconnectivity component is further configured to detect that messages received from the network are destined for the secure storage subsystem and is configured to supply that identified messages to the secure storage subsystem.

Abstract: A vehicle keypad lock control system includes a computer programmed to determine whether the keypad master code should be deactivated based at least on data received by or stored on the computer. The computer deactivates the keypad master code in response to a determination that the keypad master code should be deactivated. The computer may actuate the power lock to an unlocked condition in response to receiving keypad data including the keypad master code while the keypad master code is activated.

Abstract: A method for minimizing a physical queue for a first guest attraction, the method including storing a guest identifier corresponding to a guest in a first virtual queue, wherein a position of the guest within the first virtual queue is associated with an estimated wait time for the first guest attraction, updating the first virtual queue when the position of the guest within the first virtual queue is changed, providing a notification to the guest to enter the physical queue when the position of the guest in the first virtual queue is less than or equal to a threshold position of the first virtual queue, removing the guest identifier from the first virtual queue in response to an indication to dequeue the guest from the first virtual queue, storing the guest identifier in a second virtual queue corresponding to the physical queue, and removing the guest identifier from the second virtual queue in response to an indication that the guest is exiting the physical queue.

Abstract: Embodiments of systems, methods, and machine-readable media are disclosed for enabling the management of a transit user account of a transit system with a mobile device. Embodiments of a transit system utilizing such transit user accounts are also disclosed. Embodiments for enabling a mobile device to manage a transit user account can include receiving an identification code of a fare media and receiving contact information of the mobile device. The transit user account, which can be used in transactions of the transit system associated with the fare media, can be created using user information and a passcode. Additionally, the mobile device can be authenticated by sending at least one message to the mobile device and receiving at least one message from the mobile device.

Abstract: A system for information delivery includes: an electronic tag for holding a tag identifier being updatable; a server for storing the tag identifier held in the electronic tag and information corresponding to the tag identifier; and a terminal for causing the information corresponding to the tag identifier to be delivered from the server. The terminal includes a memory, and a processor coupled to the memory and configured to execute a process. The process executed by the processor includes reading the tag identifier from the electronic tag, updating the tag identifier in the electronic tag with a new tag identifier that is different in content from the tag identifier read from the electronic tag, and establishing, after updating the tag identifier in the electronic tag, a time period in which a discrepancy between the tag identifier in the electronic tag and the tag identifier stored in the server occurs.

Abstract: A residential key may be programmed by a computer with access rights information. A lock device may receive the access rights information from the residential key. The lock device may store and utilize the access rights information if the lock determines that the residential key is authorized to update the lock device.

Abstract: Systems and methods for continuously secure Intelligent Platform Management Interface (IPMI) Remote Authenticated Key-Exchange Protocol (RAKP) over hash cracks. The system includes a management controller, which may receive, from a computing device via a network under the IPMI RAKP protocol, a credential information including a password. In response, the management controller may generate a hash information based on the password, and send the hash information to the computing device. Since the hash information may be used to crack the password, after a time interval from sending the hash information to the computing device, the management controller may change the password to a new password, in order to maintain the security of the password.

Abstract: A computer-implemented method includes: receiving a request for associating a first index of privileges and permissions with an identity token, the first index specifically encoding the privileges and permissions of a first subscriber in accessing transactional data of the requester, the request including the identity token that identifies a person and has been issued to the requester by a trusted entity through a vetting process; in response to determining that the identity token is valid and verifying that the requester is the person identified by the identity token, associating the first index of privileges and permissions of the first subscriber with the identity token; and providing the identity token associated with the first index of privileges and permissions of the first subscriber, the identity token enabling the first subscriber to access transactional data of the requester in accordance with the first index of privileges and permissions.

Abstract: A computerized system allows intercommunication of patients with respect to the treatment of their diseases. This system includes an electronic medical record database providing electronic medical records of a given set of patients as developed by healthcare professionals and linked to an anonymous identifier for each patient and a set of terminal devices accessible to the patients allowing for the electronic exchange of information through a display and data input device.

Abstract: Approaches presented herein enable performing a health analysis of a user using a smart floor mat. Specifically, a sensory array of the smart floor mat collects static and dynamic pressure data for capturing the movement and force exerted by a user's feet as the user walks across the smart floor mat. A healthcare analysis is then performed by comparing this current measurement data against the user's historical measurement data and expected results to generate a healthcare insight such as a trend, pattern, or deviation. The healthcare insight can predict or indicate a health issue. If a deviation exceeding a predefined permissible threshold exists, a healthcare professional can be notified.

Abstract: Network access control systems and methods are provided herein. A method includes receiving at a network device a SYN packet from a client device over a network, determining if the client device is a trusted source for the network using the SYN packet, if the client device is a trusted resource, receiving an acknowledgement (ACK) packet from the client device that includes identifying information for the client device plus an additional value, and identifying information for the network device, and establishing a connection with the network for the client device.

Abstract: The invention creates a data carrier, in particular chip card, in particular smart card, having a device for generating one-time passwords and having a display for displaying generated one-time passwords. Preferably the data carrier is a Eurocheque card or credit card with the integrated function of an electronic purse (cash card function) and the generated one-time password is a transaction number (TAN) for acknowledging a secure electronic payment transaction.

Abstract: A control system including a detection device and a control host is provided. The detection device is configured to detect a biometric characteristic to accordingly identify a user ID, and output an ID signal according to the user ID. The control host is configured to receive the ID signal to accordingly perform an individualized control associated with the user ID.

Abstract: A hybrid device includes a personal digital key (PDK) and a receiver-decoder circuit (RDC). The PDK and RDC of the hybrid device are coupled for communication with each other. In one embodiment, the hybrid device also provides a physical interconnect for connecting to other devices to send and receive control signals and data, and receive power. The hybrid device operates in one of several modes including, PDK only, RDC only, or PDK and RDC. This allows a variety of system configurations for mixed operation including: PDK/RDC, RDC/RDC or PDK/PDK. The present invention also includes a number of system configurations for use of the hybrid device including: use of the hybrid device in a cell phone; simultaneous use of the PDK and the RDC functionality of hybrid device; use of multiple links of hybrid device to generate an authorization signal, use of multiple PDK links to the hybrid device to generate an authorization signal; and use of the hybrid device for authorization inheritance.

Abstract: An input device of a secure authentication protocol system may receive at least one user authentication factor in a pre-boot session. The input device may verify the received authentication factors and may store the verified authentication factors. During a post-boot session, the input device may communicate the verified authentication factor and a stored post-boot session credential received during a prior post-boot session to an authentication engine executing in a trusted execution environment. The authentication engine verifies the received post-boot session credential is logically associated with an immediately preceding post-boot session. Upon successful verification of the received post-boot session credential, the verified authentication factors or data indicative of a successfully verified authentication factor received during the pre-boot session are used in the current post-boot session.

Abstract: A customer can be recognized at a point-of-sale (POS) system. The customer can be recognized using a customer card or using image processing technology. The POS system is a self-service POS system. The scan rate for the customer can be compared with a minimum scan rate using a processor, and an action can be initiated responsive to the comparing.

Abstract: A mobile, wireless biometric identification system includes a biometric capture device which enables a smartphone, using a commercially established wireless communication networks, to capture a digital image of a human biometric (iris, fingerprint, etc.) for transmission to a central server. The biometric capture device captures a high quality image for encoding and comparison, while the overall system leverages the existing cellular communication network. The device can be used as an interface to medical databases and devices used to diagnose and treat patients.

Abstract: A first request for a transfer of data is transmitted in response to the use of a user device; it is determined that the first request for the transfer of data has been declined; an event is detected that indicates that the transfer of data in response to the use of the user device can be accepted; and a second request for the transfer of data is transmitted in dependence on detecting that the event has occurred.

Abstract: In some embodiments, systems, apparatuses and methods are provided to support the delivery of products. Some embodiments provide a retail delivery locker system comprising: multiple delivery lockers comprising: a housing enclosing an interior product cavity; a door enabling access to the product cavity; first and second docking couplers each configured to securely dock with a docking station and a docking coupler of another locker; and a communication link between the first and second docking couplers; and multiple docking stations each comprising: a locker coupler configured to secure a locker with the docking station; a station control circuit that obtains a first locker identifier from a first locker, confirms the first locker is scheduled to dock with a docking station, and authorize the locking of the docking station with the first docking coupler; and a transceiver enabling the station control circuit to communicate with a remote central control system.

Abstract: There are provided systems and methods for parking guidance and parking services provided through wireless beacons. A location may include a nearby or attached parking structure having wireless beacons established throughout the parking structure, such as near an entrance and individual parking spaces of the parking structure. The beacons may provide communication services with a device for the user. When the user arrives at the parking structure, the user may be informed of available parking spaces, payments for parking services based on a loyal customer status, or other parking feature for the parking structure. The wireless beacons may monitor the parking structure and the individual parking spaces to determine a best space for the user. Moreover, once the user leaves the vehicle, the user may provide additional payment for parking time and utilize courier and locker services for purchased items through the wireless beacons.

Abstract: Systems and methods for authenticating parties and transactions are described herein. The systems and methods may be part of an information wallet system. The information wallet system or a separate authentication system in communication with the information wallet system may facilitate verification and/or authentication of the parties. In one embodiment, the authentication system includes an authentication server configured to receive an authentication request from a first party to authenticate a second party. The authentication server is further configured to transmit an information request the second party. The authentication server is configured to receive second party information and to configured to compare the second party information with a verified second party information. The authentication server is configured to transmit an authentication result to the first party device.

Abstract: A device and method for generating a dynamic personalized events feed that is personalized for a user is provided. The device may include one or more processors configured to determine events that match filtering information, generate the dynamic personalized events feed based on the determined events, and update the generated dynamic personalized events feed based on the determined events. The device may also include a network interface component coupled to a network, the network interface component configured to receive the filtering information, and transmit the generated dynamic personalized events feed to a user device. The device may further include a memory, the memory storing event information and user information for determining events that match the filtering information.

Abstract: Systems and methods are provided for validating a vehicle component. The system includes a vehicle electronic control unit (ECU) in electronic communication with a power unit via a communications bus. The vehicle ECU is configured to detect an electronic connection between the vehicle ECU and the power unit and transmit a power start up signal to the power unit when the power unit is authenticated to start up. The power unit is authenticated to start up when a power unit start-up program passcode stored in a memory of the vehicle ECU matches a predetermined ECU passcode. The vehicle ECU is configured to erase the power unit start-up program passcode from the memory when the power unit is disconnected from the communications bus. The vehicle ECU is configured to re-authenticate the power unit to start up when a new power unit start-up program passcode is stored in the memory that matches another predetermined ECU passcode.

Abstract: A disclosed information processing method is executed in a distributed processing system that processes data by plural information processing apparatuses. And the information processing method includes: obtaining, by a first information processing apparatus of the plural information processing apparatuses and from a second information processing apparatus that manages relations among data, identification information of first data that has a predetermined relation with second data and identification information of an information processing apparatus that manages the first data, upon detecting access to the second data managed by the first information processing apparatus; reading out, by the first information processing apparatus, the first data, upon determining that the information processing apparatus that manages the first data corresponds to the first information processing apparatus; and loading, by the first information processing apparatus, the first data into a cache.

Abstract: A method for detecting fraudulent use of a payment media using a transit server includes receiving, at a transit server, an input from a payment media as part of a payment transaction at a first transit fare vending machine. The input includes an account identifier associated with a payment account of the payment media. Authentication information is received and an authentication request is communicated to an issuer of the payment account. The authentication request includes the account identifier. Information indicative of improper use of the payment media is received from one or more of a second transit fare vending machine or the issuer of the payment account. A determination is made, based on the information, that the payment media is being used improperly. An improper use alert is communicated to an enforcement authority. The improper use alert includes identification information related to the payment transaction.

Abstract: An apparatus estimates control features of remote controls comprising cameras for detecting light points from beacons located at or near devices that are to be controlled via the remote controls by letting the cameras further detect light points from non-beacons. Processors estimate the control features in response to information from the detections of the light points. The non-beacons comprise noise sources or any other sources different from the beacons. Memories store per time-interval the information per detection. The light coming from the beacons may be modulated light and the light coming from the non-beacons may be other light. The information may comprise coordinates, sizes and intensities of light points per detection and per time-interval. The control feature may comprise a pointing position, a distance, a rotation, a tilt, a location, a speed, an acceleration, a movement and/or a zoom of the remote control.

Abstract: A system and method of purchasing goods and arranging delivery. The system receives, from a mobile device within a physical store, identifications, made by a customer using the mobile device, of at least two items in the physical store as items to be purchased. The items to be purchased include a first set of items to be delivered and a second set of items not to be delivered. The system receives, from the mobile device, a delivery address for a first set of items. The system receives payment for the first set of items and the second set of items in a single transaction. The system places items corresponding to the first set of items in a delivery pipeline for subsequent physical delivery to the delivery address and authorizes removal of the second set of items from the physical store.

Abstract: A user inputs a password at a user device whose processor receives the password, retrieves a stored derived value resulting from a derivation function, preferably a cryptographic one-way function, applied to a reference password, scrambles the received password using a function taking the derived value as a variable to obtain a scrambled password, and sends the scrambled password to an authentication server. In case the stored derived value cannot be retrieved, the processor uses the derivation function to generate a derived value from the received password. In case the password is received during generation of a new password, the processor generates and stores a derived value from the new password. In an embodiment, the apparatus comprises the authentication server.

Abstract: Systems and methods for reading Radio Frequency Identified (RFID) tags. In an embodiment, an enclosure having, within it, an antenna and processor is provided. The processor may be configured to record tag observations for tag identifiers received by the antenna from RFID tags. For one or more time intervals, tag observations may be identified which satisfy a tag filter, and a confidence that RFID tags satisfying the tag filter were in the field of view of the antenna during the time interval may be computed based on the identified tag observations. According to an embodiment, reports for tag filters may be then generated using the computed confidences, and these reports may be transmitted to an external system over a network.

Abstract: Systems and methods for providing redundant access control systems are disclosed. According to some embodiments of the invention, the systems and methods include a smart lock that provides redundant access control. The smart lock includes a button that has a plurality of redundant access channels for receiving authentication information. The redundant access channels may include a biometric scanner for receiving biometric information, a passcode keypad for entering a token, or a wireless transceiver for receiving a token from a mobile device and transmitting a response to the mobile device. When the user cannot open the lock through the first redundant access channel, the smart lock is configured to allow access through a second access channel. In some embodiments, the button is a freely rotating button that translates the rotational energy into electrical energy using, for example piezo elements, to energize a rechargeable power source, such as a capacitor bank.

Abstract: A device embodiment includes, but is not limited to, a deformable substrate; a sensor assembly including one or more identity sensors configured to generate one or more identity sense signals associated with at least one physical characteristic of the individual subject; circuitry configured to compare the one or more identity sense signals generated by the sensor assembly to reference data indicative of one or more physical characteristics associated with an identity of at least one individual to determine whether the one or more identity signals correspond to the identity of the at least one individual; and a reporter configured to generate one or more communication signals associated with at least one of the one or more identity sense signals or a comparison of the one or more identity sense signals with the one or more physical characteristics associated with the identity of the at least one individual.

Abstract: A method for manufacturing and turning a near field communication antenna is provided. A method for manufacturing and tuning a near field communication antenna comprising loading one or more ferrite substrates onto a workstation, loading an antenna biscuit onto the workstation, the antenna biscuit comprising one or more interconnected antennas, stamping the antenna biscuit to form one or more individual antennas, applying the one or more individual antennas to the one or more ferrite substrates to form one or more antenna assemblies, and adjusting placement of the one or more individual antennas relative to the ferrite substrates to adjust functional properties of the one or more antenna assemblies.

Abstract: A system and method of regulating access to a vehicle from a wireless device communicating using short-range wireless communications includes: transmitting a vehicle access certificate signing request from the wireless device to a central facility; receiving an authenticated vehicle access certificate from the central facility in response to the vehicle access certificate signing request, wherein the authenticated vehicle access certificate is signed using a central facility private key and includes the wireless device public key; transmitting the authenticated vehicle access certificate containing the wireless device public key from the wireless device to the vehicle via a short-range wireless communications protocol; receiving from the vehicle a shared secret that is encrypted by the wireless device public key; decrypting the received shared secret using a wireless device private key; generating a command controlling vehicle functions; and transmitting the command from the wireless device to the vehicle.

Abstract: Systems, methods, and computer-readable media for providing standards compliant encryption, storage, and retrieval of date are disclosed. In an embodiment, data is received at a first data center from a first device in connection with a service request, and encrypted to produce encrypted data. The encrypted data may be transmitted from the first data center to the first device, and then may subsequently be received at a second data center. The second data center may store the encrypted data in a database accessible to the second data center. Because all data provided to the system is encrypted by the first data center prior to being stored and/or provided to the second data center, the database and the second data canter may be out of the scope of compliance monitoring, auditing, and reporting for one or more date security standards.

Abstract: A system implemented at a user structure, to monitor a tracked object using a three-body arrangement including the user, a tracked object, and a controlling apparatus. The system has a data storage device including user-presence module code causing a processor to determine, based on wireless sensing, whether the user has entered a first space having a boundary external to the user structure, or has left the space. Object-presence module code causes the processor to determine, based on tracked-object-presence data, whether the tracked object is within a second space. And the storage device includes alert-module code to, in response to determining that, depending on the embodiment, (i) the user entered or exited the first space and (ii) the tracked object is or is not present within the second space, initiate provision of a system-user alert communication to indicate that the tracked object is not present within the second sensed space.

Abstract: Method and devices for making access decisions in a secure access network are provided. The access decisions are made by one or more portable credentials using data and algorithms stored on or received by two or more credentials. Since access decisions are made by the portable credential or credentials, non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database, thereby reducing the cost of building and maintaining the secure access network.

Abstract: A wireless batch calibration apparatus, a wireless batch calibration system and a wireless batch calibration method. The wireless batch calibration apparatus includes a wireless transceiver, a processor circuit and a storage circuit. The wireless batch calibration apparatus receives a reference signal from a golden sample and a to-be-calibrated signal from each of a plurality of to-be-calibrated devices. The wireless batch calibration apparatus calculates the compensation value of each to-be-calibrated device, generating a compensation polynomial according to the compensation value and a calibration precision of each to-be-calibrated device, and establishes a calibration table. The wireless batch calibration apparatus writes the compensation polynomial and a setting bit back to each to-be-calibrated device, and completes the batch calibration of a plurality of to-be-calibrated devices.

Abstract: A system for controlling access to one or more enclosed areas comprises at least one access card reader and controller powered via a Power-over-Ethernet (PoE) interface, each access card reader and controller being capable of controlling access through a particular entrance to a particular enclosed area and an access control server in communication with the at least one access card reader and controller, the access control server being capable of controlling the operation of the at least one access card reader and controller, and a signal converter disposed between the access card reader and the access control server.

Abstract: The present disclosure provides a method in a communication device for scheduling of feedback. The method includes determining, for a data transmission, a resource element to be scheduled for a feedback signal being responsive to the data transmission. The resource element is determined to be within a feedback time limit. The feedback time limit indicates a maximum allowable time period between transmitting the data transmission and receiving the feedback signal. The feedback time limit is dependent on a type of resource allocated to the data transmission and/or a type of traffic associated with the data transmission. The method further includes transmitting, to a wireless device, a feedback scheduling instruction indicating the resource element.

Abstract: A system for identity based ticketing is provided, wherein a user device sends a challenge to a terminal; the terminal updates a filter based on the challenge and sends the contents of the filter to the user device. The user device sends the contents of the filter, relating to the user device and the terminal, to a backend server; and the backend server derives from the contents of the filter information concerning user behavior.

Abstract: Techniques are disclosed relating to securing physical compartments and allowing users access via a mobile device configured to use a mobile authentication system. In some embodiments, a locking device for a physical container is configured to unlock only if both a transaction authentication system confirms successful authentication of a mobile device and an auxiliary key is present. The locking device may receive encrypted data from the mobile device via a short-range wireless connection, transmit the data to the transaction authentication system, and receive a message indicating whether authentication was successful. The mobile device may encrypt the data using a replenishment key from the transaction authentication system; therefore the authentication may decrypt the received encrypted data to confirm an identity of the mobile device. In some embodiments, disclosed techniques may allow users to use their mobile device to unlock a safety deposit box without requiring extensive infrastructure investment, e.

Abstract: An RFID tag is equipped with an energy sensor for receiving an appropriate energy signal or registering an appropriate temperature/environmental level. The RFID tag only responds to a query from an RFID reader if the sensor receives the appropriate stimulation.