Abstract: Systems and methods for using an arbitrary base value for EPID calculations are provided herein. A system to use arbitrary base values in enhanced privacy ID (EPID) calculation, where the system includes a microcontroller; and a memory coupled to the microcontroller; wherein the microcontroller is to: obtain an arbitrary value at a member device, the member device being a member of a group of member devices, each member device in the group of member devices having a unique private EPID key assigned from a pool of private keys, where any of the pool of private keys is able to sign content that is verifiable by a single group public key, and the arbitrary value being one of a time-based value or a usage-based value; construct an EPID base using the arbitrary value; and transmit content signed with the private key using the EPID base to a verifier.

Abstract: A service providing system includes an application configured to provide a service to a terminal device that has made a service request including use identification information; a creator configured to create group identification information for identifying a group of the use identification information, based on a creation request from the application; an issuer configured to issue the use identification information associated with the group identification information, based on an issue request from the application, the issue request including the group identification information; and a verifier configured to verify the use identification information, based on a verification request from the application, the verification request including the group identification information and the use identification information.

Abstract: The Messaging Search and Management Apparatuses, Methods and Systems (“MSM”) transforms message, ranking request inputs via MSM components into work graphs, ML structure input data, ML structure, ranking response outputs. A work graph generation request that includes group level access control data may be obtained. A set of metadata access control carrying messages, a set of users, a set of channels, and a set of topics with access control data corresponding to the group level access control data may be determined. A user priority score for each of the other users, a channel priority score for each of the channels, and a topic priority score for each of the topics, from the perspective of each user, may be calculated. A work graph data structure may be generated that includes, for each user, data regarding the calculated user priority scores, channel priority scores, and topic priority scores.

Abstract: A method includes: displaying, by a second device, prompt information, where the prompt information is used to inform a user that a task executed on a first device may be handed off to the second device for execution; receiving, by the second device, a first operation of the user, and collecting a fingerprint used when the user performs the first operation, where the first operation is used to request execution of the task on the second device; acquiring, by the second device, first fingerprint information and second fingerprint information by using the first device; calculating, by the second device according to the fingerprint used when the user performs the first operation and the first fingerprint information, third fingerprint information; and executing, by the second device, the task when the third fingerprint information matches the second fingerprint information.

Abstract: A method may include identifying a shared usage of a first network address and a second network address in a predetermined period of time. The method may also include clustering the first network address and the second network address based on the shared usage. The method may include determining a weighting factor between the first network address and the second network address based on the shared usage. The method may further include receiving a request that includes the second network address from a client device. The method may include determining that the request for the electronic activity does not include suspicious activity based on the first network address and the second network address being in the cluster. The method may further include permitting the electronic activity based on the determination that the request for the electronic activity does not include suspicious activity.

Abstract: A system and method are disclosed for authenticating and authorizing access to and accounting for consumption of bandwidth for IPv6 connectivity to the Internet over Wireless Access Vehicular Environment (WAVE) service channels by client devices using an Authentication, Authorization and Accounting (AAA) server. The AAA server authenticates and authorizes client devices to access WAVE service channels, and accounts for bandwidth consumption by the client devices using WAVE service channels to access the Internet. The AAA server enables an RSU infrastructure operator to quantify wireless bandwidth consumption by in-vehicle devices using the WAVE Service Channels, on a per-device basis.

Abstract: Pre Shared Keys (“PSK”) for application and data session security are generated using application authentication secret values stored in a SIM device/card. The SIM internally uses the secret values as inputs to a security algorithm engine, but the secret values are not accessible outside of the SIM. The application authentication secret values cannot be used to authenticate the SIM, or a device that includes the SIM, to a communication network. Rather, symmetric keys and keying material are generated for use by applications outside of the standard and conventional wireless networking uses of a SIM device. Updated PSKs are generated at different network endpoints such that the PSKs are generated individually and separately at the endpoints; the ‘preshared’ keys are not actually shared. Thus, a client endpoint and a server endpoint, or an endpoint associated with the server, independently generate the same PSK without the PSK being transmitted between the endpoints.

Abstract: A system receives a request to authenticate a user and determines a first set of cell identifiers of a card matrix to associate with the user. The system receives a first factor, which comprises a first set of received cell values corresponding to the first set of cell identifiers of the card matrix. The system further determines a first set of stored cell values corresponding to the first set of cell identifiers of the card matrix and compares the first set of received cell values to the first set of stored cell values. The system also receives a second factor, which is different than the first factor. Finally, the system determines that the user is authenticated based at least in part upon the comparison of the first set of receives cell values to the first set of stored cell values.

Abstract: Pre Shared Keys (“PSK”) for application and data session security are generated using application authentication secret values stored in a SIM device/card. The SIM internally uses the secret values as inputs to a security algorithm engine, but the secret values are not accessible outside of the SIM. The application authentication secret values cannot be used to authenticate the SIM, or a device that includes the SIM, to a communication network. Rather, symmetric keys and keying material are generated for use by applications outside of the standard and conventional wireless networking uses of a SIM device. Updated PSKs are generated at different network endpoints such that the PSKs are generated individually and separately at the endpoints; the ‘preshared’ keys are not actually shared. Thus, a client endpoint and a server endpoint, or an endpoint associated with the server, independently generate the same PSK without the PSK being transmitted between the endpoints.

Abstract: In a management system which allows measurement results obtained by sensors to be collected and a management target to be managed on the basis of the collected measurement results, a management device and the like that can provide more useful information for managing the management target are provided. The management device includes: an obtainment unit configured to obtain, from each of a plurality of sensors each configured to perform measurement regarding a management target, sensor information indicating a result of the measurement and identification information of the sensor; and a group management unit configured to perform a grouping process of dividing a plurality of the sensors into a plurality of groups by using the pieces of the identification information obtained by the obtainment unit, and to perform a process of storing group information indicating a result of the grouping process.

Abstract: A system and method for establishing and monetizing trusted identities in cyberspace relying upon user opt in. Users request to attain secure IDs for accessing parties that will rely on secure IDs to complete a transaction, for example merchants and service providers (relying parties). The relying parties (RPs) communicate with identity service providers and attribute providers via an Attribute Exchange Network (AXN) in order to obtain verified attributes associated with an entity (end user or user) that wishes to conduct business with the relying party. The relying party makes requests for verified attributes that are important to consummating business transactions for the relying party. Users are informed of requests for attributes on behalf of relying parties and users have the option to verify attributes, and add new attributes that may be useful or required for conducting business with relying parties.

Abstract: Systems and methods of cryptographically protecting location data transferred between servers via a network to tune a location engine are described herein. A first encryption module determines a first hash value for each location determination, encrypts the first hash value for each location determination using a first encryption protocol to generate a first encrypted data set, and transmits the first encrypted data set to a server. The first encryption module receives, from the server, a second encrypted data set with second hash values generated by a second encryption module of the server using a second encryption protocol. The first encryption module creates a first double encrypted data set from the second encrypted data set. A tuner compares the first double encrypted data set with a second double encrypted data set received from the server to adjust the location engine.

Abstract: An audio object (AOB) for which corresponding rights management information (RMI) has been generated by a license management apparatus, and an AOB for which RMI does not exist are written into a recording medium for use in an SDMI system which includes the license management apparatus. Each AOB is put in correspondence with a migration permission flag (MPF). When the corresponding AOB is the AOB for which RMI does not exist, the relevant MPF is set to on so as to show that a migration procedure is permitted. When the corresponding AOB is the AOB for which RMI has been generated by the license management apparatus, the relevant MPF is set to off so as to show that a migration procedure is not permitted.

Abstract: A method, by an authentication unit of a wireless access network, allows anchoring of a data packet session of a user entity connected to the wireless access network to a packet core network of a mobile communications network. The user entity uses an access identifier for its identification in the wireless access network. The access identifier is not used in the mobile communications network to identify a subscriber. A request message is received in which access to the wireless access network is requested. The request message contains an MAC address of the requesting user entity. The MAC address is converted into a sequence of digits used as a mobile subscriber identifier with which the user entity is identified in the mobile communications network and a response message is transmitted accepting the access to the packet core network. The response message includes the sequence of digits used as mobile subscriber identifier.

Abstract: A method and system for providing security against phishing attacks. The method can include receiving a login ID from a client, and providing an encrypted commitment to the client. The method can also include receiving a one-time password (OTP) from the client, and validating the OTP. The method can also include sending a commitment key, to be authenticated by the client, receiving a static password from the client and authenticating the client. Embodiments of the invention are directed to a system for providing security against phishing attacks. The system can include one or more servers configured to receive a login ID from a client, and provide an encrypted commitment to the client. The processors can be configured to receive a one-time password (OTP) from the client, validate the OTP, send a commitment key, to be authenticated by the client, receive a static password from the client and authenticate the client.

Abstract: Diverting communication content directed to a wireless device based on a determined state of a display of the wireless device is presented herein. A method can include receiving state information representing a display state of a display of a wireless device; and in response to determining, based on the state information, that the display has been inactive for a defined period of time, redirecting communication content that has been directed to the wireless device to an intermediary device. In an example, the redirecting can include storing the communication content in the intermediary device as stored content, and in response to determining, based on the state information, that the display has been active, sending, via the intermediary device, the stored content directed to the wireless device.

Abstract: Technologies for verification include storage with private keys, wherein each private key is associated with a group affiliation. The storage also includes characteristic information about an apparatus. The technologies also include a wireless interface configured to receive a request from a reader for verification of membership of the apparatus within a group affiliation. The technologies further include a controller with programmable logic for configuring the controller to determine whether to verify membership of the apparatus within a given group affiliation. The controller is also configured to verify membership of the apparatus within the given group affiliation by signing data with a private key associated with the given group affiliation. The signed data is sent to the reader. Membership within the given group affiliation conveys a subset of the characteristic information.

Abstract: The disclosure relates to a security method and system in a telecommunications network comprising a radio access network system and a core network system. The radio access network system is configured to provide a wireless radio interface for at least one user device, wherein a shared secret key is stored in both the user device and the core network system. At least one vector is received from the core network system comprising one or more values derived from the shared secret key. At least one of an authentication procedure and a key agreement procedure is performed in the radio access network system for the user device over the wireless radio interface using the one or more values of the received vector for establishing a connection between the user device and the radio access network system.

Abstract: Systems and methods of processing a real-time communication in web-browsers (RTCWEB) authentication by a first server are disclosed. These include receiving a message from a first user equipment including a first identity of a first user, a first fingerprint of the first user equipment and a first signature generated from a first Identity provider (IdP), sending a call offer message including the first identity, the first fingerprint and the first signature to a second server associated with a second user equipment, receiving from the second server a first challenge message that request an authentication for the first identity, and redirecting the first user equipment to access the second server.

Abstract: The communication device sends an authentication code (N) to a semiconductor memory to instruct the semiconductor memory to authenticate the communication device. The semiconductor memory authenticates the communication device based on the authentication code (N), and if the communication device is determined to be valid, sends an authentication code (N+1) to the communication device to instruct the communication device to authenticate the semiconductor memory in response to the authentication code (N). The communication device authenticates the semiconductor memory based on the authentication code (N+1).

Abstract: A collation system includes a first node, a second node and a third node. The first node includes: an encryption unit; a distance calculation unit t; and a collation data generation unit. The second node includes: a key generation unit; and a collation unit. The third node includes: a storage unit; and a collation information generation unit.

Abstract: The present disclosure provides a device, method, and system for enabling multiple wireless communication devices to communicate with a trusted network over a secure connection. The device includes a communication interface configured to communicate with the wireless communication devices and local area networks (LANs) and a processor configured to: broadcast a non-trusted service set identifier (SSID); in response to detecting a non-secure connection to a wireless communication device of the wireless communication devices using the non-trusted SSID, establish a connection to a local area network (LAN) of the LANs. In response to establishing a connection to the LAN: the processor establishes a secure connection to the trusted network; discontinues broadcast of the non-trusted SSID; and broadcasts a trusted SSID to the wireless communication devices to enable the wireless communication devices to wirelessly connect to the network device to communicate with the trusted network using the secure connection.

Abstract: Secure application-to-application communication is disclosed. A shared encryption key may be used to encrypt data to be transferred from a first mobile application to a second mobile application. The encrypted data is provided to a shared storage location. The second mobile application is configured to retrieve the encrypted data from the shared storage location.

Abstract: A computer in an untrusted cloud network functions as a cloud-based enterprise application store via which a client computer (client) establishes a connection to an enterprise application in a trusted enterprise network. User authentications are performed in both a login phase and subsequent application launch phase, each authentication receiving from the client and transmitting to the enterprise network an encrypted password and encrypted key, the encrypted password being a user password encrypted under a first one-use symmetric key, the encrypted key being the first symmetric key encrypted under a public key of a private/public key pair of the enterprise network. The enterprise network decrypts the encrypted key and encrypted password to obtain the user password for authenticating the user. The launch-phase authentication includes use of a login ticket including a second one-use symmetric key under which the user password is encrypted and stored in encrypted form in the enterprise network.

Abstract: Techniques and mechanisms for exchanging encrypted communications wirelessly with an accommodation-capable eye-mountable device (EMD). In an embodiment, a controller of the EMD is configured to encrypt data to be sent from the EMD to an auxiliary device or to decrypt data received by the EMD from the auxiliary device. Cryptographic operations to securely exchange the communications are based on a key value and a vector determined at the EMD. In another embodiment, the auxiliary device operates as a master, and the EMD operates as a slave, at least with respect to enablement of a functionality of the EMD to change an association of a cryptographic key value with a vector.

Abstract: A Software-Defined Network (SDN) determines hardware trust for SDN communications. A probe system transfers probe packets having an originating address, destination address, and Hardware Root-of-Trust (HRoT) reporting parameter. SDN flow controllers receive the probe packets through input interfaces and route the packets from the input interfaces to output interfaces based on the destination address. Responsive to the HRoT reporting parameter, the SDN flow controllers encode SDN flow controller Hardware Identifiers (HW IDs) and transfer response packets that indicate the encoded SDN flow controller HW IDs, the SDN input interfaces, and the SDN output interfaces. The probe system processes the response packets to identify an end-to-end communication path for the originating address and the destination address based on the input interfaces and the output interfaces. The probe system determines hardware trust status for the end-to-end communication path based on the encoded SDN flow controller HW IDs.

Abstract: A method for configuring an Internet protocol (IP) address of a small cell includes determining whether the small cell has received authorization from a core network of a mobile operator, determining whether the core network has priority over a local network to connect to the small cell, obtaining a local IP address from a dynamic host configuration protocol (DHCP) function implemented in the small cell or in an access point of the local network of the small cell, and using a core network IP address assigned to the small cell by the core network when the core network has priority over the local network. The small cell determines whether the core network IP address is the same as the local IP address. When the core network IP address is the same as the local IP address, the local IP address of the small cell is changed.

Abstract: Methods and apparatus for data aggregation and multiplexing of one or more virtual bus interfaces via a physical bus interface. Various disclosed embodiments are configured to: (i) multiplex multiple logical interfaces over a single physical interface, (ii) exchange session management and logical interface control, (iii) manage flow control, (iv) provide “hints” about the data (e.g., metadata), and/or (v) pad data packets. In one particular implementation, the methods and apparatus are configured for use within a wireless-enabled portable electronic device, such as for example a cellular-enabled smartphone, and make use of one or more features of a high-speed serialized physical bus interface.

Abstract: Embodiments are directed towards communicating using a mobile device that performs actions including. A mobile device may be provisioned with an access point such that a provisioning key and a provisioning token for each of the provisioned access points may be stored on the mobile device. The mobile device may be determined to be in the presence of a provisioned access point based on the provisioning key and an advertising nonce. The advertising nonce may be encrypted with the provisioning key. A communication channel between the mobile device and the access point may be established based on a session nonce, the advertising nonce, and the provisioning key. A session key may be generated based in part on the advertising nonce and a message counter. And, encrypted message packets that include a message and a message authentication tag may be communicated to the access point.

Abstract: A data security system, and method of operation thereof, is provided that includes: an electronic authentication subsystem for verifying a user identification against an authentication key and for employing the authentication key for retrieving an encryption key, the authentication key only accessible from inside the electronic authentication subsystem, and the user identification supplied from outside the data security system to a receiver within the electronic authentication subsystem; and a storage subsystem employing the encryption key for allowing unencrypted communication through the storage subsystem between a host computer system and a storage media.

Abstract: A system and methods are provided for establishing an authenticated and encrypted communication connection between two devices with at most two round-trip communications. During establishment of an initial authenticated, encrypted communication connection (or afterward), a first device (e.g., a server) provides the second device (e.g., a client) with a token (e.g., a challenge) that lives or persists beyond the current connection. After that connection is terminated and the second device initiates a new connection, it uses the token as part of the handshaking process to reduce the necessary round-trip communications to one.

Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media for using a single sign-on proxy to regulate access to a cloud service. In a particular embodiment, a method provides receiving an authentication request from a user system directed to a SSO service and determining whether the authentication request satisfies at least one criterion for allowing access to the cloud service associated with the SSO service. Upon determining that the authentication request satisfies the at least one criterion, the method provides forwarding the authentication request to the SSO service.

Abstract: In general, techniques are described for provisioning network devices in an Ethernet-based access network. For example, an access node located in an Ethernet-based access network positioned intermediate to a back office network and a customer network may implement the techniques. The access node comprises a control unit that discovers a demarcation point device that terminates the access network of the service provider network at the customer network. The control unit of the access node implements an Ethernet protocol to provide layer two network connectivity between the service provider network and the customer network, authenticates the demarcation point device based on a unique identifier assigned to the demarcation point device and, after successfully authenticating the demarcation point device, provisions the demarcation point device.

Abstract: In an embodiment, a method comprises intercepting, from a first computer, a first set of instructions that define one or more original operations, which are configured to cause one or more requests to be sent if executed by a client computer; modifying the first set of instructions to produce a modified set of instructions, which are configured to cause a credential to be included in the one or more requests sent if executed by the client computer; rendering a second set of instructions comprising the modified set of instructions and one or more credential-morphing-instructions, wherein the one or more credential-morphing-instructions define one or more credential-morphing operations, which are configured to cause the client computer to update the credential over time if executed; sending the second set of instructions to a second computer.

Abstract: A method and system for providing security against phishing attacks. The method can include receiving a login ID from a client, and providing an encrypted commitment to the client. The method can also include receiving a one-time password (OTP) from the client, and validating the OTP. The method can also include sending a commitment key, to be authenticated by the client, receiving a static password from the client and authenticating the client. Embodiments of the invention are directed to a system for providing security against phishing attacks. The system can include one or more servers configured to receive a login ID from a client, and provide an encrypted commitment to the client. The processors can be configured to receive a one-time password (OTP) from the client, validate the OTP, send a commitment key, to be authenticated by the client, receive a static password from the client and authenticate the client.

Abstract: There is provided an information processing apparatus including a Web service using unit configured to have a Web browser function supporting a cookie and use a Web service provided by a Web server, a URL acquiring unit configured to acquire a URL to use a Web service in a different device, and a URL transferring unit configured to transfer the URL acquired by the URL acquiring unit to the different device. The URL acquiring unit acquires a one-time URL to make an access request to a Web service requesting authentication, from the Web server.

Abstract: Embodiments of a system and method for detecting a security compromise on a device are described. Embodiments may be implemented by a content consumption application configured to protect content decryption keys on a device, such as a computer system (e.g., a desktop or notebook computer) or a mobile device (e.g., a smartphone or tablet). For instance, the content consumption application may be configured to provide decryption keys for respective content to a media component (or another component of the operating system) if multiple conditions have been met. For instance, in various embodiments, the content consumption application may pass the key to the media component after ensuring that i) one or more security mechanisms of the device operating system have not been compromised and ii) one or more executable instructions of the content consumption application have not been tampered (e.g., instructions corresponding to a function that handles the decryption key(s)).

Abstract: A method for defense against primary user emulation attacks in cognitive radio networks includes the steps of generating an advanced encryption standard (AES)-encrypted reference signal with a transmitter for transmitting to at least one receiver. The method also includes the steps of allowing a shared secret between the transmitter and the at least one receiver and regenerating the reference signal at the at least one receiver and using the regenerated reference signal to achieve accurate identification of authorized primary users as well as malicious users.

Abstract: Various embodiments are generally directed to techniques to form and maintain secure communications among two or more body-carried devices disposed in close proximity to the body of a person to form a body area network (BAN). An apparatus to establish secure communications includes a processor component; a signal component for execution by the processor component to compare a signal characteristic of a security test signal to a known signal characteristic of the security test signal to derive a bioelectric characteristic, the security test signal received via a tissue; and a bioelectric component for execution by the processor component to determine whether to allow transmission of data through the tissue based on the bioelectric characteristic. Other embodiments are described and claimed.

Abstract: A computer-implemented method for pairing a point of sale printer with a client device, using two-way identification, is disclosed. The method comprises receiving, using the point of sale printer and a wireless communication protocol, a request to pair the point of sale printer. The method also comprises deriving, using the point of sale printer, the client device, and a device pairing protocol, a shared secret at the client device and the point of sale printer. The method also comprises printing, using the point of sale printer and upon deriving the shared secret, client device association information on a printout. The method also comprises receiving, using the client device and the printout, the client device association information. The method also comprises associating the point of sale printer and the client device using the client device association information as received using the client device.

Abstract: The invention provides for a telecommunications chip card for logging into a mobile a digital cellular mobile telecommunications network (107). The telecommunications chip card comprises a chip card reader interface for communicating with a mobile telephone device, a chip card processor means, and a secure memory means (302) for storing programs for execution by the chip card processor means. The secure memory means contains a program (304). The program causes the chip card processor means to: perform (200) a first cryptographic mutual authentication between the telecommunications chip card and a terminal device (502), receive (214) a configuration message (400, 402, 404, 406, 408, 410, 524) via the chip card reader interface, store the (216) configuration message in the secure memory means, and delete (218) the program from the secure memory means.

Abstract: Systems, devices, and methods are provided that allow the authentication of devices within analyte monitoring systems. The analyte monitoring systems can be in vivo systems and can include a sensor control device with a sensor and accompanying circuitry, as well as a reader device for communicating with the sensor control device. The analyte monitoring systems can interface with a trusted computer system located at a remote site. Numerous techniques of authentication are disclosed that can enable the detection of counterfeit components, such as a counterfeit sensor control device.

Abstract: A method for issuing a certificate signing request (CSR) certificate in a vehicle-to-anything (V2X) communication environment includes: receiving, at a first server, a certificate issuance request message including vehicle identification information transmitted from a communication module of the vehicle; determining, by a second server, whether a CSR certificate corresponding to the vehicle identification information has already been issued with reference to a database; and determining, by the second server, whether to issue the corresponding CSR certificate or whether to generate an error message, based on the determination of whether the corresponding CSR certificate has already been issued.

Abstract: Provisioning techniques are described. In implementations, a particular one of a plurality of public keys are located using an identifier included in a request received via a network. The located public key is communicated via the network, the public key configured to encrypt data that is to be decrypted by a secure element of a mobile communication device, the secure element implemented using hardware and including a private key that is configured to decrypt the data that was encrypted using the public key.

Abstract: Methods, systems, and media for producing a firewall rule set are provided herein. Exemplary methods may include: receiving metadata about a deployed container from a container orchestration layer; determining an application or service associated with the container from the received metadata; retrieving at least one model using the determined application or service, the at least one model identifying expected network communications behavior of the container; and generating a high-level declarative security policy associated with the container using the at least one model, the high-level declarative security policy indicating at least an application or service with which the container can communicate.

Abstract: A method and system for supporting multiple displays in a virtual machine (VM) environment are disclosed. The system includes a client device coupled to a server hosting one or more VMs. The client device may include multiple displays and a client display manager coupled to the displays. The client display manager may be operable to establish display connections with virtual devices of a VM, receive data generated by the VM via the display connections, and forward the data to a display controller of a relevant display.

Abstract: One feature pertains to a near field communication (NFC) target device comprising a memory circuit adapted to store sensitive data, an NFC interface adapted to transmit and receive information using NFC protocols, and a processing circuit. The processing circuit receives a plurality of provider identification (PID) numbers from a plurality of providers, where each PID number is associated with a different provider. The processing circuit also stores the PID numbers at the memory circuit, and assigns a privilege mask to each PID number received and stored. The NFC target device may also include a physical unclonable function (PUF) circuit. The processing circuit may additionally provide one or more PID numbers as input challenges to the PUF circuit, and receive one or more PUF output responses from the PUF circuit, where the PUF output responses are different from one another and are associated with different providers.

Abstract: A method of enabling applications to reference user information is provided, including receiving a request for a user identifier that references a user of the application and sending a second request for the user identifier to a server. The second request may include a second user identifier that references the user and a second authentication token for the second user identifier. Furthermore, the second user identifier and the second authentication token are not accessible by the user. The method includes receiving the user identifier and an authentication token for the first user identifier. The user identifier corresponds to the second identifier; and providing the user identifier and authentication token to the application. A method of enabling an application to identify users associated with a user of the application is provided; the method may include receiving, from the server, user identifiers that reference one or more users scoped to the application.

Abstract: A connection method for enhancing information security of an electronic system is disclosed. The electronic system comprises a plurality of communication devices. Each communication device is capable of establishing a plurality of wireless communication connections with another communication device. The plurality of wireless communication connections comprises a near field communication connection. The connection method comprises a first communication device and a second communication device utilizing the near field communication connection to perform a mutual verification process before the first communication device establishes a wireless connection with the second communication device, and the first communication device and the second communication device being allowed to establish a wireless communication connection of the plurality of wireless communication connections after the first communication device and the second communication device pass the mutual verification process.

Abstract: Secure storage and retrieval of data is provided with multiple data classes and data identifiers. Data values of a client are stored by receiving one or more authentication sets, at least one data value, an associated data class of the data value and a pseudo-random client value; calculating a data seed value based on the pseudo-random client value, a pseudo-random server value and the associated data class of the data value; generating a random data index value; generating a database index value based on the data seed value and the random data index value; storing the database index value; and providing the random data index value to the client. The client can be authenticated at the time of storage based on the one or more authentication sets. The authentication of the client and the storage of the data can be atomic such that only authenticated clients store the one or more data values. Techniques are also provided for the retrieval of stored data.