Abstract: For responding to a notification displayed in an Always on Display (“AoD”) mode with a voice command, a method displays notifications in at least one of a full power mode or an AoD mode, parses a notification to determine a notification type. The method also determines, while in the AoD mode, if the notification supports voice responses. If the notification supports voice response, the method receives a voice command from a user and authorizes the user based on the voice command, bypasses a screen lock, in response to the user being authorized, and executes the voice command.

Abstract: The present disclosure provides a system for managing computer resources for detection of malicious files based on machine learning model. In one aspect, the system may comprise: a hardware processor configured to: form at least one behavior pattern on the basis of commands and parameters, calculate the convolution of the formed behavior pattern, calculate the degree of harmfulness the convolution and a model for detection of malicious files, manage the computing resources used to ensure the security of that computing device, based on the degree of harmfulness, wherein the degree of harmfulness is within a predetermined range of values and if the obtained degree of harmfulness of applications exceeds the predetermined threshold value, send a request to allocate additional resources of the computing device, otherwise send a request to free up previously allocated resources of the computing device.

Abstract: An apparatus for providing controlled access to a plurality of devices in a computer network (104), wherein the plurality of devices are accessible by users external to the computer network (102) by logging in to a privileged account, to which access is controlled by an authentication server (106); the apparatus comprises a receiver configured to receive user password data from a user requesting access to the privileged account via a device, a password determiner configured to determine account password data based on user password data, and to control a transmitter to transmit to the device account password data for allowing the user to access the privileged account, the receiver also configured to receive a request from the device to update account password data, and a password manager configured to update account password data and store updated account password data associated with the privileged account.

Abstract: In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.

Abstract: Systems and methods are described that include generating a virtual reality experience in a virtual reality environment, detecting, a first gesture from a first user accessing the virtual reality environment, the first gesture being configured as a command to initiate a privacy mode with a second user accessing the virtual reality environment, and generating a prompt for display to the second user, the prompt corresponding to the command. In response to detecting a second gesture from the second user, the second gesture determined to substantially match the first gesture, initiating the privacy mode between the first user and the second user in the virtual reality environment, and sharing communications occurring in the virtual environment from the first user to the second user and from the second user to the first user while modifying, for users other than the first user and the second user, the communications occurring between the first user and the second user.

Abstract: The present invention provides a method and apparatus for verifying images based on image verification codes, the method comprising selecting an identification image and multiple candidate images from an image gallery, where the candidate image comprise interference images and correct images corresponding to the identification image. The method also includes providing hint information for the identification image, the candidate images, and relationships between the identification image and the correct images. The method also includes receiving selection information of images selected from the candidate images. The method also includes determining if the verification passed when the correct images are determined to have been selected based on the selection information or, determining that verification has failed when the correct images are determined not to have been selected based on the selection information.

Abstract: An Internet of things (IoT) environment-based user terminal apparatus is provided. The user terminal apparatus includes a transceiver configured to perform communication with a plurality of devices constituting an IoT environment, a display device configured to display a user interface which includes a first object list including a first object indicating a first device in which a specific condition is set among the plurality of devices and a second object list including a second object indicating a second device configured to provide an alarm, and a processor configured to control the first device and the second device so that the second device is set to provide the alarm in response to satisfaction of the specific condition set to the first device, in response to the first object being selected from the first object list and the second object being selected from the second object list through the user interface.

Abstract: An application software execution system according to the present invention includes a plurality of machines and one server connected to the machines. The server includes a processor for executing application software, and a storage unit for storing the application software. The server obtains configuration information of each of the machines, and executes the application software in accordance with the obtained configuration information of each of the machines.

Abstract: An implicit certificate is based on a ring learning with errors (“RLWE”) public keys that are, in some examples, resistant to quantum-based computing attacks. Various methods are described that request, generate, verify, and use the implicit certificates. In some examples, the system provides an implicit certificate that enables communication between two parties that are identified at the time of certificate generation. In another example, the system provides a certificate that may be used to communicate with a variety of different parties. The implicit certificate generation algorithm yields a public key purportedly bound to U. Confirmation that the public key is bound to U is obtained after use of the corresponding private key. Binding of an entity to its associated public key and accessibility to the private key, are verified as a result of successful key use.

Abstract: The disclosed computer-implemented method for generating passwords may include (i) accessing a vault of confidential information describing a user, (ii) extracting, from the vault, a set of multiple items of confidential information describing the user, (iii) executing a programmed heuristic on the set of multiple items of confidential information to generate multiple candidate passwords that each derives from a respective semirandom permutation of the multiple items of confidential information, and (iv) displaying electronically the multiple candidate passwords to the user to enable the user to select a password from the multiple candidate passwords as a specific password for accessing a protected computing resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method of recognizing individuals by means of at least one processor executing a recognition algorithm comprising the steps of: detecting biometric characteristics of a finger of a candidate for recognition while writing a signature by pressing the finger against a signature surface; encoding both the written signature and also the biometric characteristics in order to form signature data and biometric data of the candidate; and using the algorithm to compare the signature data and the biometric data of the candidate with signature data and fingerprint biometric data belonging to at least one individual and stored on a data medium.

Abstract: A user may have real-time control over whether accessing a network service account implements two-factor authentication. When a username and password is provided to log into the network service account, a determination may be made about whether the login attempt is a potential security threat. When the login attempt does not appear to be a threat, the login attempt may be processed based on the username and password. When the login attempt is a potential security threat, the actual user corresponding to the network service account may be notified and asked to confirm whether the login attempt is a security threat. When the user confirms that the login attempt is not a security threat, the user may be logged in based on the username and password. When the user confirms that the login attempt is a security threat, two-factor authentication may be implemented for accessing the network service account.

Abstract: A management device includes a counter that counts the first number of times authentication of a first communication device has been successful, a generating unit that generates a first password based on the first number of times, and a sending unit that sends a registration request that requests registration of the first password. The first communication device includes a counter that counts the second number of times authentication of the first communication device has been successful, a generating unit that generates a second password based on the second number of times, and a sending unit that sends a connection request that includes the second password. A second communication device includes a receiving unit that receives the registration request and the connection request and a determination unit that compares the first password with the second password and determines whether authentication of the first communication device is successful.

Abstract: A secured device includes an interface and a processor. The interface is configured to connect to a bus, to which a host and a second device are coupled. At least the second device operates over the bus in a slave mode, and the host operates on the bus as a bus master that initiates transactions on the bus, at least on behalf of the secured device. The processor is configured to request the host to initiate, for the secured device, a transaction that accesses the second device over the bus, to monitor one or more signals on the bus, at least within a period during which the host accesses the second device over the bus in performing the requested transaction, and to identify, based on the monitored signals, whether a security violation occurred in performing the requested transaction.

Abstract: This document discloses a solution for enabling biometric authentication of a station. According to an aspect, the solution comprises transmitting, from the station, a trigger to include biometric data of a user of the station in authentication; a logic at a network node to handle the trigger and cause execution of an authentication procedure that employs the biometric data when performing said authentication procedure in a wireless access network; and indicating a result of the authentication to the station.

Abstract: Techniques are disclosed for providing a secure computational platform that facilitates collaboration of assets from different asset providers without exposure of the assets to threats. The assets may be in the form of tools, models, simulations, and other computational assets, which can be used, for example, to perform trade studies. The secure computational platform provides for integration of the assets in a workflow, while protecting the assets during construction and execution of the workflow. In some instances, each asset in the workflow is executed in an IT infrastructure of the asset provider to which the asset belongs.

Abstract: Systems and methods for providing authentication include receiving an authentication passcode input through an input device of a user device from a first user. The first user is authenticated in response to the authentication passcode input matching at least one user authentication passcode in a database, and an authentication time period is associated with the authentication of the first user and allows the first user access to at least one application on the user device. A plurality of authentication factors are then detected using the user device, and plurality of authentication factors are not an authentication passcode input received through the input device. The plurality of authentication factors are then determined to match the at least one authentication profile in the database and, in response, the authentication time period is extended such that the first user is allowed continued access to the at least one application on the user device.

Abstract: A method, device and non-transitory computer readable medium for randomized multi-factor authentication with biometrics includes randomly selecting one of a plurality of biometrics in response to a request from a client device. At least the randomly selected biometric is requested from the requesting client device. A match of the requested randomly selected biometric received from the requesting client device against stored biometric information above a set threshold is verified. Access for the request is granted when the verification indicates the match.

Abstract: Techniques for systems and methods that provide for utilizing a robotic system to type commands that correspond to voice commands using a keyboard of a device are described herein. In embodiments, an image of a device may be received from a camera. A keyboard region of the device may be determined based on a keyboard detection algorithm that uses the image. One or more characters in a portion of the image that corresponds to the keyboard region of the device may be detected based on a character detection algorithm. The one or more characters may be grouped into one or more groups based on the portion of the image. A character of a portion of character associated with a group may be edited based on an error detection algorithm.

Abstract: Application-manager software authenticates a user of a client device over a channel. The authentication operation is performed using a directory service. The application-manager software presents a plurality of applications in a GUI displayed by the client device. The plurality of applications depends on the authentication, the client device, and the channel. And the plurality of applications includes a thin application and a software-as-a-service (SaaS) application. The application-manager software receives a selection as to an application from the user. If the selection is for the SaaS application, the application-manager software provisions the SaaS application. The provision includes automatically logging the user onto an account with a provider of the SaaS application using a single sign-on and connecting the user to the account so that the user can interact with the SaaS application. If the selection is for the thin application, the application manager software launches the thin application.

Abstract: A system and/or method is provided to implement authentication for a user device, without having to enter authentication credentials. Based on the presence of at least two paired short-range communication devices near the user device. In an example, a user's Bluetooth device, such as a smart phone, may be registered to be used for automatic authentication for an online user account. When the user is attempting to log onto the online user account at a user device, such as a laptop, the user device may detect that the user's Bluetooth device is in proximity to the user device and is paired to the user device and thus allow the user to be logged into the online user account at the user device automatically. Thus, the user may be logged into the online user account seamlessly without requiring the user to input credentials, such as user name and/or password.

Abstract: Disclosed is a secure communication method of an IMS system based on a key file. The method includes obtaining an IMS account before sending the account and authentication information to a background server by a UE; generating an electronic work order by the background sever according to the received authentication information to enable customer service personnel to manually audit the authentication information and the IMS account according to a preset rule and the electronic work order; generating an encrypted key file and sending the file to the UE when determining the correctness of the authentication information and the IMS account; and activating the IMS account according to the key file and performing network communication according to the IMS account. The disclosure improves the communication security of the IMS system by using the activated IMS account for network communication.

Abstract: A secure searchable and shareable remote storage system and method which utilizes client side processing to enable search capability of the stored data, allow the synchronizing of stored data between multiple discrete devices, and allow sharing of stored data between multiple discrete users. Such a remote storage system and method includes a networked remote computer server which receives and stores encrypted data and manages access thereto and a client device configured to index data to be stored, upload secured data and related information, perform searches on the stored data and related information locally, and implement cryptographic protocols which allow the stored data and related information to be synchronized with other desired client devices. Advantageously, since trusted client-side search code may directly access mostly plaintext data, it may operate orders of magnitude faster than the equivalent server code which may access encrypted data only.

Abstract: Implementations provide self-consistent, temporary, secure storage of information. An example system includes short-term memory storing a plurality of key records and a cache storing a plurality of data records. The key records and data records are locatable using participant identifiers. Each key record includes a nonce and each data record includes an encrypted portion. The key records are deleted periodically. The system also includes memory storing instructions that cause the system to receive query parameters that include first participant identifiers and to obtain a first nonce. The first nonce is associated with the first participant identifiers in the short-term memory. The instructions also cause the system to obtain data records associated with the first participant identifiers in the cache, to build an encryption key using the nonce and the first participant identifiers, and to decrypt the encrypted portion of the obtained data records using the encryption key.

Abstract: Embodiments herein relate to a method and an information appliance device having a unique access card for preventing security breach in the information appliance device. A multimedia content server transmits a one-time access key to both the information appliance device and a user of the information appliance device. The user must input the access key to the information appliance device. The information appliance device verifies the access key and provides access to the user for the multimedia services, by activating a periodic activation key upon successful verification of the access key. Therefore, even if unauthorized user tries to skip the access key verification process through modification of access cards used in information appliance device, the unauthorized user cannot access the multimedia service due to lack of the periodic activation key required for activating multimedia service. Hence, security breach such as, cloning or duplication of the access cards will be minimized.

Abstract: A temporal identity vault used to authenticate an individual is described herein. User identifying input is received on a device, such as a cell phone. The identifying input is, in some examples, encrypted and stored as a temporal identity vault. The temporal identity vault is configured for a use. The use may be a time, location, or the like. A beacon is associated with the temporal identity vault. If the beacon is at a location relative to an object, the authentication process is started. The information stored in the temporal identity vault is authenticated at a central service. Upon authentication, the user is permitted to operate an object. The temporal identity vault may thereafter be deleted.

Abstract: A data loss prevention device that includes a data loss prevention engine implemented by a processor. The data loss prevention engine is configured to receive data in transit to a target network device and to identify content within the data. The data loss prevention engine is configured to determine the content of the data comprises an image and to determine an image type for the image based on objects within the image, and to determine whether the image type matches a restricted image type from a set of restricted image types. The data loss prevention engine is further configured to block transmission of the data to the target network device in response to determining that the image type matches a restricted image type and forward the data to the target network device in response to determining that the image type does not match a restricted image type.

Abstract: A computer unit (10) arranged to establish contact between itself and a centralized server (12), in where the computer unit comprises means to establish a networked connection (22) with said server (12), and wake up means in case the computer unit is in an off or sleeping state, and optionally if the computer unit is on. The computer unit (10) comprises or is connected to a mobile unit that is active whether the computer unit is in off, in hibernation or sleeping state, or on state, and in where the mobile unit is adapted to receive a unique request from the server (12), via a mobile telecommunication connection (20), and if the request is identified as genuine, the computer unit (10) is adapted to establish a new and separate networked connection (20; 22) to the server (12).

Abstract: Disclosed embodiments relate to adaptively and dynamically monitoring and managing a proximity status between securely communicating devices. Techniques include identifying a secure connection session established between an endpoint computing resource and an auxiliary computing device associated with a user; receiving real-time proximity data associated with at least one of the user or the auxiliary computing device; receiving proximity data associated with the endpoint computing resource; determining, based on the real-time proximity data associated with at least one of the user or the auxiliary computing device and the proximity data associated with the endpoint computing resource, whether at least one of the auxiliary computing device or the user has left the proximity to the endpoint computing resource; and implementing, based on the determining, an automatic session control action for the secure connection session.

Abstract: A method of performing a transaction between a plurality of devices, the method comprises establishing a communication session between an end device and a first near field communication (NFC)-enabled device. The method further includes receiving instructions from the end device instructing the first NFC-enabled device to move in NFC range of a second NFC device; establishing a NFC session between the first NFC-enabled device and second NFC-enabled device; and sending the transaction data received from the end device to the second NFC device over the NFC session.

Abstract: The present invention relates to a method and system of secure wakeup in a communication system. The method comprises: transmitting a predetermined wakeup code by a wakeup transmitter of a first node to a wakeup receiver of a second node using a first communication link; establishing a protocol for future wakeup codes periodically between the first node and the second node using a second communication link; wherein the wakeup code is updated based on at least one of: the protocol for future wakeup codes, a first function of time defined by protocol for future wakeup codes, a second function of number of wakeups defined by protocol for future wakeup codes; comparing the wakeup code received by the second node with the wakeup code sent by the first node; and if the wakeup code received by the second node matches a template wakeup code derived from a protocol for future wakeup codes, then the receiver wakes up; otherwise the receiver does not wakeup.

Abstract: Methods and systems for provisioning transferable access tokens are disclosed. An access device associated with a resource provider can communicate with a first communication device as part of an interaction between a first user and the resource provider. The access device can generate an authorization request message comprising a first access token and an interaction value. The access device can transmit the authorization request message to an authorization computer. The authorization computer can authorize the interaction and generate an authorization response message. After authorizing the interaction, the authorization computer can provide a transferable access token to the first communication device. The first communication device can transmit the transferable access token to a second communication device, so that a second user can use the transferable access token in an interaction.

Abstract: Methods and systems for enabling multiple mobile devices to access an access gateway when at least one of the multiple mobile devices is unable to establish a virtual private network connection with the access gateway are described herein. For example, in some embodiments, a mobile device may configure itself as a member of a mesh network. A virtual private network connection may be established between the mobile device and the access gateway. The mesh network may include one or more other member devices that are unable to establish a virtual private network with the access gateway. After completing its configuration, the mobile device may receive, over a peer-to-peer connection of the mesh network, data that is intended for the access gateway and that is from one of the other member devices. The mobile device may transmit the data to the access gateway via the virtual private network connection.

Abstract: A security system detects anomalous activity in a network. The system logs user activity, which can include ports used, compares users to find similar users, sorts similar users into cohorts, and compares new user activity to logged behavior of the cohort. The comparison can include a divergence calculation. Origins of user activity can also be used to determine anomalous network activity. The hostname, username, IP address, and timestamp can be used to calculate aggregate scores and convoluted scores.

Abstract: Protecting personal information by generating entity-specific aliases for use in communication with third parties is disclosed.

Abstract: A system for enforcing a security policy on an application stored at a mobile device has an application at the device provided with software code for issuing a request for authenticating a user, and a security enforcement unit; an authentication agent at the device, which is separate from the application, and which is configured with an authentication data collecting unit for collecting authentication data upon receipt of the request for user authentication from the application, and for conveying the collected authentication data to an authentication-authorization server; and an authentication-authorization server for receiving the collected authentication data, evaluating the same, and issuing an enforcement level signal which is conveyed to the security enforcement unit. Upon receipt of the enforcement level signal, the security enforcement unit accordingly applies a security level at the application.

Abstract: Novel tools and techniques for an IoT shell are provided. A system includes an internet of things (IoT) device, a database, and a license manager. The database may include one or more sets of authorized licenses, each set of authorized licenses associated with a respective vendor software. The license manager may be in communication with the IoT device and the database, and further include a processor and a non-transitory computer readable medium comprising instructions executable by the processor. The license manager may be configured to receive a request to reserve a license for a first vendor software, determine an availability of the license associated with the first vendor software, register a unique identifier of the IoT device in association with the license, and grant the license to the IoT device.

Abstract: In one aspect, a first device includes a processor, a wireless transceiver accessible to the processor, at least one biometric sensor accessible to the processor, and storage accessible to the processor. The storage bears instructions executable by the processor to receive input from the at least one biometric sensor, identify a user based on input from the at least one biometric sensor, and determine a second device with which the first device is to communicate using the wireless transceiver based at least in part on identification of the user based on input from the at least one biometric sensor.

Abstract: Systems and methods for authenticating a user by a combination of the user's fingerprint and a tactile pattern are provided. According to one embodiment, a computing device captures a tactile pattern that is drawn by a user's finger on a touch panel that is operationally connected to the computing device. The computing device captures one or more fingerprints of the user using a fingerprint reader component of the computing device at one or more locations on the touch panel while the user is drawing the tactile pattern. The computing device matches the captured tactile pattern and fingerprints with a stored tactile pattern and fingerprints and authenticates the user if both the captured tactile pattern and fingerprints match with the stored tactile pattern and fingerprints.

Abstract: A method for operating an electronic device is provided. The method includes generating, by an authentication agent, a digital fingerprint of an application, transmitting, by an authentication agent, the generated digital fingerprint to a trusted application on a trusted execution environment (TEE), verifying, by the trusted application, the digital fingerprint, and permitting, by the trusted application, the application to access a secure storage, when the trusted application succeeds in verifying the digital fingerprint.

Abstract: A data processing system, according to various embodiments, may receive a data subject access request that includes a request to delete personal data of a particular data subject, modify personal data of the data subject, and/or provide personal data of the data subject. At least partially in response to receiving the data subject access request, the system may determine whether the data subject access request was initiated by an automated source. At least partially in response to determining that the data subject access request was initiated by an automated source, the system may automatically take at least one action to have the data subject access request reinitiated by a human source. At least partially in response to determining that the data subject access request was initiated by a human, the system may automatically facilitate the fulfillment of the data subject access request.

Abstract: Systems, methods, and related technologies for device software monitoring and device software updating are described. In certain aspects, a device is selected based on being a smart device and a software version of associated with the software of the device is determined. The device software may then be automatically updated if newer software is available.

Abstract: An intermediation method used in an intermediation system that includes an intermediation device determining a permission for application services requiring user authentication on a network, where in response to a user request, a first account used for a first service and a second account used for a second service, and a registration request for using the linking service linking the first application service and the second application service are associated with each other, when the two accounts are valid, as accounts usable in a linking service, an association between the first and second services is stored in the intermediation device, and when the user makes a request to use the linked services, that use is controlled by a query to the intermediation device regarding whether the account is associated as able to use the linking service.

Abstract: Methods, systems, and computer program products for authenticating a terminal with a server based on multiple environmental factors. Each of the multiple environmental factors relates to a configurable hardware-independent characteristic of the terminal. Each of the multiple environmental factors is defined at least by an identifier and a value. The identifier identifies a respective environmental factor and the value indicates a state of the respective configurable hardware-independent characteristic. The multiple environmental factors constitute an environmental authentication information for authenticating the terminal with the server.

Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user; and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine if the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.

Abstract: A technique is introduced that can securely displaying decrypted images while preventing these decrypted images against an attempt to capture such. Some aspects of the technique include loading a cryptographic shader into a graphics processor unit (GPU) in the recipient's computer device separate from the CPU in the recipient's computer device. In some embodiments, the cryptographic shader that is loaded includes instructions that implement a white-box cryptographic algorithm to decrypt encrypted images. A cryptographic key is integrated within the white-box cryptographic algorithm so that the cryptographic key is protected from extraction. When the GPU receives the encrypted images, the cryptographic shader can perform decryption processes to generate decrypted images. The decrypted images are loaded by the GPU directly from the GPU into a frame buffer such that the decrypted images are to be displayed without any portion of the decrypted images passing through the CPU.

Abstract: A method, system and computer-usable medium for adaptively assessing risk associated with an endpoint, comprising: determining a risk level corresponding to an entity associated with an endpoint; selecting a frequency and a duration of an endpoint monitoring interval; collecting user behavior to collect user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; processing the user behavior to generate a current risk score for the entity; comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; and changing the risk score of the user to the current risk score when the risk score of the user has changed.

Abstract: A tenant's clear text data in a multi-tenant storage system can be encrypted using the tenant's cryptographic key to produce encrypted yet compressible data (“cryptographic data”). The cryptographic data can be encrypted using a system cryptographic key that is managed by the multi-tenant storage system and then stored. Use of the system cryptographic key allows for subsequent maintenance activities such as deduplication and compression to be performed on data stored in the multi-tenant storage system without having to access any of the tenants' cryptographic keys.

Abstract: A method includes receiving, by a monitoring system that is configured to monitor a property and from a visitor to the property, a personally identifying code and a biometric identifier, determining that the personally identifying code corresponds to a stored personally identifying code, receiving, by the monitoring system, location information that corresponds to locations of the visitor during a time period before visiting the property, comparing the biometric identifier to a stored biometric identifier, based on determining that the personally identifying code corresponds to a stored personally identifying code, comparing the biometric identifier to the stored biometric identifier, and the location information, determining a confidence score that reflects a likelihood that the visitor is authorized to access the property, based on the confidence score that reflects the likelihood that the visitor is authorized to access the property, selecting, from among multiple monitoring system actions, a monitoring sy

Abstract: A distributed ledger, e.g., blockchain, enabled operating environment includes a user device that accesses services of a service device by leveraging the decentralized blockchain. For example, a user device can lock/unlock a door (e.g., service device) by interfacing with a smart contract stored on the decentralized blockchain. The user device provides parameters, such as payment, that satisfies the variables of the smart contract such that the user device can access the service device. The service device regularly retrieves information stored in the smart contract on the decentralized blockchain. For example, the retrieved information can specify that the user device is authorized to access the service device or that the service device is to provide a service. Therefore, given the retrieved information, the service device provides the service to the user device.