Abstract: A method of determining whether to provide user access to a computer resource may comprise receiving a request for the computer resource from a user device; obtaining, from the user device, an encrypted persistent cookie responsive to determining that the encrypted persistent cookie is present on the user device, wherein the encrypted persistent cookie comprises a fingerprint signature field comprising a previous device fingerprint encoded into the fingerprint signature field as part of a previous session; obtaining, from the user device, an obtained device fingerprint of the user device; comparing the obtained device fingerprint with the previous device fingerprint of the fingerprint signature field to derive a fingerprint variance representing a difference between the obtained device fingerprint and the previous device fingerprint of the fingerprint signature field; and processing the request for the computer resource based on the fingerprint variance.

Abstract: In accordance with aspects of the inventive concepts, a system and method provide ongoing authentication through processing of data that includes biometric data. Such systems and methods can use, as examples, face recognition and/or voice biometric data, or other biometric data, to identify the user in real-time and thereafter during an ongoing session. In various embodiments, the system can continuously or repeatedly authenticate one or more users using biometric data to control access to information and/or functions in real (or near real) time. The system can be configured to optimize and/or minimize resource consumption associated with the ongoing authentication process.

Abstract: Examples to determine media impressions using distributed demographic information are disclosed. An example apparatus includes a reporter to detect at the client device a login event. The example apparatus also includes a communication interface to send a communication to an impression monitor system in response to the reporter detecting at the client device the login event via the login webpage, the login event associated with a first Internet domain different from a second internet domain of the impression monitor system. The example communication interface also sends a login reporting message to the database proprietor, the login reporting message including first and second cookie identifiers, the first cookie identifier associated with the first Internet domain, and the second cookie identifier associated with the second Internet domain of the impression monitor system.

Abstract: A method, computer system, and computer program product are provided for peer risk benchmarking. Customer data for a first network is obtained, wherein the customer data comprises a role of one or more network devices in the first network and a plurality of risk reports corresponding to the one or more network devices, and wherein each risk report is associated with a particular dimension of a plurality of dimensions of risk for the one or more network devices. A network profile image is generated by processing the plurality of risk reports. A generative adversarial network generates a synthetic network profile image from the network profile image, wherein the synthetic network profile image does not include the customer data. A second network is evaluated using the synthetic network profile image to identify differences between the first network and the second network.

Abstract: A wearable device includes an audio system. In one embodiment, the audio system includes a sensor array that includes a plurality of acoustic sensors. When a user wears the wearable device, the audio system determines an acoustic transfer function for the user based upon detected sounds within a local area surrounding the sensor array. Because the acoustic transfer function is based upon the size, shape, and density of the user's body (e.g., the user's head), different acoustic transfer functions will be determined for different users. The determined acoustic transfer functions are compared with stored acoustic transfer functions of known users in order to authenticate the user of the wearable device.

Abstract: A network device may send, to a Dynamic Host Configuration Protocol (DHCP) server, a request for an Internet Protocol version 6 (IPv6) address to be assigned to a management port of the network device, wherein IPv6 is disabled at the network device, and may receive a message that includes information associated with a network management system (NMS) and IPv6 configuration information for enabling IPv6 processing on the management port. In response to receiving the IPv6 configuration information, the network device may enable IPv6 processing on the management port of the network device and may register with the NMS based at least in part on the information associated with the NMS. The network device may, in response to receiving one or more configuration commands sent from the NMS to the management port of the network device, configure the network device according to the one or more configuration commands.

Abstract: Provided is a CAN communication based abnormal message detection method including obtaining reception times of reception messages; a reception filtering operation for performing a period calculation for comparing a difference between reception times of reception messages having the same message ID and a reference period of the corresponding message ID; an abnormal message detecting operation for determining the reception messages as abnormal messages when, as a result of the period calculation, the difference between the reception times is smaller than the reference period and determining the reception messages as normal messages when the difference between the reception times is greater than the reference period; and a blocking operation for blocking the abnormal messages.

Abstract: A lost or stolen mobile electronic device may attempt to attach to a foreign network where the phone is not blocklisted. During the foreign network/roaming attach process, a location update may be sent to the home network. The location update may include identifying information for the device. A mapping of the device and the foreign network's association may be stored within an operator database at the home network. Once the lost or stolen phone authenticates with an access point (AP), the mobile device may associate or register with the AP to gain full access to the foreign MNO. The lost or stolen phone may send an Association Request including updated location information and the phone's identification to the phone's home network. If the mapping does not include the phone's identification and the requesting foreign network, then the home network will deny the association request.

Abstract: A computer security system with enhanced whitelisting includes user interfaces that accept user inputs to create and modify a set of rules that define which programs are allowed to execute on one or more target systems. Upon an attempt to run a program, the set of rules are used to determine if the program is allowed to run. If any rule indicates that the program is allowed to run, the program is run. Otherwise, a user interface is presented to either block execution of the program or to create a new rule that would allow execution of the program this time and in the future.

Abstract: Embodiments disclosed provide a virtual currency system within a messaging application by performing operations comprising: launching, within a messaging application, a third-party application; receiving, by the messaging application from the third-party application, a request to perform an ecommerce transaction in relation to an item available for consumption on the third-party application; determining, by the messaging application, an expected attribute for the item based on accessing a database that stores expected attribute information for multiple items; verifying, by the messaging application, that an attribute of the item specified by the request corresponds to the expected attribute for the item; and processing, by the messaging application, the ecommerce transaction in response to successfully verifying that the attribute of the item satisfies a verification criterion based on the expected attribute for the item.

Abstract: Systems and methods are described for establishing and managing components of a distributed computing framework implemented in a data intake and query system. The distributed computing framework may include a master and a plurality of worker nodes. The master may selectively operate on a search head captain that is chosen from the search heads of the data intake and query system. The search head captain may distribute configuration information for the master and the distributed computing framework to the other search heads, which in turn, may distribute that configuration information to indexers of the data intake and query system. Worker nodes may be selectively activated for operation on the indexers based on the configuration information, and the worker nodes may additionally use the configuration information to contact the master and join the distributed computing framework.

Abstract: A method, performed by an EAP authenticator in a communication network, is disclosed. An identification of at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator is obtained, wherein the identification is obtained from a network entity of the communication network or from inspection of traffic through the EAP authenticator. The identification of at least one EAP method is provided to a device operable to request communication network access from the EAP authenticator. Also disclosed is a method, performed in an EAP authentication server in a communication network. A request for identification of EAP methods supported by the EAP authentication server is received, and a response to the request is sent identifying at least one EAP method supported by the EAP authentication server. An EAP authenticator, EAP authentication server and computer program are also disclosed.

Abstract: According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to receive a request to upload a file to a directory and determine whether the request is a request to upload a predefined type of file to the directory. In addition, based on a determination that the request is a request to upload the predefined type of file to the directory, the processor may determine, through application of a predictive model, whether the directory is a user content directory and based on a determination that the application of the predictive model indicates that the directory is a user content directory, block the request and/or output a notification regarding the receipt of the request.

Abstract: A system including a mobile terminal having an authenticator, a TPM with tamper resistance and a voice assistant. The voice assistant makes a process request corresponding to voice input of a user to a server in accordance with the input, receives a biometric authentication request from the server, makes a request for a biometric authentication process to the mobile terminal of the user in accordance with the request for biometric authentication via wireless communication, and transmits an authentication result from the mobile terminal to a server. The mobile terminal executes the biometric authentication process using biometric information stored in the authenticator and the TPM in accordance with the request for the biometric authentication process from the voice assistant, and transmits an authentication result to the voice assistant.

Abstract: A method for tracing individuals through physical spaces that includes registering cameras in groupings relating a physical space. The method further includes performing local video monitoring including a video sensor input that outputs frames from inputs from recording with the cameras in the groupings, a face detection application for extracting faces from the output frames, and a face matching application for matching faces extracted from the output frames to a watchlist, and a local movement monitor that assigns tracks to the matched faces. The method further includes performing a global monitor including a biometrics monitor for preparing the watchlist of faces, the watchlist of faces being updated when a new face is detected by the cameras in the groupings, and a global movement monitor that combines the outputs from the assigned tracks to the matched faces to launch a report regarding individual population traveling to the physical spaces.

Abstract: Techniques are described that enable a user to create and use a secret user account on a social networking system that is undiscoverable by other user accounts unless invited to interact by the secret account. In some cases, a social networking system receives a request to create a secret account, and creates the secret account. The social networking system may provide, in association with the secret account, account settings for the secret account that cause the social networking system to exclude the secret account from search results on the social networking system, and obscure activity by the secret account from a first user account. The social networking system may cause presentation of a control in a user interface associated with the secret account to invite a second user account to interact with the secret account.

Abstract: A content server can extend enterprise content management to a leading system in an efficient, automated, and seamless manner by leveraging the permission information provided by the leading system. The content server can sync the permission information with the leading system, evaluate user-manager relations, role-based rule definitions, and user-group associations defined in the leading system, and determine and/or update role memberships for workspaces created in the content server for users in the leading systems. In this way, even though the content server and the leading system have very different types of roles and permission models, the content server can evaluate complex relationships and role-based rules and intelligently, correctly, and quickly assign the right people to the right roles in the right workspaces in the content server.

Abstract: Server access channel correlation information for multiple web access sessions is captured. The server access channel correlation information includes, for each web access session, a session-originating server access channel identifier of a server access channel that originated the web access session, and at least one cross-session correlation identifier usable to correlate sets of web access sessions and usable to correlate the sets of web access sessions with orders. In association with an order placed by a consumer during one of the web access sessions, integrated server access channel correlation information is captured that documents each server access channel that originated each web access session associated with the order.

Abstract: A mobile application privacy analysis system is described, where the system scans a mobile device to identify files associated with a particular SDK and generates a tokenized name for the SDK. The tokenized name includes tokens representing the SDK vendor and one or more functions of the SDK. Using the tokenized name, the system then determines corresponding categories for each functionality token and score for each such category. Based on the scores, the system determines the most significant category and assigns that category to the SDK for use in privacy analysis. The system may also, or instead, determine a vendor category using the vendor token and assign that category to the SDK. Weighting factors may be applied to the scores for the categories associated with the functionality tokens and vendor tokens.

Abstract: A user device may be provisioned with a list of paths for connecting to a network. A method may include determining that the user device has attached to a visited network and sending the visited network an indication of connectivity capabilities associated with the network. The method may include receiving an indication of one or more paths established from the visited network to the network based on capabilities of the visited network. The one or more paths may be included in the list of paths. The method may include transmitting data to or from the user device via a first path of the one or more paths.

Abstract: This specification provides method for auditing authenticity of cross-border resource transfers, device, and electronic equipment. The method is implemented on a client device, and comprises: obtaining cross-border resource transfer information initiated by an initiator of a cross-border resource transfer; obtaining, in response to the cross-border resource transfer information, identification information corresponding to proof information that is stored in a blockchain and corresponds to the cross-border resource transfer information; generating a cross-border resource transfer request based on the cross-border resource transfer information and the identification information; and sending, to an auditor of cross-border resource transfers, the cross-border resource transfer request, causing the auditor to perform, based on the proof information that is stored in the blockchain and corresponds to the identification information, an authenticity verification on the cross-border resource transfer information.

Abstract: A verification and authorization method, system, and computer program product include verifying, via a receiving device that receives a verification sound packet, an identity of a trusted caller via the verification sound packet, the verification sound packet including an asymmetrically encrypted payload sent by the trusted caller.

Abstract: A method and system to utilize a user's activities pattern on a user equipment (UE) device as an additional authentication parameter are disclosed. The method includes monitoring, at the UE device, activities of the UE device, and generating, at the UE device, at least one pattern based on analysis of the monitored activities of the UE device. The method further includes receiving, at the UE device, a request to access a protected application. The method includes comparing, at the UE device, an activity of the UE device with an activity determined from the at least one pattern and a corresponding time data associated with the request to access the protected application. The method further includes determining, at the UE device, a level of authentication necessary to grant access to the protected application based on the comparing.

Abstract: Security of network traffic may be increased by utilizing a mutable password to encrypt and decrypt content stored inside an executable utilizing a mutable password (e.g., where a password changes based on an equation when the executable is run). For example, the present password may be associated with a variable, the variable may be modified when the executable is run using the present password, and a subsequent password may be generated based on the modified variable.

Abstract: A triaged approach is implemented to detect and prevent electronic attacks against online entities and to reduce latency. Transaction requests are classified into different tiers and are treated differently based on the tier status. For example, transaction requests to conduct transactions with an entity are received from a client system. Characteristics such as rate or amounts of transactions of the transaction requests are analyzed. The characteristics are compared against specified threshold limits to assess whether the specified threshold limits are exceeded. Based on an assessment that at least one of the specified threshold limits is exceeded, a set of computer instructions is selected from different sets of computer instructions for execution on the client system. A result of an execution is received from the client system. Based on the result of the execution, a determination is made whether the transaction requests appear to have originated from a machine-automated submission process.

Abstract: Methods, apparatus, systems and articles of manufacture to implement centralized authentication for granting access to services are disclosed. Example apparatus disclosed herein to perform device authentication at a first service are to access a profile based on an identification code included in an authentication request from a second service, the profile corresponding to a device associated with the identification code, the identification code assigned to the device by the first service. Disclosed example apparatus are also to assign a selected one of a plurality of trust levels to the device based on activity information associated with the device, location information specified for the device in the profile, and mobility information specified for the device in the profile. Disclosed example apparatus are further to transmit authentication information for the device to the second service responsive to the authentication request, the authentication information including the selected one of the trust levels.

Abstract: A method for authorization of internet of things (“IoT”) identity bootstrapping includes receiving from a device, at a network access server (“NAS”) of a user and in response to an attestation request sent to the device, a vendor network address of a vendor server of a vendor and a device identifier for the device. The method includes authenticating the vendor using the vendor network address and, in response to authenticating the vendor, sending the device identifier to the vendor server. The method includes communicating device attestation packets between the vendor server and the device. The device attestation packets validate the device to the vendor server. The method includes receiving device attestation from the vendor server. The device attestation indicating validity status of the device to the NAS. The method includes, in response to the device attestation indicating validity of the device, transmitting a new device identity to the device.

Abstract: A method for the automatic pairing of a device wirelessly with a first secure WLAN provided by a pairing access point using first set of security credentials, involving: establishing automatically a connection between the device and a second WLAN provided by an available access point, and authenticating the device with the second WLAN using a second set of security credentials stored on the device; identifying the pairing access point using the second set of security credentials; creating a tunnel between the device and the pairing access point over the second WLAN; making a request from the device, via the tunnel, to a provisioning server on the pairing access point for transfer of the second set of security credentials, being the security credentials needed to pair with the first secure WLAN, from the pairing access point to the device; and using the second set of security credentials to configure the security settings for the first secure WLAN in the device.

Abstract: Systems and methods described herein may include a memory and a computing a system in communication with said memory. The computing system may be configured to receive data from network management systems. In one embodiment, the network management system includes a network gateway. Users at venues may access external network resources using the network management system. Further, the network management systems may extract device identifiers from network packets sent from user devices to request access to external network resources. In some embodiments, the network management system may provide transmission control protocol handshake completion data to user devices. In some embodiments, the computing system also receives one or more attributes associated with the venue, user data associated with the user device, and connection data associated with communication between the user device and said external network resource.

Abstract: A client device is tracked over a period of time using “refresh tokens” that are exchanged in conjunction with routine client-server communications. Each communication cycle between client and server includes a refresh token that is recorded at the server. The recorded refresh tokens are mapped to both server- and client-generated device identifiers. As communications between client and server occur, a chain of tokens, one for each communication cycle, is progressively recorded at the server. If the server receives a token that is outdated with respect to that which is otherwise expected based on the progression of the recorded chain, this suggests that the received communication was transmitted from a device that is a clone of another client device. A more robust device identification framework is therefore achieved by using a combination of device identifiers and tokens exchanged between client and server.

Abstract: Implementations are described herein for leveraging an “out-of-band” communication channel between nodes of a process automation system. In various implementations, an out-of-band communication channel may be established between two or more process automation nodes of a process automation system. The out-of-band communication channel may be outside of a process automation network through which the two or more process automation nodes are communicatively coupled with other process automation nodes of the process automation system. The two or more process automation nodes may cooperate with one or more of the other process automation nodes to implement an at least partially automated process. One or more characteristics of the process automation system may be monitored, and based on the monitoring, traffic may be selectively diverted from the process automation network to the out-of-band communication channel.

Abstract: Embodiments disclosed herein describe computing calculations based on two overlapping private sets between various parties. To conduct the calculation, an intersection of the overlapping private sets data lists is conducted without revealing the underlying data. A homomorphic encryption is conducted on the intersecting data elements to allow them to be compared.

Abstract: In some aspects, the disclosure is directed to methods and systems for easy and intuitive control over network configurations and security for transient or guest devices, and remote control of additional devices, either directly in some implementations, or indirectly via a hosted interface by a control device in other implementations, eliminating the need for pairing or otherwise establishing communications between the guest devices and the additional devices. This may improve network security overall and particularly encourage segregation of untrusted devices, while still providing enhanced functionality and control over other network devices in a secure manner.

Abstract: Techniques for implementing cloud services of a cloud service provider in a dedicated user account environment in a distributed computing system are disclosed. In some example embodiments, a computer-implemented method comprises: receiving, by a management system of a cloud service provider, a user request for creation of an instance of an application platform of the cloud service provider in a user environment within a distributed computing system, the user environment being dedicated to a user account hosted by the distributed computing system, the user request comprising credential data configured to provide the management system with limited permission for accessing the user environment, the limited permission restricting the management system from full administrative privileges in accessing the user environment; and deploying, by the management system, the instance of the application platform to a workload cluster in the user environment using the credential data to access the user environment.

Abstract: Computer systems and methods are disclosed to implement a role manager that automatically analyzes code accessing various resources to generate a role with the necessary resource permissions to execute the code. In embodiments, the role manager may be implemented as part of a workflow orchestration or resource provisioning system that employs code requiring access to different types of resources. In embodiments, the role manager may analyze a code segment to identify the different resources accessed by the code segment and the permissions needed for each access, and generate a role that has the needed permissions. In embodiments, the role manager may automatically manage these roles based on changes to associated code segments. Advantageously, the disclosed role manager removes the need to manually create roles need by code segments ahead of time, and creates roles with minimal privileges required for the code, thereby simplifying achievement of system security.

Abstract: A wearable electronic device includes: a body and a connector. The body includes a display component. A display area of the display component is on the surface of the body and is configured to output display contents. The connector has a first accommodating space. When the body is fixed with the connector, the body is in the accommodating space. The connector can form a wearing ring. When the first accommodating space is empty, the body is separated from the connector. A first communication component is disposed in the body, and is configured for the communication between the body and external devices. A second communication component independent of the first communication component is disposed in in the connector, and is configured for the communication between the connector and external devices.

Abstract: A system can allow collaboration between two or more tenants in a multi-tenant system. Each tenant can share a common access to a processing space and a data storage device. Each tenant can be assigned to a virtual environment having a dedicated portion of the data storage device. The system can create a database record in a first dedicated portion assigned to the first tenant. The database record can be displayed on a user interface of the first tenant and include a collaboration tool component embedded within the database record. The database record can be transmitted to a database and transmitted from the database to a second dedicated portion of the data storage device. The second dedicated portion can be assigned to a second tenant of the multi-tenant system.

Abstract: A method for forming a virtualization system image. A specification of an expressed end state of a virtualization system image is analyzed. The specification is decomposed into lower level specifications and the lower level specifications are decomposed into idempotent operations. The virtualization system image corresponding to the expressed end state is assembled by processing the idempotent operations. The expressed end state, decomposed lower level intents, and decomposed idempotent operations are codified into a decomposition hierarchy. The decomposition hierarchy is query-able such that, for a given intent, an idempotent operation is returned. An idempotent operation code library is query-able such that, for a given idempotent operation, a corresponding set of executable code is returned. An image builder executes the executable code. When all of the idempotent operations have been successfully executed, the virtualization system image is complete.

Abstract: A method for creating a dynamic element in content performed by a dynamic element management system is disclosed. The method includes receiving a content request for the dynamic element from a client device, the content request comprising a uniform resource locator (URL) of an external data source from which to retrieve content for the dynamic element; identifying the data source based on the URL; forwarding the content request to the identified data source; receiving metadata corresponding to the content hosted by the data source; and forwarding the metadata to the client device for display in a dynamic element placeholder on the client device.

Abstract: Systems and method are provided for a temporary network slice usage barring service within a core network. A network device in the core network receives a slice barring information message for an application function (AF). The slice barring information message includes a unique subscriber identifier associated with a user equipment (UE) device to be barred from a network slice and indicates a barring expiration time. The network device stores barring parameters based on the slice barring information message. The barring parameters include a slice identifier associated with the AF, the unique subscriber identifier, and the barring expiration time. The network device sends a barring instruction message to another network device associated with the network slice. The barring instruction message includes the unique subscriber identifier and the barring expiration time. The other network device enforces temporary barring of the UE device from the network slice based on the barring instruction message.

Abstract: Embodiments of the present invention provide systems and methods for authentication of users and authorization of user actions, and distribution or transfer of resources based on multi-channel input via a user device or one or more auxiliary user devices, such as smart home devices. The system is further configured to perform one or more user activities, in an integrated manner, within a single interface of the user device, without requiring the user to operate disparate applications. Furthermore, the system is configured to receive user input through multiple communication channels such as a textual communication channel and an audio communication channel and store unique user patterns to form an authentication baseline for subsequent user communications.

Abstract: A processing system including a processor, a first memory, a state machine configured to transition between a plurality of states, and an access filter. The first memory stores instructions that are executable by the processor, where execution of the instructions causes the processor to initiate transactions with one or more hardware resources. The access filter may filter the transactions initiated by the processor by selectively denying access to the hardware resources based at least in part on a current state of the state machine. The access filter may also filter transactions initiated by one or more of the hardware resources based at least in part on the current state of the state machine.

Abstract: Techniques for intelligently deciding the optimal authenticator(s) from amongst those supported by an electronic device are described. The authentication system according to some embodiments may include a dynamic machine learner that incorporates the attributes of: (i) user behavior attributes (e.g., preferred authenticator); (ii) device attributes (e.g., hardware and software specifications, applications, etc.); and (iii) operating environment attributes (e.g., ambient light, noise, etc.), as well as the interplay between the aforementioned attributes over time to make the decision. In some embodiments, the authentication activities and patterns of other users of similar type (e.g., users exhibiting similar behavior across different operating environments) can also be learned and employed to improve the decision making process over time.

Abstract: In one embodiment, a network security device is configured to monitor data traffic between a first device and a second device. The network security device may be configured to intercept a first initial message of a first encrypted handshaking procedure for a first secure communication session between the first device and the second device, the first initial message specifying a hostname that has been encrypted using first key information associated with the network security device, decrypt at least a portion of the first initial message using the first key information to determine the hostname, re-encrypt the hostname using second key information associated with the second device, and send, to the second device, a second initial message of a second encrypted handshaking procedure for a second secure communication session between the network security device and the second device, the second initial message specifying the hostname re-encrypted using the second key information.

Abstract: Based on context received regarding a mobile communications device a server determines whether an existing network connection employed by the mobile communications device offers a level of security that is appropriate. When the server determines that the level of security is appropriate, the mobile communications device is allowed to continue using the network connection. Otherwise, the server directs the mobile communications device to terminate the network connection.

Abstract: Resource allocation to workloads is disclosed. Telemetry data associated with existing or previously executed workloads is stored and used to develop models. Telemetry data from new workloads are collected and, using the models, a fingerprint is extracted and compared to the fingerprints of previous workloads. This allows the initial allocation of resources to the new workload to be improved and aids in resource allocation convergence.

Abstract: Embodiments disclosed herein describe a server, for example a security awareness server or an artificial intelligence machine learning system that establishes a risk score or vulnerable for a user of a security awareness system, or for a group of users of a security awareness system. The server may create a frequency score for a user, which predicts the frequency at which the user is to be hit with a malicious attack. The frequency score may be based on at least a job score, which may be represented by a value that is based on the type of job the user has, and a breach score that may be represented by a value that is based on the user's level of exposure to email.

Abstract: A method for controlling third-party access of a protected data resource is disclosed. The method includes: receiving an access token associated with a first application, the access token indicating access permissions for the first application to access a user account at a protected data resource; receiving a first request to perform a first access operation of accessing the user account using the access token; determining whether the first access operation is permitted based on the access permissions; in response to determining that the first access operation is not permitted: modifying the first request to obtain a second request for performing a second access operation of accessing the user account using the access token, the second access operation complying with the access permissions for the first application; transmitting the second request to a server associated with the protected data resource.

Abstract: A communication device mounted at a vehicle, the communication device including: a blocking section that, in a case in which communication with a second mobile device that is different from a first mobile device that transmits key information for the vehicle is interrupted, performs a blocking process to block an unlocking of the vehicle or a starting of the vehicle that is performed based on received key information.

Abstract: The present invention discloses a method and a system for user authentication in an offline mobile calibration or checklist performing device. At first, the work is assigned online in a Calibration Management Software (CMS), where the relevant data is selected and sent to a mobile device. In the field environment as offline, the mobile device requests user credentials from the user, and if valid, the user is able to perform the assigned task. With each obtained result, credentials are asked for saving the results into the mobile device. When the user returns from the field, he/she connects the mobile device with the CMS, and transfers the obtained work data from the mobile device to the CMS.