Abstract: A computer-implemented method for selectively monitoring devices may include (i) identifying a set of characteristics of a device-usage session of a device, (ii) calculating, based on the set of characteristics, a privacy score for the device-usage session, (iii) selecting, for the device, a device monitoring profile that is correlated with the privacy score and that defines an intensity level of monitoring actions to be performed on the device, and (iv) monitoring activity performed on the device during the device-usage session in accordance with the device monitoring profile that is correlated with the privacy score for the device-usage session. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A server includes one or more processors configured to: perform bidirectional communication with the software update device using a first communication method; transmit information to the software update device using a second communication method different from the first communication method; and determine whether the one or more processors have received a specific request from the software update device using the first communication method, wherein the one or more processors are configured to provide a notification to the software update device using the second communication method when determining that the one or more processors have not received the specific request from the software update device.

Abstract: Various embodiments disclosed herein are related to a non-transitory computer readable storage medium. In some embodiments, the medium includes instructions stored thereon that, when executed by a processor, cause the processor to receive, at a node of a cluster on an edge network, an indication that the cluster received a configuration update, compare a first parameter of a configuration state of the node to a second parameter of the configuration update, determine if the first parameter matches the second parameter, in response to determining that the first parameter matches the second parameter, apply the configuration update, and collect data in accordance with the configuration update.

Abstract: A “scannable logo” image contains encoded identity data for the logo brand owner, encoded visual identification characteristics for the logo brand, an encoded GPS data corresponding to manufacturing location for a manufactured item or assembled item, plus additional embodiment dependent data. The image is scanned with the image scanning function of a mobile communication device and the encoded logo brand owner identity data, the encoded visually identifying characteristics for the logo brand, and the encoded GPS location information are decoded with a decoding function. The GPS location information is captured for the mobile communication device with the GPS function of the mobile communication device and compared to the decoded GPS location information. If the decoded information is a geo-proximal match, an authentication application is launched in the computer function of the mobile communication device.

Abstract: Methods and systems for monitoring network activity. Various embodiments may deploy virtual security appliances to a certain location or with a specific configuration based on data regarding previous attacks and attacker activity. Accordingly, the deployed virtual security appliance(s) are better suited to gather more useful behavior regarding threat actor behavior and attacks.

Abstract: A system and method for determining human keystrokes in a secure shell (SSH) session from SSH session data traffic provides insight and evidence of an intrusion into a computer network. In one embodiment, the presence of human keystroke(s) in an SSH session may be inferred using a sensor appliance. In one embodiment, the SSH data traffic is encoded in a vector, one or more communication patterns are identified in the vector and the presence of human keystrokes may be inferred from the one or more communication patterns.

Abstract: Embodiments of the invention include an entity, such as ePDG or TWAN entity, capable of serving a User Equipment for WLAN access to a Packet Core such as EPC of a mobile network, said entity configured to: provide at least one of: an indication whether IMEI checking is requested, an indication whether IMEI checking by a visited EIR or by a home EIR is requested, an indication of an action to be taken upon IMEI check result.

Abstract: Introduced here are technologies for securely booting a network access device or a satellite device. A network-accessible server system may receive a boot request that includes a boot certificate to identify the network access device. The network-accessible server system may determine that the boot certificate corresponds with a verified boot certificate listed on a boot certificate registry. The network-accessible server system may determine that a geographical location of the network access device and a user electronic application executing on an electronic device are within a predetermined range.

Abstract: According to aspects of the present disclosures, when receiving an enabling request of a cloud cooperation function, a controller of an MFP notifies a user using an LCD module and change its state to an approval waiting state. When an approval operation by a user is confirmed, the MFP shifts access permission state and notifies a mobile terminal of the fact. When a constant connection between the MFP and a server is established, the MFP transmits a creation request for creating a server access token to the server. Then, the MFP receives the server access toke and transmits the same to the mobile terminal.

Abstract: Embodiments for securing fine timing measurement (FTM) communications are described. FTM communications include FTM frames sent and received from an initiating station (ISTA) and a responding station (RSTA). The RSTA records a plurality of parameters associated with the FTM frames and uses the plurality of parameters to learn and identify a device profile for the ISTA. The device profile is used to determine a behavior filter for the FTM from the ISTA and the RSTA filters FTM traffic according to the behavior filter to prevent malicious attacks in the FTM communications.

Abstract: Systems and methods are described herein to enable the automated and/or user-guided creation, collection, and curating of digital content items that represent a user's experiences, personality, interactions, and legacy. A digital trustee may be assigned to control access to the content after the death of the user. A user may create a death file with content items to be handled in a specific (e.g., user specified) manner after the death of the user. For example, the contents of the death file may be released to a family member or deleted by the system entirely.

Abstract: Systems and methods for account access/identity verification based on access to a third party account. In various embodiments, the disclosed system facilitates access to a particular account via verification of the identity of the accessing user through control of a third party account. That is, in one embodiment, the system allows a user to access an account if the user can prove that he/she also has access to another account (e.g., via providing a code to the system that was transmitted to the other account).

Abstract: Some embodiments provide a method, executable by a network device, that receives a first set of commands instructing the network device to allow network traffic to egress out of an authentication port of the network device. The authentication port is configured to belong to a first virtual local area network (VLAN). An unauthenticated device is connected to the authentication port. The method further receives a second set of commands instructing the network device to add ports belonging to the first VLAN to a broadcast domain of a second VLAN. The method also broadcasts an address request to the broadcast domain of the second VLAN. The method further receives, from the unauthenticated device, a response to the address request.

Abstract: An apparatus includes a non-volatile memory (NVM) device coupled to a host, the NVM device including a processing device to: receive a communication packet from a server via the host computing system that is coupled to the NVM device and communicatively coupled to the server, the communication packet comprising clear text data that requests to initiate secure communications; perform a secure handshake with the server, via communication through the host computing system, using a secure protocol that generates a session key; receive data, via the host computing system, from the server within a secure protocol packet, wherein the data is inaccessible to the host computing system; authenticate the data using secure protocol metadata of the secure protocol packet; optionally decrypt, using the session key, the data to generate plaintext data; and store the plaintext data in NVM storage elements of the NVM device.

Abstract: Telemetry associated with an Exec( ) Event denoting that a program has been invoked via a process is received. A determination is made that the process is a shell. Subsequent to determining that the invoked program is a shell, additional information comprising information that the program has attempted to obtain terminal information is received. Based at least in part on the received additional information, a determination is made that the program is an interactive shell. An action is taken in response to the determination that the program is an interactive shell.

Abstract: The invention relates to systems and methods that implement an interactive contractor dashboard. An embodiment of the present invention is directed to aggregating contingent labor data (firm-wide and globally) into a single consolidated infrastructure from multiple data feeds and systems. Once the data is aggregated, an embodiment of the present invention may apply entitlements, reduce the dataset accordingly and dynamically provide a customized interactive interface where the user may generate reports and access analytics for one or more contractors associated with the user.

Abstract: A method may include receiving a registration request at a server of a consent management platform from a content-presentation device, and using an authentication certificate in the request to establish a secure communicative connection. The server may generate: a global ID (GID) from information received over the secure connection; a device-based device record for the device, and including the GID and a unique address indicator; and a cryptographically-signed token. The GID, device record, and token may be transmitted to the device. The unique address indicator may be associated with consent packages having features of a media distribution system that require user consent to associated agreements for activation on the device. The server may generate a server-based device record duplicating the device-based device record, and including the consent packages and indicators of consent agreement status initialized to undeclared. The server may store the server-based device record in a flat database.

Abstract: A system for detecting phishing events is provided. A data receiver is configured to receive datasets representative of web traffic associated with access to or on-going usage of an application hosted on a server of a production environment by a user. A machine learning engine is configured to generate a score based at least on the datasets representative of the web traffic indicative of whether the user is a malicious user or a non-malicious user. A routing modification engine is configured to route downstream web traffic associated with access to or on-going usage of the application by the user if the score is greater than a threshold to a server of a sandbox environment that is configured to emulate a graphic user interface of the production environment.

Abstract: In one embodiment, a network security device is configured to monitor data traffic between a first device and a second device. The network security device may be configured to intercept a first initial message of a first encrypted handshaking procedure for a first secure communication session between the first device and the second device, the first initial message specifying a hostname that has been encrypted using first key information associated with the network security device, decrypt at least a portion of the first initial message using the first key information to determine the hostname, re-encrypt the hostname using second key information associated with the second device, and send, to the second device, a second initial message of a second encrypted handshaking procedure for a second secure communication session between the network security device and the second device, the second initial message specifying the hostname re-encrypted using the second key information.

Abstract: A network and a device can support secure sessions with both (i) a post-quantum cryptography (PQC) key encapsulation mechanism (KEM) and (ii) forward secrecy. The device can generate (i) an ephemeral public key (ePK.device) and private key (eSK.device) and (ii) send ePK.device with first KEM parameters to the network. The network can (i) conduct a first KEM with ePK.device to derive a first asymmetric ciphertext and first shared secret, and (ii) generate a first symmetric ciphertext for PK.server and second KEM parameters using the first shared secret. The network can send the first asymmetric ciphertext and the first symmetric ciphertext to the device. The network can receive (i) a second symmetric ciphertext comprising “double encrypted” second asymmetric ciphertext for a second KEM with SK.server, and (ii) a third symmetric ciphertext. The network can decrypt the third symmetric ciphertext using the second asymmetric ciphertext.

Abstract: A security key device, a security authentication system, and a security authentication method are provided. The security key device includes a communication module, a security processing unit, and a processing unit. The security processing unit executes an authentication module, a bridge module, and a management module. The authentication module is configured to operate according to a Fast IDentity Online protocol. The management module is configured to operate according to a Public Key Infrastructure protocol. The authentication module receives through the communication module an input command provided based on the Fast IDentity Online protocol by a web authentication module of a browser executed by an electronic device. According to a header of the input command, the authentication module determines that the input command is used to be executed by the authentication module or used to access the management module through the bridge module.

Abstract: A network device queue manager receives a request to execute a workload on a node of a cloud computing environment, where the cloud computing environment comprises a plurality of nodes; determines that the workload is to be executed by a dedicated processor resource; identifies a set of one or more shared processor resources associated with the node, wherein each shared processor resource of the set of shared processor resources processes device interrupts; selects a processor resource from the set of one or more shared processor resources to execute the first workload on the first node; bans the selected processor resource from processing device interrupts while executing the workload; and executes the workload with the selected processor resource.

Abstract: A security object management system may include a management module including a device processor and a non-transitory computer readable medium including instructions stored thereon, and executable by the processor, for performing the following steps: accessing a database having stored therein data regarding a plurality of security objects, wherein the data includes ownership data regarding the assignment of rights associated with the security objects; and receiving user input to certify the accuracy of data associated with at least one of the security objects; wherein the computer readable medium further includes instructions for, in response to a change in data associated with a security object, executing a write back function whereby the change in the data is stored in a database that is accessible by a third party having access rights exclusive of ownership and administrator rights of the security object in the database.

Abstract: A system for cryptographic authorization of wireless communications includes a verifying node and configured to receive a transfer request from a user device, authenticate the transfer request, generate a transfer authorization token, and provide the transfer authorization token to at least one recipient device.

Abstract: Access token scope limiting is provided. An access token of a client containing a list of scopes is presented to an authorization application programming interface of the computer. Each scope in the list of scopes defines a permission to access a particular protected resource hosted by a resource server. A new access token is returned to the client containing a decreased number of scopes using a scope alias in response to the authorization application programming interface requesting a decrease in a number of scopes in the list of scopes. The scope alias representing a plurality of specific scopes from the list of scopes contained in the presented access token.

Abstract: Detecting and restricting floods of unwanted messages is implemented by cluster analysis over time intervals. Application of streaming machine learning clustering algorithms enables finding clusters of messages (P2P text messages, WHATSAPP, tweets) sharing the same content. Such clusters may be analyzed for finding out offensive messages, unwanted or spam messages, and rumors and take corrective actions as needed. The solution enables visualization of data and/or messages and identification of clusters as the solution works on the data and aggregates data into clusters over time intervals. Corrective actions may be applied on selected clusters based on visualized data clusters or by automated application of defined rules.

Abstract: In file storage, a CPU is configured to: divide a file into a plurality of chunks, execute encoding processing on at least one of the chunks to obtain an encoded chunk, and store in cloud storage a plurality of chunks of the file including the encoded chunk; acquire, when receiving a read command of which target is data of a part of a file stored in the cloud storage, a read target chunk including data, which is a target of the read command, from the cloud storage; and execute, when an encoded chunk is included in the read target chunk, decoding processing on the encoded chunk, identify data that is a read target from the read target chunk including the chunk having been subjected to decoding processing, and hand over the identified data to a command source of the read command.

Abstract: Various embodiments of apparatuses and methods for protecting data integrity in a content distribution network (“CDN”) are described. Code or data in one of the servers or instances of a CDN might sometimes become incorrect or corrupt. One corrupted server or instance can potentially impact a considerable portion of the CDN. To solve these and other problems, various embodiments of a CDN can designate one or more parameters, which are then identified in a request for content to another entity. In these embodiments, the CDN can generate an encoding of the expected values of the designated parameters. The CDN can then compare, in these embodiments, its encoding of the expected values to an encoding of the values received from the other entity in response to the request. The CDN can validate the content of the response, as well as the identity of the other entity, in some embodiments.

Abstract: A system for performing authorization of a user in an augmented reality environment comprises an augmented reality user device, an automatic teller machine, and an authentication server. The automatic teller machine has a keypad with unmarked buttons. The augmented reality user device includes a display configured to overlay virtual objects onto a field of view of a user. The augmented reality user device receives a virtual keypad overlay, which assigns values to the unmarked buttons of the keypad. Using the overlay, the augmented reality user device displays the assigned values on the buttons of the keypad. The automatic teller machine detects an input sequence entered on the keypad and sends the input sequence to the authentication server. The authentication server determines an authentication code by combining the input sequence with the virtual keypad overlay, and compares the determined authentication code with an authentication code stored in a database.

Abstract: A method comprises a server generating a server nonce and transmitting a server public key, a key signature and the server nonce to a device, the device verifying the server public key, signing the server nonce with a device private key, generating a device nonce, and transmitting the server nonce, the server nonce signature, a device public key, a device key signature, and the device nonce to the server, the server verifying the server nonce and the device public key, generating a session key, encrypting the session key with the device public key, signing the device nonce and the session key with a server private key, and transmitting the device nonce, the signed device nonce and session key, and the encrypted session key to the device, and the device verifying the device nonce, decrypting the encrypted session key with the device private key, and verifying the decrypted session key.

Abstract: The following description is directed to a logic repository service. In one example, a method of a logic repository service can include receiving a first request to generate configuration data for configurable hardware using a specification for application logic of the configurable hardware. The method can include generating the configuration data for the configurable hardware. The configuration data can include data for implementing the application logic. The method can include receiving a second request to download the configuration data to a host server computer comprising the configurable hardware. The method can include transmitting the configuration data to the host server computer in response to the second request so that the configurable hardware is configured with the host logic and the application logic.

Abstract: Various technologies described herein pertain to generating an occupancy grid movie for utilization in motion planning for the autonomous vehicle. The occupancy grid movie can be generated for a given time and can include time-stepped occupancy grids for future times that are at predefined time intervals from the given time. The time-stepped occupancy grids include cells corresponding to regions in an environment surrounding the autonomous vehicle. Probabilities can be assigned to the cells specifying likelihoods that the regions corresponding to the cells are occupied at the future times. Moreover, cached query objects that respectively specify indices of cells of a grid occupied by a representation of an autonomous vehicle at corresponding orientations are described herein. An occupancy grid for the environment surrounding the autonomous vehicle can be queried to determine whether cells of the occupancy grid are occupied utilizing a cached query object from the cache query objects.

Abstract: Described herein are techniques that may be used to provide for automatic obfuscation of one or more objects in a media data. Such techniques may comprise receiving, from a data source, a media data comprising a depiction of a number of objects, identifying, within the received media data, a set of objects associated with the media data, and storing an indication of one or more locations of the objects in the set of objects within the media data with respect to time. Upon receiving a request for the media data, such techniques may further comprise updating the media data by applying an obfuscation effect to the one or more locations with respect to time, and providing the updated media data in response to the request.

Abstract: A method for securing electronic transactions includes associating a mobile electronic device with a first user. A first computer system retrievably stores registration data relating to the first user, including a device identifier that is unique to the mobile electronic device. A security application that supports in-application push notifications is installed on the mobile electronic device. The first computer system sends a push notification to the mobile electronic device, the push notification prompting the first user to provide a confirmation reply via a user interface of the security application for activating the mobile electronic device as a security token. The mobile electronic device is activated as a security token for the first user in response to receiving at the first computer system, from the mobile electronic device, the confirmation reply from the first user.

Abstract: In some examples, a computing device comprises a first service function instance to apply a service function and a service function forwarder to: receive a first layer 3 routing protocol route advertisement that includes service function instance data for a second service function instance, the service function instance data indicating a service function type and a service identifier for the service function instance; receive a second layer 3 routing protocol route advertisement that includes service function chain data for a service function chain, the service function chain data indicating a service path identifier and one or more service function items; and send, to the second service function instance and based at least on determining a service function item of the one or more service function items indicates the second service function instance, a packet classified to the service function chain.

Abstract: A method for an access network of a telecommunications network includes: in a first step, a first authentication, authorization and accounting (AAA)-related message is sent by an authentication server entity and received by an access orchestrator entity, the first AAA-related message comprising: at least one standardized message attribute according to an access protocol; and at least one vendor-specific message attribute; in a second step, subsequent to the first step, the access orchestrator entity sends a second AAA-related message to a service edge entity, the second AAA-related message solely comprising the at least one standardized message attribute according to the access protocol; and in a third step, subsequent to the first step and prior to, during or after the second step, the access orchestrator entity sends at least one third AAA-related message to the service edge entity, the at least one third AAA-related message corresponding to a message according to an application programming interface (API)

Abstract: A method of managing authorizations to operate a software tool. The method comprises maintaining a count of available authorizations and an authorization allocation list that identifies what authorizations for executing the software tool are allocated to what computers by an authorization resource manager application executing on a computer system, for each of a plurality of computers, determining periodically by the authorization resource manager application if the computer is currently executing the software tool, for each computer determined to be executing the software tool, determining by the authorization resource manager application if an authorization for executing the software tool is allocated to the computer in the authorization allocation list, and, in response to determining that a computer is executing the software tool without being identified as being allocated an authorization in the authorization allocation list, invalidating an authorization identity being used by the computer.

Abstract: An achievement platform may be maintained using a database system. A user interface may be displayed on a device of an authorized user of the achievement platform. The user interface may be configurable to allow the authorized user to create or modify customizable awards that are achievable based on customizable logic definable by the authorized user. The authorized user may be affiliated with a first one of a plurality of organizations implementing an application or service. Input, to create a first award based on first customizable logic may be processed. The first customizable logic may be configured by the authorized user such that satisfaction of conditions causes designated users associated with the application or service to be presented with the first award. It may be determined that a first user affiliated with the first organization has satisfied the conditions. The first user may be presented with the first award.

Abstract: Embodiments of the present invention provide a system for authenticating and tracking resource distributions of secondary users. The system is configured for receiving a registration request from a primary user, wherein the registration request is associated with registration of one or more secondary users, in response to receiving the request, generating user credentials for each of the one or more secondary users, associating the user credentials with a primary user identification of the primary user, receiving a resource distribution request from a secondary user of the one or more secondary users, authenticating the secondary user, and processing the resource distribution request based on authenticating the secondary user.

Abstract: One example method includes receiving, by a compliance auditing server, an indication of an encrypted video conference; sending, by the compliance auditing server, a request to a video conference provider to join a compliance auditing participant to the encrypted video conference, wherein the video conference provider does not have access to the compliance auditing server; receiving and storing, by the compliance auditing server, encrypted streams of audio and video from a plurality of participants in the video conference, wherein: the compliance auditing participant is one of the plurality of participants; and the video conference provider does not have access to the cryptographic meeting key; receiving, by the compliance auditing server after the encrypted video conference has ended, a request for a portion of the encrypted streams of audio and video; and providing, in response to the request, the portion of the encrypted streams of audio and video.

Abstract: A technique is provided that enables native authentication to cloud services by employing identity management of on-premise applications from the cloud. More specifically, a Web-service interface built on an innovative orchestration of platform-independent container technology is created. An identity management application is made available inside a container and which therefore can execute in any cloud-service provider. Specifically, this application can communicate back into a business' on-premise applications, using the Representation State Transfer (REST) application programming interface architecture. The container is published to the cloud for users to download. Thus, for example, by way of this technique, a user can log onto any cloud application with using the same logon information the user uses on-premise.

Abstract: Systems and methods of managing information technology infrastructure are described. A method includes identifying a run trigger between a first node and a second node, each node maintaining a configuration for a portion of a cloud computing infrastructure associated with executing a portion of a cloud-based application. The run trigger initiates in response to an action at the first node and comprises a source identifier identifying the first node and a destination identifier identifying the second node. Then a run is queued on the second node based on the run trigger, the run including a process executed on the second portion of the cloud computing infrastructure with data received by the second node and associated with a run source identifier. The run on the second node is then planned and executed, causing the cloud computing infrastructure to modify infrastructure resources associated with the second portion of the cloud computing infrastructure.

Abstract: An apparatus for sharing location information of a vehicle may include: a communication circuit configured to communicate with a server, and a processor electrically connected with the communication circuit. The processor may be configured to receive, via the communication circuit, authentication information for sharing the location information of the vehicle from the server; transmit, via the communication circuit, the authentication information to an external device, which is a target for sharing the authentication information, such that the external device receives the location information from the server; and acquire the location information from the server using the authentication information.

Abstract: Methods and systems for providing security and verifying a human user and/or an authorized user are described. A system may include a processor and a non-transitory, processor-readable storage medium. The non-transitory, processor-readable storage medium may include one or more programming instructions that, when executed, cause the processor to receive a request to access a secured resource, provide a verification challenge to a user via a user interface, receive at least one input from the user in response to the verification challenge, and determine that the at least one input corresponds to at least one parameter indicative of a human user. The verification challenge may include a game.

Abstract: A system for combining data from various data providers, certain portions of said data necessary to perform identity related services, said portions of said data combined into a central repository with a secure data structure, said data structure made available to outside parties participating in verification or validation services on at least a part of said portions of said data, storing the results of said services as separate entries in said data structure, resulting after a review in a total score, that can be used as a proofed portable identity verification.

Abstract: Technologies are disclosed for dynamic authorization of users for distributed systems. A permission service allows authorized users to specify permissions for users of different systems, such as physical access security systems (PACS) and easier for users to interact with the authorized resources of the PACS. A manager may select a role for the user to specify the allowed permissions for the user. Changing the permissions/resources of a role automatically changes the permissions for users that are associated with the role. A scope may also be assigned to the user that specifies the locations of the physical resources that the user may access (e.g., a particular data center, a region, globally, . . . ). Instead of having to locate specific resources that the user is authorized to access, a graphical user interface (GUI) displays the authorized resources. When the resources change, the GUI is dynamically updated.

Abstract: A service provider provides flexible access to services using an identity provider. The service provider is associated with a custom access policy used by the identity provider to authenticate access requests associated with client devices for services of the client system. The custom access policy describes a set of access levels corresponding to variable levels of access to services of the service provider. The identity provider authenticates access requests by client devices using one or more device signals from the client devices. In some embodiments, the identity provider determines a device trust score for the client device using the one or more device signals. The identity provider provides an authentication response to the client system based on the custom access policy. The client system uses the authentication response to determine an access level for the client device from the set of access levels described by the custom access policy.

Abstract: Systems and methods are provided for persistent login. Such persistent login may be based on linking user identity across accounts of different entities to allow each entity to maintain control over their respective sets of user data, while providing a streamlined user experience that avoids much of the repetitive need to login to different services with different login credentials (e.g., during periods of heavy use). Such persistent login may utilize a set of tokens issued and exchanged between devices of the partnering entities. Such tokens may include an access token, refresh token, and identity token. When a user associated with a first entity requests access to information secured by a second entity, such request may be associated with the access token. If the access token is determined to be expired, the refresh token may be used to refresh the access token, which may also trigger issuance of a new refresh token.

Abstract: Systems and methods for enhanced SSO, which can avoid faults in known protocols and standards for access delegation. For example, the enhanced SSO can use a shared security mechanism, such as a keychain or keystore, for sharing vendor identity over mobile applications without some of the pitfalls of using cookies. And, a connector code can bind the mobile applications to each other so that only the enhanced SSO is required for a user to log in to the mobile applications and remain logged in to the applications on one or more mobile devices.

Abstract: A computer-implemented method for facilitating offline transactions includes: receiving, by a first user device, an offline payment request from a merchant payment system via a first local communications connection; providing, by the first user device, a payment approval message to the merchant payment system via the first local communications connection; providing, by the first user device, the offline transaction information to the payment server corresponding to the payment approval message to the payment server when the first user device and the payment server are connected via a network; determining, by the first user device, that an instruction to transfer the offline mode of the first user device to a second user device has been received; and disabling, by the first user device, the offline mode of the first user device.