Abstract: A method and system that allows authorized individuals access into controlled access locations and the ability to grant temporary and limited access to guests into these locations. The method and system allow for navigational services to be provided to members and guests, and real-time tracking and confirmation to members and administrators that guests have arrived at their destination and did not enter any unauthorized areas. The method preferably can work through a system of wireless radio, sound and/or light-based beacons communicating with member and guest's electronic devices. Members and administrators can send one or more temporary electronic access keys to a guest's smartphone or other electronic device. Wireless radio, sound and/or light-based beacons provide an access control and location tracking system with real-time data about the member and guest whereabouts, allowing for the confirmation and tracking.

Abstract: An example operation includes one or more of determining a portion of memory in a transport for storing sensitive temporary data, setting a hardware threshold of a maximum number of reads of the data from the portion of memory, and clearing the data from the portion of memory with a hardware-enabled trigger in response to the maximum number of reads is reached.

Abstract: A micropattern detection-based method and system of performing an authentication of video of a person in order to authorize access to a secured resource is provided. The user provides image data in which they present a secondary computing device with a specially fabricated screen cover. The screen cover includes a plurality of micro-holes that collectively provide a unique micropattern. When the user adjusts a display setting, the micropattern, previously cloaked, becomes apparent as an arrangement of pinpoints of light. The system and method are configured to evaluate the image data to determine whether the micropattern is present. If a micropattern is present, the system determines the image is authentic and can verify an identity of the person. In some cases, the system can further be configured to automatically grant the person access to one or more services for which they are authorized.

Abstract: A secondary authentication platform operates by: probing an application server to imitate an authentication process associated with a first authentication factor; generating, via a learning function and in response to the probing, authentication pattern data associated with the first authentication factor; monitoring data transmissions from a client device that are directed to the application server; identifying authentication data associated with the first authentication factor in the data transmissions from the client device based on a comparison of the authentication data to the authentication pattern data; communicating with the client device via the network interface to authenticate a user of the client device to the secondary authentication platform via a second authentication factor; and when the user of the client device is authenticated to the secondary authentication platform via the second authentication factor, forwarding the authentication data to the application server to authenticate the user o

Abstract: Aspects of the present invention relate to user interface control of a head-worn computer.

Abstract: A procedure includes transmitting request information concerning user data requested to be collectively acquired, to an agreement server, requesting a token by scheduling a transmission timing of a token request for requesting to issue the token associated with a plurality of users from whom the agreement has been obtained among the users who fall under the request information, and by transmitting the token request to the agreement server in accordance with the scheduling, and acquiring, from a data management server, the user data not acquired yet in the user data on the users from whom the agreement has been obtained, by using the token acquired in the requesting the token.

Abstract: The present embodiments relate to systems and methods for automatic sign in upon account signup. Particularly, the present embodiments can utilize a federated login approach for automatic sign in upon account signup for a cloud infrastructure. Specifically, the signup and sign in service (also known as SOUP) and an identity provider portal can be configured such that the nodes are aware of each other as Security Assertion Markup Language (SAML) partners. After new account registration, the signup service can redirect the user browser to a cloud infrastructure console to start with a federated login flow, where a sign in service can issue a SAML authentication request, and redirects it to signup service. Responsive to validating the browser using a SAML authentication process, the browser can be automatically signed into the new account and allowed access the account relating to the cloud infrastructure service.

Abstract: A method of automatic and dynamic environment discovery and policy adaptation for a containerized environment is disclosed. A plurality of traffic monitoring policies for acquiring and monitoring data traffic transmitted between one or more components of a containerized environment are accessed. The containerized environment includes a plurality of software-implemented containers. The traffic monitoring policies are caused to be applied to one or more components in the containerized environment. A change to a configuration of the containerized environment is automatically detected. In response, one or more containers of the plurality of software-implemented containers are automatically identified as containers affected by the change.

Abstract: An electronic device including a memory storing instructions; and a processor that executes the instructions to perform a process including: identifying a registered device through a scan, after identifying the registered device, connecting with the registered device based on identification information of the registered device and a preset password, to establish a communication connection with the registered device, requesting, through the established communication connection, infrared codeset information from the registered device, and after receiving the requested infrared codeset information from the registered device, transmitting, to the registered device through the established communication connection, a request for authentication of the registered device, and transmitting, to the registered device over infrared light, an authentication signal including the infrared codeset information, for authenticating the registered device.

Abstract: Described is a system for secure distribution of a client certificate private key to client-based services. The system implements a specialized technique to minimize exposure of a key-encryption-key (KEK) that may be used to secure the client certificate private key that is managed by a certificate manager (CM). A client-based service generates a one-time secret message that is encrypted with the symmetric key and provided to the CM as part of a request to access the private key. The CM authenticates the request originates from a trusted before decrypting the private key with the KEK that remains known only to the CM. The CM then encrypts the decrypted private key with the secret message and provides the client-based service access to private key that is encrypted with the secret message.

Abstract: The techniques disclosed herein enable applications to seamlessly consume cloud-based services while minimizing exposure to security vulnerabilities. Specifically, an application is enabled to access a cloud service on behalf of a user without the user's active user token. Access is granted in a way that does not also grant access to any other user's cloud service. In some configurations, during an active user session, an artifact token is generated that caches the user's permissions. The artifact token may later be redeemed to gain access to the user's cloud service. For example, an application may request that a cloud service generate an artifact token. The request may be in response to a user scheduling the application to perform a task that depends on the cloud service. When the scheduled task is performed, the application may redeem the artifact token to access the user's cloud service.

Abstract: A network-based service creates a smart contract on a blockchain on behalf of a user who has a loan or a subscription that requires installment payments be collected by a provider from the user and provided to creditor of the loan or subscription. The smart contract associates a default account of the user with a first access token and non-default registered other accounts of the user with a second access token. The smart contract when presented with the access tokens from a provider determines whether the payment due can be satisfied from a current balance of the default account and if so, transfers the payment from the default account to the provider. If the default lacks sufficient funds for the payment, the smart contract proportions the amounts taken from each of the accounts to reach the amount due and transfers the amount due to the provider.

Abstract: Exemplary embodiments include an intelligent secure networked system configured by at least one processor to execute instructions stored in memory to form a protective layer between an application and a cybersecurity risk, the system including a HTTPS load balancer in communication with a controller/proxy, the controller/proxy in communication with a session database, a secrets management server and a workflow engine, the workflow engine in communication with the session database, the secrets management server and an integration station, and a hub server in communication with the session database, the secrets management server, and a hub client. The HTTPS load balancer may be configured to perform load balancing and autoscaling of communications to the controller/proxy. The controller/proxy may be configured to write session data to the session database, and the controller/proxy may be configured to read secrets to the secrets management server.

Abstract: A method and apparatus for providing support for Secure Objects on a data processing system including providing a Secure Object comprising code and data that is protected on the data processing system on a first processor which is a first type of processor, wherein the data processing system includes a plurality of processors of different types, responsive to a portion of the Secure Object being needed to be executed on a second processor which is a second type of processor different than the first type of processor, by the first processor calling the second processor in a special interprocessor call, returning information by the second processor to the first processor, and retrieving, by the first processor, the information from the second processor.

Abstract: Briefly, example methods, apparatuses, and/or articles of manufacture may be implemented, in whole or in part, using one or more computing devices to obtain, from a communications device, an identifier of the communications device transmitted via a communications network. The communications network may transmit a request for one or more parameters unique to a subscriber of the communications network. The method may also include processing signals indicative of the requested one or more parameters in response to the subscriber entering the one or more parameters into a graphical user interface of the communications device. The method may further include transmitting, to the communications device, one or more signals to provide a complement of subscriber parameters.

Abstract: According to various embodiments, a cellular architecture for enhanced privacy regarding identity and location of a computing device is disclosed. The architecture includes a next generation core (NGC). The NGC includes an authentication server function (AUSF) configured to determine whether the computing device contains a valid subscriber identity module (SIM) card, and a user plane function (UPF) configured to allow a computing device to connect to the Internet. The architecture further includes a gateway connected to the UPF, the gateway configured to authenticate the computing device while hiding the identity of the computing device by verifying authentication tokens that represent units of access.

Abstract: A computer-implemented method to enable short-range wireless communication via a webpage on a computing device includes receiving, via a web-browser executing on the computing device, from the webpage, a first request to execute a computer-executable instruction, the computer-executable instruction requests data from an enterprise server. The method also includes triggering, in response to a second request from the enterprise server to authenticate the first request, the web-browser to execute a predetermined computer program. The method also includes scanning, by the predetermined computer program a cryptogram from a contactless card to authenticate the cryptogram and cause the enterprise server to send the data. The method also includes executing, via the web-browser, the computer-executable instruction from the first request in response to receiving the data sent by the enterprise server.

Abstract: Techniques are disclosed for generating a message stream configured to indicate a source of the various messages within the message stream. In particular, the indicators identify which interface the messages were received at a terminal (e.g., of a mobile handset). The terminal receives messages on various interfaces, and separates the messages received via different interfaces with interface switch indicators within the message stream. In one embodiment, the smart card receives a message stream that includes sets of messages and interface switch indicators therein. The smart card delivers messages from the message stream to a single logical partition of the smart card up until an interface switch indicator is identified in the message stream. From that point, the smart card delivers messages from the message stream to a different logical partition of the smart card up until another interface switch indicator is identified in the message stream.

Abstract: A content management system enables a central server to connect to remote nodes at client sites. Software modules on the remote node is responsible for making necessary calls to the central server in order to create an index of the relevant data (or metadata) and fetch the appropriate binary information and files for the related metadata. Remote nodes are populated with data from the content management system via crawl/synchronize methods, or alternatively a hard drive of the data is initially configured at headquarters whereby data is saved to prevent trafficking data over a potentially unreliable connection over an extended period of time. The hard drive is then installed at the remote site and synchronized with the software module running in high performance enterprise library (HPEL) mode. The HPEL enabled server is configured to crawl and synchronize all the data and pick up differences in data using differential crawls.

Abstract: A method for operating a software framework is provided. The method may be applied to a software framework applicable to a gateway device, the software framework includes an application service layer and a basic service layer, the application service layer includes at least one device service registered in advance, and the basic service layer includes a data bus built in advance. The method includes: realizing a capability of a device associated with the gateway device based on the device service; and realizing communication between the device service and an external service based on the data bus, where the external service includes a device service belonging to a same gateway device as the device service or a different gateway device than the device service.

Abstract: Techniques for routing service mesh traffic based on whether the traffic is encrypted or unencrypted are described herein. The techniques may include receiving, from a first node of a cloud-based network, traffic that is to be sent to a second node of the cloud-based network and determining whether the traffic is encrypted or unencrypted. If it is determined that the traffic is encrypted, the traffic may be sent to the second node via a service mesh of the cloud-based platform. Alternatively, or additionally, if it is determined that the traffic is unencrypted, the traffic may be sent to the second node via an encrypted tunnel. In some examples, the techniques may be performed at least partially by a program running on the first node of the cloud-based network, such as an extended Berkeley Packet Filter (eBPF) program, and the like.

Abstract: Systems and methods are provided for creating and running an instance of a dynamic access control system (DACS). Trust providers may be defined in a trust broker of the DACS such that trust information associated with the trust providers can be used to create a custom data structure. Resources and resource groups may be defined in the DACS. Policies may be configured or coded in the DACS to map the custom data structure to recourses or resources groups. Additionally, policies may be configured or coded in the DACS to route the data structure and request to network segments or shared with other parties.

Abstract: A mobile device may comprise a secure memory. The mobile device may receive a request from a mobile application executing on the mobile device to store data in the secure memory. The request may comprise the data and a group identifier associated with the mobile application. A primary symmetric key associated with the group identifier may be determined. The data may be encrypted, using the primary symmetric key, to produce first encrypted data. A secondary symmetric key associated with the group identifier may be determined. The first encrypted data may be encrypted, using the secondary symmetric key, to produce second encrypted data. The second encrypted data may be stored to the secure memory.

Abstract: Embodiments of the invention are directed to systems and methods for validating transactions using a cryptogram. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a communication device provisioned with a token. The method comprises receiving, by a service provider computer, from an application on the communication device, a request for a token authentication cryptogram, wherein the token authentication cryptogram includes encrypted user exclusive data. The service provider computer may generate the token authentication cryptogram to include the user exclusive data. The service provider computer may send the token authentication cryptogram to the application, where the token authentication cryptogram can be used to validate the transaction, and the user exclusive data is extracted from the token authentication cryptogram during validation.

Abstract: A system for awarding prizes to users via an electronic game of chance is disclosed. The system is configured to generate digital tokens that are cryptographically linked to respective virtual representations of a set of winnable items. The system further includes a mystery box system that is configured to serve a mystery box game to a client device, wherein the mystery box game includes a mystery box recipe that designates a respective probability of winning each winnable digital token of the set of digital tokens and is configured to randomly select a winning digital token from the set of digital tokens in accordance with the mystery box recipe. The mystery box system is further configured to award the winning digital token to the user, wherein the winning digital token is redeemable for the respective winnable item corresponding to the winning digital token.

Abstract: A computing device operating on a Linux or Android platform for adding features to an in-vehicle infotainment system of a vehicle; it has an input/output interface; a power source input; a processor; and memory storing program code that, when executed by the processor, causes the processor to receive an Android-based smartphone infotainment application program; scan program code of the Android-based smartphone infotainment application program using a predefined pattern to locate a base certificate in the program code of the Android-based smartphone infotainment application program; generate a certificate-key pair from the base certificate; transmit the certificate of the certificate-key pair to the infotainment system for authentication and to enable communication with an Android protocol between the computing device and the infotainment system; and cause a display of information associated with a feature application program for display on the infotainment system; methods of use thereof.

Abstract: A computer-implemented method to secure an interaction between at least two users in a network, whereas at least two network nodes are connected via the network. The method includes: a first user connects to the network via a first of the two network nodes, the first user creates in the network a first identity corresponding to the first user via a software application running on the first network node, whereas the creation includes the first user providing first biometric information characterizing the first user, the first biometric information is stored in encrypted form by a computer-implemented identity management system, a second user accesses the network via a second network node, the second user requests via the network consent of the first user, whereas the request is sent via the identity management system, the first user denies or approves the request of the second user via the software application.

Abstract: An apparatus stores a security token in a memory associated with the apparatus. The security token is a software security artifact used to uniquely identify the apparatus. The apparatus receives a query message to provide the security token. The apparatus transmits the security token to be verified. In response to the security token being verified, the apparatus participates in a secured communication channel with a user device. The apparatus receives a second security token that is used for a subsequent authentication of the apparatus. The apparatus stores the second security token in the memory.

Abstract: Distributed security key management for protecting roaming data via a trusted platform module is performed by systems that include first and second processors, and first and second respective hardware security modules. The first security module encrypts a security key using a public key from the second security module, and the encrypted security key is provided to the second security module. A virtual machine (VM) executed by the first processor has a first virtual security module instance having state data that includes a storage key encrypting VM virtual disk data and that is encrypted with the security key. When a transfer condition is determined, the VM is transferred and executed by the second processor, using a second virtual security module instance, based on decrypting the security key by the second security module using a private key and decrypting the state data for the second virtual security module using the security key.

Abstract: Methods and systems for retrieving information from secondary computing systems using network access tokens are disclosed. The system can provide a user interface that lists a plurality of secondary computing systems to a client application executing at a client device associated with a user profile of the primary computing system. The system can receive, from the client device, a network token identifying a permission for accessing a second profile maintained at the secondary computing system, and retrieve the subset of data records from the secondary computing system according to a retrieval policy. The system can then update the user interface at the client application to present the subset of data records of the second profile.

Abstract: A method for awarding prizes to users via an electronic game of chance is disclosed. The method includes executing, by a gaming device, a mystery game that includes a recipe that defines a respective probability corresponding to each respective winnable token and a manner by which a winning digital token is randomly selected. The method also includes randomly selecting the winning digital token from the set of winnable digital tokens based on the mystery box recipe, wherein the winning digital token is redeemable for a corresponding winnable item that is represented by the winning token. The method includes awarding the winning digital token to user, wherein the winning token is redeemable for the won item. The method includes upon selecting the winning digital token, transmitting a signal indicative of winning token to a mystery box system that initiates a transfer of the winning token to an account of the user.

Abstract: Techniques are provided for performing user operations by a first system on a second system using user impersonation. One method comprises receiving, by a first system, a log in of a user to the first system and an operation to be performed by a second system; sending an impersonation request, by the first system to the second system, to obtain an impersonated user access token of the given user for the second system; receiving, by the first system from the second system, in response to the impersonation request, the impersonated user access token of the given user; and providing, by the first system to the second system, the operation with the impersonated user access token of the given user, wherein the second system performs the operation based at least in part on a result of an access validation of the impersonated user access token of the given user.

Abstract: Implementations described herein relate to memory command assignment based on command processor workload. In some implementations, a memory device may determine a first command type of a first memory command. The memory device may identify a first command processor, associated with the first command type, that is one of multiple command processors configured to execute memory commands. The first command processor may be configured to execute only commands having the first command type unless a computational credit condition, associated with another command processor, is satisfied. The memory device may determine that a cumulative computational credit value associated with the first command processor does not satisfy a condition. The memory device may assign the first memory command to the first command processor for execution based on determining that the cumulative computational credit value associated with the first command processor does not satisfy the condition.

Abstract: A test and measurement system that allows a user to use an activation code coupled with a user-owned communication device to provide security credentials to cloud or web-based services with security enhancements or preferences. The test and measurement system includes a test and measurement instrument that can initiate the connection and a remote server which provide an activation code for a user to enter on the communication device to connect the test and measurement instrument to the cloud or web-based services.

Abstract: Described are automated systems and methods for employing certificate authority meta-resources to facilitate automatic renewal and/or rotation of certificates and/or certificate authorities in a PKI hierarchy. For example, embodiments of the present disclosure can provide creating a certificate authority meta-resource, which can maintain and monitor certain information to facilitate automatic renewal and rotation of certificates and/or certificate authorities in a PKI hierarchy. The certificate authority meta-resource can also keep track of the active certificate authorities and certificates to ensure that trust is maintained without manual configuration of the PKI hierarchy.

Abstract: A real-world object-based method and system of performing an authentication of a person in order to permit access to a secured resource is disclosed. The system and method are configured to collect image data from an end-user in real-time that includes objects in their environment. At least one object is selected and its image data stored for subsequent authentication sessions, when the system can determine whether there is a match between the new image data and image data previously collected and stored in a database. If there is a match, the system verifies an identity of the person and can further be configured to automatically grant the person access to one or more services, features, or information for which he or she is authorized.

Abstract: A method of downloading or opening a file in response to a user input made through an application running in the computer system, includes the steps of detecting by the application that the user input is to download or open a file, issuing a request by the application to a file sanitation server to sanitize the file to remove embedded codes in the file and return the sanitized file, and upon receiving the sanitized file by the application, saving the sanitized file in a folder where the sanitized file can be opened.

Abstract: A vehicular apparatus is configured to authenticate a user of a vehicle. In response to authenticating the user, a user management table, which manages an association between the user and a permitted or prohibited operation of the user for each vehicle scene, is referred to, and the permitted or prohibited operation of the user authenticated is specified to provide a specified result. An application corresponding to the permitted or prohibited operation of the user is notified of the specified result to manage the operation of the user.

Abstract: A wireless access method, device and system is disclosed that enables remote dynamic configuration of wireless devices which emulate wireless tags, while maintaining compatibility with prior art access systems. This enables wireless tags to be shared in a manner that allows copies of the tags to remain synchronised with each other. The system includes a remote server, configured to selectively provide tag data to the wireless devices to enable the wireless devices to emulate the one or more wireless tags using the selectively provided tag data. In use, the wireless tags are configured to first retrieve tag data from the remote server, and subsequently emulate one or more wireless tags according to the retrieved tag data.

Abstract: Systems, methods, and computer program products are provided for monitoring network security in a mesh network. An example method includes receiving trust of service information relating to a user. The trust of service information includes one or more security details associated with at least one of a user device or a user network associated with the user. The method also includes determining a security level of a session involving the user based on the trust of service information relating to the user. The method further includes determining a security protocol for the session based on the determined security level. The security protocol determines at least one of a user access level or an additional security measure. The method still further includes causing an execution of the session based on the security protocol determined.

Abstract: Examples provide a multi-factor device holder (MDH) for storing multi-factor authentication devices. A housing encases a set of ports configured to connect to the set of connectors on two or more multi-factor authentication devices placed within the MDH. An external port can connect the MDH to a port on a user device. A selection device, such as a user interface, enables user selection of an authentication device from the set of authentication devices. A locking mechanism secures the housing in a closed configuration to prevent unauthorized access to the authentication devices stored within the MDH. The MDH can include a user authentication device, such as a biometric reader, to authenticate a user attempting to utilize the MDH. If authorized, the selected authentication device is unlocked and provided with power. The selected authentication device transmits a code to the user device via the external port connector.

Abstract: A decentralized secure repository is used as a medium for distribution of a one-time password (OTP) from an authentication system to a user's client device. End-to-end encryption of the OTP is provided: the OTP is both stored encrypted at rest on the decentralized secure repository, and is also encrypted when it is transmitted over computer networks between different systems, thereby thwarting attempts at eavesdropping. The decentralized secure repository itself also has a number of properties that enhance security of the OTP, such as tamper-proofness and auditability. The decentralized secure repository may be implemented with techniques such as a blockchain protocol.

Abstract: According to one embodiment, a service management system includes a relay device to relay communications between a client and a server providing a service that comprises one or more microservices. The relay device generates an authentication token, authenticates the authentication token when included in a service request from the client, and issues a command to the server to execute a service requested by the client after the authentication token is successfully authenticated. A token issuing server is provided to communicate with the relay device and the client and includes a storage unit and a processor. The processor is configured to store an access key issued by the relay device in the storage unit, acquire the authentication token from the relay device by using the access key, and send the acquired authentication token to the client in response to a token request from the client.

Abstract: An authentication system facilitates efficient generation of authentication integrations with third-party identity providers for client systems. The authentication system provides one or more interfaces configured to receive requests to make authentication integrations available for a third-party identity provider. The requests to make authentication integrations available include integration information for the relevant identity provider. Based on the request to make authentication integrations available, the authentication system generates an identity provider profile for the identity provider that can be used to generate authentication integrations with the identity provider for one or more client systems. Once the identity provider profile is generated, the authentication system uses the identity provider profile to generate authentication integrations for one or more client systems that request authentication through the third-party identity provider.

Abstract: There is provided an access system for controlling access to an inspection area and a product inspection apparatus. The access system comprises an area access controller configured to control an inspection area access means for controlling access to an inspection area; a product inspection apparatus controller configured to control access to one or more functions of a product inspection apparatus within the inspection area; a first RFID reader configured to read an external RFID tag of a user; and one or more memory devices configured to store authorised RFID data corresponding to one or more RFID tags each associated with an authorised user.

Abstract: A communication apparatus, when it perform data communication using a master base station and a secondary base station, stops communication with the secondary base station, confirms with a user whether or not the data communication is to continue in a case where communication with the secondary base station is stopped, and in a case where it was confirmed that the data communication is not continue, stops communication with the master base station.

Abstract: A system and method for PIN authentication issuance from a MFP QR Code includes a QR code presented on an authentication screen of multifunction peripheral display. A user requiring a personal information number to access a multifunction peripheral printing system managed by a print server scans the QR code with their secure smartphone or tablet. The scanned QR code opens a web portal to the sever on the user's device where they can select a new PIN. The new PIN is stored on the server for the user' account and access to the MFP is then granted when the user enters their new PIN.

Abstract: A system and method for a hybrid development platform for project development that integrates local and continuous integration (CI)-based building and testing. The system and method can make use of a build cluster, that executes individual commands within build targets; a build cache that stores partial results of previous executions; an artifact and image storage system, that stores and updates artifacts and container images; and a secrets repository that manages local and global project secrets. The system and method function as an automated build platform that enables an execution environment agnostic build platform for development over local development and extended network computing environments.

Abstract: An authentication method, a content delivery network CDN, and a content server are provided. The method includes: receiving, by a CDN, a content access request that is sent by a client and that carries a first authentication credential and a second authentication credential, where the first authentication credential is generated by a content server based on a first key allocated by the CDN, and the second authentication credential is generated by the content server based on a second key allocated by a cloud server; performing, by the CDN, authentication on the first authentication credential by using the first key; and performing, by the cloud server, authentication on the second authentication credential by using the second key. In this manner, the CDN and the cloud storage server separately allocate different keys to the content server.

Abstract: Aspects of the subject disclosure may include, for example, initializing a secure timer in a wireless device, determining whether a subscriber identification module (SIM) card installed in the wireless device comprises a carrier identity that matches a carrier identity stored in the machine-readable medium, establishing a network connection with a trusted server, starting the secure timer if the SIM card and network connection are satisfactory, periodically checking the network connection and SIM card until expiry of the secure timer, penalizing the secure timer responsive to a failure of the network connection or SIM card check, and responsive to expiry of the secure timer, unlocking a SIM lock. Other embodiments are disclosed.