Abstract: The disclosed subject matter provides authentication between a client device and a server. The server allocates a dynamic user ID contained within an authentication token that is provided to the client device. In response to each successful authentication with the server, a new dynamic user ID is generated and provided to the client device for use in a subsequent authentication session. In generating the new dynamic user ID for the client device, the server invalidates any previously-provided dynamic user IDs for the client device.

Abstract: Systems and methods for performing authentication may include encrypting, by a server computing system, a question based on a first password associated with a user and based on successful verification of user identification to generate an encrypted question; transmitting, by the server computing system, the encrypted question to a user computing system; receiving, by the server computing system, an encrypted response from the user computing system, the encrypted response associated with the encrypted question; decrypting, by the server computing system, the encrypted response based on the first password to generate a response; and establishing, by the server computing system, a login session with the user computing system based on successful verification of the response.

Abstract: The disclosed subject matter provides authentication between a client device and a server. The server allocates a dynamic user ID contained within an authentication token that is provided to the client device. In response to each successful authentication with the server, a new dynamic user ID is generated and provided to the client device for use in a subsequent authentication session. In generating the new dynamic user ID for the client device, the server invalidates any previously-provided dynamic user IDs for the client device.

Abstract: Techniques are disclosed relating to preventing unauthorized access to private user information by improving cookie security. Cookie data may be subject to interception and replay attempts by malicious users. In disclosed techniques, a server computing system receives a request from a user device that includes encrypted cookie data and device identification information encrypted using a first key of a key pair generated by the server system. The server system may decrypt encrypted cookie data included with the request using a server encryption key. Based on decrypting the cookie data, the server system may retrieve previously-stored device identification information. The server system may decrypt device identification information received with the request using a second key of the key pair. The server system may compare the decryption result with the previously-stored device identification information and, based on the comparison, determine whether to use the cookie data for the request.

Abstract: Systems and methods for performing authentication may include encrypting, by a server computing system, a question based on a first password associated with a user and based on successful verification of user identification to generate an encrypted question; transmitting, by the server computing system, the encrypted question to a user computing system; receiving, by the server computing system, an encrypted response from the user computing system, the encrypted response associated with the encrypted question; decrypting, by the server computing system, the encrypted response based on the first password to generate a response; and establishing, by the server computing system, a login session with the user computing system based on successful verification of the response.

Abstract: A multifactor authentication system is implemented to enable interactive access to a secure application. A request to access a secure application can be received via a client device which can initially perform a credential exchange with a server associated with the secure application. Based on an indication that a credential exchange is valid, a secondary authentication request can to be sent to the client device to initiate multifactor authentication. An authentication check issued by an entity associated with the secure application can be scanned at the client device to, and an identification indicator associated with the authentication check and/or a signature of a user of the client device can be extracted. The identification indicator and the signature can be verified or otherwise authenticated, and access to the secure application via the client device can be enabled.

Abstract: To increase the effectiveness of push authentication, a push authentication can be augmented with another authentication factor. A push authentication can be augmented with the “what you know” factor, effectively merging the “what you know” factor into the “what you have” factor. Using a collection of “what you know” factor queries (e.g., knowledge-based questions), an authentication server can select a subset of the “what you know” factor queries and incorporate the selected one or more factor queries into a message that conveys the push authentication notification.

Abstract: A secure protocol has been developed that reduces the number of transactions associated with multifactor authentication (MFA) systems. An identity provider determines authentication factors which satisfy an application assurance level and constructs a credential collection file with input elements corresponding to the determined factors. The identity provider communicates the file to a client for collection of corresponding credentials. After submission of credential data, the collected set of credentials or credential data (“MFA credential set”) is returned to the identity provider for verification. The identity provider does not redirect to the client for additional transactions until after verifying the MFA credential set. In addition to reducing MFA communication overhead for a client, the credential collection file is based on a structure or schema that can be edited to adapt to changes in assurance level and authentication mechanisms.