Abstract: A computer implemented method and a universal rewards management system (URMS) are provided for managing collection and redemption of universal rewards. The URMS establishes a communication between a consumer device and a merchant device via a network and communicates purchase transaction information of a consumer's purchase to the merchant device for acquiring a reward generation approval from the merchant device. The URMS generates universal reward points redeemable for any reward voucher issued by any merchant, using the purchase transaction information and predetermined computation parameters based on the acquired reward generation approval. The URMS generates a reward voucher redeemable from the merchant associated with the purchase, for a subsequent purchase made by any consumer using other predetermined computation parameters. The URMS communicates a reward voucher redemption request to the merchant device for acquiring a reward voucher redemption approval.

Abstract: The disclosed computer-implemented method for completing multi-factor authentication via mobile devices may include (1) identifying a request to communicate with a user's mobile device to complete multi-factor authentication of the user to an online service, (2) determining that authentication notifications are disabled for attempts made by the user to login to the online service, (3) preventing an authentication notification from being displayed on the user's mobile device, (4) receiving an out-of-band authentication communication from a mobile device, (5) determining that the mobile device that sent the out-of-band authentication communication is the user's mobile device and is therefore trusted to complete the multi-factor authentication of the user to the online service, and (6) enabling the user to login to the online service and automatically receive future notification. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computing system of an authentication service provider receives a federated identity protocol request triggered by a relying party to validate a user. The federated identity protocol request includes a user identifier of an authenticated identity. The computing system searches mapping data stored in a data store that is coupled to the computing system to identify a type of virtual token associated with the user identifier and authenticates the user by requesting the identified type of virtual token from a user device and verifying a virtual token received from the user device using the mapping data. The computing system sends second-factor authentication results to the relying party via the federated identity protocol.

Abstract: A computer system receives a request to access a server. The request includes a first device tag set. When the first device tag set matches a previously assigned device tag set, the computer system allows access to the server without requesting full access credentials of a user. The computer system invalidates the first device tag set, and sends a second device tag set. When the first device tag set does not match the previously assigned device tag set, the computer system requests full access credentials from the user.

Abstract: A system for authenticating a user to a relying party. A user sends an access request to a relying party web application. In response, the application sends a page with JavaScript that detects a plug-in at the user and detects the relying party domain. The plug-in uses its device certificate or other pre-established credentials to sign a challenge along with other site and user information including the site domain, the authentication service URL and user identifier, and send it, along with the data including the domain and the user identifier, to an authentication service. The service authenticates the information and sends back to the plug-in a short ticket that can be passed on to the relying party, which can validate it using the Radius protocol and an authentication service call, thereby authenticating the user.

Abstract: A method for authenticating a user includes receiving a user identification, confirming the user identification, sending a request to the user to perform a single action on a communication device, creating a session to receive the single action from the communication device, receiving an identifier from the communication device, using the identifier to verify that the user has the communication device, and authenticating the user based on the confirmed user information and the verification that the user has the communication device. The identification can include a username and a password or can be a one time password.