Abstract: A cellular terminal detects any capability reporting trigger and responsively to such determination produces a cellular network authentication capabilities message indicative of cellular network authentication capabilities available for the terminal; and transmits the cellular network authentication capabilities message to the cellular network. The cellular network receives the network authentication capabilities message from a cellular terminal, selects a cellular authentication algorithm based on capabilities indicated by the network authentication capabilities message; and performs cellular authentication with the cellular terminal using the selected cellular authentication algorithm.

Abstract: Systems, apparatuses, and methods are described for protecting the integrity of a playlist, and/or for determining whether a playlist has been altered. The playlist may comprise references to segments of multiple content types. The references may be obfuscated, and/or confirmation data may be used to detect playlist alteration.

Abstract: A method for tracking rash driving includes: receiving a plurality of rider embarkation notifications, each including a digital signature and a vehicle identifier; generating a new block for a blockchain, the new block including a block header and a plurality of blockchain data values, each blockchain data value corresponding to a rider embarkation notification and including the respective digital signature; receiving a rash driving notification including the vehicle identifier; transmitting a confirmation request to at least one mobile computing device associated with one of the plurality of rider embarkation notifications; receiving a confirmation message from one of the at least one mobile computing devices; and generating a subsequent block for the blockchain, the subsequent block including a new block header and a new data value, the new data value including an indication of rash driving.

Abstract: According to certain implementations, a permissions gateway receives an access request indicating multiple sets of secured data that include high-granularity data stored on multiple secured data repositories. The access request is compared to a permission set with multiple consent parameters, which indicate access types for the secured data. Based on a comparison of the access request to a permission set, the permissions gateway queries, the permission gateway queries a first data repository for a high-granularity dataset that includes a portion of the high-granularity data, and queries a second data repository for a low-granularity dataset that includes a summary of part of the high-granularity data. The permissions gateway generates a multi-granularity response to the access request, based on a combination of the high-granularity dataset and the low-granularity dataset.

Abstract: Exemplary communication system 1 includes game devices 10, communication terminals 20, and game support server 30. Game devices 10 enable users to perform a multi-play activity. Each of communication terminals 20 runs an application associated with corresponding game device 10. Game support server 30 divides communication terminals 20 into separate communication groups in accordance with a situation of the multi-play activity performed by game devices 10 so that communication terminals 20 belonging to a same communication group can communicate with each other.

Abstract: A user provides an identification (ID) signal (e.g. a biometric ID signal like a self-snapshot) to a trusted cloud-based provider. When the user attempts to authenticate with the cloud-based provider, a similar ID signal (e.g. another self-snapshot) for the user is captured and provided to the cloud-based provider. The cloud-based provider then obtains a secondary ID signal, or a combination of secondary ID signals, and utilizes the secondary ID signal, or signals, to identify a subset of user records to be searched for the ID signal. The subset of the records, rather than all of the user records, can then be searched for the ID signal. The cloud-based provider can then authenticate the user based on the results of the search of the subset of the user records.

Abstract: A method for performing a transaction at an automobile fuel filling facility includes: prompting, on a terminal device, a user to log in to a user account on a transaction platform; displaying, on the terminal device, a list of gas stations; receiving, on the terminal device, a user selection of a gas station from the list of gas stations; displaying, on the terminal device, a list of available attendants at the selected gas station; receiving, on the terminal device, a user selection of an attendant from the list of available attendants; sending, by the terminal device, a service request to the transaction platform, the service request including the selected gas station and the selected attendant; prompting, on the terminal device, the user to enter an authorization code given by the selected attendant at the selected gas station; receiving, on the terminal device, a user input of code; transmitting, by the terminal device, the user input of code to the transaction platform; and after a fuel filling service

Abstract: A computing system can present a miniprofile comprising an avatar associated with a first account, a handle associated with the first account, a description associated with the first account, and a swipe icon; receive, at the swipe icon, an upward swipe; in response to receiving the upward swipe, present a occupying a larger portion of the display than the miniprofile, the full profile comprising an image associated with the first account, the avatar, the handle, the description, and at least a first post associated with the first account; receive, at the swipe icon, a downward swipe; determine that the downward swipe was a fast downward swipe; and based on determining that the downward swipe was the fast downward swipe, close the full profile and present a feed, the feed comprising at least a second post associated with a second account and a third post associated with a third account.

Abstract: Systems and methods are provided herein for enabling a user to access a blocked media asset. These systems and methods allow a user to request that a parent, or another user, who can approve access to the blocked media asset approve access to the blocked media asset for viewing. The request may be transmitted as a notification to a mobile phone or another suitable device, such that the parent the other user can approve the request, even though they may be remote from the requesting user. Both the requesting user and the user whose approval is required to unblock the media asset (i.e., the approver), are identified by the system based on an identifier associated with each user. This informs the approver which user submitted the request. Additionally, this also adds a layer of security, since the approver must enter an identifier to authenticate their identity to the system before being able to unblock the program for the requesting user.

Abstract: A data management device (10) includes an insertion position determiner (121) to determine an insertion position of dummy data to be inserted into transmission target data, a dummy data inserter (122) to insert the dummy data in the insertion position of the transmission target data to create dummy-inserted data, an insertion position encryptor (123) to encrypt data indicating the insertion position with a public key (PUBa) to create insertion-position-encrypted data; and a deliverer (110) to deliver the dummy-inserted data and the insertion-position-encrypted data.

Abstract: Techniques are described for managing authentication tokens associated with a secure account maintained by a business or organization. In one example, this disclosure describes a method that includes storing interaction information associated with an account maintained by an organization, wherein the interaction information includes information about authentication tokens used during a plurality of prior authentication procedures performed for the account, receiving, over a network, a request to authenticate a user to access the account, determining, based on the stored interaction information, an authentication token to be used to authenticate the user, wherein the authentication token is different than a prior authentication token used during the plurality of prior authentication procedures performed for the account, presenting a prompt for the authentication token; and determining, based on information received in response to the prompt, whether the user is authorized to access the account.

Abstract: A system and methods for alternate user communication routing are described. Unauthorized users are identified and alternate treatments are provided in order to deter unauthorized access and create opportunities for data collection. The use of a varied set of alternate treatments provides an enhanced view of unauthorized user behavior and an increased ability to track future unauthorized user actions by recording various user identity/communication characteristics specific to known unauthorized users. Alternate treatments may be provided randomly based on a set of alternate treatments previously provided to a specific user, or may be varied based on an identified group of unauthorized users presumed to be acting in concert.

Abstract: Systems and methods for redirecting control of a process performed on a browser application on a user device accessing a web application to a native application on the user device include receiving, through a web application controlling a process, a request to perform an action (e.g., user authentication). A determination is made whether the request identifies a native application feature for completing the action that is preferable over a web application feature for completing the same action. In response to the action being determined to be completed by a native application feature, a determination is then made as to whether the native application feature is enabled by the native application. In response to determining the native application feature is enabled, control of the process is redirected from the web application to the native application such that the native application completes the action using the native application feature.

Abstract: Methods and systems for authenticating users based on user application activities are described herein. One or more questions and one or more answers may be generated and stored based on a history of user application activities associated with a user. The one or more questions and one or more answers may be generated randomly, and may relate to one or more other users. A request for access to a service may be received. Based on the request, a question associated with the history of user application activity may be selected and presented to the user. A candidate answer may be received from the user, and the user may be authenticated based on comparing the candidate answer to an answer associated with the question presented.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically and securely augment a programmatically established communications session, such as a chatbot session, to include one or more additional responsive applications. For example, an apparatus may receive messaging data during a first communication session programmatically established between a device and a first executed application program, and may determine that an additional apparatus is configured to perform operations consistent with the messaging data. The apparatus may transmit a digital token and at least a portion of the messaging data to an additional apparatus. A second application executed by the additional apparatus may validate the digital token and based on the portion of the messaging data, establish a second communication session between the device and the executed first and second application programs.

Abstract: An authentication request message is sent from a first computing device to a second computing device, wherein the first computing device and the second computing device communicate via a machine-to-machine communication protocol, and wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device. A challenge message is received at the first computing device from the second computing device. In response to the challenge message, a session key is computed at the key obfuscation block of the first computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device. Upon generating the session key, the first computing device extracts a value from the challenge message and generates an authentication delegate based on the extracted value.

Abstract: Systems and methods for integrative legacy context management are disclosed herein. An example computer hardware system may include at least one processing unit coupled to a memory, and the memory may be encoded with computer executable instructions that when executed cause the at least one processing unit to receive a set of credentials associated with a user from a user device, cross-reference the set of credentials with a first set of credentials of an agent associated with the user to determine whether the set of credentials is valid; and if the set of credentials is valid, provide a second set of credentials of the agent to the user device in response to a request for the second set of credentials from the user device.

Abstract: Techniques described herein provide means by which cell information indicative of a location of a UE may be conveyed to a location server over a 5G NR data connection using a SUPL message with an LTE cell ID data field. In some embodiments, for example, the UE may include the Cell ID of a LTE neighbor cell or information regarding a 5G NR serving cell, such as a portion of the 5G NR Cell ID or a reserved value or sequence identifying the 5G NR serving cell. The techniques may be applicable to the Secure User Plane Location (SUPL) solution defined by OMA and may enable a UE and a SUPL Location Platform (SLP) to support location of the UE using a version of SUPL without explicit support of 5G NR wireless access.

Abstract: A system may include a controller, an endpoint device, and a cable coupled between the controller and the endpoint device and comprising a communication wire for bidirectionally communicating signals between the controller and the endpoint device and a circuit formed as a part of the cable and communicatively coupled to the communication wire, the circuit having a microcontroller unit configured to communicate identifying information regarding the cable to the controller via the communication wire and without contention with the signals bidirectionally communicated between the controller and the endpoint device.

Abstract: The disclosed techniques relate to a graph-based network security analytic framework to combine multiple sources of information and security knowledge in order to detect risky behaviors and potential threats. In some examples, the input can be anomaly events or simply regular events. The entities associated with the activities can be grouped into smaller time units, e.g., per day. The riskiest days of activity can be found by computing a risk score for each day and according to the features in the day. A graph can be built with links between the time units. The links can also receive scoring based on a number of factors. The resulting graph can be compared with known security knowledge for adjustments. Threats can be detected based on the adjusted risk score for a component (i.e., a group of linked entities) as well as a number of other factors.

Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with managing a federated identity environment includes performing one or more first access control checks on a client upon receiving a request to access one or more web applications. A new signature including data associated with the performed one or more access control checks is generated. Next, the client is redirected to a first server with the generated signature to determine when to authorize the client to access the requested one or more web applications. The client is granted access to the requested one or more web applications when the client is determined to be authorized to access the requested one or more web applications based on one or more second access control checks enforced on the client using the generated signature, and wherein data associated with the enforced one or more second access control checks is included in a response signature.

Abstract: This disclosure describes methods, apparatus, and systems related to controlled access data allocation. A device may receive a first request from a first device to establish a first connection with a wireless network. The device may receive a second request from a second device to establish a second connection with the wireless network. The device may determine a first access data for the first device, wherein the first access data is associated with a first access configuration. The device may determine a second access data for the second device, wherein the second access data is associated with a second access configuration, wherein the second access configuration is different from the first access configuration. The device may send the first access data to the first device. The device may send the second access data to the second device. The device may establish the first connection with the first device, wherein the first connection is at the first access configuration.

Abstract: Disclosed are a method for automatic connection between a smart device and a router, a corresponding router and smart device, which belong to the technical field of wireless communications. The method for automatic connection between a smart device and a router include the following. The router receives a trigger instruction triggered by a key arranged on the router. In response to the trigger instruction, a hidden wireless communication function of the router is enabled. If it is detected within a preset period of time that the smart device connects to a communication link corresponding to the hidden wireless communication function, network connection information is transmitted to the smart device to trigger connection of the smart device to a network connected to the router. By improving the method for connecting between a smart device and a router, it is possible to achieve automatic connection between the smart device and the router.

Abstract: A user provides an identification (ID) signal (e.g. a biometric ID signal like a self-snapshot) to a trusted cloud-based provider. When the user attempts to authenticate with the cloud-based provider, a similar ID signal (e.g. another self-snapshot) for the user is captured and provided to the cloud-based provider. The cloud-based provider then obtains a secondary ID signal, or a combination of secondary ID signals, and utilizes the secondary ID signal, or signals, to identify a subset of user records to be searched for the ID signal. The subset of the records, rather than all of the user records, can then be searched for the ID signal. The cloud-based provider can then authenticate the user based on the results of the search of the subset of the user records.

Abstract: A computing system virtualization continuous authentication system includes a computing system virtualization system that is configured to provide a virtual computing system on a computing client device, and a computing system virtualization management server device that is coupled to the computing system virtualization system and a management terminal. The computing system virtualization management server device monitors user activity information that is associated with a management session that corresponds with the management of the computing system virtualization system and that is associated with an authenticated user account on the computing system virtualization management server device. The computing system virtualization management server device determines that a first authentication challenge is required during the management session based on the user activity information and provides the first authentication challenge to the management terminal.

Abstract: An embedded trace capacitive signet is described. The embedded trace capacitive signet provides for authentication and validation through interaction with a touch screen of a computing device such as a smart phone. The embedded trace capacitive signet has a substrate such as a card, a plurality of conductive circle points affixed to the substrate, a user conductive area that allows a user to provide capacitance to the conductive circle points, and thin traces connecting each circle point to the user conductive area. Placing the circle points in different locations produces unique cards that can be detected by a touch screen of a computing device to initiate a software based application.

Abstract: A wearable payment device, such as a finger ring worn by a user, communicates payment data to a payment reader that uses the payment data in order to request a payment transaction. Such wearable payment device may be conveniently carried by and accessible to the user such that utilization of the payment device for the payment transaction is less burdensome for the user, thereby encouraging use of the payment device for payments. Indeed, in some cases, such as when the payment device is implemented as a finger ring or other type of jewelry, the user may be encouraged to carry the payment device in an exposed manner such that it is readily available for the payment transaction without the user having to search in a wallet, pocket, or purse.

Abstract: A device network configuration method, applied to a router, includes: sending, after establishing a first wireless connection with a device, a request for acquiring identity information of the device; receiving an identity data packet returned by the device; analyzing the data packet to acquire the identity information of the device; sending the identity information to a server; receiving, after the server verifies that the identity information is legal and sends first network configuration information comprising a username and an access password to a control end of the device, second network configuration information sent by the device, and verifying legality of the second network configuration information; and establishing, after a verification result is legal, a second wireless connection with the device; wherein the second network configuration information comprises the username and the access password in the first network configuration information.

Abstract: In various embodiments, authentication stations are distributed within a facility, particularly in spaces where mobile devices are predominantly used—e.g., a hospital's emergency department. Each such station includes a series of authentication devices. Mobile device may run applications for locating the nearest such station and, in some embodiments, pair wirelessly with the station so that authentication thereon will accord a user access to the desired resource via a mobile device.

Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.

Abstract: A computing device includes a system that authenticates a user of the computing device. A first sensor obtains a first representation of a physical characteristic of the user that is compared to a registered representation of the physical characteristic of the user. A first level of access to the computing device is enabled based on the first representation of the physical characteristic matching the second representation of the physical characteristic. A second sensor obtains a first representation of a liveness characteristic of the user that indicates that the user is alive. The first representation of the liveness characteristic is compared to a registered representation of the liveness characteristic of the user. A second level of access to the computing device is enabled based on the first representation of the liveness characteristic of the user matching the second representation of the liveness characteristic of the user.

Abstract: A mission-specific computer peripheral provides a portable linkable work platform, useful for establishing a collaborative electronic work group quickly, at low cost, and without professional computing expertise. The office infrastructure device (“OID”) includes data storage (for storage of system and user data files), a unique device identification code (for identification when the device is plugged into a host personal computer), and an index (for registering user data files available within the work group). When connected, user executable code within the device is accessed through the host personal computer to launch thereon a user-definable work space. The work space provides, among other office infrastructure functions, access to programming that enables sharing of personal user work and data files among the authorized member nodes of the work group. The sharing is facilitated by the index, preferably in combination with a complementary work group server integrated within the underlying OID network.

Abstract: There are provided systems and methods for gesture and motion detection using a device radar component for user authentication. A user's device may include a miniaturized radar component that is capable of detecting objects, gestures, and motions within an area around the device in a three-dimensional manner, such as a user hand, arm, or other body part that may perform a motion or gesture. A service provider, application, or another user may generate and transmit an authentication request to the user that may include some query for the user to perform one or more actions or gestures. The user may perform the actions or gestures in response to the query, which may be detected by the radar component and processed to determine whether to authenticate the user. In some embodiments, the gesture may be performed using a virtual projection or real objects in the environment nearby the device.

Abstract: Systems and methods for embodiments of artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may support the correlation of identities determined authoritative source systems with uncorrelated accounts within an enterprise using artificial intelligence techniques.

Abstract: A method for registering and identifying a user of an institution through biometric information is described, along with the associated registration system and identification device, wherein said registration method (100) comprises the steps of: obtaining (102) biometric information in digital format about said user, said biometric information comprising at least one fingerprint of said user; obtaining (108) personal information in digital format about said user; generating (110) a file from said personal information and said biometric information; encrypting (112) said file with a private key, so as to obtain an encrypted file; generating (114) a bar code from said encrypted file.

Abstract: Systems and methods for network security are provided. Various embodiments of the present technology provide an integrated security platform that combines PAM, CASB, identity access management, and multi-factor authentication onto one platform. This integration allows for a frictionless deployment that can be utilized by companies that may not have large teams of system administrators. As such, some embodiments provide a gateway solution and a proxy solution that is easy to deploy. The user equipment (e.g., computer, phone, point of sale terminal, etc.) can be used as a gateway. An agent can be included on each endpoint that combines gateway functionality of PAM and web rewrite and proxy functionality of a CASB deployment into an endpoint solution.

Abstract: Systems and methods for managing a user-selected card verification code (CVC2) value for a payment card are disclosed. A sever is coupled to a payment card database and a hardware security module. The server is programmed to receive a request from a user to change the CVC2 value of the payment card to the user-selected CVC2 value. Based upon the request, the server retrieves from a payment card table stored on the database a payment card record associated with the payment card. The server transmits the user-selected CVC2 value, and, from the payment card record, a primary account number, a payment card expiry date, and a first service code to a hardware security module. The server subsequently receives from the hardware security module a second service code associated with the user-selected CVC2 value. The server updates the first service code in the payment card record to the second service code.

Abstract: A data processing device includes primary resources, an out-of-band manager operably connected to the primary resources via an always-on in-band connection, and an authentication engine. The authentication engine obtains, via the always-on in-band connection, an operation request and an authentication token corresponding to the operation request; in response to obtaining the authentication token: obtains a list of authorized operations using the authentication token; makes a determination that an operation indicated by the operation request is allowable based on the list of authorized operations; and performs the operation based on the determination.

Abstract: Concepts and technologies of network service control for anchoring client devices for network service access control are provided herein. In one aspect of the concepts and technologies disclosed herein, a system is provided and can include a processor and a memory storing computer-executable instructions that, upon execution of the processor, configure the processor to perform operations. The operations can include receiving an anchor instantiation command to anchor one or more client devices to an authorized service location. The anchor instantiation command can initiate an anchor instantiation time period. The operations can include determining, during the anchor instantiation time period, a plurality of anchor attributes associated with the one or more client devices at the authorized location.

Abstract: A method of providing a distributed messaging system to aggregate particular types of messages regarding a client from customers of said client and for generating response and informational messages to the customers is provided. The method is performed in a distributed system comprising one or more processors executing computer instructions and one or more non-transitory computer readable media with computer executable instructions stored thereon executed by the one or more processors to provide the method.

Abstract: Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.

Abstract: Systems and methods for authenticating presumptively incompatible elements in a digital network are provided. A method may include receiving an access request from a client node in the network. The access request may be requesting access to an application in the network. The access request may be associated with a uniform resource identifier (“URI”). The method may include extracting a target application from the URI. The method may include determining an authentication protocol that is supported by the target application. The method may include generating, based on the authentication protocol, a series of one or more authentication tests that, in combination, satisfy the authentication protocol. The authentication tests may satisfy the authentication protocol even when the client node natively supports a different authentication protocol. The method may include executing the series of authentication tests to authenticate the client node vis-à-vis the target application.

Abstract: A system and method for method for protecting cloud native environments based on cloud resource access. The method includes determining a mapping of a plurality of cloud assets to a plurality of cloud resources based on resource access data for a cloud native environment, wherein the plurality of cloud assets and the plurality of cloud resources are deployed in the cloud native environment, wherein each of the plurality of cloud assets is mapped to at least one associated cloud resource of the plurality of cloud resources; detecting at least one improper resource access based on the mapping and a cloud access security stream for the cloud native environment, wherein each of the at least one improper resource access deviates from the mapping; and performing at least one mitigation action with respect to the detected at least one improper resource access.

Abstract: A system, methodologies and components of an inventive Mobile Engagement Platform enable cross channel transaction processing, authentication, tokenization, security, and data aggregation.

Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.

Abstract: Techniques for providing a digital certificate management for blockchain technologies are described. One example method includes a transaction request including a digital certificate is received from a certificate authority at a node in a blockchain network, and the transaction request is a request to write the digital certificate into a blockchain associated with the blockchain network, and the digital certificate is issued to a node in the blockchain network. A consensus verification result is determined for the transaction request, and the consensus verification result is produced by nodes in the blockchain network. The consensus verification result is compared to a predetermined threshold value. In response to determining the consensus verification result is greater than or equal to the predetermined threshold value, the digital certificate is stored in the blockchain associated with the blockchain network.

Abstract: A computing system configured to provide access to electronic content is provided. The computing system includes a processor and memory coupled to the processor containing instructions that when executed provide a user interface component and a link generation component. A data store is coupled to the processor and configured to store the electronic content. The user interface component is configured to receive user input requesting creation of a sharing link relative to selected electronic content stored in the data store. The user interface component is further configured to receive an indication that endpoint verification will be required for the sharing link. The link generation component is configured to responsively generate and provide a pseudo-anonymous sharing link relative to the selected electronic content.

Abstract: In aspects of shareable devices, a shareable device has a memory to maintain identifiable information usable to identify users of the shareable device for subsequent reference. The shareable device implements a device sharing module that can receive the identifiable information about a user who initiates using the shareable device, and initiate an interactive session allowing a user to access the shareable device responsive to receiving the identifiable information about the user. The device sharing module can then communicate the identifiable information to an additional device that maintains the identifiable information for subsequent reference, and subsequently end the interactive session, thereby enabling the shareable device for use by a subsequent user. The device sharing module can also receive a disable command from the additional device to initiate disabling the shareable device.

Abstract: An authentication server that connects a client device and a target server via a first network. The authentication server includes: a storage and a processor. The storage stores user-specific information that includes a plurality of data items. The processor: upon receiving an authentication request including a user ID and a user password, an authentication ID, a biometric device ID unique to a user, or biometric data of a user, identifies a corresponding credential data of the user; determines which of the items in the user-specific information will be sent to the client device; and returns the determined items to the client device, and causes the client device to store the determined items as cache data used for logging into at least one of the client device and the target service, wherein the client device and the target server have given a login authority to the user.

Abstract: A first server receives from a device(s) an identifier, retrieves a reference credential(s) associated with the identifier(s), generates a reference token(s) using the reference credential(s) and a predetermined key(s) and sends to a second server the reference token(s) and a script(s) for requesting the user to provide a credential(s). The second server gets a device identifier(s) and sends to the device a request(s) by executing the script(s). The device gets a submitted credential(s), generates and sends to the second server a submitted token generated by using the submitted credential(s) and the predetermined key(s) stored by the device. The second server compares each of the submitted token(s) to the received reference token(s) and generates and sends to the first server a comparison and/or an authentication result(s). The invention also relates to corresponding device, first and second server and system.