Abstract: A method, computer system, and computer program product for on-demand risk assessment in on-line transactions comprises: computing, by a machine intelligence application, a risk score for the individual; providing the risk score to a cache; and responsive to receiving new data regarding the individual, calculating a new risk score for the individual and replacing the risk score in the cache with the new score.

Abstract: A method, computer system and computer program product for authenticating a transaction is provided. A service provider receives a transaction between a user and a website displayed on a first device. The service provider identifies a first geolocation of the first device. The service provider generates a code for display on the first device. The service provider receives credential information to identify the user and the code from a second device. The service provider identifies a second geolocation of the second device, and determines a level of risk for the transaction based at in part on the first geolocation and the second geolocation. In response to the level of risk being an acceptable level of risk, the service provider authenticates the user. The service provider generates information to enable the user on the first device to perform the transaction with the website, and sends the information to the website.

Abstract: A method, computer system, and computer program product for on-demand risk assessment in on-line transactions comprises: computing, by a machine intelligence application, a risk score for the individual; providing the risk score to a cache; and responsive to receiving new data regarding the individual, calculating a new risk score for the individual and replacing the risk score in the cache with the new score.

Abstract: A method and authentication mechanism is provided. A request is sent to authenticate a user of the application from a mobile device to an authentication server. The authentication server identifies a user profile for the user containing one or more authentication schemes available to authenticate the user. The authentication schemes comprise a direct scheme in which the user provides a password and a federated authentication scheme. The authentication server determines a favored authentication scheme from one or more authentication schemes available based on a policy associated with the user profile. The mobile device displays a menu showing the authentication schemes available to allow the user to select an authentication scheme. The favored authentication scheme is displayed ahead of a remainder of the authentication schemes. The authentication server verifies credentials for the user profile using the selected authentication scheme to authenticate the user.

Abstract: A method, computer system and computer program product for authenticating a transaction is provided. A service provider receives a transaction between a user and a website displayed on a first device. The service provider identifies a first geolocation of the first device. The service provider generates a code for display on the first device. The service provider receives credential information to identify the user and the code from a second device. The service provider identifies a second geolocation of the second device, and determines a level of risk for the transaction based at in part on the first geolocation and the second geolocation. In response to the level of risk being an acceptable level of risk, the service provider authenticates the user. The service provider generates information to enable the user on the first device to perform the transaction with the website, and sends the information to the website.

Abstract: A method and authentication mechanism is provided. A request is sent to authenticate a user of the application from a mobile device to an authentication server. The authentication server identifies a user profile for the user containing one or more authentication schemes available to authenticate the user. The authentication schemes comprise a direct scheme in which the user provides a password and a federated authentication scheme. The authentication server determines a favored authentication scheme from one or more authentication schemes available based on a policy associated with the user profile. The mobile device displays a menu showing the authentication schemes available to allow the user to select an authentication scheme. The favored authentication scheme is displayed ahead of a remainder of the authentication schemes. The authentication server verifies credentials for the user profile using the selected authentication scheme to authenticate the user.

Abstract: A single user interface for a user of an identity management module is presented. The single user interface includes options for transmitting an access management instruction to a customer internal application via an on-premise proxy, and transmitting another access management instruction to a shared computing system application via a multi-customer gateway on the shared computing system. The user interface is adaptively adjusted to highlight suggested access entitlement operations based at least in part upon expected access entitlements derived from a prediction engine.

Abstract: Various embodiments of methods and apparatus for a unified management interface across internal and shared computing applications are disclosed. In some embodiments, one or more processors perform, responsive to receiving a plurality of access management requests at an identity management interface, transmitting an access management instruction to a customer internal application via an on-premise proxy, and transmitting another access management instruction to a shared computing system application via a multi-customer gateway on the shared computing system.

Abstract: The present invention pertains to a system for managing network access to resources that allows a first entity to impersonate a second entity. In one embodiment, the first entity can impersonate the second entity without knowing the second entity's password and/or without altering anything in the entity's set of personal information. This invention provides the first entity with the ability to troubleshoot in a live production system without disrupting the users or the system. In one embodiment, the first entity authenticates as itself. Access to resources is provided in response to an authorization process based on the identity of the entity being impersonated.