Abstract: An approach for receiving a request for an authentication code for presentation in an authentication user interface, wherein the request is from a relying party and wherein the authentication user interface is presented by the relying party at a first device. The approach further involves transmitting the authentication code to the relying party. The approach also involves authenticating a user with respect to the relying party by determining that a second device associated with the user has read the authentication code from the authentication user interface of the first device, wherein the second device is a previously authenticated device.

Abstract: The security or other attributes of mobile applications may be assessed and assigned a security score. In one implementation, a device may obtain information relating to the mobile applications, and may determine, for each of the mobile applications, a number of security scores. Each of the security scores may define a level of risk for a security category relating to a mobile application. The device may further combine the security scores, for each of the mobile applications, to obtain, for each of the mobile applications, a final security score.

Abstract: An approach is provided for authenticating and/or identifying a user through machine-transferrable one-time password codes. A user device sends to an authentication platform a request for a one-time password for authenticating a user at a relying party device. A machine readable form of the one-time password deliverable to the relying party device over an air gap between the user device and the relying party device is determined and transmitted. The relying party device reverts the machine readable form back to the one-time password, and transmits the one-time password to the authentication platform to authenticate the user device.

Abstract: An approach for receiving a request for an authentication code for presentation in an authentication user interface, wherein the request is from a relying party and wherein the authentication user interface is presented by the relying party at a first device. The approach further involves transmitting the authentication code to the relying party. The approach also involves authenticating a user with respect to the relying party by determining that a second device associated with the user has read the authentication code from the authentication user interface of the first device, wherein the second device is a previously authenticated device.

Abstract: An approach is provided for authenticating and/or identifying a user through machine-transferrable one-time password codes. A user device sends to an authentication platform a request for a one-time password for authenticating a user at a relying party device. A machine readable form of the one-time password deliverable to the relying party device over an air gap between the user device and the relying party device is determined and transmitted. The relying party device reverts the machine readable form back to the one-time password, and transmits the one-time password to the authentication platform to authenticate the user device.

Abstract: An approach is provided for authenticating and/or identifying a user through gestures. A plurality of media data sets of a user performing a sequence of gestures are captured. The media data sets are analyzed to determine the sequence of gestures. Authentication of the user is performed based on the sequence of gestures.

Abstract: Various embodiments of systems and methods for event auditing framework are described herein. The auditing framework includes one or more auditees, an auditor, and a memory associated with the auditor. Each auditee is associated with a digitally signed file including metadata of one or more events authorized for the auditee. The auditor validates digital signature of the file when the auditee is registered with the auditor. After validation of the digital signature, the metadata of the authorized events is stored with respect to the auditee to enable the auditee perform the authorized events. The auditing framework is expandable in that new event types can be added or updated dynamically. The auditing framework also ensures consistency of events.

Abstract: The security or other attributes of mobile applications may be assessed and assigned a security score. In one implementation, a device may obtain information relating to the mobile applications, and may determine, for each of the mobile applications, a number of security scores. Each of the security scores may define a level of risk for a security category relating to a mobile application. The device may further combine the security scores, for each of the mobile applications, to obtain, for each of the mobile applications, a final security score.

Abstract: Various embodiments of systems and methods for event auditing framework are described herein. The auditing framework includes one or more auditees, an auditor, and a memory associated with the auditor. Each auditee is associated with a digitally signed file including metadata of one or more events authorized for the auditee. The auditor validates digital signature of the file when the auditee is registered with the auditor. After validation of the digital signature, the metadata of the authorized events is stored with respect to the auditee to enable the auditee perform the authorized events. The auditing framework is expandable in that new event types can be added or updated dynamically. The auditing framework also ensures consistency of events.

Abstract: A system and method for assessing the risk to information resources that may include the generation and/or use of a security risk index. The security risk index may represent the security of information resources. The security risk index may be based on at least one factor. The at least one factor may be individually quantified. The at least one factor may include a threat factor associated with a rate or frequency of security events that threaten the security of the information resources, a vulnerability factor associated with a likelihood of a security event breaching the security of the information resources, an impact factor associated with an expected cost of a breach of the security of the information resources, or another type of factor. The security risk index of a subset of information resources including at least one resource may enable various comparisons and observations with respect to the security of the subset of information resources.