Abstract: A system for location-aware authentication is configured to receive an authentication request associated with an identifier of a user for accessing an application and retrieves user information associated with the identifier and the application. The system then determines that the user information includes a geofence and information associated with a device of the user. Based on the geofence and the device information, the system sends a geolocation data request to the device, causing the device to gather and send the device's current geolocation data to the computing system. A data structure is generated to store data related to the device's current geolocation and sent to the application, which in turn causes the application to grant or deny the authentication request.

Abstract: A system for location-aware authentication is configured to receive an authentication request associated with an identifier of a user for accessing an application and retrieves user information associated with the identifier and the application. The system then determines that the user information includes a geofence and information associated with a device of the user. Based on the geofence and the device information, the system sends a geolocation data request to the device, causing the device to gather and send the device's current geolocation data to the computing system. A data structure is generated to store data related to the device's current geolocation and sent to the application, which in turn causes the application to grant or deny the authentication request.

Abstract: User authentication techniques that use a companion device associated with a mobile computing device are described. The companion device receives a user authentication request from a user authentication service via the mobile computing device, displays information related to the user authentication request, receives an approval of the user authentication request, and transmits the approval of the user authentication request to the service via the mobile computing device. In one embodiment, after transmitting the approval, the companion device receives a token from the mobile computing device that includes a value obtained from the service, signs the token with a private key of a securely-stored signing key pair and provides the signed token to the service via the mobile computing device. In another embodiment, after the companion device transmits the approval to the mobile computing device, the mobile computing device provides a personal identification code from secure storage to the service.

Abstract: User authentication techniques that use a companion device associated with a mobile computing device are described. The companion device receives a user authentication request from a user authentication service via the mobile computing device, displays information related to the user authentication request, receives an approval of the user authentication request, and transmits the approval of the user authentication request to the service via the mobile computing device. In one embodiment, after transmitting the approval, the companion device receives a token from the mobile computing device that includes a value obtained from the service, signs the token with a private key of a securely-stored signing key pair and provides the signed token to the service via the mobile computing device. In another embodiment, after the companion device transmits the approval to the mobile computing device, the mobile computing device provides a personal identification code from secure storage to the service.

Abstract: An approval service is provided that provides an approver, that controls a secured resource, real-time data that verifies the identity of a user or approvee who is seeking access to the secured resource. In one aspect, the real-time data may be an image of the approvee at the time of the request along with geo-coordinates of the location of the approvee when the request is made. In another aspect, the real-time data includes a video communications session that enables the approvee to interact dynamically with the approver to make the request.