Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

Abstract: In one aspect, a computerized system of an access-manager server for managing account access includes a computer store containing data, wherein the data comprises a privileged-access information. The privileged-access information is gathered from a target-computer system on a network. The privileged-access information is used to authorize a privileged user to access to the target-computer system. A computer processor in the access-manager server, which computer processor gathers the privileged-access information from the target-computer system on a network. The computer processor detects that the information is gathered from the target-computer system. The computer processor removes an existing-account access from the target-computer system. The computer processor obtains the privileged-access information from the computer store. The computer processor enables a privileged user to log into the access manager server using multi-factor authentication.

Abstract: Methods and systems are described herein to restrict execution of files stored on a computing device. In an example a request to execute a file is intercepted by a security agent on the computing device. The security agent is arranged to determine if metadata stored with the with the file comprises a cryptographic code comprising a function of at least a private key of a security server in communication with the computing device and a first hash value the first hash value being an output of a hash function applied to data associated with the file at a first time. If the security agent determines that the metadata comprises the cryptographic code, it verifies the code with a public key of the security server, obtains a second hash value of the file at a second time and executes the file if the first hash value matches the second hash value.

Abstract: The remote electronic authentication method uses an electronic communication device (20) with a camera (21) and an authentication related server computer (30). In a connecting step the communication device (20) of the user is connected with the server computer via a communication line (40) and transmits image data sequences taken by the camera (21) to the server computer (30) which then identifies image portions of the acquired data stream related to an identity document shown in the image data sequences as well as image portions related to the head of a user at the user computer (20) in the same image data sequences. A comparison is made between an image of a head in the image related to the identity document and the image of the head of the user and a decision proposal is issued relating to identity of the heads from the two acquired image portions.

Abstract: Some embodiments of the invention provide a program for recovering access to a service associated with an account. The program provides a login credential to log into the account to receive the associated service. Next, the program receives an access continuation parameter (ACP) after logging into the account. The program then accesses the service and receives a rejection of a subsequent access to the service. The program then provides the ACP in lieu of the login credential to continue to receive the service.

Abstract: A login event is detected that is directed to a protected application. A geographical position of a device from which the login event originated is recorded in response to the login event. Also, a camera in communication with the device is activated and an image is take of an operator of the device in response to the login event. The login event, the geographical position, and the image are provided for security auditing to a security system associated with the protected application.

Abstract: Provided is a method of transmitting a message. The method includes: obtaining identification information used to identify a user based on bio information of the user that is obtained by a device; determining whether control over an external device is approved based on the identification information; obtaining control information used to control an operation of the external device based on the determination; and transmitting a message including the control information to the external device.

Abstract: A user of a mobile device is authenticated in a manner that enables the user access to a credential that has been issued by a credential-issuing organization. One or more keys are identified that are associated with the credential and that enable access to one or more physical resources associated with the credential-issuing organization. A physical orientation of the user's mobile device is determined. A display arrangement of one or more control icons that enable usage of the one or more keys is determined based on a physical orientation of the one or more physical resources relative to the determined physical orientation of the mobile device. The one or more control icons are displayed in accordance with the determined display arrangement.

Abstract: An arrangement structure for devices in a power unit chamber of a vehicle includes an air cleaner disposed in the power unit chamber; a battery disposed adjacently to and behind the air cleaner in the vehicle; and a cover disposed above the battery and the air cleaner. The front end of the cover is located further forward of the vehicle than the rear end of the air cleaner, and the minimum dimension of a space between the cover and the air cleaner is greater than the height of the battery.

Abstract: The present invention relates to the field of communications technologies, and in particular, to a CSI reporting method, a CSI receiving method, and an apparatus, to resolve a technical problem that PUCCH resource overheads are relatively large during CSI reporting. In embodiments of the present invention, at least two PUCCH resources are configured for each downlink carrier group. CSI that needs to be reported in one uplink subframe may be obtained, and a format of a corresponding PUCCH resource is determined according to the to-be-reported CSI. For example, the determined format is referred to as a first format. Then, all of the to-be-reported CSI is reported after being added to a first first-format PUCCH resource.

Abstract: The management of credentials subject to a lockout policy can include dynamically determining appropriate lockout thresholds and other such values appropriate for a current situation. For example, the number of incorrect password attempts allowed before an account lockout can be based at least in part upon the amount of time that has passed since a most recent password change. There might be an unlimited number of attempts allowed for a short period after a password change, followed by a decreasing number of permissible attempts over a subsequent period of time. In some embodiments the number of correct attempts received after a password change can affect the number of incorrect attempts allowed. Further, if an incorrect attempt matches a previously correct password then that attempt might not count toward the number of incorrect attempts compared against the threshold, at least for a determined period of time after a password change.

Abstract: A method to authenticate an application on a first computer system at a second computer system is disclosed. The first computer system receives an authentication bitmap from a second computer system identifying locations in an application. The first computer system extracts portions of the application based on the identified locations in the bitmap. A hashing algorithm is applied by the first computer system to the extracted portions producing a resultant hash. The resultant hash is transmitted to the second computer system for authentication of the application.

Abstract: Structured text and pattern matching may be performed for data loss prevention in object-specific image domain. According to some embodiments, a method may include receiving an image, identifying one or more objects in the image based on attributes of the one or more objects, and determining an object type of a first object of the one or more objects by a computing device. The method may include identifying, by the computing device, one or more specific regions of the first object for recognition based on the object type of the first object and recognizing text in the one or more specific regions of the first object. In some embodiments, the method may then include providing, by the computing device, the text recognized in the one or more specific regions of the first object to a security engine, wherein the security engine may be configured to evaluate whether the text comprises sensitive information.

Abstract: Method and system for communicating securely with a user equipment, UE, using generic bootstrapping architecture, GBA, the system comprising a bootstrapping server function, BSF. A proxy server configured to receive messages from a user equipment, UE, in a first format. Convert the received messages from the first format to a second format. Transmit the received UE messages to a bootstrapping server function, BSF, in the second format. Receive messages from the BSF, in a third format. Convert the messages received from the BSF from the third format to a fourth format. Transmit the received BSF messages to the UE in the fourth format.

Abstract: Embodiments of the present disclosure include systems and methods for securely entering, receiving, and storing sensitive data. A server system may determine if a request received from a user computing device communicatively coupled to the server triggers a requirement to receive sensitive data from the user computing device, generate a data structure for the sensitive data, designate a plurality of contact methods, determine a communication protocol for each of the designated plurality of contact methods, transmit a request for data unit information to the corresponding designated contact methods via the determined communication protocol for each data unit of the data structure, receive from each of the designated contact methods, the data unit information corresponding to the respective single data unit, and generate sensitive data by aggregating the received data unit information received from each of the designated contact methods.

Abstract: A network terminal, e.g., a smartphone, can retrieve, from a datastore, a cryptographically-signed configuration record including a device identifier of the terminal. The terminal can transmit a request message comprising the configuration record and the device identifier. A network device can verify authenticity of the device identifier and a match between the identifier in the record and the identifier in the message. In response to confirmation of the request by a policy engine, the network device can determine a reply message comprising a cryptographically-signed second configuration record that includes a second device identifier. The terminal can verify that the signature is valid and that the second device identifier matches the device identifier. In response, the terminal can modify data in the datastore according to the second configuration record. The configuration record can lock or unlock the terminal, or determine permitted services or network peers.

Abstract: A method for distributed tokenization of sensitive strings of characters, such as social security numbers, credit card numbers and the like, in a local server is disclosed. The method comprises the steps of receiving from a central server at least one, and preferably at least two, static token lookup tables, and receiving a sensitive string of characters. In a first tokenization step, a first substring of characters is substituted with a corresponding first token from the token lookup table(s) to form a first tokenized string of characters, wherein the first substring of characters is a substring of the sensitive string of characters. Thereafter, in a second step of tokenization, a second substring of characters is substituted with a corresponding second token from the token lookup table(s) to form a second tokenized string of characters, wherein the second substring of characters is a substring of the first tokenized string of characters. Optionally, one or more additional tokenization steps is/are used.

Abstract: Embodiments described herein generally relate to a software application platform which provides a user with the ability to upload media items to a first file storage location from a remote second file location. The media items may be uploaded from the remote second file location via an internet connection. The user may send a link via a data network that allows the user to quickly log in and upload media items via the remote device which receives the link. Each link may authenticate the user and launch the correct application on the remote device for uploading the media items after the link is selected. As such, the user may upload media items via the remote device to the first file location via the link, without a coupling between the second file location coupled with the remote device and the first file location.

Abstract: A system for validating a hologram on a document is provided. The system includes a camera for taking plurality of images of the hologram, a memory for storing the plurality of images, a display for displaying at least one of the images and for instructing a user to rotate the document such that at least two of the images are taken from different hologram viewing angles, and a processor for analysing the characteristics of the hologram in each of the plurality of images and for determining whether any of the characteristics match a predetermined characteristic set for a predetermined hologram type.

Abstract: Provided is a process including: receiving a request from a first computing device to register another computing device; sending to the first computing device a registration code; receiving the registration code from a second computing device; sending an instruction to the designated application to send a value indicative of access to a cryptographic key; receiving from the designated application the value indicative of access to the cryptographic key; determining, based on the received value, that the received registration code was sent by the designated application and not another untrusted application.

Abstract: A method of creating spatiotemporal activity records for an education program may include determining a start of an activity. The method may additionally include tracking the activity to record at least one accomplishment or error achieved in the activity and at least one time/location indicator associated with the at least one accomplishment or error. The method may additionally include generating a spatiotemporal activity record that includes the at least one time/location indicator and the at least one accomplishment or error. The method may additionally include presenting at least a portion of the spatiotemporal activity record for review by a reviewer, receiving identification data of the reviewer as an indication that the reviewer has reviewed and understands the at least the portion of the spatiotemporal activity record, authenticating the reviewer as a service receiver, and verifying the spatiotemporal activity record as reviewed and approved by the service receiver.

Abstract: A method and system for risk measurement and modeling, which may be used to identify and mitigate information security risks for an information system, and which may improve the efficiency of risk measurement and modeling. Such a system may perform risk modeling based on threat likelihood information, the potential business impacts of particular threats, and data on the effectiveness of particular controls implemented by the operators of the information system, which may be used to calculate residual risk scores for particular risk scenarios that the information system may face.

Abstract: A biometric template created at a user device is divided into portions that are distributed among members of a trusted circle and, optionally, a remote storage service. When the user associated with the biometric template attempts to reauthenticate on a different user device, live identity information is captured and transmitted to trusted circle members. The members confirm the identity of the user and provide the biometric template portions to the different device for reconstruction of the original template. The user can then biometrically reauthenticate using the reconstructed template.

Abstract: A mobile device (10) capable of storing digital data, includes a storage space (11), and elements for: providing a partial view of the storage space (11) when the content of the storage space is viewed during the connection of the device (10) to a second device (20); and providing an overall view of the storage space (11) when the content of the storage space (11) is viewed during the connection of the device (10) to a second device (20), and when an authorized user of the device (10) performs an authentication with the device (10).

Abstract: A method and system for securely and traceably enabling playing back of content on a playback device of a plurality of playback devices, in which each of the plurality of playback devices comprises a cryptographic function module (CFM). In one embodiment, the method comprises accepting a first input in the playback device from a content licensing agency; generating, in the device, a first output from the first input according to a proprietary cryptographic function using the CFM, the first output necessary to enable playback of the content by the playback device, the proprietary cryptographic function being one of a family of proprietary cryptographic functions executable by the CFM of each of the plurality of playback devices; and enabling the playback of the content by the device at least in part according to the first output.

Abstract: The present disclosure generally relates to using avatars and image data for enhanced user interactions. In some examples, user status dependent avatars are generated and displayed with a message associated with the user status. In some examples, a device captures image information to scan an object to create a 3D model of the object. The device determines an algorithm for the 3D model based on the capture image information and provides visual feedback on additional image data that is needed for the algorithm to build the 3D model. In some examples, an application's operation on a device is restricted based on whether an authorized user is identified as using the device based on captured image data. In some examples, depth data is used to combine two sets of image data.

Abstract: A method of completing a transaction that requires authorization by an authority agent includes registering an authority device as associated with the authority agent, receiving a transaction request from a service provider; pushing an authentication notification to the authenticating application of the authority device; displaying the authentication notification, including a prompt to supply agent verification data, on the authority device; collecting and verifying the agent verification data; in response to verification of the agent verification data, transmitting an authority agent response from the authority device to the authentication platform, and, at the authentication platform, authenticating the authority agent response; and in response to authenticating the authority agent response, transmitting a transaction confirmation from the authentication platform to the service provider.

Abstract: Provided is a process, including: obtaining a model of an application program interface (“API”); receiving a request to generate a functional-test specification for the API; detecting sets of functionality identified by the model of the API and respective sets of parameters corresponding to the detected sets of functionality by parsing the model of the API; in response to receiving the request, generating the functional-test specification for the API by, for at least some respective detected sets of functionality, specifying respective sets of functional tests based on corresponding sets of parameters.

Abstract: Techniques are described in which for a user to obtain access to or entitlement to objects or locations, such as for example a web application or entry into an accounting office, the system derives a unified risk score associated with the user. The computer compares the unified risk score against a set of rules to determine whether the unified risk score is greater than a particular threshold. Based on such determination, the computer can cause denial of access or entitlement for example by denying entry to the web application or transmitting a denied message to a system that controls the physical lock on the door to the accounting office. In generating the unified risk score, the computer retrieves the most up-to-date identity information about the user by signing on to an aggregator system using any supported login identity provider username and password or other authenticating credentials associated with the user.

Abstract: A storage unit (SU) includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory. The processing circuitry is configured to execute the operational instructions to perform various operations and functions. The SU, of a first SU set, receives a partially encoded slice request to restore a set of encoded data slices (EDSs) that are based on first dispersed storage error coding function parameters. The SU generates a decode threshold number of partially EDSs based on the first and second dispersed storage error coding function parameters. The SU then outputs the decode threshold number of partially EDSs to a second SU set to undergo selective combination respectively to generate new EDSs for storage within the SUs of the second decode threshold number of SUs of the second SU set.

Abstract: A verification method, device and computer-readable storage medium based on a flexible display screen are provided. The method includes: generating a verification code, and dividing the verification code into a plurality of parts; displaying the plurality of parts on the flexible display screen separately; detecting deformation of the flexible display screen, and determining a splicing result of the plurality of parts based on the deformation of the flexible display screen; and determining a verification result based on the splicing result.

Abstract: A data processing apparatus and method are provided for executing a plurality of threads. Processing circuitry performs processing operations required by the plurality of threads, the processing operations including a lock-protected processing operation with which a lock is associated, where the lock needs to be acquired before the processing circuitry performs the lock-protected processing operation. Baton maintenance circuitry is used to maintain a baton in association with the plurality of threads, the baton forming a proxy for the lock, and the baton maintenance circuitry being configured to allocate the baton between the threads.

Abstract: A digital certificate based information security realization method and system are provided. The method includes: separately issuing a digital certificate for a cloud management host, a physical cloud computing host and a virtual cloud computing machine; and carrying out a compliance authentication according to a corresponding digital certificate when the cloud management host, the physical cloud computing host and the virtual cloud computing machine start up or are in the running process. By using a digital certificate trust chain technology for reference and combining with a cloud management system, the digital certificate based information security realization method and system provided in embodiments of the present disclosure realize trusted systems of the cloud management system, the physical host and the virtual machine; beside, by putting emphasis on the security protection of the host platform of a system itself, the security of a virtual cloud platform is improved.

Abstract: A user identity authentication method is provided, which includes that: a Service Provider (SP) device receives a user request sent by a terminal, the user request including an identity credential of a user; the SP device determines an Identifier (ID) of the user and a priority of the identity credential according to the user request; and the SP device enables corresponding service for the terminal according to the priority. In the embodiment, the SP device provides the corresponding service according to the identity credential of the user. Therefore, a Unified security identity authentication manner may be implemented, usability is improved, and optimal utilization of resources may be implemented.

Abstract: A device with transmitter broadcasts packets including a transmitter identifier via a radio interface with varying timings of transmissions. It determines a current timing of transmissions based on clock signals and a secret code, using a cryptographic function. A mobile device detects radio signals conveying such packets and performs measurements on the signals. It determines a currently used timing of transmissions, assembles a positioning request including the transmitter identifier, results of the measurements and an indication of the timing of transmissions, and transmits the request. A server receives the request. It generates for the transmitter an expected timing of transmissions using a cryptographic function, based on a signal of a master clock and based on a stored secret code assigned to the transmitter. It provides position information as trusted position information only in the case of a match between the indicated and the expected timing of transmissions.

Abstract: Systems and methods are provided that allow federated data from various source systems to be accessed and analyzed through a data analysis platform. The federated data may be stored in different formats. The data analysis platform can receive the federated data in whatever format it has been stored at its respective source system. A script can be used to generate temporary representations (or temporary objects) for the federated data by transforming the federated data. Moreover, the temporary representations or temporary objects can be further transformed into a data analysis platform-specific format. A user of data analysis platform may access and/or manipulate either the temporary representations or objects as well as the data analysis platform-specific objects. Temporary objects can be transformed automatically into corresponding platform-specific objects when necessary to provide an enhanced capability or operation on the objects.

Abstract: Highly secured transactions for mobile or Internet-of-Things (IoT) devices can be conducted using a one-time seed technology (OTST). For example, registration of a user and authentication of a user device is based on a one-time seed (OTS) which is generated by an authentication server and sent to the user device. The user device employs the OTS to generate a one-time password (OTP). After registration and authentication, the OTS is deleted. As such, the OTS and OTP is used only one time. No seed is stored on the user device. As for securing the transactions, it may be signed by a one-time hash (OTH) or a one-time signing key (OTSK). Like the OTS, the OTH or OTSK is deleted from the user device after the transaction. Since the user device does not contain a seed, OTH or OTSK, there is no risk of the user device being hacked by unwanted third parties.

Abstract: Techniques for enhancing the security of storing sensitive information or a token on a communication device may include sending a request for the sensitive information or token. The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.

Abstract: A password application system receives a credential for a first privilege of a plurality of privileges whereby the first privilege corresponds to a first set of credential requirements and the plurality of privileges have a second privilege that corresponds to a different set of credential requirements. The system determines whether the credential for the first privilege satisfies the first set of credential requirements. If the credential satisfies this set of credential requirements, the system enables the credential to be used for access in accordance with the first privilege.

Abstract: In an example of this disclosure, a method may include receiving, by a first network device, a plurality of heartbeat response messages from one or more network devices of a plurality of network devices. Each heartbeat response message of the plurality of heartbeat response messages may respectively correspond to one network device of the plurality of network devices. The method may include processing, by the first network device, the plurality of heartbeat response messages in a kernel space of the first network device. The method may include updating, by the first network device in the kernel space, one or more values corresponding to a data structure based on processing the plurality of heartbeat response messages in the kernel space. The method may include processing, by the first network device, the one or more values in a user space of the first network device.

Abstract: Techniques for authentication for online content using an access token are described. According to various embodiments, online content (e.g., webpages and other types of web content) can be served across a variety of different online resources. According to one or more embodiments, an access token is leveraged to enable a user to authenticate with multiple different distributed content resources for access to online content, and without requiring the user to input authentication credentials for each of the content resources.

Abstract: An ultrasound diagnostic apparatus includes an ultrasound probe with transducers, memory storing probe identification information and binary state generation unit generating a binary electrical state corresponding to a probe identifier, probe identifier conversion unit converting the electrical state into the probe identifier, read unit reading the probe identification information from the memory, determination unit determining consistency between the probe identifier after conversion and the probe identification information read from the memory, and warning output unit outputting a predetermined warning if the probe identifier is inconsistent with the probe identification information.

Abstract: Systems, computer products, and methods are described herein for improved authentication utilizing two factor authentication of a user. The two factors include a verified identification and a liveness identification. The verified identification may be a governmental verified identification, and the liveness identification may be a video of the user. The user may capture the verified identification and the liveness identification using the user's mobile device. The organization may authenticate the user by identifying the user from the verified identification image and identifying that the user is active by identifying movement from the liveness identification image. Additional authentication may include requiring and/or identifying an identifier from the liveness identification image (e.g., movement, object, characters, or the like), and/or capture image data related to a time or a location at which the images were captured.

Abstract: The disclosure generally describes methods, software, and systems, including a method for using and managing ephemeral tables. User inputs associated with a database management system are received from an application. The user inputs are associated with a particular user and a particular application. From an auto-save cache index, one or more ephemeral tables are identified that are associated with the user inputs. The ephemeral tables are mapped to one or more tables in the database management system. Using the user inputs and the auto-save cache index, the one or more ephemeral tables are updated. Information associated with the user inputs is automatically stored on a temporal basis. The information survives database sessions, transaction boundaries, and database management system restarts.

Abstract: Embodiments are directed to a computer-implemented method and system, and for setting a minimum key strength in a key hierarchy. The method and system can include the use of a key strength keyword that set a minimum key strength for a plurality of key classes. The setting of a key strength lower than that set forth in the key strength command is prohibited. The key classes can include DES keys, AES keys, HMAC keys, RSA PKI keys, RSA usage keys, RSA key generation keys, ECC PKI keys, ECC usage keys, and ECC key generation keys. A multi-dimension key hierarchy, including a master key and a key that is derived through the use of a key derivation function is also described herein.

Abstract: Provided is a communication apparatus (121) that securely manages passwords for utilizing a server apparatus. A generator (203) generates a random table having the same number of rows and the same number of columns as a password table associated with a server name specified in an authentication request received by a receiver (202). An acceptor (205) accepts a key from a user to whom the random table is presented by a presenter (204). An identification unit (206) identifies, from the key and the random table, the user's of selection order of elements in the table. An acquirer (207) selects and arranges elements in the password table in the identified selection order, thereby acquiring a password. An output unit (208) displays the acquired password on a display or transmits the acquired password to the server apparatus, thereby allowing the user to utilize the server apparatus.

Abstract: A computer-implemented method generates a random number in a cloud-based random number server. The cloud-based random number server identifies multiple entropy sources. The cloud-based random number server identifies multiple disjointed entropy sources from the multiple entropy sources, which are logically and functionally independent of one another. The cloud-based random number server randomly selects multiple disparate entropy sources from the multiple disjointed entropy sources, and then receives multiple entropic values from the multiple disparate entropy sources, where each of the multiple disparate entropy sources supplies an entropic value that describes a type of entropic event not found in other entropy sources from the multiple disparate entropy sources. The cloud-based random number server mixes the multiple entropic values to create a combined entropic value, which is input into a random number generator to generate a random number for use by a client computer.

Abstract: A Cross-Platform Single Sign On (CP-SSO) experience is provided herein to enable users to access multiple services via a single login when working across different platforms. A user may work across different platform when using multiple devices, when using multiple browsers on a single device, or when an integrated application requires a separate login for access within a host web application or portal service. A proxy token service manages login requests and authentication tokens after a given service has been logged into once by a user, so that the user does not need to provide login credentials on subsequent requests for the given service. By enabling a CP-SSO experience, network efficiency is improved, and the user experience is also improved as users do not need to supply authentication credentials as frequently and may freely choose to use multiple platforms instead of limiting usage to a single platform.

Abstract: Methods and apparatuses are provided for detecting a gesture at an electronic device. The gesture is received through an input module of the electronic device. A direction combination corresponding to the gesture is determined. The direction combination includes a plurality of directions. Information regarding the direction combination is compared with information regarding at least one direction combination, which is stored in a memory of the electronic device. A state of the electronic device is changed from a first state to a second state, using at least one processor of the electronic device, according to a result of comparing the information regarding the direction combination with the information regarding the at least one direction combination.

Abstract: The disclosed computer-implemented method for providing two-factor authentication with an enterprise gateway when an authentication server is unavailable may include (1) receiving, at a computing device, an authentication request from a client device; (2) determining the authentication server is unavailable; (3) sending, to the client device and in response to determining the authentication server is unavailable, a backup credential stored on the enterprise gateway; (4) receiving, from the client device, a security code generated by the backup credential; (5) authenticating the security code; (6) sending, in response to determining the security code is authentic, access approval to the client device. The provided methods may provide authentication, by an enterprise gateway, of one or more factors in a multi-factor authentication system when an authentication server is unavailable. Various other methods, systems, and computer-readable media are also disclosed.