Abstract: Techniques for recommending microservices to perform the different functions of a legacy architecture are disclosed. In one example, a computer implemented method comprises receiving a plurality of recommendations comprising a plurality of program components as candidates for assignment to a plurality of microservices, and determining roles of respective ones of the plurality of program components. A user interface is provided which is configured to allow a user to modify one or more of the plurality of recommendations based at least in part on the roles. Modifications to the one or more of the plurality of recommendations are analyzed, and one or more metrics are computed based at least in part on the analysis.

Abstract: Techniques described herein are directed to proxies configured to handle identity and access management for a web application. For instance, a second proxy receives requests to the application from a browser. The second proxy redirects the browser to an identity endpoint, which prompts the user to enter authentication credentials for the application. Upon successful authentication, the endpoint provides an access token for accessing web APIs to the second proxy. The second proxy provides the token to a first proxy, which stores the token. The first proxy receives anonymous API calls from the web application to the web APIs. When receiving an anonymous API call, the first proxy obtains the token and inserts it into an outgoing request to the API. Responsive to the API returning a message indicating that the token is invalid, the first proxy communicates with the second proxy to obtain a new token from the endpoint.

Abstract: The present disclosure relates to managing services by a managed service provider (MSP) in a cloud based infrastructure. A control plane of the MSP is established in a first tenancy, and a first access plane of the MSP is established in a second tenancy of a cloud environment. The control plane is configured to manage a plurality of services offered by the MSP to a first host machine included in the second tenancy. A first request is transmitted from the control plane to the first access plane, where the first request is forwarded by the first access plane to the first host machine, and corresponds to a service utilized by the first host machine and managed by the control plane of the MSP. In response to the first request being validated, a first state of the first host machine is modified in the second tenancy based on the first request.

Abstract: The invention relates to implementing rules based authentication for credit card transactions. The system and method may involve: receiving a transaction request associated with a card product from a user at a point of sale system; determining an authorization mode for the transaction request based on one or more transaction attributes; executing an authentication rule for the transaction request; transmitting an authentication request via the authorization mode based on the authentication rule; requiring an authorization input from the user responsive to the authentication request; and upon receiving a proper authentication input, verifying the user and proceeding with the transaction request.

Abstract: Systems and methods to create a customized watch face and retrieve the watch face to be displayed are disclosed. Exemplary implementations may effectuate presentation of a selection interface; receive a mint request to mint the watch face in accordance with a watch face design; effectuate a transfer of consideration from a user wallet to an administrative wallet; mint the watch face; transfer a non-fungible token to the user wallet; receive a display request to display the watch face on a watch screen; determine whether the user wallet holds a non-fungible token associated with the watch face; responsive to the user wallet holding the non-fungible token, facilitate display of the watch face on the watch screen; responsive to the user wallet not holding the non-fungible token, take no action to facilitate display of the watch face on the watch screen; and/or perform other operations.

Abstract: Systems, methods, and storage media for analyzing authentication and authorization requirements in an identity infrastructure are disclosed. Exemplary implementations may: intercept, at a server, a first request to access an application in the identity infrastructure; transmit, from the server, one or more of the first request and a modified version of the first request to the application; intercept, at the server, a response from the application, based at least in part on the transmission; and display, via at least one interface, an analysis of one or more of the first request, the modified version of the first request, and the response, wherein the analysis comprising determining requirements for application authentication and authorization requirements, identity protocol(s) and/or techniques utilized by the application, whether user-defined security requirements have been implemented, and/or whether application meets predetermined compliance standards.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method performed by a terminal in a wireless communication system is provided.

Abstract: A mobile control unit adapted to move to a plurality of premises, the mobile control unit having a central monitoring system in communication with a facility system of each of the plurality of premises, such that the mobile control unit is adapted to move to one of the plurality of premises when alerted by the facility system of the one of the plurality of premises. A facility management system adapted to manage at least one of the plurality of premises, the facility management system having the mobile control unit and a facility system adapted to monitor each of the plurality of premises. A method of monitoring the plurality of premises using the mobile control unit. A facility management system having a plurality of mobile control units and a main control unit adapted to monitor the location of the plurality of mobile control units.

Abstract: A method of contact-less access control to a device available for rental, access and use in an environment, by scanning multi-level machine-readable codes displayed in the environment using web-enabled mobile phones wirelessly connected to a wireless access control network. To practice a facility-level, site-level access and/or device-level access control method, a web-enabled mobile phone is used to scan facility-level, site-level and/or device-level machine-readable codes in the environment, and in response, rental transaction identifiers are stored within the cache on the web-enabled mobile phone scanning the machine-readable code. Each rental transaction identifier identifies the web-enabled mobile phone that is linked to a specific device rental transaction. After renting the selected device at either a facility-level, site-level or device-level location in the environment, the web-enabled mobile phone is used to scan the device-level machine-readable code on the rented device.

Abstract: Verifying caller identification information is described. A query to verify a first communications connection associated with an observed caller ID is received. Using a second communications channel, a message to a device associated with the observed caller ID is transmitted. A response to the message is received. The message is evaluated to perform a security determination. The security determination is provided as output.

Abstract: Various embodiments are generally directed to provide a semi-local authentication scheme. A server can transmit one or more encryption mechanisms to a user device, which in turn can transmit the encrypted mechanisms to one or more secondary devices associated with the user device, where the user device and the secondary devices share a local connection. The secondary devices can transmit the one or more encrypted mechanism utilizing one or more one or more decryption mechanisms supplied by the server, and then transmit the result of the decryption, e.g. decrypted codes, back to the user device, which in turn can then transmit a final decrypted code or codes to the server. Upon confirming receipt of the decryption from the user device, the server can authorize access (via the user device) to one or more devices, networks, applications, and/or components.

Abstract: A management system detects a change at the target device. The management system transmits a request message to authorization devices of the authorization users of the multi-user authorization pool to from the authorization users an indication of whether the detected change is approved. The management system receives a plurality of response messages from authorization devices of the multi-user authorization pool indicating whether the detected change is approved by the corresponding authorization user, and based on at least three of the plurality of response messages indicating a disapproval, that the detected change is disapproved. In response to the determination that the change is disapproved, an instruction message is sent to a target managed device to instruct the target managed device to rollback to an earlier state.

Abstract: Systems and methods for tokenless authorization are provided. Obtaining an electronic representation of an initial biometric sampling of a registrant. Applying the initial electronic representation to a template data construct producing a unique digital identifier (UDI). Obtaining account information constructs corresponding to an account by the registrant with a third party. Generating a unique secure identification number (SIN) using the UDI and the account information constructs. Storing a unique link from the UDI to the account information constructs. Receiving a request for service and an electronic representation of a second biometric sampling. Forming the UDI by applying the second electronic representation to the template data construct. Verifying the UDI corresponds to the stored UDI to reconstruct the unique SIN from the UDI and using this unique SIN to retrieve the account information constructs using the indexed data structure. Transmitting the request and the unique SIN to the third party.

Abstract: Systems and techniques for centralized threat intelligence are described herein. A connection may be established to a plurality of threat data sources. An anonymized set of threat data may be obtained by application of a set of privacy rules to the threat data from the plurality of threat data. A threat database may be populated with the anonymized set of threat data. A registration request may be received for a user of a device. A unique user identifier may be assigned for the user and a unique device identifier may be assigned for the device. A threat model may be generated based on a set of the characteristics from the threat database. A set of data access attributes may be received for a data access request. The data access request may be blocked based on an evaluation of the data access attributes using the threat model.

Abstract: A scheduling method and apparatus, a device and a storage medium, which relate to fields of big data, cloud computation, artificial intelligence, intelligent authentication and intelligent scheduling. A specific implementation includes: acquiring an authentication request that indicates to-be-authenticated information; determining an authentication strategy group required by an authentication processing procedure of the to-be-authenticated information, wherein the authentication strategy group is determined based on an authentication dependency relationship between authentication strategies and comprises at least two authentication strategies; and calling the authentication strategies in the authentication strategy group in parallel, and performing authentication processing on the to-be-authenticated information in parallel, to obtain an authentication processing result corresponding to the authentication strategy group.

Abstract: Methods and systems for a document-level attribute-based access control service are provided. The document-level attribute-based access control service may be positioned between a directory service and a search engine service. The directory service can manage information and permissions for users. The document-level attribute-based access control service can map security attributes to the user based on the information and permissions. Based on the mapping, it can be determined whether to permit the user making a query to the search engine service to access documents based on the query. Information and permissions attributes can be injected into queries dynamically via a template. Attributes may be combined with role query templates to create document-level attribute-based access control on top of role-based access control. The present technology can enable enforcement of security policies requiring all of a combination of attributes to be satisfied before permitting certain access.

Abstract: A service request is received at a first service communication proxy element, wherein the service request is received from a service consumer and is a request to access at least one service of a service producer. The first service communication proxy element determines at least one target service producer based on the service request. The first service communication proxy element sends an access token request to an authorization entity, wherein the access token request is generated based on the determining step. The first service communication proxy element receives an access token response from the authorization entity, wherein the access token response comprises an access token. The first service communication proxy element may then send a service request with the access token to a second service communication proxy element, wherein the second service communication proxy element is associated with the target service producer. The method may apply to roaming and non-roaming scenarios.

Abstract: Embodiments are directed monitoring network traffic using network monitoring computers. Activity associated with a document in a network may be determined based on the network traffic. A profile may be generated based on a summarization of the activity associated with the document such that the profile may be stored in a data store that stores other profiles. Similar profiles may be determined based on a classification of each profile in the data store based on similarities between the profile and the other profiles in the data store. In response to determining similar profiles, locations in the network associated with documents that correspond to the similar profiles may be determined. Locations may be classified based on the activity, the similar profiles and access policies. In response to portions of the locations being classified as inconsistent with the access policies may be reported.

Abstract: An example operation may include one or more of receiving storage requests endorsed by blockchain peers of a blockchain, selecting a group of the endorsed storage requests to be stored together and ordering the group of endorsed storage requests with respect to each other based on timestamps, encoding the group of ordered and endorsed storage requests into an image, and storing the encoded image within a data section of a block of the blockchain.

Abstract: The embodiments described herein relate generally to securely establishing an account and authentication metrics associated with a communication platform. An account associated with a communication platform may allow a user associated with the account to send and receive communications via the communication platform.

Abstract: A system and method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network includes: detecting an authentication attempt by the endpoint computing device to the computer network; during the authentication attempt, collecting management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device; using the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device; and controlling access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.

Abstract: Methods and systems are disclosed herein for a media guidance application that allows access restrictions to be modified in a flexible manner based on a deviation in a user's projected location. Specifically, the media guidance application determines at an end of a first time period whether a user is in a projected location for a second time period. If the user is in a projected location for the second time period, the media guidance application sets a second level of media access restriction. However, if the media guidance application determines that the user is not in the projected location for the second time period, the media guidance application maintains the first level of media access restriction.

Abstract: A simulated environment presentation device with a display configured to present a rendering of a simulated environment. A simulated environment subsystem is communicatively coupled to the simulated environment presentation device and is configured to provide instructions for rendering the simulated environment. A simulated environment monitoring device includes at least one processor communicatively coupled to the simulated environment subsystem. The simulated environment monitoring device monitors the rendering of the simulated environment over a period of time. Features associated with objects presented in the rendering of the simulated environment are determined over the period of time. An anomaly associated with a first object is detected based on a change in a determined first feature of the first object over the period of time.

Abstract: A data analytics system is disclosed that can include a data repository configured to store data for multiple clients, a metadata repository separate from the data store, an access control system, and a policy store. The data analytics system can automatically generate metadata for data in the data repository using a metadata engine, the metadata including technical metadata and usage metadata, and store the metadata in the metadata repository. The data analytics system can obtain a client policy governing access to the data. The data analytics system can receive a request to provide the data, the request including instructions to create a pipeline to provide the data. The data analytics system can authorize, by the access control system, the request using the policy and usage metadata; create the pipeline using the technical metadata; and provide the data using the pipeline.

Abstract: This document describes among other things, network security systems that incorporate a feedback loop so as to automatically and dynamically adjust the scope of network traffic that is subject to inspection. Risky traffic can be sent for inspection; risky traffic that is demonstrated to have high rate of threats can be outright blocked without further inspection; traffic that is causing errors due to protocol incompatibility or should not be inspected for regulatory or other reasons can be flagged so it bypasses the security inspection system. The system can operate on a domain by domain basis, IP address basis, or otherwise.

Abstract: Methods, apparatuses, or computer program products according to the present disclosure provide for service permissions scaling. In example embodiments, an apparatus receives a service request from an edge server. The apparatus may generate an authorization token based at least in part on a permissions data vector, where the authorization token is configured for access by one or more computing devices to determine whether to grant access by a first computing device associated with the requesting entity identifier to one or more resources associated with the one or more computing devices. The apparatus may then transmit the authorization token to the edge server. According to some embodiments, the authorization token may be configured for storing in an authorization token cache. In some embodiments, the authorization token may be retrieved from the authorization token cache.

Abstract: Various systems and methods for user-authorized onboarding of a device using a public authorization service are described herein. In an example, a 3-way authorization protocol is used to coordinate device onboarding among several Internet of Things (IoT) Fog users (e.g., devices in a common network topology or domain) with principles of least privilege. For instance, respective onboarding steps may be assigned for performance by different Fog ‘owners’ such as respective users and clients. Each owner may rely on a separate authorization protocol or user interaction to be notified of and to give approval for the specific onboarding actions(s) assigned. Further techniques for implementation and tracking such onboarding actions as part of an IoT network service are also disclosed.

Abstract: The variable domain data access control system and method described herein use the same variable domain to describe a data security model and a variable domain data model, such as a product configuration model. A variable domain is a set of resource data that can be described using a logical relationship data structure. The variable domain utilizes logical relationship expressions, such as a Boolean logic language, to define resource data in terms of parts, rules and/or attributes, and any other property that can be accessed for viewing, manipulation, or other purposes. The data security model represents an access control list (ACL) that includes security attributes as resource data and uses the same data structure and logical relationship expressions as an associated variable domain data model. An application, such as a configuration engine, can be used to create controlled access to the variable domain data model using the data security model.

Abstract: A method for controlling deployment of network configuration changes includes receiving, by centralized network management system executed by a processor and memory, configuration change instructions to alter a configuration of a network; computing, by the centralized network management system, a weighted impact of the configuration change instructions; determining, by the centralized network management system, whether the weighted impact of the configuration change instructions exceeds a threshold impact level; and in response to determining that the weighted impact does not exceed the threshold impact level, executing the configuration change instructions.

Abstract: Systems and methods of disarming malicious code in protected content in a computer system having a processor are provided. The method includes determining that a received input file intended for a recipient is protected, the recipient may be connected to a network; accessing a credential associated with the intended recipient for accessing the protected input file; accessing the content of the protected input file based on the credential; modifying at least a portion of digital values of the content of the input file configuring to disable any malicious code included in the input file, thereby creating a modified input file; and protecting the modified input file based on the credential associated with the intended recipient. The method also includes forwarding the protected modified input file to the intended recipient in the network.

Abstract: Methods and systems for a transportation vehicle are provided. One method includes generating a packet by an application executed by a processor of a first seat device of an in-flight entertainment system having a plurality of seat devices on an aircraft; dropping the packet by the seat device when the application is not authorized for Internet communication; dropping the packet by the seat device when the packet is one of a broadcast packet, multicast packet or destined to a second seat device of the in-flight entertainment system; determining that the seat device Internet traffic is below a threshold value; and transmitting the packet to a network device when the application is authorized, and the packet is not a broadcast packet, multicast packet or destined for a second seat device.

Abstract: Disclosed herein are embodiments of a cloud data synchronization system enabling an user operating a mobile client device to download mission-specific data sets from a fixed cloud-based server system to a database of the mobile client device, and then use the downloaded data sets independently on the mobile client device when the mobile client device is disconnected from a network connecting to the fixed cloud-based server system. When connectivity to the fixed cloud-based server system is re-established by the mobile client device in an intermittent and bandwidth-limited communication network environment, the fixed cloud-based server system may provide bi-directional data synchronization between records of the fixed cloud-based server system and the mobile client device to update the data sets on the fixed cloud-based server system and the mobile client device while operating in the intermittent and bandwidth-limited communication network environment.

Abstract: Disclosed are various embodiments for chaining of authorizations in an authorization framework. In one embodiment, a service receives an authorization request for access by a relying party service operated by a first entity to obtain information associated with a user account. The service determines that the authorization request requires a consent of a second entity. The service then obtains a first authorization token representing the consent of the second entity. The service generates a second authorization token based at least in part on the first authorization token. The service sends the second authorization token to the relying party service.

Abstract: Methods, systems, and media for providing media guidance with contextual controls are provided. In some embodiments, the method comprises: causing a user interface to be presented that includes media interface elements, wherein each of the media interface elements is a selectable object that represents at least one media content item; determining that a media interface element from the media interface elements has been selected; in response to determining that the media interface element has been selected, causing the at least one media content item corresponding to the selected media interface element to be presented in a portion of the user interface; and concurrently with causing the at least one media content item to be presented, causing a control interface to be presented that is associated with the selected media interface element.

Abstract: Aspects described herein may allow for authenticating a user by generating a customized set of authentication questions based on spending patterns that are automatically detected and extracted from user data. The user data may include transaction data collected over a period of time that may indicate the types of merchants that a user frequently transacts with. By automatically detecting user patterns that correspond to user behavior over a period of time, an authentication system may be able to generate authentication questions about those spending patterns that are easily answerable to an authentic user but difficult to guess or circumvent for any other user.

Abstract: Disclosed are methods, systems, and non-transitory computer-readable media for determining a trust score associated with a user, comprising detecting entities near a user device operated by the user; calculating the trust score for the user based on a policy that incorporates data about the entities near the user device, the trust score being a score that is indicative of a trust worthiness of data received from the user device, wherein trusted entities near the user device result in an increased trust score, and untrusted entities near the user device result in a decreased trust score; and permitting access to a resource when the trust score is above a threshold.

Abstract: Systems and methods to create a customized watch face and retrieve the watch face to be displayed are disclosed. Exemplary implementations may effectuate presentation of a selection interface; receive a mint request to mint the watch face in accordance with a watch face design; effectuate a transfer of consideration from a user wallet to an administrative wallet; mint the watch face; transfer a non-fungible token to the user wallet; receive a display request to display the watch face on a watch screen; determine whether the user wallet holds a non-fungible token associated with the watch face; responsive to the user wallet holding the non-fungible token, facilitate display of the watch face on the watch screen; responsive to the user wallet not holding the non-fungible token, take no action to facilitate display of the watch face on the watch screen; and/or perform other operations.

Abstract: A method including transmitting, by an infrastructure device to a user device, an invitation link to enable the user device to receive network services from the infrastructure device; transmitting, by the infrastructure device to the user device based on verifying that the invitation link was activated by the user device, seed information to enable the user device to determine authentication information; determining, by the user device, the authentication information based on utilizing the seed information; transmitting, by the user device to the infrastructure device during a communication session, a user request related to an action to be performed regarding receiving the network services, the user request being signed based on utilizing a first portion of the authentication information; and authorizing, by the infrastructure device, the user request based on verifying that the communication session is currently active. Various other aspects are contemplated.

Abstract: A communication system includes an information processing terminal, a first electronic device of which setup to connect to an access point of a wireless network, and a second electronic device. The information processing terminal transmit a transmission request of connection information to the first electronic device, and the first electronic device obtains authentication information based on the transmission request and determine whether to permit transmission of the connection information. The first electronic device transmit the connection information to the information processing terminal when determining to permit the transmission, but not transmit the connection information when determining not to permit the transmission. When receiving the connection information, the information processing terminal transmit the connection information to the second electronic device, and the second electronic device completes the setup using the received connection information.

Abstract: Deep learning training service framework mechanisms are provided. The mechanisms receive encrypted training datasets for training a deep learning model, execute a FrontNet subnet model of the deep learning model in a trusted execution environment, and execute a BackNet subnet model of the deep learning model external to the trusted execution environment. The mechanisms decrypt, within the trusted execution environment, the encrypted training datasets and train the FrontNet subnet model and BackNet subnet model of the deep learning model based on the decrypted training datasets. The FrontNet subnet model is trained within the trusted execution environment and provides intermediate representations to the BackNet subnet model which is trained external to the trusted execution environment using the intermediate representations. The mechanisms release a trained deep learning model comprising a trained FrontNet subnet model and a trained BackNet subnet model, to the one or more client computing devices.

Abstract: Multi-RAT UEs currently have 2 independent paths to authenticate with HSS (e.g., via the MME or the 3GPP AAA Server causing repeated authentication messages to HSS). The use of one unified authentication path between the UE and HSS for Small Cell and Wi-Fi authentication is described. First, a new 3GPP EPC-TWAN interworking architecture has the MME manage all the authentication requests from multi-RAT UEs. Second, new unified authentication procedures are added, which allow the ISWN-based multi-RAT UE to be authenticated directly with the HSS, irrespective of its current access network (TWAN or HeNB). Third, new fast re-authentication procedures for Inter-RAT handover scenarios are done. Finally, the needed extensions to the various standard protocol messages to execute the authentication procedures are described.

Abstract: Embodiments of the present disclosure relate to network gateway based messaging systems and methods. Some methods include transparent message processing that includes receiving a message from a first party that includes a payload and a token. The token is associated with sensitive information. Next, the method includes replacing the token with the sensitive information within the message and forwarding the message with the sensitive information to a second party. The payload is unaffected by the token exchange process.

Abstract: For connection establishment, a system allocates memory that will be occupied by the data and handshake sub-protocol infrastructure that facilitates establishing a TLS connection. After connection establishment, the system allocates memory space for the data and record sub-protocol infrastructure that facilitates the asynchronous communication of application traffic. The memory space for the TLS session (i.e., the communication information separate from the handshake) has a substantially smaller footprint than the memory space for the TLS handshake. The TLS handshake memory space can be released and recycled for other connections while application communications use the smaller memory space allocated and populated with the TLS session data and infrastructure.

Abstract: Aspects of the disclosure relate to using machine-learning models to determine graduated levels of access to secured data for remote devices. In some embodiments, a computing platform may establish a connection with a mobile device. Subsequently, based on establishing the connection, the platform may identify initial device information, device features, and user information. The platform may input the identified information into an authentication model to compute a baseline authentication score and then may identify an initial level of access to secured resources for the mobile device. Thereafter, the platform may receive from the mobile device, AR/VR device information captured by the mobile device. The platform may input the AR/VR device information into the authentication model to compute an augmented authentication score. Based on the augmented score, the platform may identify an augmented level of access to secured resources for the mobile device.

Abstract: Existing approaches to security within network, for instance oneM2M networks, are limited. For example, content might only be protected while the content is in transit between entities that trust each other. Here, the integrity and the confidentiality of content in an M2M network are protected. Such content may be “at rest,” such that the content is stored at a hosting node. Only authorized entities may store and retrieve the data that is stored at the hosting node, and the data may be protected from a confidentiality perspective and an integrity perspective.

Abstract: Systems and methods for embodiments of artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may support the creation, association, searching, or visualization of any relevant context to identity management assets for a variety of purposes, including the creation of nested identity management artifacts in a search index and search syntaxes for querying such nested artifacts.

Abstract: Systems, methods, and computer readable media for performing mobile interactions using a mobile communication device and an access device without a connection to a data network. An access device can provide the mobile communication device with a value request message requesting access tokens for an interaction. The mobile communication device provides access data including a plurality of access tokens to the access device. The access device can use the access tokens to gain access to value elements stored in data lockers of the mobile communication device. Upon receipt of the value elements, the access device may provide the mobile communication device with access to a resource.

Abstract: Provided is a method, system, and apparatus for authenticating a user device. The method includes registering a device identifier with at least one transformation rule, receiving a request for authentication comprising a device identifier associated with a user device, obtaining a one-time password (OTP) in response to receiving the request, communicating the OTP to the user device, receiving a transformed OTP from the user device, and authenticating the user device based on the OTP, the transformed OTP, and the at least one transformation rule.

Abstract: The present invention relates to the field of communication technologies, and particularly, to a resource access method and apparatus. In the solution, even if a client cannot directly communicate with an authorization server, the client can still initiate authorization verification to the authorization server by using a resource server. Then, the resource server returns a resource access response to the client when receiving an authorization response returned by the authorization server.

Abstract: Systems and methods for enhanced OTP messaging, comprising: receiving a request from an application executing on a computing device of a user; generating the supplemental information based on the request; segmenting the supplemental information into a first part of the supplemental information and a second part of the supplemental information; transmitting the first part of the supplemental information to the computing device of the user via a first communication channel to another app executing on the computing device of the user; instructing the another app to allow the user to utilize one or more graphical user interface (GUI) elements of a GUI of the another app to transfer the first part of the supplemental information to the app; and transmitting the second part of the supplemental information to the computing device of the user via a second communication channel so as to provide the supplemental information to the app.