Abstract: An authentication method of a prover by a verifier includes: performing at least once, an enrollment process by an enrollment center computer; and subsequent to performing the enrollment process, performing an on demand authentication process including: receiving at a verifier computer from the prover, a prover authentication request sent from the prover computer device which includes the prover identity and a preferred ZKP protocol identifier; looking up a prover's public key in the database via the identity; the verifier sending a selected ZKP protocol identifier to the prover computer device; commencing a round of authentication by receiving a commitment generated according to the selected ZKP protocol; and repeating the step of commencing a round of authentication until the verifier computer accepts or rejects the prover's identity. A zkMFA method of authentication and an authentication system for authenticating a prover by a verifier are also described.

Abstract: Systems and methods for managing a user-selected card verification code (CVC2) value for a payment card are disclosed. A sever is coupled to a payment card database and a hardware security module. The server is programmed to receive a request from a user to change the CVC2 value of the payment card to the user-selected CVC2 value. Based upon the request, the server retrieves from a payment card table stored on the database a payment card record associated with the payment card. The server transmits the user-selected CVC2 value, and, from the payment card record, a primary account number, a payment card expiry date, and a first service code to a hardware security module. The server subsequently receives from the hardware security module a second service code associated with the user-selected CVC2 value. The server updates the first service code in the payment card record to the second service code.

Abstract: A method of generating a virtual reality payment authentication entry interface includes receiving, over a computer network, a request for payment authorization; identifying a virtual reality interface; generating a plurality of payment authentication characters in the virtual reality interface; receiving user input associated with at least one character of the plurality of payment authentication characters in the virtual reality interface; and generating a payment authorization response to the request for payment authorization based on the received user input.

Abstract: A method of generating a virtual reality payment authentication entry interface includes receiving, over a computer network, a request for payment authorization; identifying a virtual reality interface; generating a plurality of payment authentication characters in the virtual reality interface; receiving user input associated with at least one character of the plurality of payment authentication characters in the virtual reality interface; and generating a payment authorization response to the request for payment authorization based on the received user input.

Abstract: The present invention is generally related to systems and methods for providing an improved authentication and verification system through the use of compiled user data and user location or traffic data from multiple channels of input. Multiple devices may be utilized by the system in order to receive and process data to authenticate user identities and verify the validity of account activity.

Abstract: Systems and methods discussed herein are directed to a method within a wireless communication network that includes, based at least in part on sending a login associated with a phone number, receiving a code at an electronic device associated with the phone number. A hash code corresponding to the code at an app executing on the electronic device associated with the phone number is received and an input is received. Based at least in part on the input, the input is hashed to provide a hashed code. The hashed code is compared with the hash code and it is determined if the hashed code matches the hash code. Based at least in part on determining the hashed code matches the hash code, the hash code is forwarded to a location associated with the login. The location may comprise one of a website or an app.

Abstract: A method and system for determining a suspected data source among one or more data sources reporting geo coordinate data in a location based services network is disclosed. In some embodiments, the method includes, receiving geo coordinates of a user device reported by the one or more data sources over a period of time, calculating a notional speed between geo coordinates reported at two consecutive times, flagging simultaneously, one or more data sources that reported the geo coordinates at the two consecutive times resulting in a notional speed that exceeds a predefined notional speed, and analysing a data on at least one of, the number of instances of geo coordinates reported by a data source, the number of instances a data source was flagged, the data sources that were also flagged simultaneously with each flagging, for determining the suspect source of data.

Abstract: Methods and systems for authenticating users based on user application activities are described herein. One or more questions and one or more answers may be generated and stored based on a history of user application activities associated with a user. The one or more questions and one or more answers may be generated randomly, and may relate to one or more other users. A request for access to a service may be received. Based on the request, a question associated with the history of user application activity may be selected and presented to the user. A candidate answer may be received from the user, and the user may be authenticated based on comparing the candidate answer to an answer associated with the question presented.

Abstract: Techniques for defining a cloud Application Program Interface (API) event logging policy are described. A request is received to generate an organization-level event logging policy for an organization including a plurality of accounts within the cloud computing environment. Responsive to one or more inputs received through a provided graphical user interface, an organization-level event logging policy is generated defining conditions for logging cloud API events for one or more cloud APIs provided within the cloud computing environment. The organization-level event logging policy is applied to log cloud API events generated by the plurality of accounts. At least one cloud API event log entry is written to a data repository within the cloud computing environment, as specified by the organization-level event logging policy.

Abstract: A computer implemented method performed by an identity verification computing system includes generating a user-level token associated with a user-level profile. The method further includes receiving a card-based transaction message associated with a card-based transaction. The card-based transaction message includes a card information portion and a point-of-sale data portion. The user-level token is inserted into at least one of the card information portion or the point-of-sale data portion. The method further includes obtaining the user-level token from the received card-based transaction message, validating the user-level token responsive to receiving a validation confirmation from a token service provider, and transmitting an identity verification to the entity computing system responsive to validating the user-level token.

Abstract: A method for social networking using a multi-focal plane augmented reality display of a host vehicle includes receiving social-networking data from a remote device. The social-networking data includes information about at least one social interest of a remote user of the remote device. The remote device is located within a viewable area of a vehicle user of the host vehicle. The method further includes determining whether at least one social interest of the remote user matches a vehicle-user social interest of the vehicle user of the host vehicle using the social-networking data. The method further includes transmitting a command signal to the multi-focal plane augmented reality display of the host vehicle to display a virtual image on the multi-focal plane augmented reality display. The virtual image is indicative of the vehicle.

Abstract: A computer-implemented method for authenticating a request to access a remote resource includes identifying a request from a first device to access a resource located on a second device. The computer-implemented method further includes retrieving one or more encrypted passwords for authenticating access to the resource from a partition of a vault located on the first device. The computer-implemented method further includes comparing the one or more encrypted passwords retrieved from the partition of the vault located on the first device to one or more designated passwords stored on the second device. The computer-implemented method further includes granting the first device access to the resource located on the second device based, at least in part, on the one or more encrypted passwords retrieved from the partition of the vault located on the first device matching the one or more designated passwords stored on the second device.

Abstract: An embedded trace capacitive signet is described. The embedded trace capacitive signet provides for authentication and validation through interaction with a touch screen of a computing device such as a smart phone. The embedded trace capacitive signet has a substrate such as a card, a plurality of conductive circle points affixed to the substrate, a user conductive area that allows a user to provide capacitance to the conductive circle points, and thin traces connecting each circle point to the user conductive area. Placing the circle points in different locations produces unique cards that can be detected by a touch screen of a computing device to initiate a software based application.

Abstract: A system for performing payment transactions includes a wearable payment device, such as a finger ring worn by a user, that communicates payment data to a payment reader that uses the payment data in order to request a payment transaction. The system also includes a mobile communication device that receives an input associated with the payment transaction from the user and wirelessly transmits information to the wearable payment device based on the input. The wearable payment device can use the information from the mobile communication device for performing the payment transaction and transmit at least a portion of the information from the mobile communication device to the payment reader during the payment transaction.

Abstract: A system and method for providing secure data to a client device having a token is disclosed. In one embodiment, the method comprises (a) binding the token to the client device according to first token binding information comprising a first token identifier (ID), first client device fingerprint data, and a first timestamp, (b) receiving a request to provide secure data to the client device in a secure data service, (c) determining if the request to provide the secure data to the client device was received within an acceptable temporal range of the stored timestamp, and (d) providing the requested secure data according to the determination.

Abstract: A monitoring system having a secure computer server, a client computer, and the hosting computer server is provided. The client computer sends a webpage file having the telephone number to the secure computer server. The secure computer server sends a verification code message having a verification code to a smartphone, when the telephone number is associated with an authorized user. The secure computer server sends a webpage file to the client computer when the telephone number is associated with the authorized user. The client computer sends a webpage file having the verification code to the secure computer server. The secure computer server generates a secure communication channel between the client computer and the hosting computer server when a telephone number and a verification code are correct.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically and securely augment participants in programmatically established chatbot sessions. For example, an apparatus may obtain messaging data generated during a first communications session involving a first device and based on the messaging data, detecting an occurrence of an event that triggers an establishment of a second communications session involving the first device and a second device. The apparatus may generate and transmit, to the second device, notification data causing the second device to validate one or more authentication credentials, and may receive confirmation data indicative of the one or more validated authentication credentials from the second device. Based on the confirmation data, the apparatus may perform operations that establish the second communications session in accordance with at least a portion of the messaging data.

Abstract: A method, computer system, and a computer program product for digital remote presentation are provided. Presentation content is received that includes visual content, one or more speech triggers, and one or more presentation enhancements corresponding to the one or more speech triggers. A virtual meeting is presented by transmitting the presentation content to at least one receiver computer. A first audio file is received that includes recorded audio spoken by a presenter during the virtual meeting. From the first audio file the one or more speech triggers spoken by the presenter are identified. The respective presentation enhancement corresponding to the identified speech trigger is performed. The presentation enhancement is presented to the at least one receiver computer during the virtual meeting.

Abstract: Aspects and examples are disclosed for improving multi-factor authentication techniques to control access to secured electronic resources. In one example, a decisioning computer system evaluates, based on a passive-dimension decision process, an access request, received from a user device, for a secured electronic resource. The passive-dimension decision process can evaluate dimensions associated with the access request, such as identity or device characteristics, to determine whether the dimensions of the access request are outside of norms for the user. Based on the passive-dimension decision model, the decisioning computing device may communicate to the user device an access decision, the access decision describing one or more of an access authorization, a denial of access, or a supplemental authentication challenge.

Abstract: A method in an electronic device includes comparing, with one or more processors, at least one image with one or more predefined reference images and determining whether the at least one image comprises a depiction of a mien expressed by the object. When the object is authenticated as the authorized user of the electronic device and the at least one image fails to comprise the depiction of the mien expressed by the object, the one or more processors grant limited operational access to features, applications, or data of the electronic device. When the object is authenticated as the authorized user of the electronic device and the at least one image comprises the depiction of the mien expressed by the object, the one or more processors can grant full operational access to the features, the applications, or the data of the electronic device.

Abstract: A management appliance communicates with host servers and a storage array to determine per-path loading. Based on the loading, the management appliance selects a host server with an uncredentialed path for reconfiguration. Unique endpoint authentication credentials are sent from the management appliance to the selected host server and the storage array. The uncredentialed path is placed in standby mode and the selected host server and the storage array are updated with the unique endpoint authentication credentials, which are then used to reactivate the path with endpoint authentication. Tight coupling between the MPIO software management appliance, storage array, and MPIO drivers on the host servers enables reconfiguration to be automated and based on host server loading, storage array loading, and loading of uncredentialed paths.

Abstract: Methods and systems for providing a visual content gallery within a controlled environment are disclosed herein. A content gallery server receives a content submission from an inmate device within the controlled environment. Further, the content gallery server determines that the content submission does not include prohibited content based on comparing the content submission to a blacklist of prohibited information. When the content submission does not include prohibited content, the content gallery server adds the content submission to a network accessible content gallery corresponding to an inmate associated with the inmate device. Further, authorized friends and family of the inmate may view the content submission and provide comments on the content submission.

Abstract: Aspects of the present disclosure are directed to systems and methods for authenticating a user requesting access to a computing resource based on telematics data. A system may include a telematics device associated with a vehicle having one or more sensors arranged therein, a mobile device, and a server computer. The server computer may receive telematics data of a user associated with the vehicle from the telematics device, store the telematics data in memory, receive a request to authenticate the user, generate one or more questions for authenticating the user based on the telematics data, transmit the one or more questions for presentation to the user, receive one or more answers to the one or more questions from the mobile device, and transmit, to the mobile device, an indication of whether the user is authenticated based on the one or more answers.

Abstract: A messaging system for exchanging messages between nodes in a network via a broker that uses a publish-subscribe message protocol, which nodes have object identifications (IDs). Messages between the nodes are routed using the object IDs of the nodes. Secure communication is provided using authentication according to digital certificates being used as first and second tiers by a commissioning broker and a data broker, respectively, in which the second tier certificate used by the data broker has a shorter lived expiration time.

Abstract: Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.

Abstract: Examples described herein include systems and methods for providing push notifications to a third-party application executing on a client device. An example can include encrypting user credentials, generating a callback Uniform Resource Locator (“URL”) with at least a portion of the encrypted credentials embedded into the URL, and requesting notifications from an email service to be provided at the callback URL. Upon receiving a notification at the callback URL, a system component can decrypt the credentials within the URL using a private key and log into the email account using those decrypted credentials. The system component can then generate a push notification based on any changes found in the email account and cause the notification to be delivered to the third-party application on the client device.

Abstract: Various methods, apparatuses, and media for approving a first transaction related to identification information of an individual are provided. A second transaction to provide approval of the first transaction is received after the first transaction is authenticated. Secondary identification information of the individual is obtained in response to the second transaction being received, and an electronic device is identified based on the secondary identification information. A predetermined process for approving the first transaction is determined. Communication is initiated with the electronic device according to the predetermined process. The approval is provided in response to the predetermined process being completed, with the approval approving execution of the first transaction related to the identification information.

Abstract: An information processing apparatus capable of communicating using a first communication method and communicating using a second communication method performs, in a case where attempting processing fails to establish a connection with a communication apparatus using the first communication method without using an external apparatus, communication with the communication apparatus by the second communication method and transmits a job to the communication apparatus via the connection with the communication apparatus using the first communication method, the communication being used to establish the connection with the communication apparatus using the first communication method.

Abstract: Provided is a security key input system using a one-time keypad. The security key input system may include: a keypad input unit configured to output a security keypad including one or more null keys each having no identification mark written thereon, and receive a security key from a user; a control unit comprising a one-time keypad generator configured to generate a one-time keypad; an input terminal comprising an NFC recognition unit configured to provide the one-time keypad generated by the one-time keypad generator to an output terminal through NFC with the output terminal contacted with the input terminal; a display module; an NFC recognition module configured to receive the one-time keypad from the input terminal through the NFC recognition unit; and the output terminal comprising a controller configured to output the one-time keypad received from the NFC recognition module through the display module.

Abstract: A radio frequency (RF) communication that is transmitted by a subscriber device to a base station of a wireless carrier network on a corresponding allocated communication frequency of the wireless carrier network is monitored. A device identifier of the subscriber device is extracted from the RF communication and sent to a core network of the wireless carrier network for an indication of whether a subscriber associated with the subscriber device is eligible to access a resource. In response to receiving a notification from the core network that the subscriber is eligible to access the resource, whether the subscriber device with the device identifier is permitted to access the resource is determined based at least on device access information stored in an access control database of the device. The subscriber device is granted access when the device access information indicates that the subscriber device is permitted to access the resource.

Abstract: A method for authenticating access to private health information (PHI) includes receiving a converted version of a spoken initiation of a retrieval of PHI. The method also includes requesting out-of-band authentication information from a user. The out-of-band authentication information that is requested contains different information than the spoken initiation of the retrieval of the PHI. The method also includes determining whether the out-of-band authentication information received from the user satisfies an authentication criterium associated with the user, obtaining the PHI requested by the user via the spoken initiation provided to the first device responsive to the out-of-band authentication information, and presenting the PHI requested by the user via the first device.

Abstract: In various embodiments, an electronic device, at least a part of which is bendable, may include: at least one input device including a fingerprint sensor disposed therein, a memory, and a processor operatively connected to the at least one input device and the memory. The processor may be configured to: detect a user input through the at least one input device based on the fingerprint sensor being in an inactive state, identify at least one particular function stored in the memory in response to the detected user input, activate the fingerprint sensor based on the identified at least one particular function being a function requiring user authentication, perform user authentication corresponding to the user input using the activated fingerprint sensor, and control the electronic device to perform the at least one particular function corresponding to the user input upon successful user authentication.

Abstract: Methods, apparatus, and processor-readable storage media for temporary partial authentication value provisioning for offline authentication are provided herein. An example computer-implemented method includes generating, in response to a request from an access device, an intermediary set of cryptographic information from an initial set of cryptographic information; modifying the intermediary set of cryptographic information based at least in part on data pertaining to the access device and one or more security parameters, wherein modifying the intermediary set of cryptographic information comprises removing one or more items of the cryptographic information from the intermediary set; and transmitting, over a network connection, the modified intermediary set of cryptographic information to the access device for use in a subsequent offline authentication request.

Abstract: Systems and methods for knowledge-based authentication are disclosed. The systems and methods can include an authentication system. The authentication system can generate authentication questions using object data received from an augmented reality system associated with a user. The authentication system can authenticate the user using the authentication questions. The augmented reality system may acquire image data, detect and validate objects in the image data, and provide object data for the objects to the authentication system. The augmented reality system may provide an indication to the user when an object is detected and may receive, in response, a user-acknowledgement of detection.

Abstract: A wearable payment device, such as a finger ring worn by a user, communicates payment data to a payment reader that uses the payment data in order to request a payment transaction. Such wearable payment device may be conveniently carried by and accessible to the user such that utilization of the payment device for the payment transaction is less burdensome for the user, thereby encouraging use of the payment device for payments. Indeed, in some cases, such as when the payment device is implemented as a finger ring or other type of jewelry, the user may be encouraged to carry the payment device in an exposed manner such that it is readily available for the payment transaction without the user having to search in a wallet, pocket, or purse.

Abstract: One or more implementations of the present specification provide an information transmission method. Target information selected by a user of a first computing device is obtained by the first computing device. A unique identifier is obtained by the first computing device and from a second computing device, subsequent to the second computing device receiving the unique identifier from a server. The unique identifier is associated with the second computing device according to a mapping relationship. The unique identifier and the target information are sent to the server. The server identifies the second computing device associated with the unique identifier from the mapping relationship and forwards the target information to the second computing device.

Abstract: Methods and systems are disclosed herein for authenticating a user. A security device may use an object associated with a user and a device of the user to authenticate the user, for example, if the user has forgotten a password. A user may insert the object (e.g., a card, or other object) into the security device and may select an option to authenticate via a device that is trusted by both the security device and the user, rather than authenticating by entering a password at the security device.

Abstract: Providing access to an external application includes receiving login credentials to access a client instance, wherein the login credentials are associated with a user account, causing the client instance to provide a link to an external application in the client instance, detecting a request to navigate to the external application from the link, generating a authentication record for the user account and the external application, storing information for the user account based on the authentication record, and generating a URL for the external application based on the authentication record. Providing access to the external application also includes receiving, from a remote client device hosting the external application, an authorization request comprising nonce information, determining that the user account is authorized to access the external application based on the authentication table, and providing access to the external application.

Abstract: An authentication method of a prover by a verifier includes: performing at least once, an enrollment process by an enrollment center computer; and subsequent to performing the enrollment process, performing an on demand authentication process including: receiving at a verifier computer from the prover, a prover authentication request sent from the prover computer device which includes the prover identity and a preferred ZKP protocol identifier; looking up a prover's public key in the database via the identity; the verifier sending a selected ZKP protocol identifier to the prover computer device; commencing a round of authentication by receiving a commitment generated according to the selected ZKP protocol; and repeating the step of commencing a round of authentication until the verifier computer accepts or rejects the prover's identity. A zkMFA method of authentication and an authentication system for authenticating a prover by a verifier are also described.

Abstract: A computing support system is configured to programmatically manage support access to a computing system via a support technician console across multiple levels of support access. The system receives a request to authenticate a user requesting support for the computing system, issues one or more authentication challenges to the user to authenticate the identity of the user, receives one or more corresponding authentication challenge responses from the user based on the authentication challenge, and verifies a level of authentication based on the authentication challenge response, the level of authentication being selected from multiple levels of authentication. The system also determines a level of support access to the computing system based on the verified level of authentication and the identity of the user and programmatically enforces limits on the support access to the computing system via the support technician console based on the determined level of support access.

Abstract: Technologies for systems, methods and computer-readable storage media for reducing the time to complete authentication during inter-technology handovers by reusing security context between 5G and Wi-Fi. Assuming, that the administrative domain for Wi-Fi and 5G match (and belongs to an enterprise for instance), using an already established security context in one technology to do fast authentication in the other technology during handover. Specifically, if UE is on Wi-Fi and handing over to 5G, use its Wi-Fi security context to do fast security setup in 5G, which includes a corresponding method for use when the UE goes from 5G to Wi-Fi.

Abstract: Systems and methods discussed herein are directed to a reconcile decision engine in communication with a network provisioning catalog. The network provisioning catalog may provide network elements of the wireless communication network related to the user service attributes, e.g., network elements that implement various aspects of the user service attributes to provide services to users in accordance with service plans (also referred to as rate plans). The network provisioning catalog also provides required network service attributes for each network element, where the required network service attributes are related to the user service attributes. The reconcile decision engine may query various network elements to reconcile the various network elements with respect to user information, e.g., the user's billing profile. The reconcile decision engine may reconcile the user profile with respect to one or more of the network elements that need reconciliation.

Abstract: An authentication method includes assigning a risk status to a request received from a remote interaction system, transmitting a notification communication to a device associated with the request, monitoring interaction data from an interaction network, and identifying, from the monitored interaction data, authentication interaction information, the authentication interaction information including a coded sequence and a predetermined authentication identifier. The authentication method also includes comparing the coded sequence in the authentication interaction information to an expected coded sequence and transmitting a verification communication after determining the coded sequence in the authentication interaction information matches the expected coded sequence.

Abstract: The present teaching relates to method, system, medium, and implementations for detecting liveness. An input image is received with visual information claimed to represent a palm of a person. One or more variations of the input image are generated based on one or more models specifying conditions to generate the variations. The liveness of the visual information is detected based on the input image and the one or more variations thereof.

Abstract: An authentication server enrolls a user's mobile device as a trusted device with a vendor software after verifying the network ID of the user's mobile device. The authentication server associates the network ID in an authentication entry with authentication information such as a push notification token and cryptographic key. Later, when the user attempts to log in to the vendor software, the authentication server may attempt to cryptographically authenticate the user. Otherwise, the authentication server may use the push notification token to transmit an OTP to the user's mobile device as a push notification.

Abstract: A client device is configured to receive user-input and provide user-output to a client-user. A service provider is configured to serve a network-provided service for authorized users. An identity provider is configured to: maintain authorization information for the network-provided service and generate a permission-object that i) specifies that the client-user is an authorized user of the network-provided service and ii) may include an access-override field that specifies a network address of a remote browser isolation (RBI) host. The system also includes the RBI host configured to access the network-provided service; run the network-provided service in an isolation environment to generate a graphic user interface (GUI); provide a visual reproduction of the GUI to the client device; receive browser-input from the client device; and apply the browser-input to the running network-provided service.

Abstract: A communication apparatus automatically starts operating in a direct wireless communication mode in conjunction with a user's logging in to the communication apparatus.

Abstract: An identity chaining fraud detection method that allows each current transaction to be linked to other transactions through commonly shared identities. Over a period of time the links create a chain of associated transactions which can be analyzed to determine if identity variances occur, which indicates that fraud is detected. Additionally, if a specific identity is detected as being fraudulent, that identity can be tagged as fraudulent and can be referenced by a plurality of other merchant transaction chains to determine fraud.

Abstract: Users of an identity provider system may be authorized to use a variety of different types of factors from a variety of different factor providers. The identity provider system monitors and analyzes the “health” of the different possible factors available to a user, e.g., their availability relative to error rate. Using the results of the analysis, the identity provider can assess which factors are the most appropriate for a given user seeking authentication and can improve the user experience for the user by emphasizing those most appropriate factors to the user.

Abstract: Techniques are disclosed relating to securely storing data at a computing device that is managed by an external entity. In some embodiments, a computing device maintains a first file system volume having data that is accessible to a user of the computing device and that is not managed by an entity external to the computing device. The computing device receives, from the entity external, a first request to configure the computing device to store data that is accessible to the user and managed by the external entity. In response to the first request, the computing device creates a second distinct file system volume to store the data managed by the external entity. In response to a second request from the external entity, the computing device subsequently removes the second file system volume.