Techniques are disclosed relating to credential managers. In some embodiments, a computing device maintains a credential manager that stores, in a protected manner, a set of credentials for authenticating a user and metadata about the credentials. The computing device stores an instance of the metadata externally to the credential manager. The computing device uses the externally stored metadata to determine whether the set of credentials includes a particular credential associated with a service and, in response to determining that the set of credentials includes the particular credential, displays an indication of the particular credential. In some embodiments, the computing device receives a selection of the displayed indication by the user and, in response to the selection, sends a request for the particular credential to the credential manager.

A management apparatus includes a memory, a unification policy setting unit, and a security level setting unit. The memory stores, for each of a user belonging to a first group and a user belonging to a second group, an authentication level of a domain assigned to a corresponding one of the users. The unification policy setting unit sets a unification policy that specifies a relationship between the authentication level and a security level for a state after unification. The security level setting unit sets the security level in a case where the first group and the second group undergo the unification into a third group. The security level is set for each of the users belonging to the third group by using the authentication level and the unification policy.

A management apparatus includes a memory, a unification policy setting unit, and a security level setting unit. The memory stores, for each of a user belonging to a first group and a user belonging to a second group, an authentication level of a domain assigned to a corresponding one of the users. The unification policy setting unit sets a unification policy that specifies a relationship between the authentication level and a security level for a state after unification. The security level setting unit sets the security level in a case where the first group and the second group undergo the unification into a third group. The security level is set for each of the users belonging to the third group by using the authentication level and the unification policy.

Systems and methods for user authentications. In some embodiments, the systems are configured to perform operations including: receiving and declining one or more attempts for authentication from a user device, transmitting to and causing the user device to display a code, receiving an authentication request associated with the code being scanned, collecting one or more properties associated with one or more user devices, evaluating an audit trail to generate an evaluation result, and transmitting a notification to the user device based at least in part on the evaluation result.

Systems and methods for user authentications. In some embodiments, the systems are configured to perform operations including: receiving and declining one or more attempts for authentication from a user device, transmitting to and causing the user device to display a code, receiving an authentication request associated with the code being scanned, collecting one or more properties associated with one or more user devices, evaluating an audit trail to generate an evaluation result, and transmitting a notification to the user device based at least in part on the evaluation result.

Facilitating the generation of ephemeral credentials and verification thereof within a distributed storage system is provided herein. Based on a request for ephemeral credentials from a first account client to a first node of a first storage instance of a distributed system, generating the ephemeral credential comprising a session token and a secret session key for the first account client by a method that derives the secret session key using a first account private key and a first storage instance public key. This session token along with a signature generated using the secret session key of the ephemeral credential is subsequently used to make further requests to a second node of a second storage instance of the distributed system where the secret session key is independently derived using information in the request and the previously shared first account private key to verify the signature in the request.

Facilitating the generation of ephemeral credentials and verification thereof within a distributed storage system is provided herein. Based on a request for ephemeral credentials from a first account client to a first node of a first storage instance of a distributed system, generating the ephemeral credential comprising a session token and a secret session key for the first account client by a method that derives the secret session key using a first account private key and a first storage instance public key. This session token along with a signature generated using the secret session key of the ephemeral credential is subsequently used to make further requests to a second node of a second storage instance of the distributed system where the secret session key is independently derived using information in the request and the previously shared first account private key to verify the signature in the request.

An application login method for accessing an application server by an application includes techniques for an authentication server to complete login authentication on a client application based on authorization request information of the client application in a login request received from a client terminal, determining an application server in a user home country/region of the client application based on user home country/region identification information of the client application in the login request, generating and sending access information about the application server in the user home country/region of the client application.

An application login method for accessing an application server by an application includes techniques for an authentication server to complete login authentication on a client application based on authorization request information of the client application in a login request received from a client terminal, determining an application server in a user home country/region of the client application based on user home country/region identification information of the client application in the login request, generating and sending access information about the application server in the user home country/region of the client application.

The embodiments disclosed herein relate to a biometric information registration apparatus and method using an artificial neural network. According to an embodiment, there are disclosed a biometric information registration apparatus and method that register biometric information by deriving converted information and a biometric information template based on an artificial neural network formed by successively connecting an encoding network for extracting security information and a feature point extraction network for extracting feature points to each other and renew the biometric information template using the converted information when updating the artificial neural network.