The system comprises an interface and a processor. The interface is configured to receive a request from an application for authorization to access, wherein access to the application is requested by a user, and receive a task request from the application for authorization to access a task, wherein access to the task is requested by the user. The processor is configured to authenticate the request from the application for authorization to access, determine that the task comprises a sensitive task, determine a user authentication device, provide a challenge for a digital credential to the user authentication device, wherein the digital credential is backed by data stored in a distributed ledger, receive a response from the user authentication device, determine the response is valid, and provide an authorization to access the sensitive task.

Another aspect of the present disclosure relates to a method for identification verification. The method may include receiving, from a computing device, a request for identification verification of an individual at a web server. The web server may include an orientation verification module and a facial recognition module. The method may include receiving at a database an identification card image and a picture image. The method may include verifying an orientation of the identification card image is oriented relative to an accepted orientation using the orientation verification module. The method may include, if the identification card image is not oriented relative to the accepted orientation, using the web server, iteratively rotating the identification card image in one or more increments and assessing if the identification card image is oriented at the accepted orientation until the identification card image is oriented at the accepted orientation.

The present disclosure relates to a method and device for performing access control by authenticating an electronic device and performing secure ranging. The method may include: receiving, from a server, a device certificate including a first scrambled timestamp sequence (STS) code encrypted by a public key of the electronic device and a second STS code encrypted by an STS key; transmitting the device certificate to a target device; obtaining the first STS code by decrypting the encrypted first STS code by using a secret key of the electronic device: and performing secure ranging with the target device by using the first STS code.

An authentication system and authentication method for an electronic cigarette and an electronic cigarette configured to be connected within such system so that the authentication method can be applied to the electronic cigarette. The system can be divided into 3 main components, namely the electronic cigarette itself, a mobile terminal in communication with the electronic cigarette and reading a security label from the electronic cigarette, and a service terminal connected to the mobile terminal, for instance through the cloud. The system and method protects particularly from counterfeit cartridges and secures that a cartridge of the intended content is connected in the electronic cigarette. In addition, age verification can be performed.

An authentication system and authentication method for an electronic cigarette and an electronic cigarette configured to be connected within such system so that the authentication method can be applied to the electronic cigarette. The system can be divided into 3 main components, namely the electronic cigarette itself, a mobile terminal in communication with the electronic cigarette and reading a security label from the electronic cigarette, and a service terminal connected to the mobile terminal, for instance through the cloud. The system and method protects particularly from counterfeit cartridges and secures that a cartridge of the intended content is connected in the electronic cigarette. In addition, age verification can be performed.

Techniques for enabling impersonation without requiring an access manager (AM) controlling access to a computing resource to have direct access to user information. The AM receives an impersonation request for a first user to impersonate a second user, the request being received during a first session initiated by the first user. The second user has an access privilege that permits access to the computing resource. The AM causes information to be obtained from an identity provider, the information being stored in a location inaccessible to the AM and indicating whether the first user has been granted permission to impersonate the second user. An impersonation session is initiated based on determining, using the information obtained from the identity provider, that the first user has been granted permission to impersonate the second user. The initiating comprises switching a user associated with the first session from the first user to the second user.

Techniques for enabling impersonation without requiring an access manager (AM) controlling access to a computing resource to have direct access to user information. The AM receives an impersonation request for a first user to impersonate a second user, the request being received during a first session initiated by the first user. The second user has an access privilege that permits access to the computing resource. The AM causes information to be obtained from an identity provider, the information being stored in a location inaccessible to the AM and indicating whether the first user has been granted permission to impersonate the second user. An impersonation session is initiated based on determining, using the information obtained from the identity provider, that the first user has been granted permission to impersonate the second user. The initiating comprises switching a user associated with the first session from the first user to the second user.

A method may include transferring data from a host to an encryption offload engine through an interconnect fabric, encrypting the data from the host at the encryption offload engine, and transferring the encrypted data from the encryption offload engine to a storage device through a peer-to-peer connection in the interconnect fabric. The method may further include transferring the encrypted data from the storage device to the encryption offload engine through a peer-to-peer connection in the interconnect fabric, decrypting the encrypted data from the storage device at the encryption offload engine, and transferring the decrypted data to the host through the interconnect fabric. The method may further include transferring the encrypted data from the storage device to the host, and verifying the encryption of the encrypted data at the host.

Systems and methods are provided for verifying identities of users. One exemplary method includes generating a unique identifier (ID) for a user, generating a public/private key pair associated with the unique ID for the user, and receiving at least two images. The images include a first image associated with a physical document indicative of an identity of the user and a second image comprising an image of at least part of the user. The exemplary method further includes validating an integrity of the first image, converting at least the first image to one-way hashed data, when the integrity of the first image is valid, and transmitting the hashed data signed with the private key, the unique ID and the public key to an identification provider, whereby a digital identity record for the user is stored in a ledger data structure.

Systems and methods are provided for verifying identities of users. One exemplary method includes generating a unique identifier (ID) for a user, generating a public/private key pair associated with the unique ID for the user, and receiving at least two images. The images include a first image associated with a physical document indicative of an identity of the user and a second image comprising an image of at least part of the user. The exemplary method further includes validating an integrity of the first image, converting at least the first image to one-way hashed data, when the integrity of the first image is valid, and transmitting the hashed data signed with the private key, the unique ID and the public key to an identification provider, whereby a digital identity record for the user is stored in a ledger data structure.