Methods, systems, and apparatus for risk mitigation for a cryptoasset custodial system include transmitting an endorsement request for a cryptoasset transaction to a user device configured to cause the user device to prompt a user to endorse the cryptoasset transaction. Multiple data points are collected from mobile devices associated with the user. The data points indicate an identity of the user. A cryptographic endorsement of the cryptoasset transaction is received from the user device. A graphical visualization including a risk metric is generated based on the data points. The risk metric indicates a risk of accepting the cryptographic endorsement from the user device. Generating the graphical visualization includes determining whether the plurality of data points matches expected values.

An administered authentication system can authenticate an artificial reality device using an authorization record between a user account and an artificial reality device. In some implementations, the authorization record is created in response to activation of a user account-specific key sent to a user-supplied contact, where an artificial reality device identifier was provided with the user-supplied contact. In other implementations, the authorization record is created in response to activation of a user account-specific key provided to the artificial reality device as a code, where activation of the key includes adding an artificial reality device identifier to a key activation message. In yet other implementations, the authorization record is created in response to an application associated with a user account activating an artificial reality device-specific key, with an artificial reality device identifier, that is provided via the artificial reality device.

An administered authentication system can authenticate an artificial reality device using an authorization record between a user account and an artificial reality device. In some implementations, the authorization record is created in response to activation of a user account-specific key sent to a user-supplied contact, where an artificial reality device identifier was provided with the user-supplied contact. In other implementations, the authorization record is created in response to activation of a user account-specific key provided to the artificial reality device as a code, where activation of the key includes adding an artificial reality device identifier to a key activation message. In yet other implementations, the authorization record is created in response to an application associated with a user account activating an artificial reality device-specific key, with an artificial reality device identifier, that is provided via the artificial reality device.

Aspects of the disclosure relate to extending single-sign-on to relying parties for federated logon providers. An enterprise identity provider server may receive a first authentication token previously issued to an enterprise server by the enterprise identity provider server. Subsequently, the enterprise identity provider server may retrieve, from a token store, a second authentication token associated with a federated identity service provided by a federated identity provider server. The enterprise identity provider server may refresh the second authentication token with the federated identity service provided by the federated identity provider server to obtain a refreshed authentication token. Finally, the enterprise identity provider server may send the refreshed authentication token to the enterprise server, which may enable user devices managed by the enterprise server to access one or more resources provided by a third party system using the federated identity service.

Aspects of the disclosure relate to extending single-sign-on to relying parties for federated logon providers. An enterprise identity provider server may receive a first authentication token previously issued to an enterprise server by the enterprise identity provider server. Subsequently, the enterprise identity provider server may retrieve, from a token store, a second authentication token associated with a federated identity service provided by a federated identity provider server. The enterprise identity provider server may refresh the second authentication token with the federated identity service provided by the federated identity provider server to obtain a refreshed authentication token. Finally, the enterprise identity provider server may send the refreshed authentication token to the enterprise server, which may enable user devices managed by the enterprise server to access one or more resources provided by a third party system using the federated identity service.

The disclosure relates to an authentication approach to grant access to a secure service on an electronic device. The authentication approach includes receiving, via an electronic device, a request to access the secure service. The authentication approach includes determining whether the electronic device is positioned at a location that corresponds to a virtual authentication lock. The authentication approach includes displaying, in response to determining the device is positioned at the location that corresponds to the virtual authentication lock, the virtual authentication lock on a display of the electronic device. The authentication approach includes receiving one or more interactions with the virtual authentication lock. The authentication approach includes determining whether the one or more interactions correspond to one or more authentication interactions related to the virtual authentication lock and granting, in response to the one or more interactions corresponding to the one or more authentication interactions, access to the secure service.

The disclosure relates to an authentication approach to grant access to a secure service on an electronic device. The authentication approach includes receiving, via an electronic device, a request to access the secure service. The authentication approach includes determining whether the electronic device is positioned at a location that corresponds to a virtual authentication lock. The authentication approach includes displaying, in response to determining the device is positioned at the location that corresponds to the virtual authentication lock, the virtual authentication lock on a display of the electronic device. The authentication approach includes receiving one or more interactions with the virtual authentication lock. The authentication approach includes determining whether the one or more interactions correspond to one or more authentication interactions related to the virtual authentication lock and granting, in response to the one or more interactions corresponding to the one or more authentication interactions, access to the secure service.

A method for detecting a fraud attempt in a communication session may include receiving, via at least one processor, a set of data associated with a communication session between a representative of an organization and a user, tagging, via the at least one processor, one or more items of the set of data as one or more tagged data items, applying, via the at least one processor, a fraud detecting algorithm to the one or more tagged data items to determine a percent likelihood of the user attempting to defraud the representative, generating, via the at least one processor, a visualization based on the percent likelihood, and displaying, via the at least one processor, the visualization via an electronic display during the communication session.

A method for detecting a fraud attempt in a communication session may include receiving, via at least one processor, a set of data associated with a communication session between a representative of an organization and a user, tagging, via the at least one processor, one or more items of the set of data as one or more tagged data items, applying, via the at least one processor, a fraud detecting algorithm to the one or more tagged data items to determine a percent likelihood of the user attempting to defraud the representative, generating, via the at least one processor, a visualization based on the percent likelihood, and displaying, via the at least one processor, the visualization via an electronic display during the communication session.

In a storage system that includes a plurality of storage devices configured into one or more write groups, quorum-aware secret sharing may include: encrypting a device key for each storage device using a master secret; generating a plurality of shares from the master secret such that a minimum number of storage devices required from each write group for a quorum to boot the storage system is not less than a minimum number of shares required to reconstruct the master secret; and storing the encrypted device key and a separate share of the plurality of shares in each storage device.