Provided is a method for authenticating a user communicating with an enterprise via a network. The method includes receiving, via the network, authenticators for a user from a first user device associated with the user, and storing the received authenticators. A first authenticator from the stored authenticators is selected to be used for authenticating the user based on an authentication policy received from the enterprise. An authentication request is transmitted to a user device requesting the first authenticator and the user is authentication by comparing the received authenticator with the stored first authenticator.

A computer implemented method of access control for a user device having at least one component for determining behaviors of the user. The method including accessing a first machine learning classifier trained based on at least one prior behavior of the user using the device, the classifier classifying user behavior as compliant or non-compliant. The method further including, in response to a determination that a subsequent behavior is classified as non-compliant, accessing a second machine learning classifier trained based on at least one prior behavior of the user using the device where the prior behavior is classified as non-compliant by the first classifier. The method further including, in response to a determination that the subsequent behavior is classified as non-compliant by the second classifier, requesting a credential-based authentication of the user and constructively training one of the machine learning classifiers based on the credential-based authentication result

Methods and systems for ensuring security of in-car systems in vehicles, particularly, user data privacy and protection of in-car systems from cyber attacks, hacking etc. is provided. After a two-level authentication process, wherein user identification data, token and passwords are used and matched to authenticate the user, a secure OS container is created for use for the user accessing the IVI system of the vehicle. This container is created on the host root file system such that the environments of the container and the host root file system of the IVI system are sandboxed from each other.

A method for authenticating radio access network devices is disclosed, comprising: authenticating, at a coordination server, a base station in a radio access network using a first authentication factor; selecting, following successful authentication of the base station using the first authentication factor, a challenge question based on historical information of the base station stored within a database; sending, from the coordination server to the base station, a request containing the challenge question to further authenticate the base station based on the historical information of the base station; receiving, from the base station at the coordination server, a response to the challenge question; verifying, at the coordination server, the correctness of the response using a key derived from the historical information; and granting the base station access to a core network of a mobile operator, thereby addressing security issues unsolved by one-factor authentication.

Devices, systems, and methods of detecting user identity, authenticating a user to a computerized service or to an electronic device, differentiating between users of a computerized service, and detecting possible attackers or possible fraudulent transactions. A method includes: generating a user authentication session that requires a user to enter a secret by performing a task; monitoring the user interactions during task performance; extracting a user-specific behavioral characteristic, and utilizing it as a factor in user authentication. The task requires the user to perform on-screen operations via a touch-screen or touchpad or mouse or other input unit of the electronic device, or to move in space or tilt in space the entirety of the electronic device in a way that causes inputting of the secret data-item.

Systems and methods of the present disclosure enable for a delayed, two-factor authentication to occur in networked devices. The system and methods can enable the immediate delivery of digital components, which results in fewer abandoned requests, and saves network resources. The system and methods can enable the authorization of data transmissions in networked computer devices that include limited user interfaces, such as voice-based interfaces.

A user may be authenticated using an authentication scheme based on user access to two or more selected electronic devices. A security key may be assigned to the user. The security key is divided into multiple parts that are distributed among electronic devices associated with the user. The security key can be reconstructed based on a distributed trust among the devices, where some devices may have a higher trust level than others. For example, each device can receive a number of key parts. In response to a request to authenticate the user, parts of the security key may be retrieved from two or more, but less than all, of the plurality of electronic devices associated with the user. The retrieved parts are used to reconstruct the security key, and the user is authenticated based on the reconstructed security key.

An example operation may include one or more of storing a public key and one or more corresponding addresses associated with a user profile in a blockchain, creating a credential for the user profile based on the public key, forwarding the credential to the one or more addresses, receiving a request for access to a site from a user device associated with the user profile, and retrieving the credential based on the one or more addresses from the blockchain.

An access gateway may control access of user devices to remote computer resource systems in a multi-resource computing environment. The access gateway may determine an assurance level associated with a user of the multi-resource environment, where the assurance level is based on multiple authentication factors included in multiple previous access requests. The access gateway may receive, from a user device, an additional access request to access an additional resource system in the multi-resource environment. Based on a comparison of the assurance level with a threshold authentication level for the additional resource system, the access gateway may allow or deny access to the additional resource system. In addition, based on the comparison, the access system may request additional authentication data from the user device.

A computing device may include a memory and a processor cooperating with the memory and configured to receive requests from a client device to connect with the computing device. The client device may be shared by multiple authenticated users and have a public/private encryption key pair associated therewith, and the requests may be based upon connection leases and the public key for the client device. The connection leases may also be generated for respective authenticated users and include an authenticated version of the public key for the client device so that the connection leases are specific to the client device and respective users. The processor may also provide the client device with access to computing sessions for respective authenticated users based upon the connection leases and verification of the public key, and prevent the use of the connection leases for authorizing connections for other authenticated users.