A computer-implemented method for enhancing security controls of a web application is described. The method includes, in response to a user device's request to access the web application during a current user session, collecting, by a server system, authentication data of a user of the user device from an identity provider; authenticating, by the server system, an identity of the user based on the collected authentication data; generating, for the user session, a user risk profile that characterizes a level of risk that the user's identity will be compromised; after the user risk profile has been generated for the current user session, authorizing the user device to access the web application; detecting that the user is attempting a particular action on the web application; in response to the detection of the particular action, determining whether a step-up authentication is required based on the user risk profile generated for the current user session; in response to a determination that a step-up authentication is required, dynamically selecting, based on the generated user risk profile, a step-up authentication method for re-authenticating the user's identity; and providing one or more security requests defined by the selected step-up authentication method to the user device.

The present invention discloses a tamper-proof ERP (Enterprise Resource Planning) system against a database server administrator, and a Logbook is setup for the database server administrator on the database server level in the ERP system. A reliable Logbook is created for the database server administrator on the database server level outside an ERP Application. Additionally, the Logbook also contains the needed information to restore the SQL database completely. This solution can be realized together with selection of a suitable SQL database server which prevents full unrestricted administrator access by using a two-factor authentication, wherein a first factor is known/selectable by end user only, and a second factor is managed by the ERP Application only.

A method of digital authentication and related devices are disclosed. The method includes providing an authenticator for use with a first computing device; displaying a login screen on the first computing device, wherein the login screen is associated with an application; receiving a first set of factors at the first computing device; sending information related to the first set of factors to a processing system; receiving a second set of factors from one of the first computing device or a second computing device; and using information related to one or more of the first set of factors and the second set of factors to: authenticate the application on the first computing device, authenticate a user on the login screen displayed on the first computing device, or a combination thereof.

Described embodiments provide systems and methods for contextual confidence scoring-based access control. The systems and methods can include one or more processors configured to receive a request from the client device to access an item of content. The one or more processors can select a first subset of authentication techniques. The authentication techniques identifiable with a score. The one or more processors can determine that a sum of the scores of the selected first subset of the authentication techniques exceeds a threshold. The one or more processors can transmit, to the client device, one or more authentication requests utilizing the selected first subset of authentication techniques. The one or more processors can provide, responsive to successful authentication by the client device, access to the item of content to the client device.

Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.

A system for identifying unauthorized users in a distributed register network is provided. In particular, the system may comprise a distributed register network comprising one or more decentralized nodes, each of which may store a separate copy of a distributed data register. The system may further comprise one or more specialized nodes which authenticate users that trigger the generation of blocks in a linked structures of the distributed register network, where the blocks are associated with requests that are submitted by the user. In this way, the system verifies the authenticity of the blocks in the linked structures, thereby providing a more robust distributed register network.

The present application generally relates to systems, devices, and methods to conduct the secure exchange of encrypted data using a three-element-core mechanism consisting of the key masters, the registries and the cloud lockboxes with application programming interfaces providing interaction with a wide variety of user-facing software applications. Together the mechanism provides full lifecycle encryption enabling cross-platform sharing of encrypted data within and between organizations, individuals, applications and devices. Further the mechanism generates chains of encrypted blocks to provide a distributed indelible ledger and support external validation. Triangulation among users, applications and the mechanism deliver both enterprise and business ecosystem cyber security features. Crowdsourcing of anomaly detection extends to users and to subjects of the data. Robust identity masking offers the benefits of anonymization while retaining accountability and enabling two-way communications. The mechanism may also provide high availability through multi-level fail over or operations to multiple instances of the core mechanism.

In various examples, communications from a host device—which may be associated with an entity—and to a client device may be are verified through established channels of communication. Systems and methods are disclosed that use authentication signals and notifications, which may include predetermined passwords and time-sensitive values, to facilitate verification of the communication between the host device and client device. The notifications may be delivered using applications or web-based applications that are associated with an entity. Once the communication has been verified as trusted, the host device and/or the client device may present notifications that the communication is verified as trusted. The notifications may be presented using audio, video, and/or haptic methods.

A system for identifying unauthorized users in a distributed register network is provided. In particular, the system may comprise a distributed register network comprising one or more decentralized nodes, each of which may store a separate copy of a distributed data register. The system may further comprise one or more specialized nodes which authenticate users that trigger the generation of blocks in a linked structures of the distributed register network, where the blocks are associated with requests that are submitted by the user. In this way, the system verifies the authenticity of the blocks in the linked structures, thereby providing a more robust distributed register network.

Apparatuses, systems, methods, and computer program products are disclosed for automatic account protection. A method includes detecting a trigger indicating one or more of a potential and an actual security breach at one or more websites where a user has an account that is accessible using electronic credentials. A method includes logging into the one or more websites for the user using the electronic credentials. A method includes performing one or more actions at the one or more websites associated with the electronic credentials to protect the user's account.