A technology is provided for using a multi-factor authentication process to access services in a computing service environment. One or more policies can be defined for allowing access to one or more services and/or resources associated with a service provider environment according to an authenticated identity. A device, detected by a voice-capturing endpoint within a defined geographical location, may be authenticated according to a unique identification (ID). Voice data received from the voice-capturing endpoint can be authenticated. The authenticated identity can be established according to the authenticated device and the authenticated voice data. A command, received via a voice command from the voice-capturing endpoint, may be issued with the authenticated identity to access the one or more services and/or resources associated with the service provider environment according to the plurality of policies.

A system for managing multi-factor authentication of a user includes: one or more source components for obtaining multi-factor authentication data by one or more of: receiving multi-factor authentication data via a network; generating multi-factor authentication data using an algorithm, and a user providing multi-factor authentication data; a routing component for associating the multi-factor authentication codes from the one or more source components with an appropriate user account; a database comprising multi-factor authentication data wherein components of the multi-factor authentication data are stored in association with a particular user account; and one or more delivery components for providing the multi-factor authentication data to a user on a user device.

A mobile terminal that communicates with an image forming apparatus includes a generating unit configured to generate a one-time password based on secret information managed in association with the image forming apparatus, a transmission unit configured to transmit the one-time password generated by the generating unit and user information to the image forming apparatus, and a control unit configured to, upon successful completion of authentication processing based on the one-time password and the user information transmitted by the transmission unit, provide a service for operating the image forming apparatus.

A computer system including a memory, a network interface, and at least one processor is provided. The at least one processor can transmit, via the network interface, a first message to a server application to initiate a handshake process; receive, via the network interface, a first copy of a security certificate from the server application; determine whether the first copy is valid; store, in response to a determination that the first copy is valid, the first copy in the memory; establish an initial secure connection to the server application; transmit, via the network interface, a second message to the server application to request a subsequent secure connection to the server application; receive, via the network interface, a second copy of the security certificate from the server application; determine whether the second copy matches the first copy; and establish the subsequent secure connection to the server application.

This disclosure describes techniques for selectively providing access to a physical space. An example method includes identifying a location of a device associated with an authorized user based on an electromagnetic signal received by at least one sensor from the device. The electromagnetic signal has a frequency that is greater than or equal to 24 gigahertz (GHz). The example method further includes determining that the location of the device is within a threshold distance of a location of a threshold to a secured space and determining that an authentication score indicating that an individual carrying the device is the authorized user is greater than a threshold score. The authentication score is associated with multiple authentication factors identified by the device. Based on determining that the authentication score is greater than the threshold score, the threshold is unlocked and/or opened.

Techniques are described herein for using special session identifiers to defer additional authentication steps (AAS) for at least some restricted application actions. A client session is associated with a special session identifier that is mapped to an authentication tier (AT) achieved for the session based on the satisfied authentication steps. Web servers that are enabled for AAS deferral include context information, which identifies a requested action, with session verification requests to an authentication service. The authentication service determines that AAS is required to perform an action when (a) the AT associated with the action is a higher-security tier than the AT associated with the session, or (b) the session is associated with an AT that is lower than the highest-security AT and there is no context information accompanying the request for session validation, in which case the authentication service assumes that the highest-security AT is required to perform the request.

Systems, methods, and apparatuses directed to efficiently determining whether a device making a request to access an application or service is a managed device and using that information to set an appropriate security policy for the device or the request to access the application or service. In some embodiments, a service or server (referred to as a Managed Device Identification Service) is configured to request a client certificate from a device that is requesting access to a cloud-based application or service as part of a protocol handshake. If a certificate is received, it is compared to a stored certificate to determine if the device is a managed device and as a result, the appropriate security policy.

This disclosure describes techniques for identifying the criticality of an asset in a network. In an example method, a first security metric of a first asset in a network, as well as network data that identifies data flows associated with a second asset in the network are identified. The second asset is a nearest neighbor of the first asset in the network. The method includes determining, based on the network data, a number of hosts in the network that exchanged data traffic with the second asset during a time period and generating a second security metric of the second asset based on the first security metric and the number of hosts. A security policy of the second asset is adjusted based on the security metric.

Embodiments herein include an intelligent electronic device (IED) by employing a multi-factor authentication process. In some embodiments, to change the access level of the IED, the user may use the password and additional inputs such as an off-site operator sending a command, or the user engaging a push button or switch local to the IED.

The proposed system employs one or more steps and an architectural arrangement of a plurality of relevant functional element to enable a security. A USB device is arranged to enable secure access of a computing device. A first cloud server is arranged to receive an ID, a cryptographic key, an authentication PIN and a pre-stored data from the computing device. The first cloud server encrypts the received pre-stored data using the received cryptographic key and subsequently transmits the ID, the cryptographic key and the authentication PIN, to a second cloud server. Further, the second cloud server performs a plurality of sequential functional operation, critical to the motive and objective of deploying the proposed system.