Techniques for time-based network authentication challenges are disclosed. In some embodiments, a system, process, and/or computer program product for time-based network authentication challenges includes monitoring a session at a firewall to identify a user associated with the session, generating a timestamp for an authentication factor associated with the user after the user successfully authenticates for access to a resource based on an authentication profile, intercepting another request from the user for access to the resource at the firewall, and determining whether the timestamp for the authentication factor is expired based on the authentication profile.

An apparatus comprises a processing device that is configured to maintain a list of a managed devices, to generate a seed value and to submit a login request to a first managed device. The processing device is configured to generate a value based at least in part on the seed value and to select a second managed device from the list based at least in part on the value. The processing device is further configured to receive a second factor authentication challenge from the first managed device and to obtain a device key encrypted passcode from the second managed device. The processing device is further configured to provide the device key encrypted passcode to the first managed device and to receive a successful authentication of the login request from the first managed device based at least in part on providing the device key encrypted passcode to the first managed device.

A system may use information obtained by a communication service provider's core network for multi-factor authentication.

A method and apparatus with selective combined authentication performs a single authentication based on a first modality among plural modalities, and in response to the single authentication having failed, determines whether to perform a combined authentication by a combination of two or more of the plural modalities, and selectively, depending on a result of the determining of whether to perform the combined authentication, performs the combined authentication.

The present disclosure relates to a 5th generation (5G) or pre-5G communication system for supporting a higher data transmission rate after a 4th generation (4G) communication system such as long-term evolution (LTE). According to various embodiments of the present disclosure, according to various embodiments of the present disclosure, an operating method of a network exposure function (NEF) in a wireless communication system is provided. The method includes receiving a Nnef_EventExposure_subscribe request message including a first non-subscription registration identifier (ID) from an application function (AF), transmitting a Namf_EventExposure_subscribe request message including the first non-subscription registration ID to a default unified data management (UDM), receiving a Namf_EventExposure_subscribe response message including a subscription correlation ID from the default UDM, transmitting a Nnef_EventExposure_subscribe response message including the subscription correlation ID to the AF, receiving a Namf_EventExposure_Notify message including a second non-subscription registration ID from the default UDM, and transmitting a Nnef_EventExposure_Notify message including the second non-subscription registration ID to the AF.

A cloud-based network receives a public key of a public/private key pair and a credential for accessing secrets associated with a user network. The cloud-based network receives, from a user interface configured to facilitate remote control of the user network, a command to be executed at the user network. The cloud-based network encrypts, using the public key, the credential and the command. The cloud-based network forwards, to one or more client devices, the encrypted credential and command. The client devices are configured to decrypt the encrypted credential and command using a private key of the public/private key pair and execute the command on the user network.

A first user device may be used to request provisioning of a secure credential on a second user device. A provisioning system may facilitate the provisioning in a manner that ensures security and privacy of the requesting parties. The provisioning requests may be made using an application on the first user device such as a third-party application or using a web application via a browser. The credential may be added to a digital wallet on the second user device. The credential may be useable by the second user device to perform one or more contactless transactions.

In an approach for authentication of a username, a processor maintains a mapping of usernames and realms. A processor receives a username and a time-based one-time password code (TOTP code) for the username based on an authentication application. A processor, upon receiving the TOTP code: determines a realm from the mapping based on the received username and the received TOTP; and requests an entry of a credential relating to the username in the realm. A processor, upon receiving of the requested credential, authenticates the username by determining that the received credential matches an expected credential for the realm.

Multifactor authentication systems and methods employ an online payment server processor that authenticates a user in an online session with a merchant website server processor based on data representing one or more predefined authentication factors received from a user device processor over a communication network and sends data representing a secure user login cookie to the user device processor over the communication network based on the authentication of the user in the online session with the merchant website server processor. Thereafter, the online payment server processor authenticates the user in a subsequent online session with the merchant website server processor based in part on identifying the data representing the secure user login cookie on the user device and in part on data representing a second predefined authentication factor received from the user device processor over the communication network.

A request is received from a browser (e.g., a tool that runs on top of or in a browser). The request is to authenticate via an authentication credential provided from a communication device that is external to a test communication device running the browser. The request is queued in a request queue. The authentication credential is received from an interceptor that intercepts the authentication credential in the external communication device. The authentication credential is sent to the browser, which in turn sends the authentication credential to the application under test. This completes the authentication process in the application under test. The request is then removed from the request queue. This allows for an automated multi-factor authentication process that can be used for testing the application under test.