An authentication system facilitates a transfer of enrollment in authentication services between client devices. The authentication system enrolls a client device in authentication services to enable the client device to be used for authenticating requests to access one or more services. As part of enrolling the client device, the authentication system receives authentication enrollment information for the client device that is associated with one or more authentication credentials securely stored on the client device (e.g., a multi-factor authentication (MFA) certificate). The authentication system facilitates one or more processes for transferring the enrollment from an enrolled client device to a non-enrolled client device that limit the number and complexity of actions performed by the user. In particular, the authentication system facilitates transfer of enrollment based on receiving enrollment transfer requests authorized by the enrolled client device using one or more authentication credentials associated with the enrollment of the enrolled client device.

A computer-implemented method comprising: receiving, from a primary factor authentication device by one or more computer systems, a request to enroll a mobile device as a secondary factor authentication device; and enrolling by the one or more computer systems the mobile device as a first, secondary factor authentication device.

A host machine has a web browser. A user of the host machine also has a mobile device. A time-based, one-time password (TOTP) authentication scheme leverages a plug-in associated with the browser to automatically inject a received TOTP code into an element of an HTML-based TOTP authentication page, and to programmatically submit the HTML form (e.g., by mimicking the “click to submit” button on the TOTP form). Typically, the TOTP code is obtained following a successful completion of a push notification interaction between a cloud service, which stores TOTP shared secrets that are used to generate the TOTP codes, and the user of the mobile device. As a further feature, a method to keep track of multiple TOTP accounts and to find the account usable for a given website are also provided.

In a first embodiment, the “one tap” operation of this disclosure enables a user having a mobile device “one tap” mobile application (or “app”) to log-in to the user's desktop or laptop computer by bringing the user's device in physical proximity to the computer and, while in such proximity, accepting a push notification that is received on the mobile device. In a second embodiment, the user uses the “one tap” functionality to access a cloud-based account that has been set up for the user on a third party web application (e.g., SalesForce.com). The technique seamlessly integrates with third party websites using well-known protocols (e.g., SAML2), and it enables secure cross-origin resource sharing in a highly secure, reliable and available manner. Still another aspect of this disclosure is an enhanced proximity detection routine that is used to facilitate the one tap function when the user's mobile device is moved into proximity with the computer.

In some implementations, a device of a network may receive, from a user equipment (UE), a request associated with enabling the UE to access a network, wherein the request includes a first routing indicator. The device may identify an authentication manager, of the network, that is mapped to the first routing indicator in an entry of a routing table of the network. The device may route the request to the authentication manager of the network to permit the authentication manager to authenticate the UE. The device may purge, based on the request being routed to the authentication manager, the entry to remove the first routing indicator from the routing table. The device may store, after purging the entry, a second routing indicator in the entry to map the second routing indicator to the authentication manager, wherein the second routing indicator is different from the first routing indicator.

Aspects of the invention relate to a smart card that leverages emerging technology hardware to enhance secure release of sensitive data associated with the smart card. The smart card may include an OLED display. The device may include one or more biometric sensors. Embodiments may include pairing a device with a portal used to access sensitive data. When accessing the portal, the user may be required to verify that the device is present before gaining access to the sensitive data.

The present invention provides a method (500) for secure access to a network resource (150), comprising the steps of receiving a selection of a workflow from the set of workflows, made by a user, from a first client device (160), obtaining a user identifier from the user and a resource key and an interface key from the first client device (160), verifying the user with the user identifier and verifying the network resource (150) with the resource key and the interface key and executing a plurality of activities comprised within the workflow on successful verification of the user and the network resource (150).

Systems and methods are provided for securing data using a mobile device. The method may include determining securing global positioning data values of the mobile device; measuring a securing direction of the mobile device relative to a magnetic north direction; capturing a securing password by the mobile device; and securing the data against unauthorized access using the determined global positioning data values, the securing password, and the securing direction as a combined password.

Embodiments of the present invention provide a system for monitoring a cybersecurity mesh network comprising a distributed sensor grid and a plurality of devices for detection of one or more security incidents. In response to determining that one of the one or more security incidents has occurred, and in response to receiving the request from an identified device that requires the first level of authentication, transmitting to the identified device a request for authentication credentials that meet a second level of authentication, wherein the second level of authentication is more strict than the first level of authentication.

Systems and methods are provided for authenticating an identity of a user requesting a resource or service from an entity. In some embodiments, a system may include at least one processor; and a non-transitory medium containing instructions that cause the system to perform operations. The operations may include receiving credential information associated with the remote user, and receiving, from the server associated with the entity, first hash information. The operations may also include generating second hash information based on information associated with the user, comparing the first hash information with the second hash information, and transmitting an indication based on the comparison to the server associated with the entity.