A computing platform may receive, from a client portal server, a request to authenticate a user to a user account. The computing platform may generate a first one-time passcode for a first computing device associated with the user account and may send, to the first computing device, the first one-time passcode. The computing platform also may generate a first registered-device authentication prompt for a second computing device associated with the user account and may send, to the second computing device, the first registered-device authentication prompt. Thereafter, the computing platform may receive first one-time passcode input and a first response to the first registered-device authentication prompt, which the computing platform may validate. Based on the validating, the computing platform may generate a validation message directing the client portal server to provide the user with access to the user account, which the computing platform may send to the client portal server.

Systems, methods, and devices are described for secure account login and authentication. A set of key options including a correct key option and information indicative of a hash value are received from an authentication server. A user is prompted to select one of the set of key options. The key option selected by the user is received. A subset of PIN elements of a user-registered PIN to be input by the user is identified based on the hash value. The user is prompted to enter the subset of PIN elements. The subset of PIN elements entered by the user are received. An encoded PIN is generated based on the key option selected by the user and the subset of PIN elements entered by the user. The encoded PIN is transmitted to the authentication client that is configured to make an authentication decision based on the encoded PIN.

Disclosed are some implementations of systems, apparatus, methods and computer program products for implementing a scalable computing system. The scalable computing system includes an intermediate system that facilitates communications between a core server system and a third-party system. The core server system processes a client request for a third-party service in association with a web page having a corresponding web address. The intermediate system communicates with the core server system to obtain a session token, and transmits the session token and web address to the third-party system. The third-party system may then access the web page via the web address using the session token.

A method of authenticating a user of a multifunction device to a server, the method comprising associating a user-supplied image with user login credentials, using a server; receiving, at the server, an image uploaded from the multifunction device; and comparing the uploaded image to the user-supplied image, using the server, and, only if the uploaded image is identical to the user-supplied image, allowing the user of the multifunction device to authenticate to the server by providing additional login credentials to the server using the multifunction device.

A working method for an IC card having a fingerprint recognition function, comprising: an IC card receiving and determining an instruction type from a terminal, and when determined that the received instruction is an application selection instruction, the IC card selecting an application and returning a response to the terminal; when determined that the received instruction is a processing option acquisition instruction, the IC card acquiring a user fingerprint information verification state according to the content of the instruction, and if verification is successful, returning to the terminal a processing option instruction response containing an application file locator list for which a personal identification number does not need to be verified; if verification fails, returning to the terminal a processing option instruction response containing an application file locator list for which a personal identification number must be verified; when determined that the received instruction is a record reading instruction, the IC card returning a record reading response to the terminal according to the record reading instruction, wherein the record reading response contains a method for verifying a card holder. Thus, the risk of a personal identification number being leaked is avoided, thus enhancing the security of a transaction, while also improving user experience.

Systems, methods, and computer program products for controlling use of sensitive data. A heartbeat signal conveying a context identifier is transmitted into areas where access to sensitive data is granted to authorized users. In response to receiving a request to access the sensitive data, access may be granted if the context identifier in the request matches the context identifier in the heartbeat and denied otherwise. If the requestor has exceeded an access threshold, access may be granted at a reduced rate. This reduced rate may be achieved by reducing a rate at which encryption keys are provided to the requestor. An access control layer positioned between an application layer and a communication layer allows the application layer to use plaintext of the sensitive data while protecting the sensitive data as ciphertext in the communication layer.

Data associated with a user account is stored at the cloud-based storage service. A portion of the data is associated with a heightened authentication protocol. A request for an application to access data that is associated with the heightened authentication protocol is received at the cloud-based storage service. The request may include an indication that the application is configured to interact with data with the heightened authentication protocol. The request is authenticated based on the heightened authentication protocol. In response to authenticating the first request, permission is granted to the application to access the data that is associated with the heightened authentication protocol. In response receiving requests that do not include the indication that the application is configured to interact with data with the heightened authentication protocol, data pertaining to the portion of the data with the heightened authentication protocol is hidden.

A method of performing user authentication includes by a service electronic device associated with a service, receiving, from a public electronic device, a request for a user to initiate a session of the service, generating a first security token, a first write token, a first read token, and/or a first delete token, sending the first security token, the first write token, the first read token, and/or the first delete token to a server electronic device, receiving, from the server electronic device, a key location identifier that uniquely identifies a memory location of a data store associated with the server electronic device where the first security token, the first write token, the first read token, and/or the first delete token are stored, saving the key location identifier in a data store associated with the service electronic device, generating a signed key location identifier, generating a machine-readable image that includes the key location identifier, the signed key location identifier and the first write token in an encoded format, and sending the machine-readable image to the public electronic device.

Methods and systems for multifactor authentication and authorization are described. A method includes receiving captured image data of a person with a badge needing access to a secure area, detecting at least two faces from the captured image data, identifying a first name based on matching a face associated with a live human face with a control face in a database, identifying a second name based on matching on another face associated with the badge with a control face in a database, performing character recognition on text associated with the another face, comparing the second name with the character recognized text, comparing the second name with the first name when the second name matches the character recognized text, checking access rights, checking for at least another person in a proximity of the secure area, and granting access when the person is sole person accessing the secure area.

A system described herein may provide for multiple levels of authentication, such that a User Equipment (“UE”) may receive secure content from an application server, which may include or may be implemented by a multi-access edge computing (“MEC”) system. As described herein, a user associated with a UE may register the UE and/or a particular application with an authentication system and/or the application server. The registration of the UE and/or the application may establish a “trust” relationship between the authentication system and the UE, such that a user-level authentication performed by the UE, such as biometric authentication, may be accepted by the authentication system and/or the application system as an authentication of the user.