Techniques for time-based network authentication challenges are disclosed. In some embodiments, a system, process, and/or computer program product for time-based network authentication challenges includes monitoring a session at a firewall to identify a user associated with the session, generating a timestamp for an authentication factor associated with the user after the user successfully authenticates for access to a resource based on an authentication profile, intercepting another request from the user for access to the resource at the firewall, and determining whether the timestamp for the authentication factor is expired based on the authentication profile.

A variable-step authentication system and a method for operating for performing variable-step authentication for communications in a controlled environment is disclosed. The variable-step authentication system may include a communication device and a server. The variable-step method includes steps for determining an authentication process that involves a number of authentication steps. The number of authentication steps is variable and dependent on a trust level associated with each participant in the communication.

A system for probe-based risk analysis for multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network’s traffic data and to serve the traffic data to other modules and a directed computational graph module configured to probe connection destinations for a response, analyze any received responses, and determine a verification score needed before granting access based at least in part on the analysis of the received responses. A plurality of verification methods build up a user’s verification score to required level to gain access.

A multi step authentication method for authenticating a person as an authorized person, the multi step authentication method being executed by a multi step authentication system including an authentication server, a user device, the method comprising the steps of executing a first authentication phase, the first authentication phase comprises performing a first authentication technique; executing a second authentication phase, the second authentication phase comprises performing a second authentication technique, wherein the first authentication technique and second authentication technique are disparate; both the first and second authentication techniques utilize contactless authentication techniques; wherein the second authentication phase is performed after the first authentication phase successfully authenticates a person as an authorized user, a person is authenticated as an authorized person or vehicle if both the first authentication phase and second authentication phase successfully authenticate the person or vehicle, and; wherein the first authentication phase and second authentication phase are sequentially alterable.

Systems and methods are provided for a media provider to allow a user to access media objects with a third-party partner that authenticates the user and authorizes the user to access certain media objects. The media provider offers access to media objects, such as video content or audio content. The partner, through a relationship with the media provider, similarly offers access to the media provider's media objects, for example, as a service or benefit to the partner's customers or users. In particular, a partner integration server mediates user authentication and authorization by the partner. The partner integration server also allows the media provider to easily and flexibly to add and integrate additional partners.

Systems, methods and computer program products for controlling access to data owned by an application subscriber using two-factor access control and user partitioning are disclosed. In one embodiment, applications are executed on a multi-tenant application platform in which user partitions designate associated users and authentication services for those users. Tenants may subscribe to the applications and may allow access to the subscriptions through designated entry points. Users that are authenticated according to the corresponding user partition and access the application through the designated entry point are allowed to access the application through the tenant's subscription.

A user authentication system and method includes a network of guardian nodes and gatekeeper nodes configured to securely communicate with one another. The gatekeeper nodes are connected to service providers and the guardian nodes are associated with UAS customers. The guardian nodes and gatekeeper nodes are configured to generate tokens that are passed between the guardian nodes, gatekeeper nodes, service providers and UAS customers to authenticate UAS customers requesting access to service providers.

Usage information of a user for a plurality of computing devices is identified. A usage pattern for each computing device of the plurality of computing devices of the user is developed based on the identified usage information of the user. An indication of the user accessing an application on a first computing device of the plurality of computing devices is received. The application requires one or more credentials for an authentication process associated with the application. A determination is made whether the user accessing the application using the first computing device is following the developed usage pattern of the user. Responsive to determining that the user accessing the application using the first computing device is not following developed usage pattern of the user, the authentication process associated with the application is interrupted.

An example method includes receiving an encrypted biometric enrollment data and user identifier data. The encrypted biometric enrollment data includes at least one biometric enrollment sample from a user encrypted using an encryption key. The encryption key is generated based on a user secret and the user identifier is associated with the user. The user identifier is matched with a stored user secret. A decryption key is generated based on the stored user secret. The encrypted biometric enrollment data is decrypted using the decryption key. The at least one biometric enrollment sample is retrieved from the decrypted biometric enrollment data. The at least one biometric enrollment sample is processed using a biometric processing algorithm to generate a biometric reference template. A biometric reference template identifier uniquely identifying the biometric reference template is generated. An encryption key is generated based on the stored user secret and encrypts an enrollment confirmation message.

Provided are computer-implemented methods for authenticating a mobile device based on a real-time mobile device application profile which may include generating, with a mobile device application on a mobile device, a real-time mobile device application profile associated with the mobile device, receiving the mobile device application profile by the mobile device; and determining whether there is an anomaly between the real-time mobile device application profile and a historical mobile device application profile associated with the mobile device. The methods may also include performing a remedial action associated with a transaction based on determining that there is an anomaly between the real-time mobile device application profile and the historical mobile device application profile. Systems and computer program products are also provided.