A multi-link convergence method include: receiving a first binding request sent by a client using a first link; sending a first LSID to the client using the first link; receiving a first authentication request sent by the client using the first link; performing authentication on the first link according to the first authentication request; if the first link is authenticated successfully, sending a BID to the client using the first link; receiving a second binding request sent by the client using a second link, where the second binding request carries the BID; sending a second LSID to the client using the second link; receiving a second authentication request sent the client by using the second link; performing authentication on the second link according to the second authentication request; and if the second link is authenticated successfully, sending a binding acknowledgement message to the client by using the second link.

Examples provide a multi-factor device holder (MDH) for storing multi-factor authentication devices. A housing encases a set of ports configured to connect to the set of connectors on two or more multi-factor authentication devices placed within the MDH. An external port can connect the MDH to a port on a user device. A selection device, such as a user interface, enables user selection of an authentication device from the set of authentication devices. A locking mechanism secures the housing in a closed configuration to prevent unauthorized access to the authentication devices stored within the MDH. The MDH can include a user authentication device, such as a biometric reader, to authenticate a user attempting to utilize the MDH. If authorized, the selected authentication device is unlocked and provided with power. The selected authentication device transmits a code to the user device via the external port connector.

A method for secure electronic communication between one or more clients on one or more client computing devices. The method includes establishing a networked secure exchange server, where the networked secure exchange server comprises one or more secure electronic data exchange environments for communication between one or more clients. The method also includes providing, on one or more client computing devices, a client authentication interface operable to enable one or more authorized clients to access one or more of the secure electronic data exchange environments across a network, and enabling one or more of the authorized clients to exchange electronic communications through one or more secure electronic data exchange environments.

A system includes a multi-person authentication server which receives an authentication request corresponding to a request to provide a first user access to a secure server. In response to the authentication request, a challenge-response message is provided to the first user device. A push notification is also provided to a second user device. A response to the challenge-response message is received from the first user device. If the received response indicates the first user is authenticated, the first user is allowed to access the secure server. If the received response indicates the first user is not authenticated, the first user is prevented from accessing the secure server.

A secure server is configured to host one or more secure applications. A first user device includes a camera operable to capture a first image of a first user of the first user device. The first user device receives a notification that indicates confirmation of authentication of a second user of a second user device is needed after the second user requests access to the secure server. Following receipt of the notification, the first user device captures a first image of the first user. The first image includes at least a portion of a face of the first user. Facial recognition is performed, and results of facial recognition are provided to the second user device where it is used for multi-person authentication.

A first user device includes a camera. The first user device receives a challenge-response message following a request for access to a secure server. The first user device captures a first image of the first user. The first image includes an image of at least a portion of a face of the first user. An authentication result from facial recognition scan of the second user is received. Facial recognition is used to determine that the face of the first user is a face of an authorized user of the secure server. The first user device generates and sends a response to the challenge-response message based on results of facial recognition and the received authentication results.

In some implementations, a device of a network may receive, from a user equipment (UE), a request associated with enabling the UE to access a network, wherein the request includes a first routing indicator. The device may identify an authentication manager, of the network, that is mapped to the first routing indicator in an entry of a routing table of the network. The device may route the request to the authentication manager of the network to permit the authentication manager to authenticate the UE. The device may purge, based on the request being routed to the authentication manager, the entry to remove the first routing indicator from the routing table. The device may store, after purging the entry, a second routing indicator in the entry to map the second routing indicator to the authentication manager, wherein the second routing indicator is different from the first routing indicator.

A system described herein may provide a technique for enhanced authentication techniques that leverage network-based location determination of UEs, such as mobile telephones or other devices that communicate with a wireless network. For example, a wireless network may monitor, determine, or otherwise maintain information regarding the geographic location of User Equipment (“UEs”) that are associated with the wireless network. Some embodiments may utilize such network-monitored location information to verify that a participant device, associated with a given UE, is located within a particular proximity of the UE when performing an authentication process to receive services or resources.

A request is received from a client seeking to access files stored at a backup server. A first tree is received for the request. The first tree represents hashes of files stored at the client. A second tree is generated representing hashes of the files stored at the backup server. The first and second trees are compared to assess a degree of similarity between the files stored at the client and the files stored at the backup server. The user is denied access to the files stored at the backup server when the degree of similarity is below a threshold.

A highly secure networked system and methods for storage, processing, and transmission of sensitive information are described. Sensitive, e.g. personal/private, information is cleansed, salted, and hashed by data contributor computing environments. Cleansing, salting, and hashing by multiple data contributor computing environments occurs using the same processes to ensure out put hashed values are consistent across multiple sources. The hashed sensitive information is hashed a second time by a secure facility computing environment. The second hashing of the data involves a private salt inaccessible to third parties. The second hashed data is linked to previously hashed data (when possible) and assigned a unique ID. Data dictionaries are created for particular individuals provided access to the highly secure information, e.g. researchers. Prior to a data dictionary being accessible by a researcher computing device, the data dictionary undergoes compliance and statistical analyses regarding potential re-identification of the source unhashed data. The data dictionaries are viewable by researchers as certified views via a secure VPN.