User authentication is an extremely important process in many applications and industries. Because of its importance, most security-sensitive user authentication processes employ an automatic multi-factor authentication process that involves confirming a SMS message, answering a security question, entering a PIN, etc. However, even these auto multi-factor authentication processes are vulnerable to attack and hack. For example, some facial recognition authentication processes can be defeated using a picture. Voice print can also be duplicated using a previous recording of the user's voice. As such, most financial institutions employ some form of human involvement (on top of multi-factor authentication) to authenticate a user for high security sensitive situations. The cost for performing authentication with human involvement can be very expensive. Accordingly, what is needed is an automatic multi-factor authentication process that is less prone to hack and workaround such as using a picture to defeat facial recognition processes.

A system receives a request to authenticate a user and determines a first set of cell identifiers of a card matrix to associate with the user. The system receives a first factor, which comprises a first set of received cell values corresponding to the first set of cell identifiers of the card matrix. The system further determines a first set of stored cell values corresponding to the first set of cell identifiers of the card matrix and compares the first set of received cell values to the first set of stored cell values. The system also receives a second factor, which is different than the first factor. Finally, the system determines that the user is authenticated based at least in part upon the comparison of the first set of receives cell values to the first set of stored cell values.

The technology disclosed relates to authenticating users using a plurality of non-deterministic registration biometric inputs. During registration, a plurality of non-deterministic biometric inputs are given as input to a trained machine learning model to generate sets of feature vectors. The non-deterministic biometric inputs can include a plurality of face images and a plurality of voice samples of a user. A characteristic identity vector for the user can be determined by averaging feature vectors. During authentication, a plurality of non-deterministic biometric inputs are given as input to a trained machine learning model to generate a set of authentication feature vectors. The sets of feature vectors are projected onto a surface of a hyper-sphere. The system can authenticate the user when a cosine distance between the authentication feature vector and a characteristic identity vector for the user is less than a pre-determined threshold.

Method for authenticating a first and a second electronic devices associated through a communication line includes: creating a unique ID, by a third electronic device; transmitting the unique ID to the first electronic device; signing the transmitted unique ID by the first electronic device; transmitting the signed unique ID to the second electronic device, by the first electronic device; signing the transmitted signed unique ID by the second electronic device; transmitting the unique ID signed by the first and second electronic devices to the third electronic device; verifying and accepting the unique ID signed by the first device and the second device, by the third device; issuing a certificate for a secure communication line between the first electronic device and the second electronic device; and transmitting the certificate to the first electronic device and the second electronic device.

Various embodiments are generally directed to performing an authentication persistence check and, based on the check, allowing a previously successful authentication to persist on a user apparatus. The check may involve a stability check on the user apparatus. If the user apparatus is stable, device fingerprinting on the apparatus may be performed, the result of which may be compared to a snapshot of apparatus taken at the time of successful authentication. If the comparison reveals changes or drifts that are within a predetermined threshold, then the persistence of the authentication is allowed.

Block chain-based multifactor personal identity verification may be provided. Verification addresses may be established on a block chain by: associating identifiers with individuals having previously verified personal identities, assigning verification addresses on a block chain to the individuals, and recording identifiers and biometric data associated with the individuals at corresponding verification addresses. Block chain-based multifactor personal identity verification using the verification addresses may be performed by: receiving one or more identifiers in connection with one or more requests to verify an identity of one or more individuals, extracting the biometric data associated with the one or more individuals from the corresponding verification addresses, and verifying the identity of the one or more individuals upon receiving matching biometric data and private keys.

A network-based multi-factor authentication approach is provided. A request to access a protected network resource and user credentials are received from a client by an application server hosting the resource. Attributes associated with the request are obtained. After determining the credentials are valid, the access attributes are provided to an authentication server. A first OTP is generated by the authentication server. The client is caused to seek confirmation from the user regarding the request and the associated attributes, by sending a push notification to the client. Responsive to authentication of the user to an OTP generator application running on the client via a biometric sensor or a PIN associated with the client: (i) a second OTP is generated by the OTP generator; and (ii) the application server is caused to grant the request by the OTP generator sending the second OTP to the application server or to the authentication server.

Methods and systems for authenticating operations of an aircraft are disclosed. In at least one embodiment, the method may include: receiving, by an aircraft data gateway, a request for an operation of an aircraft from an operations portal; performing a first digital authentication of the request using first digital authentication information; performing a second digital authentication of the request using second digital authentication information, the second digital authentication information being distinct from the first digital authentication information; and executing the operation of the aircraft upon validating the first digital authentication and the second digital authentication.

To authorize a client device to access a secure resource hosted on a web server, the present methods and systems may provide executable instructions including a challenge token to the client device, which, in turn, may cause the client device to provide executable instructions, including the challenge token, to a mobile client device via a persona area network. The executable instructions provided to the mobile client device may request the mobile client device to return a verification token. The mobile client device may compare the provided challenge token to a challenge token stored locally. If the challenge tokens match, the mobile client device may provide a verification token to the client device via the personal area network, which may in turn provide the verification token to the web server. The web server may compare the verification token provided by the client device to a verification token provided by the present methods and systems. If the verification tokens match, the web server may authorize the access to the secure resource.

Disclosed are various examples for facilitating distribution of security codes for a two-factor authentication scheme or one-time passwords. Security codes can represent one-time passwords or shared secrets used to seed one-time password algorithms. The security codes can be sent through restricted communications channel to a client device. Rather than using an insecure communication link such as SMS for communication of security codes, the security codes can be sent through the restricted communications channel to reduce the possibility of leakage of the security codes.