A method of authenticating a user. The method comprises the step of sending an authentication request to a remote authentication device and generating a first piece of authentication information. A mobile device receives the first piece of authentication information from either an access terminal or the remote authentication device. The mobile device of the user generating a second piece of authentication information which is at least partially based on the received first piece of authentication information. The second piece of authentication information is sent to the remote authentication devices and the second piece of authentication information validated. If the second piece of authentication information is successfully validated an authentication signal is generated.

A method at an authentication server for multi-factor authentication of an electronic device, the method including receiving at the authentication server a request for authentication of the electronic device; sending information to the electronic device; receiving a response based on the information sent to the electronic device, the response further including an authentication time limit; authenticating the response; and storing the response and time limit upon verification of the response.

A transaction card includes a near-field communication (NFC) component, a security component, a wireless component, one or more memories, and one or more processors communicatively coupled to the one or more memories. The device receives a signal from a user device attempting to access a secure application, and energizes the NFC component based on the signal received from the user device. The device causes the security component to generate an encrypted code based on the NFC component being energized, and provides, via the security component, the encrypted code to the wireless component. The device provides, via the wireless component, the encrypted code to the user device to permit the user device to utilize the encrypted code as authentication for accessing the secure application.

A system and method are disclosed herein leveraging financial networks standards with mobile device data and secure processing and storage environment knowledge to authenticate a device. For instance, a party to a transaction may utilize these elements of information, not traditionally associated with wireless transactions, to achieve a lower probability of fraud and/or a higher confidence associated with the transaction.

In one aspect, a computerized method for implementing user authentication using, device synchronization to match that includes the step of accessing a web page. The web page includes an agent. The computerized method includes the step of loading the agent in the background. The computerized method, includes the step of, generating, with the agent, an agent-generated token in background. The agent-generated token is encrypted as a cryptographic token. The computerized method includes the step of executing a deep link with the agent-generated token. The computerized method includes the step of sending the agent-generated token, a Universally unique identifier (UUID) and a private key in a hidden native application to an encrypted-token server. The computerized method includes the step of determining that the IP address pairs with the agent-generated token. The computerized method includes the step of receiving, with the native application, a call back. The computerized method includes the step of sending the UUID and the agent-generated token back to the encryption server. The computerized method includes the step of receiving, with the encryption server, the UUID and the agent-generated token. The computerized method includes the step of checking, with the encryption server, that the UUID and the agent-generated token point to same UUID. The computerized method includes the step of determining that the UUID and the agent-generated token point to same UUID.

Methods and systems are provided for non-cryptographic capabilities of a token such as a smartcard to be used as an additional authentication factor when multi-factor authentication is required. Smartcards are configured to generate a transaction code each time a transaction is attempted by the smartcard. The transaction code is dynamic, changing with each transaction, and therefore is used as a one-time password. When a user attempts to access a service or application requiring at least two authentication factors, a secure processor is used to read transaction code from the smartcard. The secure processor establishes a secure communication with the remote computer hosting the service or application. The transaction code can then be encrypted prior to transmission over the public Internet, providing an additional layer of security.

Systems and methods for continuous secure single sign on for secure access services. A user device stores a first authentication factor associated with a user for authorizing access. An authentication server receives an authentication request by the user to a secure access service and establishes a secure communication channel between the authentication server and the user device. The user device performs a user authentication according to a second authentication factor, generates an authentication response indicating the first authentication factor and confirming the authentication, the authentication response and transmits the response to the authentication server via the secure communication channel. The authentication server grants access to the secure access service based on the authentication response, repeatedly determines whether the secure communication channel is maintained while the user accesses the secure access service, and permits access to the secure access service by the user while the secure communication channel is maintained.

A reader configured to perform dual-factor authentication is provided. The reader is configured to analyze credential data as well as event-based user inputs. The event-based user inputs are received in response to the reader presenting one or more events to a user and monitoring the user's reaction thereto. Utilization of an event-based user input enables the reader to perform dual-factor authentication without necessarily being provided with a keyboard or other advanced user input device.

A user credential comprising a user password and a one-time password (OTP) may be provided to access a computing system. The user password is authenticated and the network connection status of the computing system is determined. If the computing system is offline, the user password and the OTP are stored in memory and the user is granted a first level of access to the computing system. Upon detecting that the network connection status of the computing system has changed to online, the user password and the OTP are provided to an authentication server for authentication. If the authentication of the user password and the OTP is successful, the user is granted a second level of access to the computing system, the second level of access being higher than the first level of access.

A data processing method is performed at a computer system managing application programming interfaces (APIs) and mobile application entrances. An API invocation request initiated by an application system is received by the computer system, permission information corresponding to the application system is obtained according to an identifier of the mobile application entrance and an application system identifier that are carried in the API invocation request, then authentication is performed on the API invocation request according to the permission information and first authentication information carried in the API invocation request, and the application system is allowed to invoke an API for data processing when the authentication succeeds, so that internal data corruption caused due to that each application system at a mobile application entrance randomly invoke the API is avoided, thereby implementing uniform management on the internal data, greatly strengthening data security, and facilitating API interface expansion.