Database systems and methods are provided for authorizing access to a protected resource. One method involves an authorization service automatically assigning a unique alias to a web application and thereafter receiving a request for access to a protected resource on behalf of a user of the web application. In response to the request, the authorization service generates a graphical user interface (GUI) display including a graphical representation of the unique alias automatically assigned to the web application at a client device associated with the user, and thereafter in response to user selection of a GUI element of the GUI display to authorize access, the authorization service obtains an access token associated with the user and the protected resource and transmits the access token to the web application.

Provided is a method, system, and apparatus for authenticating a user device. The method includes registering a device identifier with at least one transformation rule, receiving a request for authentication comprising a device identifier associated with a user device, obtaining a one-time password (OTP) in response to receiving the request, communicating the OTP to the user device, receiving a transformed OTP from the user device, and authenticating the user device based on the OTP, the transformed OTP, and the at least one transformation rule.

Multifactor authentication techniques described herein may allow a user to submit a recent proof of purchase as a part of a multifactor authentication process to access an account associated with a financial institution. As part of the login process, the user may submit a proof of purchase associated with a transaction. The financial institution may determine information associated with the transaction, such as a merchant associated with the proof of purchase, a time of the transaction, the last four numbers of the transaction card used, a dollar amount, or any combination thereof. If the information matches one or more records in the transaction history of the user's account, the financial institution may authenticate the user and provide access to the account. In this way, the financial institution may leverage transaction history known to the financial institution and the user to authenticate the user.

Various aspects of the subject technology relate to systems, methods, and machine-readable media for securely communicating personal information. The method includes receiving, from a user, personal information regarding the user. The method also includes storing the personal information in secure storage. The method also includes receiving, from a third party, a request for the personal information of the user. The method also includes receiving, from the user, authentication of the request for the personal information of the user. The method also includes in response to receiving the authentication, providing metadata to the third party comprising a promise to supply the personal information of the user, the metadata further comprising at least one of a timestamp, delta, or version number. The method also includes receiving, from a requestor, a notification for resolution of the promise, the notification identifying which of the personal information is required to complete a transaction.

The present disclosure provides methods and systems for secure logon. One or more method includes: determining, via authentication information provided by a user of an electronic device, that the user is authorized to access an online account provided by the online account provider; providing the user with a selectable option to enable an expedited logon process by which the user can access the online account by solely providing a particular authentication item of the user; receiving a verification credential in response to a next logon attempt using the expedited logon process; and verifying that the received verification credential matches an assigned verification credential provided to the user for use in conjunction with the next logon attempt using the expedited logon process.

A method including collecting transactional information from a mobile application on the mobile device. The mobile device can be used by a user to initiate an activity at a risk moment. The method also can include aggregating a set of risk signals. The method additionally can include obtaining a first set of risk rules for a model specific to the activity requested by the user. Each risk rule of the first set of risk rules can define weights when the risk rule is triggered based on one or more risk signals of the set of risk signals. The method further can include executing a risk engine using the first set of risk rules for the model and using the set of risk signals to generate a risk score. The risk score can be based on the weights of triggered risk rules of the first set of risk rules. The method additionally can include generating a disposition based on a comparison of the risk score to one or more predefined thresholds scores for the model. Other embodiments of related systems and methods are disclosed.

A computing device may include a memory and a processor cooperating with the memory and configured to receive a connection request from a client device having a public/private encryption key pair associated therewith. The connection request may be based upon a connection lease and the public key for the client device, and the connection lease may be generated based upon an authenticated version of the public key for the client device. The processor may also be configured to verify that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device and authorize a connection with the client device and provide the client device with access to a virtual computing session via the connection.

Disclosed herein are system, method, and computer program product embodiments for detecting cyber-attack. In an embodiment, a server receives a request to an application from a user device. The server determines that there is no cookie in the received request. The server then generates a new fingerprinting cookie and sends a verification request to the user device to verify the identity of a user. When the server receives the verification reply from the user device, the server determines that the verification reply is valid, marks the new cookie as a verified cookie, and transfers the request to the application for processing. The server can also unverify the verified cookie when the verified cookie is included in a malicious request. The server can determine that a request is malicious by analyzing functions the user wishes to perform using the request.

Systems and methods for permitting software presence/configurations to function as a factor in a multi-factor authentication scheme so that a user's access to a different software program/application is conditioned on the presence of certain pre-specified software or software configurations that would otherwise not be necessary for access and/or operation of the different software program/application. Generally, by confirming the presence/configuration of the pre-specified software on a computing device, the system ensures that a user, in one embodiment, may only access the different software program/application with the proper configuration of the pre-specified software.

Disclosed herein are related to a system and a method of authenticating a device. In one aspect, a first challenge is identified from first challenges, where each of the first challenges has a consistent response with a stability above a first threshold across a variation of the device. In one aspect, a first response to the first challenge is received from the device. In one aspect, whether the first response matches the consistent response of the first challenge is determined. In one aspect, a second challenge from second challenges is identified, where each of the second challenges has an inconsistent response with a stability under a second threshold across the variation. In one aspect, a second response to the second challenge is received from the device. In one aspect, the device is authenticated responsive to determining that the first response matches the consistent response of the first challenge.