Systems and methods for fraud detection and prevention is disclosed. The system may receive a transaction request for a first customer including a transaction location, transaction time stamp, and merchant type code. The system may determine whether the transaction location is expected for the first customer. When the transaction location is unexpected, the system may identify a last-known video detection having a last-known time stamp and last-known location. The system may determine a travel time estimate between the last-known location and the transaction location and determine a buffer based on the merchant type code. The system may compare the travel time estimate to an allotted time that includes a difference between the transaction time stamp and last-known time stamp less the buffer. When the travel time estimate exceeds the allotted time, the system may execute one or more fraud prevention steps.

The present application generally relates to systems, devices, and methods to conduct the secure exchange of encrypted data using a three-element-core mechanism consisting of the key masters, the registries and the cloud lockboxes with application programming interfaces providing interaction with a wide variety of user-facing software applications. Together the mechanism provides full lifecycle encryption enabling cross-platform sharing of encrypted data within and between organizations, individuals, applications and devices. Further the mechanism generates chains of encrypted blocks to provide a distributed indelible ledger and support external validation. Triangulation among users, applications and the mechanism deliver both enterprise and business ecosystem cyber security features. Crowdsourcing of anomaly detection extends to users and to subjects of the data. Robust identity masking offers the benefits of anonymization while retaining accountability and enabling two-way communications. The mechanism may also provide high availability through multi-level fail over or operations to multiple instances of the core mechanism.

The disclosure provides an approach for authenticating a user of a computer system, wherein the computer system implements a virtual desktop infrastructure (VDI), the method comprising connecting to a computing device through a network, receiving from the computing device authentication credentials, and determining whether the authentication credentials match an authorized user of the computer system. The approach further comprises extracting from the computing device features of the computing device, retrieving a machine learning (ML) model associated with the authorized user, wherein the ML model is at least one of (a) a supervised ML model or (b) an unsupervised ML model, and executing the ML model to authenticate the features of the computing device.

An apparatus for multifactor identification of a mobile device for access to data processing devices within a secured data center includes a processor of a secured server and a memory that stores code executable by the processor. The code is executable by the processor to receive from a mobile device a request for authorization to access a data processing device within a secured data center, verify that user credentials received from the mobile device in conjunction with the authorization request match credentials of an authorized user, where the authorized user is authorized to access the data processing device, verify that the mobile device is in proximity to the data processing device, and authorize the mobile device to access the data processing device in response to verifying the user credentials match credentials of an authorized user and verifying that the mobile device is in proximity to the data processing device.

A system and method that extend the protections provided by the existing state-of-the-art to provide location-aware two-factor authentication for authenticating users of computer systems. There are many potential use cases where location-aware two-factor authentication could be of value. For instance, for purposes of access to critical business documentation, such as intellectual property, financial data, sales data for publicly traded companies, and personal medical information are all heavily protected information artifacts in most organizations. Providing controls to insure this information is only accessed in secure, trusted locations could greatly reduce the potential of inappropriate information access.

Aggregated, submarine cable system information is securely stored, accessed and managed. Security is assured through the use of multi-factor authentication that is compliant with National Institutes of Standards And Technology and US. Government Defense Federal Acquisition Regulation requirements. Further, real-time audit logs are generated as end-users access controlled unclassified information.

Arrangements requiring additional multi-factor authentication (MFA) in certain instances of dynamic virtual transaction token (e.g., virtual credit card token) generation via a browser extension.

The present disclosure discloses a trusted execution environment (TEE)-based password management method and system. This method assumes a hardware trusted environment on a mobile end. A user authorizes the hardware trusted environment, and an independent operating system in the trusted environment automatically performs password management operations. The TEE registers an independent strong password for each account, and stores a correspondence between accounts and applications (or websites) in a hardware security zone. When an application requests login, an account list corresponding to the application is returned for a user to select. Through point-to-point encrypted transmission, different trusted devices can synchronize stored password information. In addition, a trusted mobile end can manage applications (or websites) on other devices without a TEE such as laptops. This method solves the problem that users are difficult to remember a large number of complex passwords, and ensures the security of the password management system itself.

Aspects of the disclosure relate to multi-factor authentication based on biological signals. A computing platform may detect an indication to authenticate a user of the user device. Subsequently, the computing platform may trigger, based on the detecting, the at least one physical sensor to capture one or more biological signals emitted by the user. Then, the computing platform may transform each of the one or more captured biological signals to binary valued data. Then, the computing platform may generate, based on the binary valued data, a security credential associated with the user. Subsequently, the computing platform may retrieve, from a database, a stored security credential. Then, the computing platform may compare the generated security credential with the stored security credential. Subsequently, the computing platform may, based on a determination that the generated security credential is within a threshold of the stored security credential, authenticate the user of the user device.

A first user device may be used to request provisioning of a secure credential on a second user device. A provisioning system may facilitate the provisioning in a manner that ensures security and privacy of the requesting parties. The provisioning requests may be made using an application on the first user device such as a third-party application or using a web application via a browser. The credential may be added to a digital wallet on the second user device. The credential may be useable by the second user device to perform one or more contactless transactions.