Authentication systems and methods can selectively authenticate a request to access a resource data store storing access rights associated with a user device. The systems and methods can scalably execute challenges workflows as part of the authentication process. For example, a request to access one or more access rights stored in the data store can be received from the user device. The user device can be authenticated using challenge workflows selected based on a device identifier of the user device. The selected challenge workflows can be executed to determine whether or not to grant access to the access rights stored in the resource data store.

A method for secure communication with a field measuring device of process measuring technology is described and shown. Upon contact by an external communication means with a web server via a communication interface, a first authenticity check of an external communication means is carried out by the field measuring device and a second authenticity check of the external communication means is carried out. After successful completion of the first authenticity check and the second authenticity check, further communication of the external communication means with the web server is authorized by the field measuring device.

A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

A hybrid authentication system, a method, and a non-transitory computer-readable medium for single-sign-on authentication is provided. The hybrid authentication system is communicatively coupled to a web application server and a public ledger. The hybrid authentication system receives a request from the web application server to access secure content on a resource server and controls display of a set of user-selectable options on a user interface of a user device based on the received request. The hybrid authentication system selects at least one authentication option from the displayed set of user-selectable options and authenticates the received request based on the selected at least one authentication option. The selection of the at least one authentication option is based on a user input over the displayed set of user-selectable options.

Systems and methods for authenticating presumptively incompatible elements in a digital network are provided. A method may include receiving an access request from a client node in the network. The access request may be requesting access to an application in the network. The access request may be associated with a uniform resource identifier (“URI”). The method may include extracting a target application from the URI. The method may include determining an authentication protocol that is supported by the target application. The method may include generating, based on the authentication protocol, a series of one or more authentication tests that, in combination, satisfy the authentication protocol. The authentication tests may satisfy the authentication protocol even when the client node natively supports a different authentication protocol. The method may include executing the series of authentication tests to authenticate the client node vis-à-vis the target application.

A system for multifactor password creation and provisioning includes a client computing device, a dongle, a computing system, and software configured to perform operations including selecting a website at a user interface of the client computing device, recalling, by the client computing device, an encrypted password from client computing device memory based on the website selection, transmitting, by the client computing device, the encrypted password to the dongle, decrypting, by the dongle, the encrypted password received from the client computing device, transmitting, by the dongle, the decrypted password to the computing system or the client computing device, and entering, by the computing system or client computing device, the decrypted password.

A method for controlling access to a facility includes: an identification process, an authorization process, and an application process. Access to the facility is blocked by a lock that is openable by a person with an authorized key. A system for controlling access to the facility includes a first security ring formed by data-conductive connections between an electronic reader, an identity server, and an access server; a second security ring is formed by data-conductive connections between the electronic reader, the access server, and a terminal; and a third security ring formed by data-conductive connections between the access server, the terminal, and the lock.

Techniques are described for multi-factor authentication and device verification based at least partly on a periodically changing (e.g., rotating) security code. A rotating security code may be generated on a user device and used to sign a certificate. The certificate may be encrypted, using a private key stored on the user device, and communicated to a backend service for verifying that the user device is authorized to access secure information. The backend service may decrypt the certificate (e.g., using a public key associated with the private key), extract the security code from the decrypted certificate, and compare the extracted security code to a security code associated with the user device. If the codes correspond to one another, the user device may be verified and provided with access to secure information such as secure data, a secure portion of an application, and so forth.

A relative risk can be determined using an originating Internet Protocol (IP) address as an identifying factor for purposes of authenticating a user. The originating IP address can be used as an identifying factor for a particular user account to determine potentially fraudulent activity and reduce the risk of fraud. This additional identifying factor can be used as a part of an overall authentication platform to help screen fraud attempts and to authenticate valid and non-fraudulent users. Using certain aspects can distinguish whether originating IP addresses are public or private. Some examples can track and match originating IP addresses to user accounts and also can keep track of recently active sessions for each IP address.

A user makes a request from a requesting device for access to a secure operation associated with a network-based service. A first biometric authentication is processed for the request and at least one second scope-based authentication is processed for the request based on an analysis of a physical environment for the requesting device. A determination is made based on at least the first biometric authentication and the scope-based authentication whether the secure operation can be: processed on behalf of the user by the network-based service, not processed at all, or processed only if requested from a specific medium/channel associated with a specific device, which may or may not be the requesting device.