Systems and methods for authenticating a user to access a public terminal are described. Disclosed embodiments may include reading, using the physical credential reader, a user identifier from the physical credential device. Disclosed embodiments may also include transmitting the public terminal identifier and the user identifier to a secure server. Further, disclosed embodiments may include receiving, after completing the transmission, a unique code from the secure server. Disclose embodiments may additionally include displaying the unique code on the display device. Disclosed embodiments may include receiving, after displaying the unique code, an authentication message from the secure server. Disclosed embodiments may further include, responsive to receiving the authentication message, authorizing the user to use a terminal command at the public terminal.

A terminal includes a relay unit, a memory, and an access unit. The relay unit relays communication between a different terminal and a server that requires two-step authentication at a time of providing a service. The memory stores first identification information for identifying the different terminal. The access unit accesses the server. In a case where data to be transmitted to the server includes second identification information for identifying the terminal, the access unit transmits the first identification information, in place of the second identification information included in the data, to the server.

A device verification system includes an operation panel, a computer coupled to the operation panel, and a server coupled to the computer. The operation panel includes an image acquisition unit. The computer receives an image of an operator acquired by the image acquisition unit and acquires a facial image of the operator from the image. The server receives the facial image from the computer. The server stores a facial image of an authorized operator and is configured to compare the received facial image to the stored facial image to determine whether the operator is verified.

A location multi-factor verification method may comprise initiating a boot process of a client device via firmware of the client device, receiving, via a network interface device, an access point (AP) beacon frame identifying a nearby AP, transmitting the AP beacon frame to a location determination service via the network interface device, receiving a geographic location estimation from the location determination service, based on the AP beacon frame, transmitting the geographic location estimation to the nearby AP, and granting a user of the client device access to an operating system of the client device if a boot process authorization instruction is received at the client device via the network interface device.

A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

Disclosed herein are system, method, and device embodiments for implementing location identification in multi-factor authentication (MFA). In an example embodiment, a user service may present a geographic map based on a MFA process, and receive an authentication attempt including a geographic indicator and interaction information. Further, the system may determine whether the authentication attempt was made by a human based at least in part on the interaction information, determine whether the geographic indicator matches an expected response, and send, to an electronic device, an authentication result indicating whether geographic information was determined to be selected by a human and the geographic indicator was determined to match the expected response.

The techniques herein are directed generally to providing access control and identity verification for communications when initiating a communication from an entity to be verified. In one embodiment an initiating device initiates a communication to a receiving device on a communication channel, wherein the receiving device is configured to determine whether an identity associated with the initiating device is verified by a verification service. The initiating device verifies the identity through a verification service client application on the initiating device, and conveys, to the verification service over a verification channel, that the identity associated with the initiating device is verified, wherein the verification service conveys, to the receiving device over the verification channel, that the identity is verified. The communication then continues with the receiving device on the communication channel, wherein the receiving device manages the communication from the initiating device according to the identity being verified.

Described is a system for maintaining dual-party authentication requirements for data retention compliance in systems with remote access components. When administering a data retention policy, an operating system component may require a dual-party authentication mechanism to prevent data deletion, while a different authentication mechanism may control access to the remote access controller. Access to the remote access controller by a single privileged user, however, may enable overriding or compromising the retention lock compliance implemented by the operating system. Accordingly, the system may tie the dual-party authentication requirement to the remote access controller authentication mechanism.

Systems, methods and computer program products for controlling access to data owned by an application subscriber using two-factor access control and user partitioning are disclosed. In one embodiment, applications are executed on a multi-tenant application platform in which user partitions designate associated users and authentication services for those users. Tenants may subscribe to the applications and may allow access to the subscriptions through designated entry points. Users that are authenticated according to the corresponding user partition and access the application through the designated entry point are allowed to access the application through the tenant's subscription.

Systems and methods for generating and implementing a real-time multi-factor authentication policy across multiple channels, are configured to: during a pre-authentication stage: receive, via a user interface, information defining one or more scenarios; receive, via the user interface, information defining one or more authentication flows; for each of the one or more scenarios, map one of the one or more authentication flows to a given scenario; and generate a multi-factor authentication policy associated with each of the one or more scenarios; and during a real-time authentication stage: upon receiving an interaction, identify, by a decision engine, a relevant scenario of the one or more scenarios; implement, by the decision engine, the multi-factor authentication policy associated with the relevant scenario; and determine, by the decision engine, an authentication result.