The disclosure relates to an authentication approach to grant access to a secure service on an electronic device. The authentication approach includes receiving, via an electronic device, a request to access the secure service. The authentication approach includes determining whether the electronic device is positioned at a location that corresponds to a virtual authentication lock. The authentication approach includes displaying, in response to determining the device is positioned at the location that corresponds to the virtual authentication lock, the virtual authentication lock on a display of the electronic device. The authentication approach includes receiving one or more interactions with the virtual authentication lock. The authentication approach includes determining whether the one or more interactions correspond to one or more authentication interactions related to the virtual authentication lock. The authentication approach includes granting, in response to the one or more interactions corresponding to the one or more authentication interactions, access to the secure service.

A physical access control (PAC) system configured to perform a two-factor authentication prior to granting access to a secure area. The PAC system includes an access point device configured to perform facial recognition on a person proximate to the access point device, and perform wireless handshake with a mobile device associated with the person prior to granting or denying entry to the secure area.

The technology disclosed relates to authenticating users using a plurality of non-deterministic registration biometric inputs. During registration, a plurality of non-deterministic biometric inputs are given as input to a trained machine learning model to generate sets of feature vectors. The non-deterministic biometric inputs can include a plurality of face images and a plurality of voice samples of a user. A characteristic identity vector for the user can be determined by averaging feature vectors. During authentication, a plurality of non-deterministic biometric inputs are given as input to a trained machine learning model to generate a set of authentication feature vectors. The sets of feature vectors are projected onto a surface of a hyper-sphere. The system can authenticate the user when a cosine distance between the authentication feature vector and a characteristic identity vector for the user is less than a pre-determined threshold.

A system and method allows an app to be used to signal a server to authenticate a user using two factor authentication. The app is one previously associated with a user account, optionally using a different form of two factor authentication.

Systems and methods for secure access are provided. The secure access system includes a contactless card, a user device, a processor, and a storage device. The processor receives a first authentication request from the user device. Then, the processor transmits a first authentication credential associated with user login data to the user device. Next, the processor receives a second authentication request from the user device. Upon receipt of the second authentication request, the processor transmits a second authentication credential associated with a contactless card to the user device. Then, the processor receives a first code from the user device, and the storage device performs one or more access actions based on the first code.

Embodiments of the disclosure provide distributed authentication with network segmentation and dynamic authorization for networks. The system may include a device within a network of devices. An identifier is within the device and includes a cryptographic certificate. The device is configured to transmit the identifier to an authenticator as a security proof. The authenticator is configured to disable the device from performing at least one operation within the network before verifying an identity of the device via the identifier.

A solution to the problems caused by malicious attacks directed at web sites is provided. A system includes a processor of a security server node connected to at least one web server node over a network and a memory on which are stored machine-readable instructions that when executed by the processor, cause the processor to execute a universal security module (USM) configured to: monitor behavior of users visiting web sites provided by the web server node; and perform real-time analysis of the monitored behavior to execute an Identity Access Control and Access List Management.

A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.

In some implementations, a server device may receive, from a first device, a credential and a request to access a resource. The server device may transmit, to a second device associated with the credential, an image that includes a first symbol composed of a set of elements. The server device may receive, from the first device, information associated with a second symbol formed via user interaction with a user interface of the first device. The second symbol may be formed by dragging elements, presented via the user interface, to an area of the user interface in which the second symbol is to be formed, or drawing elements in the area of the user interface in which the second symbol is to be formed. The server device may grant or denying access to the resource based on the first symbol and the information associated with the second symbol.

In certain embodiments, a distance threshold may be adjusted, and authentication may be performed based on the adjusted distance threshold. In some embodiments, an authentication request from a first user device associated with a user may be received. First location information of the first user device and second location information of a second user device may be obtained. A distance between the first and second user devices may be determined based on the first and second location information. A distance threshold may be adjusted based on whether such location information is obtained over the same wireless network, whether such information is obtained over a public wireless network, whether an IP address from which such location information is obtained matches a stored IP address, or other criteria. The user may be authenticated based on a comparison of the distance to the adjusted distance threshold.