A service provider provides flexible access to services using an identity provider. The service provider is associated with a custom access policy used by the identity provider to authenticate access requests associated with client devices for services of the client system. The custom access policy describes a set of access levels corresponding to variable levels of access to services of the service provider. The identity provider authenticates access requests by client devices using one or more device signals from the client devices. In some embodiments, the identity provider determines a device trust score for the client device using the one or more device signals. The identity provider provides an authentication response to the client system based on the custom access policy. The client system uses the authentication response to determine an access level for the client device from the set of access levels described by the custom access policy.

The present invention is a system and method for secure electronic document exchange and execution of contracts and digital consent via a secure electronic platform with biometric access verification. A user receives a one-time password (OTP) via a short message service (SMS) on a mobile phone. Within a secure system, this unique temporary code is fused with the user's biometric data to create a secure tokenized digital identity which the user can utilize to electronically sign a document or provide digital consent in a mobile-first environment. Any document signed, or consent process completed, by the individual is stored within the present invention's secure servers. The user accesses the platform's secure web-based system to view, download and share via instant message, email or any other digital communication method all documents and consent materials they are a party to anywhere, anytime, in perpetuity. The present invention provides improved accessibility to digitally sign documents and provide consent.

An authentication system supports multi-factor authentication (MFA) when authenticating the identity of a user. In particular, the authentication system includes voice analysis capabilities that allow voice to be one credential type available among the system's MFA capabilities. The authentication system can train a neural network-based voice model on a small number of sample utterances provided by a user as part of voice verification enrollment. The model is text-independent, such that the model can detect that spoken forms of different phrases represent the same voice, even though the phrases being spoken are different. To accomplish text-independent voice characteristics, the model derives embedding vectors from raw audio data that capture distinctive aural characteristics of the user's voice (such as pitch).

Systems, computer program products, and methods are described herein for secure channel selection for multi-factor authentication using non-fungible electronic resources. The present invention is configured to receive, from a user input device, a request from a user to access resources; determine a first authentication channel for verification of user identity; trigger an authentication channel validation engine to validate the first authentication channel; retrieve authentication channel information associated with the first authentication channel; determine that the user has a non-fungible token (NFT) for the first authentication channel; retrieve, from one or more metadata layers of the NFT, authentication channel descriptors associated with the first authentication channel; compare the authentication channel information with the authentication channel descriptors to determine a match; determine that the first authentication channel is valid based on at least the match; and initialize verification of the user identity via the first authentication channel.

A method, implemented using an authentication monitoring (AM) computer device, for monitoring an execution of a digital authentication program is provided. The method includes receiving an authentication data file from an authenticating computer device executing the digital authentication program, wherein the authenticating computer device is associated with an authenticating entity, processing the authentication data file to extract at least one authentication value, testing the authentication value against at least one authentication rule associated with the digital authentication program, determining that a stored metric for the authenticating computer device fails to meet a predefined benchmark, wherein the stored metric is associated with the digital authentication program, and initiating an authentication remediation process, wherein the authentication remediation process causes an update to the digital authentication program used by the authenticating computer device.

A method, computer system and computer program product for authenticating a transaction is provided. A service provider receives a transaction between a user and a website displayed on a first device. The service provider identifies a first geolocation of the first device. The service provider generates a code for display on the first device. The service provider receives credential information to identify the user and the code from a second device. The service provider identifies a second geolocation of the second device, and determines a level of risk for the transaction based at in part on the first geolocation and the second geolocation. In response to the level of risk being an acceptable level of risk, the service provider authenticates the user. The service provider generates information to enable the user on the first device to perform the transaction with the website, and sends the information to the website.

Systems, computer products, and methods are described herein for improved authentication utilizing two factor authentication of a user. The two factors include a verified identification and a liveness identification. The verified identification may be a governmental verified identification, and the liveness identification may be a video of the user. The user may capture the verified identification and the liveness identification using the user's mobile device. The organization may authenticate the user by identifying the user from the verified identification image and identifying that the user is active by identifying movement from the liveness identification image. Additional authentication may include requiring and/or identifying an identifier from the liveness identification image (e.g., movement, object, characters, or the like), and/or capture image data related to a time or a location at which the images were captured.

When security-related behavior is detected on an endpoint, e.g., through a local security agent executing on the endpoint, a threat management facility associated with the endpoint can interact with a user via a second local security agent on a second endpoint in order to solicit verification, authorization, authentication or the like related to the behavior. In one aspect, an administrator for an enterprise managed by the threat management facility may verify, authorize, or otherwise approve the detected behavior using this technique. In another aspect, a user of the device may use this infrastructure to approve of a potentially risky behavior on one device by using a verification procedure on a second device associated with the user.

A multi-factor authentication method and system enabling secure access to an industrial asset. A higher level of authentication to access a selected privileged operation of the industrial asset requires verification of two or more multi-factor access credentials.

The present disclosure relates to two-factor authentication with a Hardware Security Module (HSM). In response to a login attempt, the HSM indicates that two-factor authentication is required. To generate the second authentication factor, a management console is accessed using credentials. The management console generates the second authentication factor and provides the second authentication factor to the client. The client then provides the second authentication factor to the HSM to complete the two-factor authentication operations.