A method for authenticating radio access network devices is disclosed, comprising: authenticating, at a coordination server, a base station in a radio access network using a first authentication factor; selecting, following successful authentication of the base station using the first authentication factor, a challenge question based on historical information of the base station stored within a database; sending, from the coordination server to the base station, a request containing the challenge question to further authenticate the base station based on the historical information of the base station; receiving, from the base station at the coordination server, a response to the challenge question; verifying, at the coordination server, the correctness of the response using a key derived from the historical information; and granting the base station access to a core network of a mobile operator, thereby addressing security issues unsolved by one-factor authentication.

An access gateway may control access of user devices to remote computer resource systems in a multi-resource computing environment. The access gateway may determine an assurance level associated with a user of the multi-resource environment, where the assurance level is based on multiple authentication factors included in multiple previous access requests. The access gateway may receive, from a user device, an additional access request to access an additional resource system in the multi-resource environment. Based on a comparison of the assurance level with a threshold authentication level for the additional resource system, the access gateway may allow or deny access to the additional resource system. In addition, based on the comparison, the access system may request additional authentication data from the user device.

Various embodiments relate to a dynamic biometric enrollment system. The dynamic biometric enrollment includes a processor and instructions stored in non-transitory machine-readable media. The instructions are configured to cause the server system to receive at least one biometric authentication sample from the user. The at least one tokenized biometric enrollment sample has been generated by tokenizing at least one biometric enrollment sample captured from a user associated with a unique user identifier. At least one biometric authentication sample captured from the user is retrieved. The at least one tokenized biometric enrollment sample is detokenized to retrieve the at least one biometric enrollment sample. The at least one biometric enrollment sample is processed using a biometric processing algorithm to generate a dynamic biometric reference template. It is determined whether the at least one biometric authentication sample matches with the dynamic biometric reference template.

A network security system provides portals which enable automatic creation of a dynamic one-time port forwarding rule for an authorized user's current IP address following two factor authentication of the authorized user. Such a dynamic one-time port forwarding rule is utilized to set up a connection, at which point the dynamic one-time port forwarding rule is removed, preventing any attacker from subsequently taking advantage of it. Such a methodology is advantageous as compared to conventional port forwarding in that it is much more secure. Such a methodology is advantageous as compared to traditional port forwarding with access control both in that a user does not always have to utilize the same device with a static IP address, and in that the port forwarding rule representing or exposing a potential vulnerability is deleted after a connection is established.

A security platform architecture is described herein. A user identity platform architecture which uses a multitude of biometric analytics to create an identity token unique to an individual human. This token is derived on biometric factors like human behaviors, motion analytics, human physical characteristics like facial patterns, voice recognition prints, usage of device patterns, user location actions and other human behaviors which can derive a token or be used as a dynamic password identifying the unique individual with high calculated confidence. Because of the dynamic nature and the many different factors, this method is extremely difficult to spoof or hack by malicious actors or malware software.

A system is provided that allows users to execute a secure transaction that is authenticated by their user device. Personally identifiable information (PII), such as, but not limited to, biometric authentication data, is locally stored on the user's device so as to protect the PII. A user device private key is associated with the particular user device and the user, and the corresponding public key is registered with a User Device Authentication Alliance server (UDAAS) system. In an online transaction, a LoginID server or an Access Control server interact with the UDAAS to confirm the user is authentic and has confirmed the transaction.

A method of performing a payment transaction employing a two-factor authentication mechanism. In an embodiment, a user device operated by a user during a payment transaction engages in cryptographic processing with a cryptographic function having a secret key encoded therein. The cryptographic function is stored in a storage device of the user device, and the secret key serves as a first authentication factor. The method also includes the user device utilizing a second authentication factor, which was implemented using only software security techniques, in performing the payment transaction.

Systems and methods for authenticating a user to access a public terminal are described. Disclosed embodiments may include reading, using the physical credential reader, a user identifier from the physical credential device. Disclosed embodiments may also include transmitting the public terminal identifier and the user identifier to a secure server. Further, disclosed embodiments may include receiving, after completing the transmission, a unique code from the secure server. Disclose embodiments may additionally include displaying the unique code on the display device. Disclosed embodiments may include receiving, after displaying the unique code, an authentication message from the secure server. Disclosed embodiments may further include, responsive to receiving the authentication message, authorizing the user to use a terminal command at the public terminal.

Systems and methods are provided to stop both external and internal fraud, ensure correct actions are being followed, and information is available to fraud teams for investigation. The system includes components that can address: 1) behavioral analytics (ANI reputation, IVR behavior, account activity)—this gives a risk assessment event before a call gets to an agent; 2) fraud detection—the ability to identify, in real time, if a caller is part of a fraudster cohort' and alert the agent and escalate to the fraud team; 3) identity authentication—the ability to identify through natural language if the caller is who they say they are; and 4) two factor authentication—the ability to send a text message to the caller and automatically process the response and create a case in the event of suspected fraud.

A method for authenticating a user of a handheld field maintenance tool is provided. The method includes moving the handheld field maintenance tool into a proximity of a field device. The field device receives a primary key. The field device generates a secondary key and transmits the secondary key to a remote system. The remote system transmits the secondary key to the user of the handheld field maintenance tool. The field device receives the secondary key. The field device authenticates the user of the handheld field maintenance tool.