A Process Authorization Safety/Security Bridge System (PASS) is an interface system or an equipment or a machine or a method of interface consisting of three essential components (1) Hardware Device (2) Wireless Device (3) Software Interface. PASS Bridge System is an interface or equipment or machine or method of interface. It has the ability to interface with process(s) or mission critical process(s) or equipment or machines or process controllers and enable the underlying process(s) to leverage multi factor authentication (MFA) capability of PASS Bridge System and establish process(s) access accountability and safety tracking/tracing. The PASS Bridge System can be used as a bridge or interface method or interface system to provide “TRUSTED ACCESS” process safety policy to any mission critical process(s) or any industrial process(s) or any process(s).

Systems, methods and computer program products for controlling access to data owned by an application subscriber using two-factor access control and user partitioning are disclosed. In one embodiment, applications are executed on a multi-tenant application platform in which user partitions designate associated users and authentication services for those users. Tenants may subscribe to the applications and may allow access to the subscriptions through designated entry points. Users that are authenticated according to the corresponding user partition and access the application through the designated entry point are allowed to access the application through the tenant's subscription.

Methods and systems for injection of tokens or certificates for managed application communication are described. A computing device may intercept a request from an application executable on the computing device, the request being to access a remote resource. The computing device may modify future network communications between the computing device and the remote resource to include a token or a client certificate, where the token or the client certificate is an identifier that enables the future network communications to be routed to the remote resource for a given computing session without use of data from the remote resource or data indicative of a connection of the remote resource in which to receive the future network communications. The computing device may send the future network communications to the remote resource to enable action to be taken on behalf of the computing device in response to receipt of the future network communications.

A technique is provided that integrates authentication from a mobile device (e.g., using biometrics, social informational data, questions and answers, and more) to allow login to laptops and desktops while they are disconnected from the Internet using a USB cable connection, Bluetooth or local wifi or any other similar protocol and/or connected to Internet without USB. The technique provides a cloud clearinghouse that ties a person's or entity's mobile device(s) to an identity that's used to authenticate a person (could be the same person) on a laptop, desktop, or similar computer system.

A multi-factored authentication system is provided to identify users. Accordingly, the authentication system may utilize a combination of multiple authentication methods to identify and authenticate a user, such as facial recognition, voice recognition, fingerprint/retinal recognition, detection of cards/chips or smartphones located with the user, PINs, passwords, cryptographic keys, tokens, and the like. The various authentication methods may be used to calculate a confidence value for the authentication system, where the confidence value reflects the degree of certainty of the user's identity. Each authentication method may, upon identifying a positive match for a user, increase the confidence value by a certain degree.

Theft identification, prevention, and remedy are provided. A determination is made that a client device has been compromised. When the device makes the determination, a message is conveyed to the server and the server replies with a security challenge. When the server makes the determination, the security challenge is automatically sent to the device. An intelligence manager on the device attempts to answer the security question without interaction from the user. If there is an anomaly, a challenge is output to the user. Based on a false response to the challenge, a current data stream may be disrupted and removed from the device. Further, other devices in the network may be notified about the compromised device.

There is provided systems and methods for device interface output based on biometric input orientation and captured proximate data. A user may utilize a device to enter a fingerprint input to perform various device or application functionalities. The user may vary the orientation of the fingerprint to limit user interface data output, change the data that is output, or lock the interface from data output. Fake data may be output in specific instances, such as high risk of data misappropriation. The device may detect the orientation based on changes in the orientation of the grooves and ridges of a fingerprint with respect to an axis of the device, and may also detect additional data to determine what interface output is required. The additional data may include pressure of the fingerprint input and/or voice data. A second device may also provide user biometrics as the additional data.

A technique includes receiving a request from a first electronic device to connect to a network and receiving a first part from the first electronic device. The technique includes regulating onboarding of the first electronic device. Regulating the onboarding includes authenticating the first electronic device. Authenticating the first electronic device includes communicating with a plurality of electronic devices that are connected to the network to receive a set of second secret parts; constructing a first secret from the first secret part and the set of second secret parts; and comparing the first secret to a second secret. Regulating the onboarding of the first electronic device includes allowing the first electronic device to connect to the network based on a result of the comparison.

Systems and methods for authorizing operations associated with blocked media assets using two-factor authentication. In some aspects, a media guidance application (e.g., executed by a set-top box or other user equipment used to store and display media assets) prompts a user for a password (e.g., a personal information number) in order to unlock the content for viewing. In response to receiving a second request from the user to perform an operation related to the media asset (e.g., delete), the media guidance application prompts the user for an additional factor confirming his or her identity, consistent with two-factor authentication protocol. If the user's identity is authenticated as a user that has authority to perform the operation related to the media asset (e.g., delete the stored media asset), the media guidance application performs the operation related to the media asset (e.g., deletes the media asset).

Provided is a method for authenticating a user communicating with an enterprise via a network. The method includes receiving, via the network, authenticators for a user from a first user device associated with the user, and storing the received authenticators. A first authenticator from the stored authenticators is selected to be used for authenticating the user based on an authentication policy received from the enterprise. An authentication request is transmitted to a user device requesting the first authenticator and the user is authentication by comparing the received authenticator with the stored first authenticator.