Systems and techniques for multi-layer user authentication with live interaction are described herein. An authentication request may be received from a user for secure data stored in a computing system. Contextual data may be received that is associated with authentication information received from the user. It may be determined that the user has passed a first authentication process based on a match between the authentication information and reference authentication information stored in a user profile for the user. A risk score may be generated for the authentication request based on the contextual data and the authentication data. A second authentication process may be identified based on the risk score. A set of secondary authentication information may be received. Data associated with the authentication request may be transmitted upon authentication of the user via the second authentication process based on the set of secondary authentication data.

A system for contextual and risk-based multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computation graph module configured to receive network traffic data from the multi-dimensional time series data server, determine a network traffic baseline from the network traffic data, and determine a verification score needed before granting access based at least in part by the network traffic baseline. A plurality of verification methods build up a user's verification score to required level to gain access.

A system and method for accommodating various device and application security levels collects authentication data such as voice and fingerprint in advance of opening an application or process potentially requiring different security than the device itself requires. The device is then able to execute a user's voiced command, request or query without further user actions if the command, request or query is related to an application or process for which the already-gathered authentication data is sufficient.

A method for authenticating smart glasses in a data network includes transmitting a message to an authentication computer of the data network, generating a first transaction code and transmitting to the smart glasses, reading authorization data of a user, without involving the smart glasses, into the data network and processing by the authentication computer, which carries out an authentication of the user on the basis of the authorization data, and in case of a successful authentication, reading a second transaction code into the data network, wherein if a check performed by the authentication computer shows that the second transaction code matches the first, an access right is provided for the smart glasses and stored in the smart glasses, the access right enabling the smart glasses to access one or a plurality of predetermined services in the data network.

Users of an identity provider system may be authorized to use a variety of different types of factors from a variety of different factor providers. The identity provider system monitors and analyzes the “health” of the different possible factors available to a user, e.g., their availability relative to error rate. Using the results of the analysis, the identity provider can assess which factors are the most appropriate for a given user seeking authentication and can improve the user experience for the user by emphasizing those most appropriate factors to the user.

Systems, apparatuses, methods, and computer program products are disclosed for providing passive continuous session authentication. An example method includes authenticating a session for a user of a client device. The example method further includes generating a video data structure comprising a video stream, deriving a set of biometric attributes of the user from the video stream, synchronizing temporal information with the set of biometric attributes derived from the video stream, generating an aggregated behavioral attribute data structure comprised of the video data structure and the set of biometric attributes derived from the video stream synchronized to the temporal information, and re-authenticating, by the session authentication circuitry at a second time after the first time, the session for the user of the client device based on the aggregated behavioral attribute data structure.

In an embodiment, a method for secure messaging integration with message apps includes identifying a trigger event within a default messaging channel established between a message aggregator and a messaging application executing at a client device. In response to the trigger event, the method sends to the client device over the default messaging channel, access data usable to access a secure channel established between the message aggregator and the client device. The access data is presented within the messaging application and communications over the secure channel are not visible to the default messaging channel.

Systems, devices, and techniques are disclosed for endpoint security. A user identifier entered into a first authentication screen used to access endpoints hosted on a server system may be received from a user computing device. The user identifier may be determined to be an invalid user identifier for the server system. The user identifier may be hashed to generate a hashed user identifier. An endpoint number may be determined as the hashed user identifier modulo a number of endpoint records assigned numbers on the server system. An endpoint URL may be retrieved from an endpoint record of the server system that is associated with a number equal to the endpoint number. The endpoint URL and data for a second authentication screen including a control for password entry may be sent to the user computing device. The endpoint URL may be displayed on the second authentication screen.

A computing system includes a server. The server is communicatively coupled to a data repository and is configured to store a data in the data repository. The server is further configured to receive a first authentication information, the first authentication information comprising a login and a password for an entity, and to receive a second authentication information, the second authentication information comprising at least one identifying information generated by a hardware authentication device. The server is further configured to execute a hardware-based authentication as a service process, the authentication as a service process configured to use the first and the second authentication information as input to authenticate the entity, and to provide computing resources to the entity if the entity is successfully authenticated.

This disclosure relates to identity verification. In one aspect, a method includes obtaining verification information during a user application session of a user with an application component subsequent to a verification triggering request to perform identity verification on the user. A determination is made whether the verification information satisfies a first identity verification-free condition. When the verification information satisfies the first identity verification-free condition, an identity verification-free operation that does not include identity verification of the user is performed. When the verification information fails to satisfy the first identity verification-free condition, an identity verification process is performed to verify an identity of the user.