A gateway performs silent authentication refreshes with an identity management platform in order to extend the expiration of a cookie provided to an endpoint that accesses network applications through the gateway.

A distributed identity server cluster maintains a first communication channel between an endpoint device in a first geographic region and a first server. The first server receives a request from the endpoint device to communicate with an application containing a digital key for accessing the endpoint device and stored at an authentication device located in a second geographic region. The server cluster transmits a notification to the application with instructions for the authentication device to connect to the server cluster. The server cluster opens a second communication channel between the authentication device and a second server in communication with the first server. The server cluster transmits data between the endpoint device and the authentication device across the first communication channel and the second communication channel.

A disclosed method for managing access to cloud infrastructure include responding to receiving a user request to access a cloud resource, such as a cluster associated with a hyper-converged infrastructure appliance, associated with an entity by performing a layered authentication of the user. The layered authentication includes determining first layer privileges based on first user credentials associated with a first authentication module and determining second layer privileges based on second user credentials associated with a second authentication module. The request is granted or denied based on a combination of the user's first and second layer privileges. The first authentication module may be associated with a first authentication domain such as an authentication domain of a cloud service provider or an OEM of cloud infrastructure resources. The second authentication module may comprise an authentication module maintained by the entity associated with the resource targeted by the user request.

Systems and methods are provided for determining whether or not users of a communication network are implementing Multi-Factor Authentication (MFA) when authenticating with an entity's business tools, applications, and cloud services. This information can be used as component in the calculation of a risk score that can help quantify and assess the risk posture of the entity. In some embodiments, network traffic flow metadata may be used to anonymously identify user data to assess the entity's use of MFA in determining enterprise risk that may not rely on questionnaires, surveys, manual data entry, and/or interviews. Embodiments of the application can produce a real-time analysis of the security risk of the system.

An identity management server can be used to provide identity-based authentication and access control mechanism for devices trying to connect to a network or other devices on the network. The identity management server may authenticate a user associated with a device based on the past behavior information of the user received from another device associated with the user. The identity management server may generate a trust score based on multiple attributes associated with the user and the device, and authenticate the user if the trust score is within an acceptable limit. The identity management server may also generate access permissions for the device, which can be used by a network device to grant or deny access to the network.

A blockchain network management system implements an associated method comprising the steps of: a) providing a blockchain network configured for providing individual blockchain users with access to a blockchain; b) providing individual blockchain users with a smartphone having a GPS receiving unit associated with a communications network and with a biometric user identification technology coupled to the smartphone; c) identifying an individual blockchain user with the biometric user identification technology by obtaining biometric characteristics that are unique to each human via the communications network; d) authenticating the individual blockchain user's identity and geolocation in an authentication network coupled to the communications network; and e) providing access of authenticated individual blockchain users to the individual blockchain. The blockchain network management system further includes tokens issued to individual authenticated users for providing access to the individual blockchain.

Disclosed and described herein are systems and methods that bring together edge technologies into a single, streamlined process that automates the tracking and usage of assets (containers, equipment, mobile storage, etc.). These systems and methods include the use of smart beacons, low power cellular, sensors (strain gauges, level, contact, ohm/voltage, etc.), voice, video, microcontroller advancements, and the like. Conventional systems that have electronic service order and/or tickets are still limited in their functionality because of data, communication and processing hurdles. Disclosed are modern electronic data capture systems (IoT sensors) along with algorithms to assist on the tracking of assets and workers, more quickly capture authorized transactions for billing and remove the manual processes.

Systems and techniques for multi-layer user authentication with live interaction are described herein. An authentication request may be received from a user for secure data stored in a computing system. Contextual data may be received that is associated with authentication information received from the user. It may be determined that the user has passed a first authentication process based on a match between the authentication information and reference authentication information stored in a user profile for the user. A risk score may be generated for the authentication request based on the contextual data and the authentication data. A second authentication process may be identified based on the risk score. A set of secondary authentication information may be received. Data associated with the authentication request may be transmitted upon authentication of the user via the second authentication process based on the set of secondary authentication data.

The techniques herein are directed generally to providing access control and persona validation for interactions. In one embodiment, a method for a first device comprises: interacting with a second device on a communication channel; determining, over a verification channel with a verification service, that an identity of a user communicating on the second device is a verified identity according to the verification service; determining a persona of the user; querying a third-party entity to make a determination whether the persona is validated and to correspondingly determine a current privilege level; and managing interaction with the second device according to the determination whether the persona is validated and the corresponding current privilege level. Another embodiment comprises a verification server's perspective of facilitating the interaction between the first and second devices, where the verification server queries the third-party entity to validate the persona.

A method for a multi-factor authentication, the method receives results of an initial authentication of a user. Responsive to confirming the initial authentication, an image of a secondary set of authentication options is presented. An option selection is received from the user, wherein the selection is determined by tracking eye movement of the user over the image that includes the set of second factor authentication options. User facial activity is tracked corresponding to the selection made from the secondary set of authentication options. The monitored facial activity is compared to a pre-established authentication condition to determine whether a match exists with the selected secondary set of authentication options, and responsive to facial activity monitored matching the authentication condition pre-established by the user and corresponding to the selection made from the secondary set of authentication options, authentication of the user is confirmed.