A method and system for anonymizing data are disclosed. The method and system include receiving, at the wrapper, a request to store data in a data source. The wrapper includes a dispatcher and at least one service. The dispatcher receives the communication and is data agnostic. The method and system also include providing the request from the dispatcher to the at least one service and anonymizing, at the service(s), the data to provide anonymized data.

Systems, methods, articles of manufacture, and computer-readable media for secure authentication based on identity data stored in a contactless card associated with an account. An application may receive an indication specifying to perform an operation. The application may receive encrypted data from the card. The application may receive an indication that the authentication server decrypted the encrypted data. The application may determine a type of data required to authorize the operation. The application may receive data comprising passport data or driver license data from the card. The application may determine that the data satisfies a rule for authorizing the operation and authorize performance of the operation based on the authentication server verifying the encrypted data and the data satisfying the at least one rule.

Techniques are disclosed to provide enhanced online security. A network server actively monitors data between a network server hosting a website and a computing device. Some of the disclosed techniques leverage “cookie stitchers” to associate user data, which may include a website identifier, to the user's computing devices. These techniques allow the network server to block access to explicitly identified computing devices, or to trigger two-factor authentication.

Described embodiments provide systems, methods, computer readable media for accessing services via identity providers. A computing device may transmit, responsive to a request from a client to access a service, a value to the client. The client may be configured to access the service using an access token. The computing device may receive, from the client, a signature, the signature generated using the value, a device identifier, and a first encryption key. The computing device may determine, using the value and a second encryption key, the device identifier from the signature. The computing device may identify a status of the client according to the device identifier. The computing device may provide, responsive to the status, a new access token to permit access to the access and a refresh token to obtain subsequent access tokens.

Machine-learning techniques and models are described for alerting users to attacks on accounts in real-time or near real-time. In some embodiments, an attack detection model uses Natural Language Processing (NLP) and multi-level classification techniques to monitor login attempts and detect attacks. The model may use NLP to convert text associated with account activity to numerical vectors, where the vectors include scores and/or other numerical values computed based on the meaning of the converted text. The model may further include a set of classifiers trained to learn patterns in the numerical vectors that are predictive of a network attack. The model may assign labels to events based on the predicted likelihood that the event is an attack. The system may deploy real-time preventative or corrective measures based on the ML model output to counter or mitigate the effects of an attack.

Systems, methods, and apparatuses directed to efficiently determining whether a device making a request to access an application or service is a managed device and using that information to set an appropriate security policy for the device or the request to access the application or service. In some embodiments, a service or server (referred to as a Managed Device Identification Service) is configured to request a client certificate from a device that is requesting access to a cloud-based application or service as part of a protocol handshake. If a certificate is received, it is compared to a stored certificate to determine if the device is a managed device and as a result, the appropriate security policy.

This disclosure describes techniques for authentication related to verification of identity for network access. The techniques may include sending a challenge associated with authentication to a network to a mobile device. In response to sending the challenge, the techniques may include receiving a challenge response from the mobile device. The challenge response may include biometric credential information associated with a user of the mobile device. The challenge response may also include an indication of an authorization assertion associated with the authentication to the network. In some examples, the techniques may include tailoring access to the network for the mobile device based on the biometric credential information.

A system configured for implementing continuous authentication for a software application is disclosed. The system receives a request from a user to login to an account of the user on the software application. The software application uses open authentication to allow the user to login to the account of the user. Once the user is logged in, the system activates continuous authentication based on monitored user behavior information associated with the user received from one or more organizations. The system monitors accessing the account of the user by monitoring behaviors of a person accessing the account of the user. The system determines whether the behaviors of that person correspond to the monitored user behavior information of the user. If the behaviors of that person correspond to the monitored user behavior information of the user, the system grants the first person to the account of the first user.

A method including encrypting, by a processor associated with a user device, authentication information associated with authenticating the user device with a service provider, the authentication information including first factor authentication information for determining a first factor and second factor authentication information for determining a second factor; detecting, by the processor, an attempt to access a service to be provided by the service provider; determining, by the processor based at least in part on detecting the attempt, the first factor based at least in part on decrypting the first factor authentication information and the second factor based at least in part on decrypting the second factor authentication information; and enabling, by the processor, authentication of the user device with the service provider based at least in part on utilizing the first factor and the second factor. Various other aspects are contemplated.

A communication system and method are provided for authenticating a portable radio from a plurality of shared portable radios. The authentication controls access to user personal profiles and public safety service applications associated with a public safety agency. A firearm having a firearm user ID stored therein, communicates the firearm user ID over short range communications to the portable radio. The firearm user ID may be used for single factor authentication or combined with a PIN entry for multi-factor authentication.