A passwordless computer system for automated identity, document, and transaction management, enabling onboarding, compliance workflow, and client lifecycle management includes a biometrics system of supervised and/or unsupervised intelligence. The system may support various biometrics types, preferably utilizing facial biometrics comparison for compliance onboarding. Images compared may be an image/recording of an identification card, credentials being physical and/or digital; gender, age, ethnicity, anti-spoofing, liveness component being present. An authentication system utilizing authentication server(s) that may upon request send a nonce to another system, devices, applications, etc. Utilizing biometrics for validating and unlocking private keys to sign a nonce, and communicating with the authentication server(s) for private and public key validation, and an access token(s).

A computer receives a request to verify a location of a primary device. The computer receives an Indicated Primary Device Location “IPDL”. The computer shows within a display a dynamically located virtual representation of a predetermined Astronomical Reference Object “ARO”. The virtual representation indicates a real-time offset between a Display Reference Indicator “DRI” and the ARO. The computer receives primary device orientation metadata from sensors associated with the primary device and generates a Measured Primary Device Orientation “MPDO” when the device is in a location verification orientation. The computer calculates an Expected Device Orientation “EDO” for a reference device arranged in the PDVP while at the IPDL. The computer generates a Location Verification Value “LVV” based, at least in part, on comparing the MPDO and the EDO. When the computer determines the LVV exceeds a predetermined verification threshold, providing an indication that the indicated primary device location is verified.

In some embodiments, apparatuses and methods are provided herein useful to multichannel authentication and tokenization. A system comprises a first authentication system serving a plurality of in-store point of sale terminals and implementing a physical channel authentication policy and a second authentication system serving a plurality of user devices accessing an e-commerce service and implementing an e-commerce channel authentication policy, and a tokenization system. The tokenization system being configured to generate a first token in response to receiving a first user credential from an in-store point of sale terminal via the first authentication system, generate a second token in response to receiving a second user credential from a user device via the second authentication system, and forward the first token and the second token to the retailer backend system, wherein the first token and the second token are generated based on a same tokenization protocol.

A method of using biometric verification comprises identifying a validation requirement during the execution of a non-voice channel interaction, and initiating a contact to the user, at a pre-registered device. The method further comprises executing a biometric verification of the user's identity and possession of the device, via a user interaction at the pre-registered device, and providing the validation when the user is successfully identified.

An authentication request message from a user conducting an interaction at a resource provider computer is received. It is determined that data representing an indication that the resource provider is trusted by the user and including a trusted marker is present in a database. Authentication to the user is provided, and information indicating that the user has been authenticated and the trusted marker are sent so that authorization request message for the interaction that includes the trusted marker is generated. The trusted marker is validated, and the authorization request message including information related to the interaction and the validated trusted marker is sent to an authorizing entity computer.

A system is provided for the storage of data, the system having: an encrypted host platform upon which regulatory controlled data is stored; a controller configured to allow a primary user to set permission settings and identify authorized end users and degrees of access granted to each the authorized end user, the authorized end user being pre-cleared for compliance with regulatory controls pertaining to the regulatory controlled data; the controller configured to permit access to the encrypted host platform only if the hosting platform is in compliance with predefined data security protocols the controller configured to allow the authorized end user access to the regulatory controlled data, and the controller configured to exclude access to both a provider of the system for storage and a system host platform provider; at least one individual computing device accessible by at least one the authorized end user, the individual computing device configured to provide authorized end user identification data to the controller and receive permissions from the controller for access to the host platform; and the host platform only communicates with individual user devices if the devices have received permission from the controller.

Provided is a method for authenticating a device. The method may include coupling a first device to an interaction database that is connected to a second device. The first and second devices store first group public and private keys. The second device also stores second device public and private keys. The first device transmits to a remote computer system a first message encrypted with a remote computer system public key that includes challenge data and response data encrypted with the first group public key and authentication data. The second device receives from the remote computer system a second message including the encrypted challenge data. The second device transmits to the remote computer system a third message including the response data. In response to receiving an authentication message, interaction may be permitted between the first device and remote computer system. A system and computer program product are also disclosed.

A threat management facility stores a number of entity models that characterize reportable events from one or more entities. A stream of events from compute instances within an enterprise network can then be analyzed using these entity models to detect behavior that is inconsistent or anomalous for one or more of the entities that are currently active within the enterprise network.

An interface for a threat management facility of an enterprise network supports the use of third-party security products within the enterprise network by providing access to relevant internal instrumentation and/or a programmatic interface for direct or indirect access to local security agents on compute instances within the enterprise network.

An authentication system includes an authentication module maintaining a store of credentials for a set of users. In response to an identity specified by credentials provided from a requestor address not being found in the store of credentials, the authentication module transmits an authentication failure response. In response to the provided credentials matching selected credentials, the authentication module transmits an authentication success response. The authentication system includes an analyzer module configured to determine a number of identity-not-found failures corresponding to a first address, identify a triggering event in response to the number exceeding a predetermined threshold, and, in response to the triggering event, add the first address to a block list. The authentication system includes a query module configured to, in response to a query for a specified address, determine whether the specified address is present in the block list and, if so, instruct transmission of the authentication failure response.