A system is provided that allows users to execute a secure transaction that is authenticated by their user device. Personally identifiable information (PII), such as, but not limited to, biometric authentication data, is locally stored on the user's device so as to protect the PII. A user device private key is associated with the particular user device and the user, and the corresponding public key is registered with a User Device Authentication Alliance server (UDAAS) system. In an online transaction, a LoginID server or an Access Control server interact with the UDAAS to confirm the user is authentic and has confirmed the transaction.

A first user device includes a camera. The first user device receives a challenge-response message following a request for access to a secure server. The first user device captures a first image of the first user. The first image includes an image of at least a portion of a face of the first user. An authentication result from facial recognition scan of the second user is received. Facial recognition is used to determine that the face of the first user is a face of an authorized user of the secure server. The first user device generates and sends a response to the challenge-response message based on results of facial recognition and the received authentication results.

Systems and methods for authenticating and executing a user request with increased security and efficiency are provided. A method may include receiving a selection from a user to restrict informational access of a selected administrator who is logged in to a system network, and locking access of the administrator to secure user information. The method may also include receiving, from the user, limited identifying information, and transmitting to the user, based on the limited identifying information, a uniform resource locator (URL) link and a one-time password (OTP). The method may also include achieving 2-factor authentication when the user accesses the URL link and submits the OTP, and receiving from the user the secure user information and a service request. In response to receiving the secure user information and the service request, the method may include executing a response to the service request via the system network.

Provided is a method, system, and apparatus for authenticating a user device. The method includes registering a device identifier with at least one transformation rule, receiving a request for authentication comprising a device identifier associated with a user device, obtaining a one-time password (OTP) in response to receiving the request, communicating the OTP to the user device, receiving a transformed OTP from the user device, and authenticating the user device based on the OTP, the transformed OTP, and the at least one transformation rule.

A method for backing up data includes: receiving, by a driver in a host controller of a data storage device, an indication of a threatening event identifying one or more data files in the data storage device; delaying, by the driver, the threatening event; and backing up, by the driver, the one or more data files in the data storage device, prior to allowing the threatening event.

A method and system for performing at least one service are disclosed. The method and system include receiving a communication for a data source at a wrapper. The wrapper includes a dispatcher and at least one service. The dispatcher receives the communication and is data agnostic. The method and system also include providing the communication from the dispatcher to the data source and to the at least one service. The at least one service inspects the communication and may perform additional functions.

Systems, methods and computer program products for controlling access to data owned by an application subscriber using two-factor access control and user partitioning are disclosed. In one embodiment, applications are executed on a multi-tenant application platform in which user partitions designate associated users and authentication services for those users. Tenants may subscribe to the applications and may allow access to the subscriptions through designated entry points. Users that are authenticated according to the corresponding user partition and access the application through the designated entry point are allowed to access the application through the tenant's subscription.

Devices, systems and processes for substantially simultaneous payment verification using multi-factor authentication are described. A system may include a user payment system (UPS), a point of sale system (POS) communicatively coupled to the user payment system, and an issuing bank system (IBK) communicatively coupled to at least the POS. The IBK system may include an IBK hardware processor configured to execute first non-transient computer executable instructions including instructions for establishing a direct connection between the IBK and the UPS. The instructions may also include those for communicating, using the direct connection, a query to the UPS, receiving a first response, from the UPS, to the query, and based, upon the first response, determining whether to approve a given transaction. The direct connection may use a 5G wireless link. The query may be communicated to substantially simultaneously with receipt of a request to approve the given transaction.

The technology disclosed relates to authenticating users using a plurality of non-deterministic biometric identifiers. The method includes generating a scannable code upon receiving a success nonce from a registration server. The registration server can access a user identifier and a hash of at least a signature using the success nonce. The signature can be generated based at least in part upon a biometric identifier of a user. The method includes recreating the hash of the signature stored by the registration server. The method includes generating the scannable code by encrypting the success nonce and the recreated hash. The biometric identifier of the user is generated by feeding a plurality of non-deterministic biometric inputs to a trained machine learning model producing a plurality of feature vectors. The method includes projecting the plurality of feature vectors onto a surface of a unit hyper-sphere and computing a characteristic identity vector representing the user.

Methods and systems for injection of tokens or certificates for managed application communication are described. A computing device may intercept a request from an application executable on the computing device, the request being to access a remote resource. The computing device may modify future network communications between the computing device and the remote resource to include a token or a client certificate, where the token or the client certificate is an identifier that enables the future network communications to be routed to the remote resource for a given computing session without use of data from the remote resource or data indicative of a connection of the remote resource in which to receive the future network communications. The computing device may send the future network communications to the remote resource to enable action to be taken on behalf of the computing device in response to receipt of the future network communications.