Provided is a method for authenticating a device. The method may include coupling a first device to an interaction database that is connected to a second device. The first and second devices store first group public and private keys. The second device also stores second device public and private keys. The first device transmits to a remote computer system a first message encrypted with a remote computer system public key that includes challenge data and response data encrypted with the first group public key and authentication data. The second device receives from the remote computer system a second message including the encrypted challenge data. The second device transmits to the remote computer system a third message including the response data. In response to receiving an authentication message, interaction may be permitted between the first device and remote computer system. A system and computer program product are also disclosed.

Some embodiments provide a method for a first device to join a group of related devices. The method receives input of a password for an account with a centralized entity and a code generated by a second device in the group. When the second device determines that the code input on the first device matches the generated code, the method receives an authentication code from the second device for authorizing the first device with the entity as a valid device for the account. The method uses the password and information regarding the first device to generate an application to the group. After sending the application to the second device, the method receives information from the second device that enables the first device to add itself to the group. The second device verifies the generated application, and the method uses the information received from the second device to join the group.

A method and system for user authentication through mobility traces comprising: retrieving and processing (401, 411) data records stored in a network events database (14), the data records comprising data of one or more interactions (101) of the user with at least one network element (12) through a mobile device (11) of the user, a timestamp (T) associated with the recorded interactions, a unique identifier of the mobile device (11), a unique identifier of the user and a unique identifier of the network element (12); computing (103) at least one network interaction track, NIT, by using the retrieved data; using the at least one computed NIT (402, 412) to obtain an authentication result, e.g., based on a computed authentication probability (P.sub.i), indicating either a success or a failure of the user authentication to be returned to a third-party service provider (21) requesting the user authentication status check (202, 302).

A remote control system for a vehicle including: a user terminal; and a vehicle configured to transmit/receive information to/from the user terminal through a communication network. The vehicle performs first authentication on a user by comparing a captured image of the user to a reference image in response to an unlocking signal or start-up request signal received from the user terminal, and transmits second authentication pre-processing information to the user terminal, the second authentication pre-processing information being obtained by generating an encryption key from a feature vector extracted from the image of the user and encrypting unique information of the user. The user terminal performs second authentication on the user by decrypting the second authentication pre-processing information received from the vehicle with a decryption key stored therein.

Disclosed herein is a system for facilitating security of a resource using a plurality of credentials, in accordance with some embodiments. Accordingly, the system may include a communication device configured for receiving a user credential associated with a user from a user device to access one or more services of the resource, and obtaining a current contextual data from the user device. Further, the system may include a storage device configured for retrieving a stored contextual data and a stored credential associated with the user from a database. Further, the system may include a processing device configured for comparing the user credential with the stored credential, analyzing the current contextual data and the stored contextual data, and authenticating the user device based on the comparing and the analyzing to determine a level of access to the one or more services of the resource by the user device.

Identity identification preprocessing methods and systems, and identity identification methods and systems are disclosed. After any user carries a mobile device to a predetermined nearby area of a biometric feature collection device, the mobile device of the user receives a wireless signal broadcast by the biometric feature collection device. The wireless signal triggers the mobile device to upload an auxiliary identification factor other than a biometric feature of the owner and an identity of the owner to an identification server. The identification server establishes a mapping relationship between the received identity and the received auxiliary identification factor. After subsequently obtaining a collected biometric feature uploaded by the biometric feature collection device, the identification server can perform two-factor-based user identity identification based on the previously established mapping relationship and the collected biometric feature.

Registration means of an authentication system (S) registers, for each user, first authentication information and second authentication information in storage means. First authentication means performs first authentication based on a similarity between the first authentication information that has been input and the registered first authentication information. Second authentication means performs second authentication based on a match between the second authentication information that has been input and the registered second authentication information. Restriction means restricts a plurality of users having similar first authentication information to each other from registering the same second authentication information as each other.

Exemplary embodiments described herein include a password-less pluggable authentication module (PAM). Exemplary embodiments of the PAM may allow a user to log in using a smartphone as a token. The smartphone or other identifiable module electronic device may use a unique identifier of the mobile device, biometrics, and/or knowledge factors to authenticate with a remote authentication server.

A system and a method of determining persistent presence of an authorized user while performing allowed operations on an allowed resource of the system while satisfying certain context-sensitive restrictions are disclosed. The system receives a request from a user to authenticate him/her. The system authenticates the user using biometric information of the user or any other authentication mechanism in a given context-sensitive restriction. If the user is authenticated, then the system allows the user to perform the allowed operation using the allowed resources in the context-sensitive restriction. If the authentication fails indicating that the user is an unauthorized user, then the system initiates a resolution process to halt or terminate the allowed operation to restrict or obfuscate the allowed operation from being accessed by the unauthorized user. In one embodiment, the system comprises an External Companion Device (ECD) paired with the system to perform the authentication and manage the allowed.

Systems and methods are disclosed for executing an electronic transaction using a digital wallet. One method includes receiving a guest checkout request and electronic transaction data from an electronic transaction browser. Whether a user is enrolled in the digital wallet system may be determined by the digital wallet system. The digital wallet system may authorize an electronic transaction based on the electronic transaction data upon determining the user is not enrolled in the digital wallet system. The digital wallet system may initiate a digital wallet enrollment upon authorizing the electronic transaction. The digital wallet system may store the user data in the digital wallet system and transmit a verification request to the electronic transaction browser. The digital wallet system may receive a verification response from the electronic transaction browser and may generate a digital wallet enrollment status message based on the verification response.