Techniques and apparatuses are described that enable integrated second factor authentication. These techniques and apparatuses enable the improved security of something you have without the accompanying inconvenience or chance of loss. To do so, a secure physical entity is integrated within a computing device. While this provides the something you have without a need to carry a separate object with you, the something you have also must not be able to be accessed remotely. To prevent remote access physical wires are connected from the secure physical entity to physical structures on the computing device. In this way, a hacker or cyber thief cannot convince an authentication system that the cyber attacker does indeed have the something you have because to do so the attacker must be in physical possession of the computing device.

A method is disclosed in which one or more pieces of first authentication information are obtained. The one or more pieces of first authentication information represent at least one piece of unique information associated with a user and/or an electronic device of the user. A trust level is determined based, at least in part, on the one or more pieces of first authentication information. The trust level value is indicative of a level of trust in the one or more pieces of first authentication information. An according apparatus, computer program, and system are also disclosed.

Techniques for intelligently deciding the optimal authenticator(s) from amongst those supported by an electronic device are described. The authentication system according to some embodiments may include a dynamic machine learner that incorporates the attributes of: (i) user behavior attributes (e.g., preferred authenticator); (ii) device attributes (e.g., hardware and software specifications, applications, etc.); and (iii) operating environment attributes (e.g., ambient light, noise, etc.), as well as the interplay between the aforementioned attributes over time to make the decision. In some embodiments, the authentication activities and patterns of other users of similar type (e.g., users exhibiting similar behavior across different operating environments) can also be learned and employed to improve the decision making process over time.

A multi-factor authentication method and system is provided such that a push notification during an authentication process is only received if a mobile device and user are authenticated prior to receiving the push notification. Either the mobile device itself or a second device sending the push notification may be programmed to either reject or not forward the authentication request. Additionally, using the method of the present invention, enhanced security is provided by requiring the location of the mobile device and the second device to be approximately in the same geographical location.

A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

A relative risk can be determined using an originating Internet Protocol (IP) address as an identifying factor for purposes of authenticating a user. The originating IP address can be used as an identifying factor for a particular user account to determine potentially fraudulent activity and reduce the risk of fraud. This additional identifying factor can be used as a part of an overall authentication platform to help screen fraud attempts and to authenticate valid and non-fraudulent users. Using certain aspects can distinguish whether originating IP addresses are public or private. Some examples can track and match originating IP addresses to user accounts and also can keep track of recently active sessions for each IP address.

A system and method are disclosed herein leveraging financial networks standards with mobile device data and secure processing and storage environment knowledge to authenticate a device. For instance, a party to a transaction may utilize these elements of information, not traditionally associated with wireless transactions, to achieve a lower probability of fraud and/or a higher confidence associated with the transaction.

Systems, methods, and computer program products for controlling use of sensitive data. A heartbeat signal conveying a context identifier is transmitted into areas where access to sensitive data is granted to authorized users. In response to receiving a request to access the sensitive data, access may be granted if the context identifier in the request matches the context identifier in the heartbeat and denied otherwise. If the requestor has exceeded an access threshold, access may be granted at a reduced rate. This reduced rate may be achieved by reducing a rate at which encryption keys are provided to the requestor. An access control layer positioned between an application layer and a communication layer allows the application layer to use plaintext of the sensitive data while protecting the sensitive data as ciphertext in the communication layer.

Techniques and apparatuses are described that enable integrated second factor authentication. These techniques and apparatuses enable the improved security of something you have without the accompanying inconvenience or chance of loss. To do so, a secure physical entity is integrated within a computing device. While this provides the something you have without a need to carry a separate object with you, the something you have also must not be able to be accessed remotely. To prevent remote access physical wires are connected from the secure physical entity to physical structures on the computing device. In this way, a hacker or cyber thief cannot convince an authentication system that the cyber attacker does indeed have the something you have because to do so the attacker must be in physical possession of the computing device.

In accordance with embodiments disclosed herein, there are provided methods and systems for implementing a web-based life management platform with user created electronic communications triggered upon future events supported by a processor and a memory to execute such functionality. For instance, there is disclosed in accordance with one embodiment, a life management platform including means for: generating a user account for a subscriber at the system; communicably interfacing with a user device over a network via a receive interface of the system, in which the user device operates remotely from the system; authenticating the subscriber via subscriber credentials received from the user device; receiving input from the user device defining each of: (i) one or more contacts, (ii) one or more messages, and (iii) one or more documents; receiving a request to configure a plan for the subscriber and configuring the plan to include (i) at least one of the one or more contacts, (ii) at least one of the one or more messages for the included contacts, and (iii) at least one of the one or more documents to be made accessible to the included contacts; defining an event trigger for the plan, in which the event trigger is to initiate execution of the plan upon occurrence of a subscriber defined event; and triggering execution of the plan at the system pursuant to determination the event trigger has occurred, in which execution of the plan includes transmitting a notice to the included contacts for the plan with a link to access the message and the one or more documents. Other related embodiments are disclosed.