A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

A system is provided for controlling access to data stored in a cloud-based storage service. A first request is received to access data stored at the cloud-based storage service, the data associated with a user account. The first request is authenticated based on a username and password associated with the user account. A second request is received for a file that is stored in an area associated with a heightened authentication protocol. The heightened authentication protocol is performed to authenticate the second request. In response to authenticating the second request, permission is granted to a temporary strong authentication state. The permission is to access the file that is stored in the area associated with the heightened authentication protocol. In response to a failure to authenticate the second request, access to the file that is stored in the area associated with the heightened authentication protocol is denied, while access to files stored in other areas associated with the user account is allowed.

A cloud-based storage architecture provides for the isolation of client data in a distributed manner using a hub-and-spoke account mechanism within the cloud. Individual client data is securely isolated while still providing a master account with access to all data, including providing access from common applications to all of the data. Thus complete client isolation is achieved while simultaneously sharing the code necessary to process the data in the cloud. A separate client account may be maintained for data stored at separate physical locations, such as may be required under various privacy laws and regulations; in this manner, no data is required to leave a specified geopolitical location in order for processing to occur.

Embodiments of devices, systems and processes for substantially simultaneous payment verification using multi-factor authentication are described. A system may include a user payment system (UPS), a point of sale system (POS) communicatively coupled to the user payment system, and an issuing bank system (IBK) communicatively coupled to at least the POS. The IBK system may include an IBK hardware processor configured to execute first non-transient computer executable instructions including instructions for establishing a direct connection between the IBK and the UPS. The instructions may also include those for communicating, using the direct connection, a query to the UPS, receiving a first response, from the UPS, to the query, and based, upon the first response, determining whether to approve a given transaction. The direct connection may use a 5G wireless link. The query may be communicated to substantially simultaneously with receipt of a request to approve the given transaction.

A system described herein may provide for multiple levels of authentication, such that a User Equipment (“UE”) may receive secure content from an application server, which may include or may be implemented by a multi-access edge computing (“MEC”) system. As described herein, a user associated with a UE may register the UE and/or a particular application with an authentication system and/or the application server. The registration of the UE and/or the application may establish a “trust” relationship between the authentication system and the UE, such that a user-level authentication performed by the UE, such as biometric authentication, may be accepted by the authentication system and/or the application system as an authentication of the user.

Disclosed are methods, systems, and non-transitory computer-readable media for using a sponsor as a proxy for multi-factor authentication of a first user account for a first user when a primary multi-factor authentication mechanism is unavailable to the first user account, comprising registering the sponsor in a multi-factor authentication chain of trust associated with the first user account; requesting verification of an identity of the first user from the sponsor; receiving, from the sponsor, a verification of the identity of the first user; and granting access to a service to the first user account.

Embodiments of the invention are directed to systems, methods, and computer program products for authentication of user activities based on establishing communication links between network devices. The invention is structured for dynamically authenticating transmitted activity processing data based on establishing seamless electronic communication handshake between network devices and without requiring user intervention. Specifically, the invention is structured to establish an operative communication link between the second networked device and the user device, wherein establishing the operative communication link comprises establishing a handshake between an entity intelligent platform associated with the second networked device and the multi-channel cognitive resource platform of the user device. Moreover, the invention is structured to authenticate the first activity for based on the identified code match.

In one approach, a method includes: receiving a reference login event input from a user, the reference login event input being associated with a first session of the user logging into an account; receiving a new login event input from the user, the new login event input being associated with a second session of the user logging into the account; accessing a machine learning model, wherein the machine learning model is trained using data selected based on a similarity of behavior between different users; and authenticating, with the machine learning model, the user for the account, based at least in part on the reference login event input and the new login event input. In examples, the reference and new login event inputs comprise one or more items of biometric data generated by interaction of the user in a web environment and/or a mobile environment for logging into the account.

In some implementations, a device may receive a notification to authenticate a user associated with a user account of an application server. The device may send, to the user device, an authentication request that prompts the user to provide a contextual description of an operation associated with the user account. The device may receive, from the user device, an authentication response that includes a described characteristic of the operation that is associated with a parameter of the operation. The device may determine whether the authentication response is valid based on a comparison of the described characteristic of the operation and the parameter of the operation. The device may cause, based on a determination that the authentication response is valid, performance of the operation based on the parameter.

A computer-implemented method, system and computer program product for utilizing multi-factor authentication to authenticate an Internet of Things (IoT) device. The identity credentials of neighboring IoT device(s) are obtained by the IoT device to be authenticated. Upon providing a request to the authentication system to prove its identity, the IoT device provides the authentication system a first factor credential, such as a username and password. The authentication system, upon confirming the accuracy of the first factor credential, challenges the IoT device to provide the second factor credential. After receiving the challenge from the authentication system to provide the second factor credential, the IoT device returns the second factor credential that was generated based on the obtained identity credentials from the neighboring IoT device(s). Upon determining that the received second factor credential includes the identity credentials from the minimum number of required neighboring IoT devices, the authentication system approves authentication.