The method comprises the following steps: presentation of a mobile terminal to an access control point, capture of an image carried by the access control point, and representative of an encoded item of computer data, by a camera of the terminal, and decryption, by the terminal of the of the image captured by the camera, so as to deduce therefrom the encoded item of computer data, which is a unique identifier of the access control point, by the mobile terminal, by the unique identifier of the access control point decrypted, transmission to the access control point broadcast, by the mobile terminal, of an entitlement for access to the reserve zone, which entitlement is stored in its memory, via the wireless connection, and control of the validity of the data of the access entitlement by the access control point.

The present disclosure relates to a method and a device for processing a verification code. The method includes: acquiring the verification code in a message; determining whether the verification code has expired; and allowing an operation corresponding to the verification code if the verification code has not expired.

Systems, methods, and other embodiments are disclosed for data-driven user authentication misuse detection. In one embodiment, for a user authentication attempt to access a secure computer resource, user authentication log data having user attribute values is collected. The user authentication log data is transformed into a tracer data structure. The tracer data structure is augmented with timestamp data to generate an event data structure. It is determined whether the tracer data structure matches an existing tracer data structure stored in a rules database and, if not, a novelty flag is set to generate a new user behavior model filter. If the tracer data structure matches the existing tracer data structure: an existing user behavior model filter is applied, issuance of an alarm message or signal is controlled, and the existing user behavior model filter is updated based, at least in part, on the event data structure.

Method and devices for making access decisions in a secure access network are provided. The access decisions are made by one or more portable credentials using data and algorithms stored on or received by two or more credentials. Since access decisions are made by the portable credential or credentials, non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database, thereby reducing the cost of building and maintaining the secure access network.

Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly.

Systems and methods for establishing secure communication between electronic devices. In some aspects, at least two computing devices physically interact with each other multiple times, and sensors in each device detect and record the times of the physical interactions. The times of the physical interactions are used as time secrets, which are used as a basis for generating a cryptographically secure key used as a shared secret among the devices to provide secure communications therebetween.

A modifier infrastructure that takes digital device behaviors and allows them to enact channel behaviors instead. This infrastructure preferably extends to address issues of channels connected to channels for controlling and managing identities, privileges, and the encryption and decryption of valuable information. Embodiments of the present invention provide methods for computer authenticationparticularly for component authentication, human-component authentication, and/or network cryptography.

The described technology provides a capability to perform in-session updates to entitlements associated with a user's access to content served by a web application. The content may be from one or more external servers. The technology provides for automatically detecting changes to entitlements, and without requiring a user of an active session to initiate a new session, updating entitlement data in a memory such that subsequent requests for data made by the client in the same active session are serviced using the updated entitlements.

A security application for a computing device, e.g., a mobile phone, allows generation of a secret according to a unique user input (e.g., user credentials). The secret is stored in a directory such that it is retrievable when the unique user input is received via a user interface of a device on which the security application executes or is coupled with. Responsive to receiving an identifier associated with the secret, the security application prompts, e.g., via a user interface of the mobile phone, entry of the unique user input; and, subsequently, verifies the unique user input. Following such verification, the security application provides the secret for use in encoding a communication with a remote computer-based station. Entry of the user credentials may be required prior to the security application generating the secret, and may be responsive to receipt of an invitation (e.g., from the remote computer-based station) to generate it.

Methods, devices, and systems are provided for invisibly indicating duress via a wearable device. In response to determining a duress condition associated with a user exists, a duress signal is provided to components of the access control system. The duress signal can identify a user associated with the duress, a duress type, and even include a location associated with the duress condition. An alert of the duress condition can be distributed to one or more devices in the access control system. These devices may be associated with users of the system and the alert may be configured to silently inform the users of the duress condition.