There are provided systems and methods for multifactor authentication through cryptography-enabled smart cards. A user may engage in transactions or other online interactions that may require multifactor authentication, such as by providing a secondary or further piece of evidence or information that is used to more securely trust the user and that they are not another malicious user. The user may utilize a physical card that includes a microchip embedded to a surface, where the microchip includes a key or other cryptographic signing function to be able to be scanned and digitally sign a request for authentication from a computing device. A user's computing device may then be brought into close proximity to the microchip when a request to scan the card's microchip is received. The user's computing device may then use wireless signals to activate the microchip and perform a multifactor authentication.

Unique Physical Unclonable (PUF) function objects may be created by molding or extruding specialized particles creating a measurable physical characteristic over a surface. The magnetized particles form a unique measurable magnetic “fingerprint” based on the random size, position, polar rotation, magnetization level, particle density, etc., of the particles. PUF objects may also vary in other physical characteristics by having a mixture of magnetic, conductive (magnetic or nonmagnetic), optically reflective or shaped, varied densities or mechanical properties resulting in random reflection, diffusion, or absorption of acoustical energy particles in a matrix or binder. The present invention envisions sensing any of the characteristics.

Techniques are discloses for exchanging tokens between different identity systems that follow different identity models. A token exchange system of an integrated identity management system of a cloud service can determine that that an entity is authorized to access a first identity system based on credentials of the entity entered in the first identity system. The token exchange system can exchange a first token for the first identity system for a second token for the second identity system without requiring entry of credentials to access the second identity system.

Usage-limited passcodes support authentication when onboarding new employees, when recovering access after an enrolled device is lost or temporarily unavailable, or when registering passwordless authentication methods for new devices during an out of the box setup, among other scenarios. Usage-limited passcodes are also referred to as “temporary access passes” or TAPs. TAP usage may be limited to a specific number of uses, particular kinds of uses, certain time periods, or a combination thereof. A TAP includes a code string and an implementation of corresponding tokens, rights, and other identity aspects within an enhanced access control infrastructure. TAP usage may supplement or replace other authentication, and in particular may replace authentication through a username and password combination, thereby enhancing both usability and security. Self-service identity confirmation may be used to obtain a TAP. Redirection to a federated domain identity provider may be avoided during TAP authentication.

A method includes providing an initial communication, by an access device to a user device. The access device can receive the user identifier and the access token and receive a secret associated with the user. The access device can determine, using the user identifier and/or the access token, if the transaction is authorized by an authorizing entity computer associated with the access device or by an authorizing entity not associated with the access device. If the transaction is authorized by the authorizing entity computer associated with the access device, the access device can transmit an authorization request message comprising the user identifier, the secret, and the access token to the authorizing entity computer. The authorizing entity computer validates the secret, retrieves a real credential of the user using the user identifier, and authorizes the transaction.

Systems and methods for provisioning and operating a primary security device in a verifiable end-to-end election system are presented herein. The security device serves as a root of trust for chains of certificates that are deployed and utilized throughout the election process. These chains of certificates, originating with the device, which acts as an intermediate certification authority, are used to create a verifiable trust chain throughout the different parts of the election process, the trust chain being traceable back to the device and to the original root of trust certificate. In various embodiments the security device includes a compute module, a security chip, a connection to an interface device, at least one lockable transfer device port, and an air-gapped main board to house the compute module, the security chip, and the lockable transfer device port.

Systems and methods for device registration and authentication are disclosed. In one embodiment, a method for authentication of a device may include (1) receiving, at a mobile device, a first credential; (2) transmitting, over a network, the first credential to a server; (3) receiving, from the server, a first key and a first value, the first value comprising a receipt for the first credential; (4) receiving, at the mobile device, a data entry for a second credential; (5) generating, by a processor, a second key from the data entry; (6) retrieving, by the mobile device, a third credential using the first key and the second key; (7) signing, by the mobile device, the first value with the third credential; and (8) transmitting, over the network, the signed third value to the server.

A system for secure booting of an information handling system stores a Root of Trust private key in a hardware security module (HSM). A HSM-Integrated certificate creation utility receives inputs such as bin files for each firmware volume associated with a boot sequence. The HSM-Integrated certificate creation utility loads the correct extensions for the firmware volume, generates a certificate signing request (CSR) and generates a certificate based on the CSR. The certificates can be provided to a boot sequence for processing in a trusted firmware implementation without a certificate creation utility consuming the Hardware Root of Trust private key as a file that could be compromised.

A method for the authentication on a device includes a step of providing a certificate, the certificate enabling a limited number N of authentication processes. The method further includes a step of carrying out an authentication process on the device, and a step of reducing the number N of authentication processes that are still possible for the certificate.

Some examples relate generally to computer architecture software for data classification and information security and, in some more particular aspects, to verifying audit events in a file system.