A mobile network based authentication system for authenticating a user's access to a restricted-access account includes an application server and an identification server. The application server is configured to authenticate the user's access to the restricted-access account by transmitting a one-time password to a mobile computing device of the user and confirming that the one-time password has been entered by the user. The identification server communicates with the application server after the application server receives a request from the user to access the restricted-access account and before the application transmits the one-time password to the mobile device, to verify that an attribute of the restricted-access account is linked to a network identification of the mobile computing device.

An enhanced email service that mitigates drawbacks of conventional email services by enabling transmission of encrypted content to a recipient regardless of the recipient having a prior relationship with the sender or having credentials issued from a certificate authority. A method is provided for receiving encrypted content and generating a message includes both the encrypted content as an attachment and a link to enable access to the encrypted content. The method may include transmitting the message to an intended recipient's mailbox while also storing the message in another mailbox to provide for subsequent decryption of the encrypted content. The link may provide the intended recipient of the message with access to the encrypted content in various ways depending on, for example, whether the recipient is viewing the message through a webmail browser or through a local mail client that is compatible with the enhanced email service.

The described technology is generally directed towards a machine learning development hub, and corresponding methods and computer readable media. The machine learning development hub can comprise a machine learning development platform complete with various tools for various stages of machine learning development. The machine learning development hub can furthermore comprise translation functions to translate received inputs into inputs to other machine learning development platforms. The machine learning development hub can collect credentials for the other machine learning development platforms and can connect to the other machine learning development platforms via their respective interfaces, in order to supply inputs and instructions thereto. The machine learning development hub can encrypt its communications to other machine learning development platforms to secure its interactions.

Secure access recovery to a network device includes encrypting a user password into an encrypted target password using a secret regenerative key, and adding a one-time password seed and the encrypted target password into a secure recovery container, which is stored securely in the network device and a trusted recovery device. In response to a recovery request, a one-time password can be generated using the one-time password seed to retrieve the encrypted target password from the recovery device. A decrypted recovery password is generated based on executing decryption on an input string based on the secret regenerative key. The encrypted target password, retrieved from the secure recovery container in the network device, is decrypted into a decrypted target password based on the secret regenerative key. Secure access is recovered in response to determining the decrypted recovery password matches at least a part of the decrypted target password.

Methods and systems for improved and novel encryption that make it difficult or impossible in any practical way to extract data that has been protected on the computing system. A computing device may receive authentication data from a client device. The computing device may generate an encryption key and a corresponding decryption key. The computing device may receive, from the client device, information associated with a timed access window. The computing device may send, to the client device, the encryption key. The computing device may receive, from the client device, a request for the corresponding decryption key. The computing device may calculate that the request for the corresponding decryption key is during the timed access window and send, to the client device, based on the request and the calculation that the request for the corresponding decryption key is during the timed access window, the corresponding decryption key.

A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.

Trustworthiness of an accelerator in heterogenous systems is increased. A workload of an application is offloaded to an accelerator for the accelerator to perform the workload. The accelerator is ensured to generate an output of the workload based on offloading the workload. The accelerator is identified as generating an output of the workload based on offloading the workload. Both an input and the output of the workload are ensured to be authentic based on offloading the workload to the accelerator. Both the input and the output of the workload are ensured to be securely transmitted based on offloading the workload to the accelerator.

A one-time password (OTP) is transmitted to an authorized wireless device for use an authentication factor, even though the OTP may be intercepted or otherwise viewed with an unauthorized device. When a secure request is initiated that requires entry of an OTP as an authentication factor, a hyperlink is transmitted to a wireless device from which the secure request is initiated. When the hyperlink is selected, a connection is established with an entity that determines mobile number information associated with the SSL connection. Comparison of the determined mobile number information and the mobile number of the wireless device to which the hyperlink was intended to be sent indicates whether the wireless device that has established the SSL connection is the authorized wireless device. The OTP is displayed on the wireless device after that device has been verified as the authorized wireless device.

A dual-factor PIN based authentication system and method uses a cryptogram provided by a contactless card associated with the client in association with a PIN stored by the contactless card to authenticate the client. In some embodiments, cryptogram authentication may be preconditioned upon a PIN match determination by the contactless card. In other embodiments, the cryptogram may be formed at least in part using the personal identification number (PIN) stored on the contactless card encoded using a dynamic key stored by the contactless card and uniquely associated with the client. Authentication may be achieved by comparing the cryptogram formed using the PIN against an expected cryptogram generated an expected PIN and an expected dynamic key.

Secure registration of a new application with a server system is provided. An old application has been registered with the system. A first link between the new application and the system establishes a first key and first check data is communicated from the system to the new application and passed to the old application. A second link between the old application and the system establishes a second key based on input of a credential to the old application; the first check data is communicated from the old application to the system. Enciphered second check data is communicated from the system to the old application over the second link and further encrypted by the old application using a third key. This generates doubly-enciphered check data which is passed to the new application and decrypted using the first key and a fourth key, generated at the new application based on the first check data and input of the credential to the new application.