A computing system can associate a customer device of a customer with a financial transaction record and the merchant, the financial transaction record indicative of a first purchase from the merchant by the customer, transmit a first query to the customer device prompting the customer to input information regarding an aspect of the first purchase, the first query including a description of a predetermined product parameter of the financial transaction record indicative of the first purchase from the merchant by the customer, authenticating, by the computing system, the first request by determining that the customer-input response to the first query corresponds to the established aspect of the first purchase in accordance with a predetermined accuracy threshold, and authorizing, by the computing system, connection of the customer device to the network provided by the merchant based at least in part on the first request being authenticated.

This disclosure describes techniques for dynamically changing a user authorization with a service provider during an ongoing user session. The changing user authorization may be used to address changing confidence in an identity of a user consuming a service provided by the service provider. The changing user authorization may also be used to adjust a scope of a service to which a user has access. The present techniques may allow single-sign-on type protocols to accomplish the flexible and dynamic change-of-authorization functionality of some traditional protocols to handle ongoing client-server sessions, rather than simply revoking authorization for access to the service. For this reason, the present techniques are able to integrate advantages of traditional protocols with newer, single-sign-on-type protocols.

Apparatuses, methods, and systems are disclosed for protecting the user identity and credentials. One apparatus includes a processor registers with a mobile communication network using a first set of credentials, the mobile communication network supporting a plurality of network slices. The processor receives a public key for a network slice where slice-specific authentication is required and encrypts a second set of credentials using the public key. Here, the second set of credentials is used for authentication with the network slice. The apparatus includes a transceiver that sends a message to the mobile communication network, the message including the encrypted second set of credentials.

Systems and methods provided for a sensor certificate lifecycle manager for a network management system of an enterprise network for the automated generation of unique certificates for sensors used to act like a client device in the enterprise network for the purposes of troubleshooting. Furthermore, the network management and command center in association with the sensor certificate lifecycle manager manages a pool of signed unique certificates and have control over the lifecycle of such certificates, such as for revoking, transferring, and reassigning certificates for the sensors.

A method for deleting user equipment devices UEs in batches, where the method includes: A control device sends a delete instruction to a virtual broadband remote access server (vBRAS)-control plane (CP), where the delete instruction includes a target attribute, and where the vBRAS-CP instructs vBRAS-user plane (UP) devices to delete all user equipment devices meeting the target attribute according to the delete instruction.

According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to identify configuration information to be used by an on-premise access management service to provide authentication services to applications by users. The processor may also transform the identified configuration information into a transformed set of configuration information to be used by a cloud-based access management service to provide authentication services to the applications by users. In addition, the processor may store the transformed set of configuration information for use by the cloud-based access management service to provide authentication services to the applications by users to migrate authentication of the users from the on-premise access management service to the cloud-based access management service.

Methods, systems, and apparatuses are described herein for improving the security of personal information by preventing attempts at gleaning personal information from authentication questions. A computing device may receive a request for access to an account associated with a user. The request may comprise candidate authentication information. Based on comparing the candidate authentication information with the account data, the computing device may generate a synthetic authentication question. The synthetic authentication question may be generated as if the candidate authentication information is valid. A response to the synthetic authentication question may be received, and the request for access to the account may be denied.

A two-factor authentication system includes a mobile device having a vibration element configured to generate a vibration sequence based on a unique vibration code received by the mobile device. A two-factor authentication server is communicatively coupled to the mobile device and is configured to send the unique vibration code to the mobile device in response to the two-factor authentication server receiving a two-factor authentication request. A vibration receiver is configured to support the mobile device and communicatively coupled to the two-factor authentication server. The vibration receiver includes a vibration sensor configured to detect the vibration sequence generated by the mobile device based on the unique vibration code and generate a vibration authentication signal based on the detected vibration sequence. the two-factor authentication server is configured to receive the vibration authentication signal generated by the vibration receiver and authenticate the two-factor authentication request based on the received vibration authentication signal.

The disclosed technology is generally directed to web authentication. In one example of the technology, authentication of a broker is obtained with an identity provider. Obtaining the authentication includes at least communication between the broker and a top-level frame and communication between the broker and the identity provider. The broker is executing in a descendant frame of the top-level frame. The top-level frame and the broker are hosted on different domains. At the broker, from an embedded application that is executing on another descendant frame of the top-level frame, a token request is received. Via the broker, a token is requested from the identity provider. The token is associated with an authorization of secure delegated remote access of at least one resource by the embedded application. At the broker, from the identity provider, the token is received. Via the broker, the token is provided to the embedded application.

An authentication system in which an image forming apparatus authenticates a user, the authentication system includes: an obtainer that obtains, from a terminal apparatus, a mail address of, and security information on, the user; a verificator that verifies the security information at a verification point identified with the mail address; and an authenticator that authenticates the user if the security information is able to be verified correctly.