Systems and methods provide access to location-restricted resources outside of recognized locations. An example, a method includes receiving a request for a controlled access resource from a client device and determining that the request is not associated with a recognized location but that state data exists for the client device identifier. In response to identifying the state data, the method includes generating a link for accessing the controlled access resource at a server, generating an encrypted token including a timestamp, a random number, and licensed resource information from the state data, including the encrypted token in the link, and providing the link to the client device. The client device uses the link to request the controlled access resource from the server, which determines that the request includes the token, determines that the token is not expired, and provides the controlled access resource to the client device.

Aspects of the subject disclosure may include, for example, initializing a secure timer in a wireless device, determining whether a subscriber identification module (SIM) card installed in the wireless device comprises a carrier identity that matches a carrier identity stored in the machine-readable medium, establishing a network connection with a trusted server, starting the secure timer if the SIM card and network connection are satisfactory, periodically checking the network connection and SIM card until expiry of the secure timer, penalizing the secure timer responsive to a failure of the network connection or SIM card check, and responsive to expiry of the secure timer, unlocking a SIM lock. Other embodiments are disclosed.

A rollover system is provided to facilitate transitioning of client devices in a shared account network environment, from an old password to a new replacement password. The switching of passwords may take place gradually during a rollout period for client devices without required downtime and reducing a risk of lockouts. During the rollover period, a prior salt is temporarily carried over to a new verifier for the replacement password. Two new verifiers are generated: a temporary new verifier using the old salt for verification during the rollover period and another new verifier using a different new salt for verification after the rollover period had expired. During the rollover period, authentication involves the use of the temporary new verifier with the old salt or by the old verifier and old salt of the prior password. After the rollover period, authentication is based on the new verifier with a new salt.

Authentication processing is provided which includes generating an authentication parameter as a function of a time-dependent input using a predetermined transformation having an inverse transformation. Multiple authentication modes are supported, with a bit-length of the time-dependent input of one authentication mode being different from a bit-length of the time-dependent input of another authentication mode. Generating the authentication parameter is dependent, in part, on whether the time-dependent input is of the one authentication mode or the other authentication mode, and includes performing multiple rounds of transformation of the time-dependent input. A time-dependent password including a character string is generated from the authentication parameter using another predetermined transformation having another inverse transformation. The time-dependent password is forwarded within the authentication system for authentication by an authenticator.

Transaction authorization systems may include a transaction processor and an authorization server system. The transaction processor obtains transaction requests authorizations for those requests from the authorization server system. The transaction processor may require an authorization be provided within a threshold time; otherwise, the transaction may be processed without authorization. The authorization server system may be hosted using one or more nodes in a distributed system. Degradation of the performance of the distributed system may cause the performance of the authorization server system to fall below the required performance threshold and transactions may not be authorized before automatic processing. Transaction authorization systems may monitor the health of the individual nodes and/or the distributed system and automatically adjust the routing of authorizations based on current and/or future performance degradation. The transaction authorization system may also allocate additional resources and/or reroute authorizations to a separate distributed system to avoid performance degradations.

This disclosure describes systems, methods, and devices related to coordinating the exchange of information relating to the delivery of assets (e.g., packages, freight, supplies, parts, materials, raw goods, inventory, tools, and equipment) in a supply chain or inventor management context. A status token may be provided to an unauthorized user, wherein the status token is initialized in an invalid state. Attempts to query status information while the status token may be denied and/or convey no information regarding the status of the asset. If an adverse condition occurred during a designated time period, status information for the asset may be provided.

The concepts and technologies disclosed herein are directed to conditional temporary authentication for third party nodes. According to one aspect of the concepts and technologies disclosed herein, a first node of a plurality of nodes can provide a master authentication key to a second node of the plurality of nodes. The first node can receive, from a third node of the plurality of nodes, a temporary child authentication key derived from the master authentication by the second node. The first node can process the temporary child authentication key to determine which portion of a resource to allow the third node to access. The first node can provide the third node access to the portion of the resource.

Systems and methods for token processing are disclosed. An access device can provide access device data to a mobile communication device. The communication device generates a token request including the access device data and communication device data and sends the token request to a server computer. The server computer returns a token and a token cryptogram to the mobile communication device. The token and the cryptogram may be used in a transaction.

An authentication assurance level associated with an entity, for instance a user equipment, may be computed periodically or in response to an event. The authentication assurance level is compared to an authentication threshold. Based on the comparison, it is determined whether a fresh performance of at least one authentication factor needs to be performed. Thus, appropriate authentication factors and functions may be invoked on a periodic basis to maintain a certain authentication assurance level, which is referred to herein as the assurance threshold. The authentication assurance level may change, for instance decay, over time and may be refreshed periodically.

There is proposed a user authentication method that uses a time-based password (TP) having a relatively long update cycle instead of a TOTP having a conventional short update cycle (e.g., 60 seconds). The present invention is a user authentication method executed by an authentication system that performs authentication of a user who performs access from an information communication terminal device in order to use a usage target system by using a reference terminal device that includes a security token capable of generating a TP. The authentication method includes setting an update cycle of the TP to a first update cycle of 30 days, 1 month, or a time period longer than 1 month, receiving a user authentication request that includes a time-based password generated by the security token according to the set first update cycle, and performing the authentication based on the TP contained in the received user authentication request.