A computer-implemented method for authentication is provided. The method includes displaying, on a display device and while in a locked state, a set of color wheels, each color wheel having a plurality of segments with each segment being a different color. User input is received via an input device on the set of color wheels. The user input is converted to a string. The string is communicated to an authentication server. In response to communicating the string, a response is received from the authentication server and the response is processed.

A connectivity enablement device includes one or more processors, one or more memories and a hardware input port. The memories store program instructions that when executed examine a token obtained from a token transfer device inserted into the port, and cause one or more messages to be transmitted to a virtualized computing service. The messages indicate (a) the connectivity enablement device, (b) the token transfer device, (c) the token's source and (d) a server. An indication that the server has been configured within an isolated virtual network is obtained at the connectivity enablement device.

Systems and methods of the present disclosure enable operation authorization using a dynamic code. Embodiments includes a computing system for receiving, from an access control server, an operation authorization request to authorize an operation by an initiator, where the operation authorization request includes a user identifier associated with the operation authorization request, and a dynamic code. The computing system accesses a dynamic key embedded in a user credential associated with the user identifier and generates a recalculated dynamic code using a cryptographic algorithm and the dynamic key. The computing system authenticates the operation authorization request based on the dynamic code being equivalent to the recalculated dynamic code and returns the authentication to the access control server to authorize the operation.

Embodiments of the disclosure are directed to methods, apparatuses, computer-readable media, and systems for network monitoring of communication requests for authorization to an access device. One embodiment is directed at dual message model in a distributed environment with an electronic access device receiving a cancellation signal and generating and sending a reversal message with cancellation information embedded in the data elements of the reversal message to a processor computer, where the cancellation data may be read and saved by the processor computer before the authorization request message is forwarded to be authorized by an authorization entity. The method further comprises generating a cancellation message after the reversal message has processed, where the cancellation message is sent via a transport computer to clear and reconcile the authorization status of the cancelled authorization request with any necessary authorizing or regulatory entities in the network.

System and methods support a console for use in a data center, where the console allows granting of one-time permissions for administrators to perform management tasks in the data canter. A denial is detected of a request by a lower-level administrator to perform a management task, where the request is denied on the basis of the lower-level administrator having insufficient privileges to perform the management task. In response to the denial based on insufficient privileges, a higher-level administrator is identified with sufficient privileges to authorize a one-time permission for the management task. A request is issued for a one-time permission from the upper-level administrator for the lower-level administrator to perform the management task. When approval is received from the upper-level administrator, a one-time permission is configured that authorizes the lower-level administrator to perform the management task. Upon detecting a completion of the management task, the one-time permission is revoked.

A method for setting an operation time range of mailbox content and instant messaging content in a system is disclosed in the present invention, wherein a method for setting an operation time of mailbox content includes: selecting a role, a user or an employee as a mailbox user; setting a permission time range for each mailbox user, wherein said permission time range includes one or more of the following types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, and a time range from a start time to a deadline; and the content within the permission time range of the mailbox user in a mailbox account used by the mailbox user being operated by said mailbox user. In the present invention, by setting a permission time range, only the content set within the permission time range in the mailbox account or the instant messaging account can be operated, thus improving the security of data information in the mailbox account and the instant messaging account.

Systems and methods provide a transient component limited access to data in a composition. One method includes receiving a request for the transient component to access data in the composition. The composition may include permanent components operable to utilize encryption keys generated at selected intervals from a seed value shared by the permanent components. The encryption keys utilized by the permanent components at each selected interval may be identical to one another. The method also includes generating a set of encryption keys from the seed value for a specified period of time. The set of encryption keys may be identical to the encryption keys to be utilized by the permanent components at the selected intervals to occur during the specified period of time. The method further includes granting the transient component access to data in the composition for the specified period of time via the set of encryption keys.

A system for authorizing a transaction includes one or more processors, and a memory storing instructions. When executed by the one or more processors, the instructions cause the system to perform operations including: receiving a configuration request associated with a financial service account via a web interface; setting a limitation in accordance with the configuration request; and generating a graphic indicium or a card number as a token for authorizing a transaction, associated with the financial service account, which satisfies the limitation in accordance with the configuration request. The token is configured to be printed on a substrate or loaded into an electronic payment system.

Network traffic is received from an unrecognized guest device on a computer network. A user profile server is queried to determine a user identifier that is associated with the device identifier of the unrecognized guest device. A login database is queried to find an unexpired login record of an authorized guest device associated with the user identifier. The unexpired login record grants the authorized guest device access to the network service with a service entitlement for an allowed access duration, and a stored device identifier in the unexpired login record of the authorized guest device is different from the device identifier of the unrecognized guest device. The service entitlement of the network service specified in the unexpired login record is shared between the authorized guest device and the unrecognized guest device for a remaining portion of the allowed access duration of the unexpired login record of the authorized guest device.

A system including a processor and a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to process access permission type-specific access permission requests from enterprise users in an enterprise, the system including access permission type-specific access permission request receiving functionality operable for receiving at least one request for at least one access permission type-specific access permission of at least one user to at least one data element in the enterprise, and access permission type-specific access permission request output providing functionality operable for employing information pertaining to ones of the enterprise users having similarities to the at least one user with respect to at least the access permission type-specific access permission to the data elements in order to provide an output indication of perceived appropriateness of grant of the request.