A method for operating a system to continuously validating and authenticating a host and sensor pair involves defining a sensor-host pairing and context metadata. The system receives a plurality of sensor spatiotemporal sighting events of a sensor-host pair from a plurality of collection devices. The system records the identifier, signal strength, location and time of the sighting events as sensor spatiotemporal sighting events in a controlled memory data structure. The system collects a plurality of application events related to each sensor-host pair and stores the events in the controlled memory data structure. The system constructs a behavioral model from the sensor spatiotemporal sighting events through operation of spatiotemporal tracking logic. The system receives real time sighting events and compares it to the behavioral model to identify inconsistent behavior through operation of a behavior comparator.

A method for operating a system to continuously validating and authenticating a host and sensor pair involves defining a sensor-host pairing and context metadata. The system receives a plurality of sensor spatiotemporal sighting events of a sensor-host pair from a plurality of collection devices. The system records the identifier, signal strength, location and time of the sighting events as sensor spatiotemporal sighting events in a controlled memory data structure. The system collects a plurality of application events related to each sensor-host pair and stores the events in the controlled memory data structure. The system constructs a behavioral model from the sensor spatiotemporal sighting events through operation of spatiotemporal tracking logic. The system receives real time sighting events and compares it to the behavioral model to identify inconsistent behavior through operation of a behavior comparator.

A method for session creation is provided. The method includes: reading from a secure unit application descriptors1 of a first application, where the application descriptors1 is bound to a signing certificate of the first application or a digital fingerprint of the signing certificate; and creating a session by using the application descriptors1 as application descriptors in a UE route selection policy (URSP) rule.

A method for session creation is provided. The method includes: reading from a secure unit application descriptors1 of a first application, where the application descriptors1 is bound to a signing certificate of the first application or a digital fingerprint of the signing certificate; and creating a session by using the application descriptors1 as application descriptors in a UE route selection policy (URSP) rule.

Aspects of the present disclosure include methods and systems for receiving, from a requester, a request for accessing an access-controlled asset based on authentication information of an authorized user, identifying a request location of the request, identifying a current location of the authorized user, determining whether the request location is substantially identical to the current location, and granting the request in response to authenticating the authentication information and determining that the request location is substantially identical to the current location, or denying the request in response to failure to authenticate the authentication information or determining that the request location is different than the current location.

An authentication method and an electronic device. The method includes sending, by a first device, in response to a first device determining that a distance between the first device and a second device reaches a first distance, a first request to the second device, so that the second device determines whether wireless communication between the first and second device is relayed before the first device performs a service, determining, in response to the distance between the first and second device reaching a second distance, whether success ciphertext sent by the second device is received, wherein the success ciphertext is sent in response to the second device determining that wireless communication between the first and second device is not relayed and the second distance being less than the first distance, and performing the service in response to reception and successful verification of the success ciphertext.

An authentication method and an electronic device. The method includes sending, by a first device, in response to a first device determining that a distance between the first device and a second device reaches a first distance, a first request to the second device, so that the second device determines whether wireless communication between the first and second device is relayed before the first device performs a service, determining, in response to the distance between the first and second device reaching a second distance, whether success ciphertext sent by the second device is received, wherein the success ciphertext is sent in response to the second device determining that wireless communication between the first and second device is not relayed and the second distance being less than the first distance, and performing the service in response to reception and successful verification of the success ciphertext.

An authentication apparatus of acquiring an image; performing face detection of the image; collating, for each face region obtained by the face detection, a feature amount of the face region with a feature amount of a face of a legitimate user included in predetermined registration data; presenting, in a case where the face region obtained by the face detection includes the face of the legitimate user and a face of a third party other than the legitimate user, an aiming frame with which aim of capturing of an image of the face of the legitimate user is to be aligned on the image; and continuing continuous authentication after logon in a case where a degree of matching between the face region detected by the face detection and the aiming frame satisfies a predetermined condition.

An authentication apparatus of acquiring an image; performing face detection of the image; collating, for each face region obtained by the face detection, a feature amount of the face region with a feature amount of a face of a legitimate user included in predetermined registration data; presenting, in a case where the face region obtained by the face detection includes the face of the legitimate user and a face of a third party other than the legitimate user, an aiming frame with which aim of capturing of an image of the face of the legitimate user is to be aligned on the image; and continuing continuous authentication after logon in a case where a degree of matching between the face region detected by the face detection and the aiming frame satisfies a predetermined condition.

The present disclosure discloses a system and method for providing multi-factor authorization for IEEE 802.1x-enabled networks. Specifically, a network device authenticates a client device to obtain access to network resources in a network via a network authentication protocol. The network device then detects a device quarantine trigger indicating an increased level of suspicion that a current user of the client device is a non-authenticated user. In response to the device quarantine trigger, the network device temporarily places the client device from an authenticated state to a quarantined state pending completion of a particular workflow by the current user. The client device has limited access to the network resources while in the quarantined state regardless of a previous successful user and/or device authentication.