In one example, a home network associated with a user equipment obtains an authentication request to authenticate the user equipment to a serving network. The home network generates an authentication vector of a mobile security protocol. The authentication vector includes an indication that the user equipment is to be authenticated using a multi-factor authentication process. The home network provides the authentication vector to the serving network to prompt a response from the user equipment that is in accordance with the multi-factor authentication process. The home network authenticates the user equipment to the serving network based on the response.

The present disclosure relates exposure notification, and in particular to techniques for verification of positive test results from public health authorities where individuals submit notice using public health approved mobile applications for exposure notification and/or contact tracing. When an individual attempts to submit a positive test result notification in a mobile application, the associated device's mobile number will be requested. This mobile number will then be sent a verification code to be entered in the application. At this point, these codes shall be stored digitally in escrow. A regular data feed from a health authority shall be provided that shall include an agreed encryption (irreversibly encrypted or reversibly encrypted) of the mobile numbers associated with any reported test. Any results submitted in the application that have a matching encryption of the mobile numbers shall be released from the escrow for subsequent notification.

An electronic apparatus includes a communication interface, a memory; and a processor. The memory is configured to store a hypervisor. The processor is configured to obtain an authentication key for performing authentication of an external device. The processor is also configured to encrypt the authentication key based on a key pre-stored in the memory using the hypervisor and store the encrypted authentication key in the memory. Based on a request for information that is stored in the memory being received from the external device, the processor is configured to perform authentication of the external device using the hypervisor. Based on the authentication of the external device being completed, the processor is configured to control the communication interface to transmit the stored information to the external device.

This application provides a user authentication method and an apparatus. Before establishing, for a terminal device, a session used to transmit service data, an SMF entity receives a session establishment request message; determines, based on the session establishment request message, to perform user authentication on a user using the terminal device; and sends a session establishment message to a UPF entity, where the session establishment message is used to establish a first session for the terminal device, and a session attribute of the first session is: a session used to transmit only a user authentication message. Subsequently, the terminal device and an AAA server transmit the user authentication message through the first session, to complete user authentication.

Communications over short-range connections are used to facilitate whether access to resources is to be granted. For example, upon device discovery of one of an electronic user device and an electronic client device by the other device over a Bluetooth Low Energy connection, an access-enabling code associated with a user device or account can be evaluated for validity and applicability with respect to one or more particular resource specifications. User identity can be verified by comparing the user against previously obtained biometric information.

A method for authenticating a client terminal by a target server. The method includes: the client terminal authenticates itself with an authentication server; the target server authenticates itself with the authentication server; the authentication server and the target server share a password for the client terminal; the authentication server transmits the password to the client terminal; the client terminal transmits the password to the target server; and the target server determines whether or not there is a correspondence between the password shared with the authentication server and the password transmitted by the client terminal, and if the correspondence between passwords exists, the client terminal is authenticated by the target server.

First, a plurality of access tokens may be received from a respective plurality of identity provider services. Each of the plurality of access tokens may be associated with a user. Then, the plurality of access tokens may be stored in a profile associated with the user. Next, user polices associated with the use of the plurality of access tokens may be assigned. A device token may then be provided to a user device associated with the user. The device token may be associated with the profile. The device token and network policies may be received and then it may be determined that the user polices and the network policies are congruent. In response to determining that the user polices and the network policies are congruent, authentication to at least one of the plurality identity provider services may be made.

Methods and systems are provided for enhancing communications mobility in an enterprise using a distributed communication controller. The distributed communication controller identifies a user device, verifies the device and delivers enterprise communication services to the user via the user device without requiring the execution of an enterprise communication application by the wearable device. When the user device is a wearable device, a wireless message is sent from the wearable device in physical proximity to the distributed communication controller that contains identification information. Based on the identification information, user information associated with the user of the user device is retrieved and then used to determine whether enterprise communication services are available for the user. Next, the user is verified through an interaction with the user device and the distributed communication controller and the enterprise communication services are provided to the user by the distributed communication controller.

A system for issuing a dynamic temporary credential to a portable communication device for use in a transaction with an electronic control point. The system receives the current geo-location of the portable communication device and transmits a dynamic temporary credential to the portable communication device from the centralized computer. The system further scores the risk in authorizing a transaction associated with an electronic control point using the dynamic temporary credential it issued. The system may prevent the transmission of the dynamic temporary credential until the end user has been authenticated, which may include verifying one or more of a manually input passcode, the unique digital signature of the portable communication device, and know your customer queries. The system may further include a validation mapping gateway operably connected to one or more issuers that substitutes legacy payment data for the dynamic temporary credential in a payment transaction before sending the payment transaction along with the risk score to the issuer associated with the legacy payment data.

Disclosed are an extension cryptographic operation processing system and method. An extension cryptographic operation processing method of a processing device including a trusted execution environment can be performed by at least one processor constituting the trusted execution environment of the processing device.