A first message is received from a first communication device. The first message comprises an authentication token. For example, the authentication token may be a username/password. A determination is made if the first message also comprises a valid temporary password. The temporary password is used to prevent a Denial-of-Service (DOS) attack. In response to the first message comprising the valid temporary password, a determination is made if the authentication token is valid. In response to the authentication token being valid, the first message is responded to in a normal manner. If the first message does not contain the temporary password, the first message is handled based on a DOS message handling process.

Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The client device may receive a first user credential. The client device may receive first entropy from a wireless device. The client device may decrypt, using the first entropy, second entropy generated by a server. The client device may decrypt, using the second entropy, a second user credential that was stored in the client device. Based on a comparison of the first user credential with the second user credential, the client device may grant a user of the client device access to one or more resources.

There is provided a system for creating a cryptographic non-fungible identity unique token (IUT), comprising code for: obtaining a private key linked to a public address of an electronic wallet, associated with a wallet address, obtaining a digital representation of a hashed genetic sequence of a user and an associated wallet address of the electronic wallet, storing in the cryptographic non-fungible IUT, an IUT identifier, the IUT identifier is an outcome of hashing a subset of the hashed digital representation and a unique password, storing the IUT in a genetic sequence record stored in a block of a blockchain dataset, wherein the genetic sequence record is associated with the IUT, the IUT is associated to the wallet address, wherein the user is authenticated by a match between a computed value of a password and the wallet address provided by the user, and the IUT identifier stored on the blockchain.

Embodiments for a system and method for secure authentication of backup clients in a way that eliminates the need to create users for backup client authentication anywhere in the backup ecosystem, and which eliminates the need for credentials, such as passwords that need protection, updating and synchronization. Such embodiments use a short-term token, such as a JSON web token, for both client and server authentication within the system, and verifies that the tokens grant access using the public key corresponding to the private key assigned to the directory objects by the creator of the directory objects.

Disclosed are hybrid authentication systems and methods that enable users to seamlessly sign-on between cloud-based services and on-premises systems. A cloud-based authentication service receives login credentials from a user and delegates authentication to an on-premises authentication service proxy. The login credentials can be passed by the cloud-based authentication service to the on-premises authentication service proxy, for instance, as an access token in an authentication header. The access token can be a JavaScript Object Notation (JSON) Web Token (JWT) token that is digitally signed using JSON Web Signature. Some embodiments utilize a tunnel connection through which the cloud-based authentication service communicates with the on-premises authentication service proxy. Some embodiments leverage an on-premises identity management system for user management and authentication. In this way, there is no need for a cloud-based system to separately maintain and manage a user identity management system and/or having to sync with an on-premises identity management system.

A method for distributing data to a computing device using device level authentication includes: receiving a single use key from a payment institution, the single use key encrypted by the payment institution using a first encryption, a server public key, and device data; wrapping a device public key using the server public key; electronically transmitting at least the device data, the wrapped device public key, and the single use key to a server; receiving the single use key encrypted using a second encryption from the server, the second encryption using the device public key to encrypt the single use key; decrypting the single use key encrypted with the second encryption using a device private key; and electronically transmitting the decrypted single use key and payment credentials to a point of sale device.

An authentication model dynamically adjusts authentication factors required for access to a remote resource based on changes to a risk score for a user, a device, or some combination of these. For example, the authentication model may conditionally specify the number and type of authentication factors required by a user/device pair, and may dynamically alter authentication requirements based on changes to a current risk assessment for the user/device while the remote resource is in use.

Systems, methods, articles of manufacture, and computer-readable media. A server may receive a phone call and generate a uniform resource locator (URL) comprising a session identifier for an account. The server may transmit the URL to a client device. The server may receive, from a web browser, a request comprising the URL. The server may determine that the session identifier in the URL of the request matches the session identifier for the account, and transmit, to the web browser, a web page at the URL. The server may receive, from the web browser, a cryptogram read by the web page via a card reader of the client device and decrypt the cryptogram. The server may authenticate the identity of the caller for the call based on decrypting the cryptogram and the session identifier of the URL matching the session identifier of the account.

A gateway performs silent authentication refreshes with an identity management platform in order to extend the expiration of a cookie provided to an endpoint that accesses network applications through the gateway.

A multi-scheme random selection of blockchain endorsers may preserve anonymity of nodes that participate in a blockchain network, and may assign each node an endorsement load that is proportionate to the utilization of the blockchain network by that node. Selection of one or more nodes to endorse data before recordation to the blockchain may include randomly selecting an active endorser selection scheme from a set of available endorser selection schemes, and randomly selecting one or more nodes as endorsers for the data based on the active endorser selection scheme. Each scheme may be derived based on the tracked utilization over different time scales. Exit criteria may determine when to switch the active endorser selection scheme. The exit criteria may be based on a number of times each node is selected as an endorser under the active endorser selection scheme, and utilization of the blockchain network by each node.