A key master service capable of operating on a service provider in a network enables is disclosed. The key master enables authorized parties to securely exchange client information without compromising client security. One feature of the key master service is the generation of a unique key for each client. All parties in an authorized universe access, exchange and modify client information by referencing the universal key, rather than using known client identifiers. Client information is further secured by advantageously applying an obfuscation function to the data. Obfuscated client information is stored together with the universal key as keyed client data at the client and/or server, where it may be directly accessed by the service provider or third parties. Because client information is stored and exchanged without the ability to discern either the client identity or the nature of the information, such information is secured against malicious third-party interception.

Various embodiments are generally directed to continuous authentication of a user to a digital service based on activity of a contactless card positioned proximate to a computing device on which the digital service operates. For example, a series of periodic status messages may be provided between a client device and the contactless card to verify whether the contactless card remains active, wherein authorization to access the digital service continues while the contactless card is active, and terminates when the contactless card is inactive.

Physically supplied user information is used to first verify the identity of a user before an app is supplied to a user device. Hardware identifiers of the user device are reviewed to determine whether to allow or deny use of the app on the user device. Once the app is approved, a user request is received by the app which is forwarded to the provider. The provider approves or disapproves of the request based, in part, on whether data in the request matches data maintained by the provider. Such approval/disapproval is provided from the provider to a party responsible for satisfying the user request. In addition, the provider generates a one-time-use electronic signature using data from a sequencer and data from the request, and the one-time-use electronic signature can be supplied to a signature repository and/or added to legal documents.

A method and system for temporarily gaining access to a system is disclosed, The method includes: receiving biometric data from a first biometric device of a first user on a computer processor; generating a temporary code on the computer processor in response to receipt of the biometric data from the first biometric device of the first user; sending the temporary code from the computer processor to the first biometric device of the first user; receiving biometric data from a second biometric device of a second user on the first biometric device of the first user; generating an access code on the first biometric device, the access code including one or more of the biometric data of the first user, the temporary code from the computer processor, and the biometric data of the second user; and sending the access code to the biometric device of the second user.

One disclosed example involves a client device joining a videoconferencing meeting in which there is end-to-end encryption, where the end-to-end encryption is implemented by the client devices participating in the meting using a meeting key provided by the meeting host. Thereafter, the client device receives a public key of an asymmetric key pair corresponding to the host of the meeting, where the public key is different from the meeting key. The client device then generates a security code based on the public key and output the security code on a display device. The security code can be compared to another security code generated by another client device participating in the meeting to verify if the meeting is secure. The client device may also receive encrypted videoconferencing data, decrypt it using the meeting key, and output the decrypted videoconferencing data on the display device.

The concurrent token authentication method, operating within a cryptographically secured context, enables a service account to be authenticated continuously by means of a set of three distinct tokens: primary, secondary, and reserved. A token is an immutable secret key. Through a lifecycle, a token is registered manually or programmatically to become the reserved token, thereafter upon first authentication said token is promoted from reserved to primary, and thereafter upon a subsequent new token registration and first authentication event, the original said token is promoted from primary to secondary. Thereafter upon another new token registration and first authentication event, the original said token is terminated. The concurrent token authentication lifecycle provides for token set expiration. Expiration is advanced following first authentication of a reserved token. Upon reaching expiration token set is terminated.

According to a first aspect of the present invention, there is provide a method of electronically signing content. Content to be signed and an attribute sharing item are presented at a signing device associated with a signer. It is detected that the signer has accessed the attribute sharing item to provide one or more identity attributes which uniquely identify the signer. It is also detected that the signer has initiated a signing action at the signing device. The signing action and the identity attributes are transmitted to a signing service which is configured to create an electronic signature including encrypting the content to be signed and the one or more identity attribute.

Various embodiments are directed to a system and method for establishing a secure communication pathway between a network-connected device and a computing platform. Such configurations encompass encrypting a device-specific installation package passed to the device using a device-generated cryptography key, verifying the identity of the computing platform at the device, encrypting a response message via a platform-generated cryptography key, transmitting the response message to the computing platform, verifying characteristics of the device via the response message, and establishing a secure communication platform upon verification of the device.

In an authentication system, when an electrical component with a temporary ID recorded by a temporary ID assignment device is connected to a switching hub, a temporary authentication device performs temporary authentication based on switching hub information describing the switching hub to which the electrical component is connected, the temporary ID of the electrical component, and temporary authentication inquiry information. A main authentication device performs main authentication based on the switching hub information of the switching hub to which the electrical component with a formal ID recorded by the formal ID assignment device is connected, and the formal ID of the electrical component, and main authentication inquiry information.

Methods and systems for mapping a sharable resource using a one-time password are disclosed. An identifier included in a set of provided credentials uniquely associates the one-time password with an executable within a computing environment that hosts the sharable resource. When credentials are received in association with a mapping request, it is determined whether a supplied username corresponds to a user authorized to access the sharable resource and whether a representation of a supplied password received in association with the mapping request matches a representation of the one-time password. Validating the mapping request provides access to the sharable resource.