A real-world object-based method and system of performing an authentication of a person in order to permit access to a secured resource is disclosed. The system and method are configured to collect image data from an end-user in real-time that includes objects in their environment. At least one object is selected and its image data stored for subsequent authentication sessions, when the system can determine whether there is a match between the new image data and image data previously collected and stored in a database. If there is a match, the system verifies an identity of the person and can further be configured to automatically grant the person access to one or more services, features, or information for which he or she is authorized.

A real-world object-based method and system of performing an authentication of a person in order to permit access to a secured resource is disclosed. The system and method are configured to collect image data from an end-user in real-time that includes objects in their environment. At least one object is selected and its image data stored for subsequent authentication sessions, when the system can determine whether there is a match between the new image data and image data previously collected and stored in a database. If there is a match, the system verifies an identity of the person and can further be configured to automatically grant the person access to one or more services, features, or information for which he or she is authorized.

A cloud computing system includes a cloud system managing unit, a plurality of sets of devices, where a set of devices includes one or more devices having a common aspect, and a plurality of authentication servers, where an authentication server is associated with one of the plurality of sets of devices based on the common aspect. The cloud computing system functions to establish trust between a corresponding one of the plurality of authentication servers and the one or more devices of one of the plurality of sets of devices, between the corresponding one of the plurality of authentication servers and the cloud system managing unit, and between the cloud system managing unit and the one or more devices. The cloud system managing unit configures the cloud computing system based on the trust between the cloud system managing unit and devices of the plurality of sets of devices.

The present disclosure discloses an authentication method performed at a server, including: generating, based on a first account that is possessed by a user of a first device and that corresponds to a first application, corresponding token information; sending the token information to the first device to be shared by the first device with devices in a device group in a replication restriction manner; performing, based on the token information, authentication on a second device that is in the device group; granting permission of accessing the first account to the second device when the authentication succeeds; and triggering the first device to switch from a state of first account-based login to the first application to a state of suspending the login to the first application when it is determined that the second device logs in to the first application based on the permission of accessing the first account.

Disclosed are various embodiments for controlling access to data on a network. Upon receiving a request comprising a device identifier and at least one user credential to access a remote resource, the request may be authenticated according to at least one compliance policy. If the request is authenticated, a resource credential associated with the remote resource may be provided.

An apparatus is provided for facilitating cross-platform authentication. The apparatus may include at least one memory and at least one processor configured to detect that a visual token includes data indicating one or more authentication credentials for accessing a communication device in response to scanning the visual token. The computer program code may further cause the apparatus to communicate the authentication credentials of the detected visual token to the communication device to request the communication device to determine whether the authentication credentials are valid for a user. The computer program code may further cause the apparatus to enable access to the communication device in response to receiving an indication from the communication device that the authentication credentials of the detected visual token are valid. Corresponding computer program products and methods are also provided.

An apparatus is provided for facilitating cross-platform authentication. The apparatus may include at least one memory and at least one processor configured to detect that a visual token includes data indicating one or more authentication credentials for accessing a communication device in response to scanning the visual token. The computer program code may further cause the apparatus to communicate the authentication credentials of the detected visual token to the communication device to request the communication device to determine whether the authentication credentials are valid for a user. The computer program code may further cause the apparatus to enable access to the communication device in response to receiving an indication from the communication device that the authentication credentials of the detected visual token are valid. Corresponding computer program products and methods are also provided.

The generation, actuation, and enforcement of policies within a distributed computing system is provided. The policies are employed to manage the resources of the system. The resources include virtualized resources, such as virtual machines (VMs) and virtual storage disks (VSDs). A policy includes a rule and scope. Enforcing a policy includes applying the rule to resources that are within the policy's scope. Policies are employed to constrain the leasing period and reclaim leased resources, as well constrain the access of certain users to specific operations on the leased resources. Policies may be created via a UI that automatically generates a policy encoding. The policy is registered and accessed via a policy store. When multiple policies target a common resource, merging strategies are applied to the multiple policies. The multiple policies are ranked, merged, filtered, and any remaining conflicts are resolved to generate an effective policy that is consistent with the multiple policies and is enforced on the common resource.

Provided is a process that establishes user identities within a decentralized data store, like a blockchain. A user's mobile device may establish credential values within a trusted execution environment of the mobile device. Representations of those credentials may be generated on the mobile device and transmitted for storage in association with an identity of the user established on the blockchain. Similarly, one or more key-pairs may be generated or otherwise used by the mobile device for signatures and signature verification. Private keys may remain resident on the device (or known and input by the user) while corresponding public keys may be stored in associated with the user identity on the blockchain. A private key is used to sign representations of credentials and other values as a proof of knowledge of the private key and credential values for authentication of the user to the user identity on the blockchain.

Systems, methods, and non-transitory computer-readable medium are disclosed includes for secure online credential authentication. One method includes receiving, over an electronic network, identification information from an identity provider; accessing, from a database, previously stored hashed identification information stored in association with a previous identity provider; comparing the identification information to previously stored hashed identification information; and storing the identification information in association with the identity provider that provided the identification information in the database when the hashed identification information does not match previously stored hashed identification information.