Techniques are described for securely managing computing resources in a computing environment comprising a computing service provider and a remote computing network. The remote computing network includes computing and network devices configured to extend computing resources of the computing service provider to remote users of the computing service provider. The network devices include a trusted network device that includes a root of trust. The trusted network device detects that a new device is communicatively coupled to a port on the trusted network device. The trusted network device determines that the new device is not authorized to access computing resources at the remote computing network. The port is isolated at the trusted network device.

A method for obtaining a command relating to a network access profile of an eUICC security module incorporated into a communication device and associated with a physical identifier. The communication terminal: obtains the physical identifier and an anonymous identifier of the security module is calculated from the physical identifier and a random parameter; transmits a request to obtain the command, via an “operator server”, to a “preparation server”, the request to obtain including the anonymous identifier of the security module; obtains the random parameter and calculates the anonymous identifier from the physical identifier of the security module and the random parameter; and sends, to a “discovery server”, a request to obtain information intended to obtain the command, this request to obtain information including the anonymous identifier, in order to obtain, in response, from the discovery server, an address of the preparation server.

An information processing apparatus that performs multifactor and multistage authentication procedures is to be provided. An information processing apparatus includes: an authentication procedure processing unit that performs an authentication procedure on an external device, using a tamper-resistant secure element; and a control unit that controls a process for multistage authentication of the external device, the multistage authentication including the authentication procedure. The control unit controls a process of a second authentication procedure using the identification information about the secure element, the identification information being associated with the user account information. The control unit controls execution of the second authentication procedure during an operation in the login authentication procedure.

Disclosed is a system for enrolling a user for facilitation of transactions using biometric authentication. The enrolling system includes an application program that is configured to: receive a user attribute; create an anonymous client reference (ACR) associated with the user attribute; and receive a biometric template. The biometric template has been determined from an input of a biometric. The enrolling system is further configured to create an association between the biometric template and the ACR.

According to one embodiment, a method, computer system, and computer program product for managing access to one or more protected web resources based on the location of an approver is provided. The present invention may include granting the requestor access to the protected web resource based on one or more access requirements being met, wherein at least one access requirement comprises a location of one or more authorization devices corresponding with one or more approvers being within a threshold distance of a computing device of a requestor requesting a protected web resource.

An intelligent screen protector is provided. Responsive to the intelligent screen protector being detached from a paired portable computing device, the intelligent screen protector identifies a set of instructions received from the paired portable computing device associated with visually generating an image of a selected smartcard. In accordance with the set of instructions, the intelligent screen protector visually generates the image of the selected smartcard in a transparent display area of the intelligent screen protector. The intelligent screen protector determines whether a transaction associated with the selected smartcard has been initiated. Responsive to the transaction associated with the selected smartcard being initiated, the intelligent screen protector discontinues the visual generation of the image of the selected smartcard in the transparent display area of the intelligent screen protector.

Aspects of the subject disclosure may include, for example, initializing a secure timer in a wireless device, determining whether a subscriber identification module (SIM) card installed in the wireless device comprises a carrier identity that matches a carrier identity stored in the machine-readable medium, establishing a network connection with a trusted server, starting the secure timer if the SIM card and network connection are satisfactory, periodically checking the network connection and SIM card until expiry of the secure timer, penalizing the secure timer responsive to a failure of the network connection or SIM card check, and responsive to expiry of the secure timer, unlocking a SIM lock. Other embodiments are disclosed.

Computer systems and methods are provided for receiving a first authentication request that includes an image of an identification document. A risk value is determined using one or more information factors that correspond to the authentication request. A validation user interface that includes the image of the identification document is displayed. A risk category that corresponds to the risk value is determined using at least a first risk threshold. In accordance with a determination that the risk value corresponds to a first risk category, a visual indication that corresponds to the first risk category is displayed. In accordance with a determination that the risk value corresponds to a second risk category, a visual indication that corresponds to the second risk category is displayed.

Techniques are disclosed relating to detecting and prevent phishing attacks (such as man-in-the-middle attacks) related to multi-factor authentication (MFA) or two-factor authentication (2FA) processes. A system is described that makes a determination of whether to permit or deny a subsequent authentication step (e.g., a 2FA authentication step) based on a level of trust determined between the computing device making the initial authentication request to a service computer system and the computing device being asked to implement the subsequent authentication step (such as a mobile device). The computing device associated with the subsequent authentication step assesses the trust between the devices and makes the determination of whether to permit or deny the subsequent authentication step. The present techniques enhance computer system security against phishing attacks while maintaining a satisfying user experience for legitimate users.

There may be provided a method that includes receiving or generating a first plurality (N) points within a first multi-dimensional space that has M dimensions; M being a positive integer that is smaller than N; wherein the N points represent one or more behaviors of the one or more IOT devices; wherein a clustering of the N points within the first multi-dimensional space results in at least some clusters that are inseparable from each other; generating a representation of the N points within a second multi-dimensional space that has at least N dimensions; wherein a clustering of the N points within the second multi-dimensional space results in clusters that are separable from each other; calculating projections of the N points on a sub-space that has a second plurality (Q) of dimensions; wherein Q is a function of a relationship between a number (K) of clusters and an allowed error (ε); computing a core-set that comprises a weighted subset of the projections; clustering the projections of the weighted subset to provide current clusters; and identifying the one or more IOT devices based on a relationship between the current clusters and identification information regarding IOT devices of known identity.