Abstract: Described herein is a proxy device including a platform and method for storing and managing access credentials for one or more connected devices. In some embodiments, the proxy device establishes a trusted relationship with one or more connected devices. In some embodiments, the proxy device may provide an encryption key to the connected device in order to secure future transactions between the two devices. The proxy device may store and manage one or more access credentials associated with the connected device, and may initiate a transaction with a transaction server on behalf of the connected device using those access credentials.

Abstract: Methods and systems for analyzing request to access resources and determining a resource access policy are provided. The resource access system can train, store, evaluate, and deploy machine learning models that learn to output a trust score associated with a resource access request, the trust score relating to the request's legitimacy. A resource access system can receive a request for a resource from a requesting entity. The resource access system can determine an entity profile using request data in the request. The resource access system can request data from the request to determine whether the request is normal or anomalous. Using a policy engine, the resource access system can determine a resource access policy, such as allowing or denying access to the resource.

Abstract: A method and system for generating a behavior profile for a new entity to be added to a behavior-monitored system include receiving feature data of a new entity and feature data of a plurality of pre-existing entities from at least one data source. The plurality of pre-existing entities are associated with a plurality of pre-existing behavior profiles. A doppelganger behavior profile is determined for the new entity based at least partially on the feature data of the new entity and the feature data of the plurality of pre-existing entities, and the doppelganger behavior profile is assigned to the new entity. A target action is implemented with respect to the new entity based at least partially on the doppelganger behavior profile assigned to the new entity.

Abstract: Disclosed are methods for authorizing a transaction, including receiving a policy message, the policy message including a policy ruleset for determining whether a transaction is authorized and biometric parameters for a machine learning algorithm for authenticating an identity of a user involved in a transaction, receiving biometric measurement data associated with a biometric measurement of a user involved in the transaction, calculating an authentication score based on the biometric measurement data using the machine learning algorithm, wherein the authentication score includes an indication of whether an identity of the user is authenticated based on the biometric measurement data, determining whether the transaction satisfies the policy ruleset for determining authorization of the transaction, and transmitting a decision message, wherein the decision message includes an indication of whether the transaction satisfies the policy ruleset. Systems and computer program products are also disclosed.

Abstract: Described herein is a platform and method for determining a confidence level associated with a transaction that utilizes dynamic data. In some embodiments, the confidence level is determined based on location data received in relation to the transaction. For example, some embodiments are directed to storing first location information collected from a mobile device provided in a request for the dynamic data, receiving second location information related to a transaction conducted using the dynamic data, and comparing the two with respect to the amount of time that has elapsed between collection of each to determine a confidence level associated with a likelihood that the transaction is authentic.

Abstract: Described herein is a platform and method for determining a confidence level associated with a transaction that utilizes dynamic data. In some embodiments, the confidence level is determined based on location data received in relation to the transaction. For example, some embodiments are directed to storing first location information collected from a mobile device provided in a request for the dynamic data, receiving second location information related to a transaction conducted using the dynamic data, and comparing the two with respect to the amount of time that has elapsed between collection of each to determine a confidence level associated with a likelihood that the transaction is authentic.

Abstract: Techniques for securely binding a software application to a communication device may include sending a set of device identifiers associated with the computing device to a server, receiving a server-generated dynamic device identifier that is generated based on the set of device identifiers; and storing the server-generated dynamic device identifier during initialization of the application. During runtime execution of the application, the application may receive a request to execute an application specific task.

Abstract: A method for requesting a credential associated with token in a multiple token layer environment is disclosed. A tokenization certificate serves to validate the identity of a credential requestor and provide information about the requestor's authorization for de-tokenizing a token. Also, a public key in the tokenization certificate is used to encrypt the credential for secure transmission to the requestor.

Abstract: Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item.

Abstract: Embodiments of the present invention are directed to methods, systems, apparatuses, and computer-readable mediums for generating and providing a transaction token that may provide contextual information associated with the token. Accordingly, the transaction token may provide any entities within a transaction processing system immediate information about the context in which the token was generated, how the token may be used, and any other information that may be pertinent to processing the token.

Abstract: A mobile phone is disclosed. The mobile phone may receive a first request to generate an initial scannable image, and a second request to generate modified scannable image. The modified scannable image can include a static portion that corresponds to a static portion of the initial scannable image. The modified scannable image may also include another portion that has a different appearance than a corresponding portion of the initial scannable image.

Abstract: A mobile phone is disclosed. The mobile phone may receive a first request to generate an initial scannable image, and a second request to generate modified scannable image. The modified scannable image can include a static portion that corresponds to a static portion of the initial scannable image. The modified scannable image may also include another portion that has a different appearance than a corresponding portion of the initial scannable image.

Abstract: Embodiments automatically select one of the multiple pre-generated payment cards provisioned on a mobile device. The multiple pre-generated payment cards (real or virtual) may each have a different credit limit. The mobile device may automatically select one of the multiple payment cards based on a transaction value of a transaction that is being conducted. An available credit limit of the selected payment card may be equal to or slightly greater than the transaction value. In some embodiments, the available credit limit of the selected payment card may be closer to the transaction value than the available credit limits of the remaining payment cards. In some embodiments, the different payment cards may be provisioned in a chip-and-pin based smart credit card or mobile wallet.

Abstract: Embodiments automatically select one of the multiple pre-generated payment cards provisioned on a mobile device. The multiple pre-generated payment cards (real or virtual) may each have a different credit limit. The mobile device may automatically select one of the multiple payment cards based on a transaction value of a transaction that is being conducted. An available credit limit of the selected payment card may be equal to or slightly greater than the transaction value. In some embodiments, the available credit limit of the selected payment card may be closer to the transaction value than the available credit limits of the remaining payment cards. In some embodiments, the different payment cards may be provisioned in a chip-and-pin based smart credit card or mobile wallet.

Abstract: Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.

Abstract: Described herein is a platform for providing a resource catalog local to an appliance device, such that the appliance device is able to generate a transaction related to one or more resources within the resource catalog. In some embodiments, the appliance device may receive resource information within streaming data. For example, the appliance device may receive an indication that a portion of streaming media data is related to a resource. Upon determining that a portion of streaming data is related to a resource, the appliance device may be configured to store the portion of data in relation to the identified resource. A user may retrieve and/or execute the portion of streaming data at a later date. In some embodiments, the user may request that a transaction be conducted with respect to the resource and a corresponding transaction request may be generated by the appliance device.

Abstract: Techniques for securely binding a software application to a communication device may include sending a set of device identifiers associated with the computing device to a server, receiving a server-generated dynamic device identifier that is generated based on the set of device identifiers; and storing the server-generated dynamic device identifier during initialization of the application. During runtime execution of the application, the application may receive a request to execute an application specific task.

Abstract: Techniques for securely binding a software application to a communication device may include sending a set of device identifiers associated with the computing device to a server, receiving a server-generated dynamic device identifier that is generated based on the set of device identifiers; and storing the server-generated dynamic device identifier during initialization of the application. During runtime execution of the application, the application may receive a request to execute an application specific task.

Abstract: Embodiments of the present invention are directed at methods and systems for providing a low value token buffer using only low value tokens (i.e., tokens that cannot be used to conduct transactions) within an organization to reduce access to high value tokens (i.e., tokens that are directly tied to real credentials and can be used to conduct transactions) within the organization. Accordingly, whenever a high value token is received by the organization, the high value token is changed to a low value token while being used within the organization. The low value token may be transformed to high value token upon (or before) delivery outside the organization.

Abstract: A method for requesting a credential associated with token in a multiple token layer environment is disclosed. A tokenization certificate serves to validate the identity of a credential requestor and provide information about the requestor's authorization for de-tokenizing a token. Also, a public key in the tokenization certificate is used to encrypt the credential for secure transmission to the requestor.