Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile payment device that includes a contactless element, such as an integrated circuit chip. The invention enables one or more of the operations of activation of a payment application, transfer of transaction data, updating of account records, setting or re-setting of a payment application counter or register, or transfer or processing of a script, command, or instruction, with these functions being performed with minimal impact on a consumer. This is accomplished by introducing a pre-tap and/or two-tap operation prior to, or as part of, the transaction flow.

Abstract: A hub computer receives, from a first computer, a sender message comprising a promise corresponding to a transaction comprising a promise type, an amount, a first verification key associated with the first computer, computer code, and a digital signature. The hub computer verifies the promise by at least verifying the digital signature using the first verification key, verifying that the amount is less than a first computer amount, and verifying that the hub computer is able to process the promise type. The hub computer executes the computer code to perform the transaction.

Abstract: A method is disclosed. The method includes generating, by a communication device during an interaction with an access device, a cryptogram using transaction level data and interoperability level data; transmitting the transaction level data and interoperability level data to the access device; and transmitting the cryptogram the access device, wherein the access device or a remote server computer in communication with the access device validates the received cryptogram before allowing the transaction to proceed.

Abstract: Techniques for identifying a fraudulent interaction of a user device using time based risk features are described herein. In embodiments, time stamp information provided by an external clock and time units may be maintained by a user device. The user device may include an authentication component that is communicatively coupled to a clock component that generates the time units. In response to conducting an interaction with an access device and user device first time information may be received from the access device. Second time information may be determined based at least in part on the time units from the clock component and the time stamp information. The second time information may be compared to the first time information. An authentication plan for the interaction may be determined based at least in part on the comparison of the second time information to the first time information.

Abstract: A method includes forming a communication channel between a user device and an access device. The communication channel is then secured using a user device key pair in the user device and an access device ephemeral key pair in the access device. The access device then generates a session key using at least a private cryptographic key in the access device ephemeral key pair, and a public key in the user device key pair. The access device then uses the session key to secure an ultra-wideband communication channel between the user device and the access device.

Abstract: A system for providing updatable secure content resource. A content server may pay a content resource on the content author for an access by a requester. The content server receives a session request call from the requester prior to accessing the content resource. In response to the session request, the content server generates a session for the requester. The content server generates a payload that includes a location identifying the content resource on the content author and embeds the embedded cryptographic content. The content server transmits the generated payload to the requester. A resource server may receive an authentication access request in response to the embedded cryptographic content. In response to authenticating the authentication access request, the resource server provides the access to the requester.

Abstract: Described are a system, method, and computer program product for dynamic node classification in temporal-based machine learning classification models. The method includes receiving graph data of a discrete time dynamic graph including graph snapshots, and node classifications associated with all nodes in the discrete time dynamic graph. The method includes converting the discrete time dynamic graph to a time-augmented spatio-temporal graph and generating an adjacency matrix based on a temporal walk of the time-augmented spatio-temporal graph. The method includes generating an adaptive information transition matrix based on the adjacency matrix and determining feature vectors based on the nodes and the node attribute matrix of each graph snapshot.

Abstract: A method is disclosed. The method includes receiving, by a token gateway, a first request message from a token requestor computer. The token gateway determines at least one token service computer from a plurality of token service computers, each token service computer in the plurality of token service computers operating independently of each other. The token gateway transmits at least one second request message to the at least one token service computer and receives, at least one first response message comprising at least one token and/or supplemental data associated with the at least one token from the at least one token service computer. The token gateway transmits a second response message to the token requestor computer, the second response message comprising the at least one token and/or the supplemental data.

Abstract: A method is disclosed. The method comprises a directory server computer receiving an authentication request message comprising a token and transmitting a de-tokenization request message comprising the token to a token service computer. The token service computer determines a credential associated with the token. The method further comprises receiving the credential and determining that the token or the credential does not require additional user authentication processing. The method further comprises transmitting an authentication response message with an authentication indicator indicating the transaction is authenticated to an authentication server computer.

Abstract: A method includes receiving, by a universal authentication application from a resource provider computer, a user credential verification request message comprising a user identifier, server computer data, and interaction data for an interaction. The universal authentication application transmits the user credential verification request message to a browser that invokes the authenticator to verify biometric information of a user. The universal authentication application receives a user credential verification response message from the authenticator. The user credential verification response message includes signed interaction data. The universal authentication application sends the user credential verification response message to the resource provider computer. The resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers.

Abstract: A method for creating a final application includes a computer obtaining an obfuscated SDK binary and an interface source code that comprises one or more functions that call obfuscated functions within the obfuscated SDK. The computer then creates application source code that calls functions in the interface source code. The computer builds an intermediate object comprising the interface source code and the application source code. The computer then creates the final application using the intermediate object and the obfuscated SDK binary.

Abstract: Systems and methods of preventing fraud and authenticating users while processing a token on a token provider computer, a token gateway computer, and a mobile device are disclosed.

Abstract: A method is disclosed. The method comprises receiving, by a virtual terminal, virtual terminal configuration data from a virtual terminal configuration data source via a virtual terminal configurations API. The method also includes transmitting, by virtual terminal, to a device reader, a value, and receiving, by the virtual terminal, access data from a user device via the device reader. The method further includes transmitting, by the virtual terminal, a transaction request comprising at least the value and the access data to a transaction platform via a transaction API, and receiving, by the virtual terminal, a transaction response from the transaction platform via the transaction API.

Abstract: Provided is a method for providing a virtual account based on a biometric measurement, the method includes receiving biometric data associated with a biometric measurement of an individual, generating an virtual account of the individual based on receiving the biometric data associated with the biometric measurement of the individual, provisioning access to the virtual account of the individual based on the biometric measurement of the individual, and sending a message to a user device based on generating the virtual account associated with the individual, where the notification message includes an indication associated with the virtual account. A system and computer program product are also disclosed.

Abstract: Methods are provided for maintaining user privacy, and may include establishing a secret key for communication between a plurality of user devices, the plurality of user devices including a first user device associated with a requesting user and a second user device associated with a second user, wherein at least one server computer does not have access to the secret key; receiving from the first user device, a split-payment request message comprising encrypted data, the encrypted data included in the split-payment request message encrypted based on the secret key; generating an encrypted balance for the requesting user and the second user based on the encrypted data of the split-payment request message; and transmitting to the second user device, a split-payment confirmation message including the encrypted balance for the requesting user and/or the second user. Systems and computer program products are also provided.

Abstract: Embodiments of the present invention are directed to methods and systems for managing a cryptocurrency payment network comprising one or more issuer nodes and one or more distributor nodes. Issuer nodes may be granted different rights from distributor nodes with respect to the issuance and distribution of digital currency within the cryptocurrency payment network. A management system server computer may generate unique node verification key pairs for each node in the cryptocurrency payment network, where the node verification key pairs may be used to identify and authenticate issuer nodes and distributor nodes.

Abstract: A homomorphic encryption scheme, such as Paillier encryption in combination with a bit packing process allows biometric matching at a terminal without exposing a biometric template stored at a user's device. Because such encryption schemes are data intensive, the bit packing process allows reductions in data being sent and processed so that the biometric matching process can be accomplished in near real time. The high speed of this optimized process allows the technique to be applied to many real world processes such as access control and transaction processing.

Abstract: Techniques for managing an application token may include providing, by a first service provider application on a communication device to a first service provider computer, a first request for a first application token, receiving, by an account management application on the communication device from a token service computer in communication with the first service provider computer, the first application token, and storing the first application token in a token container in the account management application.

Abstract: Systems and methods are described for pre-authentication access request screening. A server computer may receive a request for access to a resource comprising access data. The server computer may transmit, to an authentication computer, an authentication request message comprising at least a subset of the access data and receive an authentication response message comprising authentication data. The server computer may determine an access score based on the authentication data. Alternatively, the server computer may determine the access score based on the access data without using/receiving authorization data. The server computer may generate an access indicator based on the access score. The server computer may prepare and transmit an authorization request message comprising the access indicator to an authorization computer. The authorization computer may approve or decline the access to the resource based on the access indicator.

Abstract: Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for providing, along with a token, a token assurance level and data used to generate the token assurance level. At the time a token is issued, one or more Identification and Verification (ID&V) methods may be performed to ensure that the token is replacing a PAN that was legitimately used by a token requestor. A token assurance level may be assigned to a given token in light of the type of ID&V that is performed and the entity performing the ID&V. Different ID&Vs may result in different token assurance levels. An issuer may wish to know the level of assurance and the data used in generating the level of assurance associated with a token prior to authorizing a payment transaction that uses the token.