Abstract: A system and method for verifying users are disclosed. The method includes receiving, by a server computer, from a first authorizing entity computer, an indication of a first hash of information about the user. The first authorizing entity computer has previously verified the user and stored the first hash in a first database. The server computer stores a location of the first hash in a location database. Then the server computer receives from a second authorizing entity computer a verification request message including a second hash of information about the user and retrieves the first hash from the first database using the location. The server computer compares the first hash to the second hash to determine if the hashes match. After determining that the hashes match, the server computer sends a verification response message to the second authorizing entity computer, indicating that the user was previously verified.

Abstract: Described herein are a system and techniques for enabling access control utilizing one or more blockchains associated with a user. A blockchain provider can manage one or more blockchains specifically associated with a an entity, where each blockchain may be associated with a differing sensitivity level. The entity may be a person or a machine such as an IOT (Internet of Things) device. The blockchain provider can manage access control policies associated with each blockchain such that access to the data of the blockchain may be allowed or restricted to requesting entities according to those access control policies.

Abstract: One embodiment of the invention is directed to a method for performing efficient key range searches in a distributed computing system. The method may comprise, receiving a first key (e.g., an alphanumeric identifier). A key range tree map associated with the first key may be identified from a plurality of key range tree maps. In some embodiments, individual key range tree maps map a set of minimum range values to a set of index values. The method may further comprise determining an index value associated with a second key using the determined key range tree map. Transaction processing data associated with the first key may be determined using the index value and provided to the requesting source. Utilizing the plurality of key range tree maps as described herein enables a key range search to be performed using on-board memory of an electronic device.

Abstract: A computer-implemented method for authenticating a payment terminal during a payment transaction by a cardholder is disclosed. The computer-implemented method includes receiving payment information associated with a cardholder account of the cardholder. The method further includes transmitting a payment authorization request to an issuer server, receiving a response form the issuer server to the payment authorization request. The response includes a verification request of a personal identification number (PIN) associated with the cardholder account, and a cardholder-recognizable token previously associated with the cardholder account. The method further includes presenting the cardholder-recognizable token to the cardholder with the verification request of the PIN.

Abstract: An access device is disclosed. The access device includes a non-transitory computer readable medium that includes code for performing a method that includes receiving, from a user device, a digital certificate and a seed, and then encrypting the seed, and a first access device key with a public key from the digital certificate to form encrypted data. The method also includes transmitting, to the user device, the encrypted data. The user device decrypts the encrypted data using a private key corresponding to the public key to obtain the seed, and the first access device key, verifies that the seed received from the access device matches the seed sent to the access device, and encrypts a secret or derivative thereof with the first access device key to form an encrypted secret or derivative thereof. The method also includes receiving the encrypted secret or derivative thereof.

Abstract: Methods and systems for performing federated private anomaly detection are disclosed. An anomaly detector computer can collaborate with an aggregator computer and an account management computer in order to train machine learning models, which can be used to classify events as not fraudulent or fraudulent. The anomaly detector computer can obliviously use private information (e.g., account flags and account flag values) held by the account management computer to train and use the machine learning models, such that the anomaly detector does not become aware of the account flags or account flags values. Such a system can be used, for example, for the detection and prevention of financial crime. The anomaly detector computer can use the account flag information possessed by the account management computer to identify fraudulent events performed by customers of the organization operating the account management computer.

Abstract: A method for tracking multiple classes of records in a single blockchain is disclosed. Class identifiers can used for each record entry to distinguish between classes within the blockchain.

Abstract: A method includes receiving, by a server computer, a thin client identifier from a thin client on a communication device. The server computer can then retrieve an encrypted first cryptographic key based on the thin client identifier. The encrypted first cryptographic key is a first cryptographic key that is encrypted with a second cryptographic key. The server computer can initiate the sending of the encrypted first cryptographic key to the thin client. The server computer then receives an encrypted secret from the thin client, the encrypted secret being a secret encrypted with the first cryptographic key.

Abstract: Systems and methods are for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.

Abstract: Methods, systems, and computer program products may formulate an iterative data mix up problem into a Markov decision process (MDP) with a tailored reward signal to guide a learning process. To solve the MDP, a deep deterministic actor-critic framework may be modified to adapt a discrete-continuous decision space for training a data augmentation policy.

Abstract: A method is disclosed. The method includes receiving, by an access control server, an authentication request message comprising a credential or a token from an access device, after the access device receives the credential or the token from a portable device of a user. The method also includes responsive to receiving the authentication request message, transmitting, by the access control server, a challenge message to a user device associated with the user; generating, by the access control server, an authentication indicator. The method also includes transmitting, by the access control server, an authentication response message including the authentication indicator to the access device.

Abstract: Novel methods of performing statistically receiver private (SRP) string oblivious transfer (OT) are disclosed. Such methods can be used to transfer messages between senders and receivers subject to the conditions of oblivious transfer. These methods can be used as a “building block” to develop useful cryptographic systems, such as multiparty computation networks. A sender computer and a receiver computer can exchange a first and second oblivious transfer message. Data contained in these messages can be used, by the sender computer, to obfuscate a first message and a second message. The sender computer can transmit (in a third oblivious transfer message), both the first obfuscated message, the second obfuscated message and a group element to a receiver computer. Using the group element, the receiver computer can attempt to de-obfuscate one or both of the obfuscated messages, and can receive either a first message or a second message in the process.

Abstract: In a method, account credentials can be securely transmitted. A user device and application can initially select an account, and then obtain a transaction identifier associated with the account. The user device can provide the transaction identifier to a resource provider, which can then directly exchange the transaction identifier for the account credentials.

Abstract: A token specifying a payment account is issued to a party to which payments are to be made and the token is installed in a specially configured camera. Whenever a photograph is captured by the camera, a copy of the token, among other things, is embedded in the photograph's metadata. The metadata may also include photo-specific information and a selling price. When a buyer selects the photo for purchase, the token may be used to facilitate a payment to the party, such as the photographer. The buyer may initiate the transaction by simply dragging the selected photograph or photographs onto a purchase application which automatically extracts price and the token for initiating the purchase transaction. The seller can view the purchase details in the payment account.

Abstract: The present disclosure discloses a method and system for dynamically processing financial transactions. The method includes receiving a transaction request including at least one unique identifier field to transfer payment into an account associated with a payment instrument and authorizing the transaction request based on one or more predetermined rules. The payment instrument is used at an electronic device by a merchant for transfer of the payment from a merchant account. Thereafter, the method includes generating a direct fund transfer message based on the at least one unique identifier field upon authorization of the transaction request and transmitting the direct fund transfer message to an issuer associated with the merchant account for authentication of the direct fund transfer message. Lastly, the method includes transferring dynamically the payment from the merchant account to the account associated with the payment instrument when the direct fund transfer message is authenticated by the issuer.

Abstract: Described are a system, method, and computer program product for reconfiguring a transaction during network processing. The method includes receiving, from a merchant system, a transaction request including transaction data and configured in an initial configuration associated with a single-message transaction or a dual-message transaction. The method includes determining, based at least partly on the transaction data and/or at least one parameter of a merchant profile associated with the merchant system, a recommended configuration associated with a single-message transaction or a dual-message transaction, the recommended configuration different from the initial configuration. The method includes reconfiguring the transaction request based on the recommended configuration.

Abstract: A method includes a first user device generating an interaction message. The interaction message includes an amount, an expiry time, and a condition. The first user device provides the interaction message to a second user device. The second user device creates a witness that satisfies the condition and provides the witness to the first user device. The first user device receives the witness from the second user device. The first user device verifies that the witness satisfies the condition. If the witness satisfies the condition and is received prior to the expiry time, the first user device signs the witness using a first user device private key to obtain a signed witness. The first user device provides the signed witness to the second user device. The second user device verifies a signature of the signed witness and proceeds with obtaining the amount.

Abstract: Embodiments of the disclosure are directed to methods, apparatuses, computer-readable media, and systems for network monitoring of communication requests for authorization to an access device. One embodiment is directed at dual message model in a distributed environment with an electronic access device receiving a cancellation signal and generating and sending a reversal message with cancellation information embedded in the data elements of the reversal message to a processor computer, where the cancellation data may be read and saved by the processor computer before the authorization request message is forwarded to be authorized by an authorization entity. The method further comprises generating a cancellation message after the reversal message has processed, where the cancellation message is sent via a transport computer to clear and reconcile the authorization status of the cancelled authorization request with any necessary authorizing or regulatory entities in the network.

Abstract: A server computing device receives authentication request messages formatted according to a first message format from a party via a computing device of a user involved in a transaction, translates the messages into modified authentication request messages formatted according to a second message format, and transmits the modified authentication request messages to an authorization computer. The server computing device may augment the modified authentication request messages by including data gathered from the received authentication request messages describing the user, user's computing device, and/or network path between the server computing device and user's computing device, as well as risk scores generated based upon the received authentication request message.

Abstract: A method for preventing transmission of malicious data may include receiving transaction data including at least one packet associated with a payment transaction; extracting at least one of network layer data or transport layer data from a header of the at least one packet; determining a first probability indicating that the at least one packet is in a first class based on the at least one of the network layer data or the transport layer data using a classifier. The method may also include determining a second probability indicating that the at least one packet is in a second class based on the at least one of the network layer data or the transport layer data using the classifier; and blocking the at least one packet. A system and a computer program product are also disclosed.