Abstract: A method, for conducting a secure and frictionless payment transaction involving a merchant device and a cardholder device, includes receiving, by a payment solution provider, transaction details from the merchant device, storing, by the payment solution provider, the transaction details, generating, by the payment solution provider, based on the transaction details, a unique resource locator (URL) for a communication to the cardholder device, wherein the URL is configured to permit the cardholder device to provide payment information for the payment transaction independent of the merchant device, capturing, by the payment solution provider, the payment information communicated by the cardholder device independently of the merchant device, matching, by the payment solution provider, the payment information with the transaction details, and initiating, by the payment solution provider, a transaction authorization request based on the matching of the payment information with the transaction details being succes

Abstract: A method of using a processing computer comprising a memory comprising a hash index table and an array index table is disclosed. The method includes receiving an initial request message comprising a plurality of data fields with data elements for a transaction, and creating service request messages, where each service request message comprises a transaction key and data elements. The method includes transmitting the service request messages to server computers, which process them and generate service response messages, each service response message having the transaction key and response data. The method includes receiving the service response messages. The method includes for each of the service response messages: accessing the hash index table and determining a row address identifier for a row in the array index table based on the transaction key, and accessing data in the row of the array index table associated with the row address identifier.

Abstract: “Updatable” private set intersection (PSI) protocols allow parties that each have an updatable private set to determine the intersection of their sets after an update without the need to compare each element of each set and without compromising privacy. In some protocols, a first party can determine an update to the intersection by determining an intersection of elements that were previously in the first party's set with elements that were added to the second party's set and determining an intersection of elements that were added to the first party's set with elements that are in the second party's (updated) set. In some protocols, both parties can determine the updated intersection.

Abstract: A verification application executing at a user's mobile phone directs the user to take a photo of an identification document (e.g., driver's license or other form of government issued identification) or of their face. After the verification application sends the image to a backend service, the service may then dispatch a drone to the user's location and take a photograph of the user. The service may then validate the previously-imaged document or photo of the user's face against the photograph of the user and the geolocation sent with the first image. The service may then verify the new account and provision a token to the verification application to complete a secured account generation.

Abstract: Provided is a method for protocol parsing for network security. The method may include receiving, by a packet capture system, a plurality of packets, parsing lower layer data from each packet, and communicating a respective payload of each respective packet to at least one first queue. A routing system may route the respective payload of each respective packet to a respective second queue of a plurality of second queues based on a respective protocol of the respective packet. A respective protocol parser node of a parsing system may parse higher layer data from the respective payload of each respective packet from each respective second queue. The packet capture system may communicate the lower layer data for each packet to a third queue, and the parsing system may communicate the higher layer data for each packet to the third queue. A system and computer program product are also disclosed.

Abstract: A method for performing a key recovery process is disclosed. The method comprises entering, in a user device, a user identifier unique to a user. The user device may then obscure the user identifier to form an obscured user identifier. The user device may then transmit the obscured user identifier to a first and second entity computer. The method may then include the first entity computer generating a first output using the obscured user identifier and a first share, and the second entity computer generates a second output using the obscured user identifier and a second share. As a response to transmitting the obscured identifier, the user device may receive the first output from the first entity computer and the second output from the second entity computer. The user device may then generate a secret key after processing the first output and the second output, completing the key recovery process.

Abstract: One embodiment of the invention is directed to a method comprising: receiving, by a token requestor computer from a point of interaction device, verification of authentication data and the linking data; determining, by the token requestor computer, a token based on the linking data after analyzing the verification of the authentication data; transmitting, by the token requestor computer to a token service computer, a cryptogram request message; receiving, by the token requestor computer from the token service computer, a cryptogram associated with the token; generating, by the token requestor computer, an authorization request message comprising the token and the cryptogram to a processor computer; and receiving, by the token requestor computer, an authorization response message from the processor computer.

Abstract: A method, performed by a digital identity computer, for processing a resource request is disclosed. The method includes receiving. from a user device operated by a user, a resource request and indication of identity attributes needed to process the resource request. The digital identity computer may then retrieve an identity token associated with the user and compute an authentication score based on the sensitivity and rarity of the identity attributes indicated. The authentication score can be used to determine an authentication process. After determining and executing the authentication process with the user device, the digital identity computer may then grant the user device access to the resource requested.

Abstract: A method performed by a server computer is disclosed. The method comprises generating a binary compositional code matrix from an input matrix. The binary compositional code matrix is then converted into an integer code matrix. Each row of the integer code matrix is input into a decoder, including plurality of codebooks, to output a summed vector for each row. The method then includes inputting a derivative of each summed vector into a downstream machine learning model to output a prediction.

Abstract: A method is disclosed. The method includes receiving, by a user device, an encrypted message from a server computer. The encrypted message is a message encrypted with a master secret key or a key derived from the master secret key. The user device signs the encrypted message with a secure element private key. The user device, using a whitebox, cryptographically recovers a secure element public key from a certified key using a server computer public key. The certified key is certified by the server computer and based on at least the secure element public key. The user device, using the whitebox, cryptographically recovers the encrypted message from the signed encrypted message using the secure element public key. The user device, using the whitebox, decrypts the encrypted message using the master secret key or the key derived from the master secret key in the whitebox to obtain the message.

Abstract: The system and method may assess the merchant risk level on a more continuous scale rather than a binary categorization. It may produce a continuous risk score proportional to the likelihood of a merchant being risky, effectively addressing the issue of shades of gray encountered by the traditional blacklisting approach. The continuous risk score feature provides greater flexibility as it allows the payment network to make dynamic pricing decisions (known as interchange optimization) based on the merchant risk level. Using collective intelligence from transactions across the payment network, the system and method may be able to assess the merchant risk level with high accuracy. The system and method may be particularly beneficial to small merchants with low transaction volume as even a few fraudulent transactions can easily put them in the high-risk merchant category. Further, the system and method may help payment processing networks make better decision on cross-border transactions.

Abstract: Identification elements may be added to a vehicle and the identification elements may be required before a transaction through the vehicle may be approved. The identification elements may be a second layer of security to ensure that a payment request is valid and not fraudulent.

Abstract: A cross-wallet system generate a cross-platform key or a virtual account number for a first digital wallet provider to be used by the consumer when the consumer wishes to send payment to a second digital wallet provider with which the consumer does not possess an account. Moreover, the virtual account number, in one example, may only include a partial set of card number that does not include the typical set of card number. The virtual account number created by embodiments of the invention further enable security features that prevent fraud and protect the consumer's financial assets.

Abstract: Embodiments of the invention are directed to methods and devices for predicting interactions. One embodiment is directed to a method comprising receiving, by one or more computers, interaction data for a plurality of known interactions between resource providers and users, and creating a topological graph based on the plurality of known interactions. The method may further comprise determining, by the one or more computers, a plurality of communities to form a predictive model, and receiving a request for a prediction. In addition, the method may comprise applying the request to the predictive model, by the one or more computers, by identifying a community in the plurality of communities corresponding to the request, determining a node within the identified community, and providing information regarding the node as the requested prediction.

Abstract: A disclosed method includes a tokenization computer receiving, from a processing network computer, a tokenization request message during an interaction between a first user device and a second user device. The tokenization request message comprises first user account data and second user account data. The tokenization computer can select a tokenization option of a plurality of tokenization options in a tokenization matrix based on the first user account data and the second user account data. The tokenization computer can then determine alternate first user account data and alternate second user account data based on the tokenization option. The tokenization computer can generate a tokenization response message comprising the alternate first user account data and the alternate second user account data. The tokenization computer can then provide the tokenization response message to the processing network computer.

Abstract: A method is disclosed. The method includes processing a group interaction request for an interaction involving a group. Better assurance for the interaction is provided by providing a one-time password that has a number of portions that are sent to a plurality of user devices. The portions are received and one user device may concatenate the portions to form the one-time password. It may then be entered to authenticate the interaction. Other examples include the use of an authorization request message that is authorized for an initial value. Later, separate authorization request messages with different credentials may be transmitted for different users in the group.

Abstract: Embodiments of the invention are directed to systems, methods, and devices for providing dynamic applicability management with respect to a testing framework. Executable code segments can be provided in/with various test procedures that include instructions for testing hardware, software, capabilities, features, functionalities, or protocols of a computing device. Each code segment can encapsulate logic that, when executed, identifies whether a corresponding test procedure is applicable to a device given that device's configuration. By executing each code segment, a set of applicable test procedures can be identified. Identifiers or the test procedures may be provided to the device to be tested or a testing platform configured to conduct the test of that device. Transmitting the identifiers and/or procedures configures those devices to perform the test through simulating a legitimate data exchange.

Abstract: Disclosed herein are systems and methods for secure, mutual, peer-to-peer payments. In one aspect, an encrypted secure system for peer to peer payments, comprising an authentication server is disclosed to receive, a model hash key and an encrypted transaction, from an initiator account; store, the model hash key in an associated database; setting, by the authentication server, a validation time limit for storing the hash key; send, the encrypted transaction to a recipient account; receive by the authentication server a response from the recipient account, the response comprising a response hash key; and validate the response, by the authentication server, based on a match between the response hash key and the model hash key.

Abstract: A computer-implemented system for streamlining encryption payload of a card transaction from a transaction code transaction via a merchant inside a restricted computer network firewall. A wallet application stores data of a payment device, and the wallet application retrieves information of a merchant and a transaction via a transaction code. In response to the retrieved information, the wallet application generates an encrypted payload. The wallet application transmits the encrypted payload to a payment facilitator within the restricted computer network firewall. After decryption of the encrypted payload, the payment facilitator transmits a decrypted payload in one payment packet to the payment processing server outside the restricted computer network firewall.

Abstract: Methods and systems for facilitating a transaction are provided. A transaction involving an integrated circuit user device in contact with an access device is processed in less time, such that the user device can be removed at an earlier time. In embodiments, an access device provides an estimated value to a user device such that a cryptogram can be generated without waiting for a final value. Additionally, the access device can store user device data and then complete the transaction with the user device before authorizing the transaction, such that the user device can be removed without waiting for an authorization response.