Abstract: Methods for generating transaction profile tags from profile transaction activity may include receiving a transaction profile including recorded transactions, associating at least one transaction label with each of the transactions, the labels associated with transaction types, generating a set of profile features based on the recorded transactions from the transaction profile, encoding the set of profile features with a macro-encoder into a first-reduced set, clustering the first-reduced set into at least two subsets, each associated with a macro-profile tag, and tagging the transaction profile with one of the macro-profile tags. Methods may also include encoding the set of profile features with a micro-encoder selected based on the tagged macro-profile tag, clustering the second-reduced set into a plurality of subsets associated with account profile types, respectively, and tagging the transaction profile with a tag associated with the account profile type.

Abstract: A method includes extracting, by an analysis computer, a dataset including initial vector representations for each of a plurality of user nodes and for each of a plurality of resource provider nodes. The analysis computer can then generate updated vector representations as new interaction data arrives over time, and use them to perform predictions of future interactions.

Abstract: In some embodiments, a system includes a processor; and a non-transitory computer readable medium coupled to the processor, the non-transitory computer readable medium including code that: requests, using a device-specific attestation request, a device-specific attestation of a device; receives, via a secure communication channel, device-specific attestation data from the device as a result of the device-specific attestation; and generates an enhanced attestation object based on the device-specific attestation data. In some embodiments, the enhanced attestation object is used to verify that an execution environment of an application on the device is secure. In some embodiments, a device-specific risk score is generated based upon the device-specific attestation data and an enhanced attestation risk score is generated based on the enhanced attestation data analysis, the enhanced attestation risk score being used to verify that the execution environment of the application on the device is secure.

Abstract: A method is disclosed and includes receiving an alias resolve request message comprising an alias from a transfer server, and then transmitting the alias resolve request message comprising the alias to plurality of mapping computers. Then, a plurality of alias resolve response messages are received from the plurality of mapping computers, the plurality of alias resolve response messages respectively comprising a plurality of credentials or tokens. A credential or token from the plurality of credentials or tokens is then determined and transmitted to transfer server computer. The transfer server computer conducts a transaction process using the determined credential or token.

Abstract: Techniques for enhancing the security of a communication device may include providing an application agent and a transaction application that executes on a communication device. The application agent may receive, from the application, a cryptogram key generated by a remote computer, and store the cryptogram key on the communication device. When the application agent receives a request to conduct a transaction from the application, the application agent may generate a transaction cryptogram using the cryptogram key, and provides the transaction cryptogram to an access device.

Abstract: Described herein are a system and techniques for identifying and preventing certain fraud attacks that may be used to defeat facial recognition systems. In embodiments of the system described herein, biometric data may be segregated into regions, which are then processed separately and in parallel. Likeness scores are determined for each of the separate regions. By tracking individual region likeness scores used in access requests in accordance with embodiments of the disclosure, the system is able to identify potential fraud attacks that cannot be detected using conventional systems.

Abstract: Provided is a computer-implemented method for implementing a blockchain-based rewards network. The method includes establishing a blockchain network including administrative nodes, client nodes, and entity nodes, maintaining a distributed ledger on at least a portion of the administrative nodes of the blockchain network, receiving, from a plurality of entities, rewards data including a plurality of offers, each offer of the plurality of offers corresponding to at least one entity identifier, publishing the rewards data to the distributed ledger, querying the distributed ledger based on at least one entity identifier received from a client node, and determining, based on the distributed ledger, at least one offer corresponding to the at least one entity identifier received from the client node.

Abstract: A method is disclosed for conducting a transaction between a computing device and an access device. A server computer may be utilized to facilitate data exchanges between the computing device and the access device. These data exchanges may utilize high-frequency sound signals. The server computer may encrypt at least some portion of data that is then transmitted to the access device via the computing device. The server computer may verify data received from the access device prior to generating and transmitting an authorization request message for the transaction.

Abstract: Described are a system, method, and computer program product for secure real-time n-party computation. The method includes communicating, to a trusted execution environment (TEE), a first computation input and a first portion of a one-time key. The method also includes receiving, from the TEE, an encrypted output of a computation based on the first computation input and a second computation input communicated to the TEE by a second computing device. The method further includes communicating the encrypted output to the second computing device and receiving a digital signature indicating that the second computing device received the encrypted output. The method further includes communicating the first portion of the one-time key to the second computing device and, in response to not receiving the second portion of the one-time key from the second computing device, executing a fallback computation process using the TEE and a shared ledger to determine the computation.

Abstract: Improvements to post-quantum lattice-based digital signature schemes are disclosed. By sampling cryptographic material, including cryptographic key matrices and masking vectors from a uniform distribution, embodiments eliminate the need for a security check during generation of a digital signature vector. As a result, digital signatures can be generated faster and at a lower failure rate. A generating device can generate a verification matrix A and a secret matrix S from a uniform distribution, and an error matrix E from a special distribution (such as a Gaussian). The generating device can combine the three matrices to generate a public matrix Y. The first and the fourth matrices (A, Y) can be used as a public key used to verify digital signatures. The second and the third matrices (S, E) can be used as a private key used to generate digital signatures.

Abstract: A method and system for capturing contactless communication interactions for debugging and evaluating a contactless card. The method includes receiving Near Field Communication (NFC) signaling from a contactless card. Upon receiving the NFC signal, a contactless transaction is initiated between a card emulation device and a payment device. The method includes obtaining Application Protocol Data Unit (APDU) commands from the payment device in response to initiation of the contactless transaction. Further, the APDU commands are provided to the contactless card, and in response, an APDU response is received from the contactless card. Thereafter, the method includes transmitting the APDU response of the contactless card to the payment device. The APDU command and APDU response are stored in each of the reader device and the card emulation device for debugging and evaluating the contactless card transaction.

Abstract: Several round-efficient solitary multi-party computation protocols with guaranteed output delivery are disclosed. A plurality of input devices and an output device can collectively perform a computation using methods such as fully homomorphic encryption. The output of the computation is only known to the output device. Some number of these devices may be corrupt. However, even in the presence of corrupt devices, the output device can still either generate a correct output or identify that the computation was compromised. These protocols operate under different assumptions regarding the communication infrastructure (e.g., broadcast vs point-to-point), the number of participating devices, and the number of corrupt devices. These protocols are round-efficient in that they require a minimal number of communication rounds to calculate the result of the multi-party computation.

Abstract: Described herein is a system for generating a master token to be associated with a set of tokens. In some embodiments, a number of tokens may be obtained by a communication device, which may be provided to a primary authorization computer. The primary authorization computer may generate a master token to be associated with each of those tokens. When the master token is used to complete a transaction, an authorization request may be received by the primary authorization computer that includes the master token. Upon receiving this, the primary authorization computer may obtain approval from a number of secondary authorization computers associated with the tokens, and may generate an authorization response based on those approvals.

Abstract: A dynamic next-stop or next-item recommendation system that is built entirely from raw card transaction data logs. These data logs contain rich transaction data between cardholders and merchants. A query network approach is constructed for geometrical expressivity and automatically learns the inherent class-hierarchy. To ensure scalability and interpretability of the approach, merchants or entities are grouped into interpretable categories and propose a quadtree-based spatial decomposition of the underlying geography. A two-step recommendation process initiates: (1) predict next-merchant quadtree-box and category combination (2) recommend merchants within the predicted combination. This novel neural architecture may handle the hierarchical classification task in the first part of the recommendation system and compare the methods to previous state-of-the-art approaches in related areas.

Abstract: A method comprises receiving, by a server computer, a request message comprising at least a credential from a client device. The server computer can hash the credential to form an altered value. The server computer can then determine whether or not the altered value matches one of the hashed values stored in the database. If the altered value matches a matched hashed value, the server computer can determine a range of a plurality of ranges. The range can be associated with the matched hashed value. The server computer can then determine a data item associated with the range. The server computer can provide the data item to the client device.

Abstract: Systems, methods, and computer program products for data security store, in memory, a plurality of ciphers in association with a plurality of public keys, the plurality of ciphers including a plurality of secret keys encrypted with a key encryption key, and the plurality of secret keys corresponding to the plurality of public keys; receive, a data chunk for encryption; generate, a data encryption key based on a hash function, a public key of the plurality of public keys, and a random number; encrypt, the data chunk with the data encryption key to generate an encrypted data chunk; generate, a header including a cipher of the plurality of ciphers corresponding to the public key of the plurality of public keys and key encapsulation data; and store, in a database, a cipher text including the header and the encrypted data chunk.

Abstract: A method and system of using a vehicle mounted camera device to authenticate a user during an interaction is disclosed. The method includes receiving interaction data regarding an interaction between a user operating a communication device and an access device, the user being near other candidate users. The method then includes determining one or more match indicators, the match indicators generated by comparing different sample biometric templates of the user with different enrolled biometric templates. At least one of the different biometric sample templates may be an image-based biometric template and at least one may be a voice print biometric template. Then the method includes identifying the user based on at least the match indicator associated with the voice print biometric template. The method then includes, if the match indicators are positive match indicators, initiating a process on behalf of the user.

Abstract: A method and system for processing a transaction based on biometric data and access data is disclosed. Different accounts and providers may be used to process transactions, using different message formats, based on user-configured mappings. In one example, the method includes receiving, by a message processing system, an authorization request message from an access device, the authorization request message comprising a biometric template and access data. An interaction entity record identifier, associated with an interaction entity from among a plurality of different interaction entities that process messages in different message formats, may be retrieved. The authorization request message may be converted from a first format to a second format, the second format being compatible with message processing by the interaction entity. The converted authorization request message may be transmitted to the interaction entity for determining whether to authorize the transaction.

Abstract: A method includes forming a communication channel between a user device and an access device. The communication channel is then secured using a user device key pair in the user device and an access device ephemeral key pair in the access device. The access device then generates a session key using at least a private cryptographic key in the access device ephemeral key pair, and a public key in the user device key pair. The access device then uses the session key to secure an ultrawideband communication channel between the user device and the access device.

Abstract: A method comprises a token requestor computer transmitting a first authorization request message comprising a token and first cryptogram for authorization of an interaction to a server computer. The token requestor computer receives a first authorization response message comprising a response code from the server computer, then generates a cryptogram request message comprising the token or a token identifier and the response code. The token requestor computer transmits the cryptogram request message to a token provider computer, which generates a second cryptogram. The token requestor computer receives the second cryptogram and credential and generates a second authorization request message comprising the second cryptogram and the credential. The token requestor computer transmits the second authorization request message to the server computer. A second authorization response message is received from the server computer in response to the second authorization request message.