Abstract: A system and method for using a deep learning model to learn program semantics is disclosed. The method includes receiving a plurality of execution traces of a program, each execution trace comprising a plurality of variable values. The plurality of variable values are encoded by a first recurrent neural network to generate a plurality of program states for each execution trace. A bi-directional recurrent neural network can then determine a reduced set of program states for each execution trace from the plurality of program states. The reduced set of program states are then encoded by a second recurrent neural network to generate a plurality of executions for the program. The method then includes pooling the plurality of executions to generate a program embedding and predicting semantics of the program using the program embedding.

Abstract: An automation computer can receive a set of instructions pertaining to a transaction. The automation computer can generate a request to generate and activate a virtual account, where the virtual account is associated with a transaction value and a transaction amount. The virtual account can be managed by an authorization computer that can load a transaction value onto the virtual account in an amount equal to the transaction amount. The authorization computer managing both issuer and acquirer functionality in a transaction settlement can settle the transaction rapidly using the loaded virtual account by depositing the transaction value associated with the virtual account directly into an account of a resource provider.

Abstract: A method includes receiving a first data set comprising embeddings of first and second types, generating a fixed adjacency matrix from the first dataset, and applying a first stochastic binary mask to the fixed adjacency matrix to obtain a first subgraph of the fixed adjacency matrix. The method also includes processing the first subgraph through a first layer of a graph convolutional network (GCN) to obtain a first embedding matrix, and applying a second stochastic binary mask to the fixed adjacency matrix to obtain a second subgraph of the fixed adjacency matrix. The method includes processing the first embedding matrix and the second subgraph through a second layer of the GCN to obtain a second embedding matrix, and then determining a plurality of gradients of a loss function, and modifying the first stochastic binary mask and the second stochastic binary mask using at least one of the plurality of gradients.

Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. Once enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.

Abstract: An issuing authority (IA) may validate the identity of a user and issue a digital license to the user. IA may generate IA public-private key pair, and provide IA public key to the certification authority (CA). IA may sign the digital license with IA private key, and provision the signed digital license on the user device. IA may request CA to certify the digital license. CA may use IA public key to validate the digital license, and sign IA public key with CA private key, thereby generating a digital certificate associated with the issuing authority that is linked to the digital license. A relying party may use CA public key to validate the digital license. The relying party can retrieve the information from the digital license and trust that the retrieved information is legitimate.

Abstract: A method is disclosed. The method includes transmitting, by a user device to an access device, a digital certificate and a seed. The access device encrypts the seed and a first access device key with a public key from the digital certificate to form encrypted data. The method also includes receiving from the access device, the encrypted data, decrypting the encrypted data using a private key corresponding to the public key to obtain the seed and the first access device key, verifying that the seed received from the access device matches the seed sent to the access device, encrypting a secret or derivative thereof with the first access device key to form an encrypted secret or derivative thereof, and transmitting to the access device, the encrypted secret or derivative thereof.

Abstract: Systems and methods for adaptive attack resistant distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess multiple secret shares corresponding to distinct secret values, which may be used in the process of encrypting or decrypting data. The client computer may generate multiple commitments and transmit those commitments to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitments and their respective secret shares. The partial computations may be transmitted to the client computer. The client computer may use the partial computations to generate a cryptographic key. The client computer may use the cryptographic key to encrypt a message or decrypt ciphertext.

Abstract: An initiator device can broadcast a witness request to one or more authentication devices. The one or more authentication devices can then determine an assurance level from a range of assurance levels and determine a token share corresponding to the assurance level. The initiator device can then receive, from the one or more authentication devices, at least one witness response comprising the token share corresponding to the assurance level. The initiator device can generate an authentication token using a set of token shares. The initiator device can then transmit the authentication token to an authentication server, wherein the authentication server verifies the authentication token.

Abstract: A method for processing a potentially fraudulent electronic payment transaction includes: receiving a first fraud detection rule configured to identify a potentially fraudulent electronic payment transaction; storing the first fraud detection rule in a fraud rules database; receiving a transaction request message; generating and storing a first case record associated with the first transaction in a case management database; receiving an updated fraud detection rule superseding the first fraud detection rule; applying the updated fraud detection rule to the first transaction to determine whether the first transaction does not satisfy the at least one updated fraud detection rule; and deleting the first case record from the case management database before the first transaction is further analyzed for fraud.

Abstract: A method for preventing transmission of malicious data may include receiving transaction data including at least one packet associated with a payment transaction; extracting at least one of network layer data or transport layer data from a header of the at least one packet; determining a first probability indicating that the at least one packet is in a first class based on the at least one of the network layer data or the transport layer data using a classifier. The method may also include determining a second probability indicating that the at least one packet is in a second class based on the at least one of the network layer data or the transport layer data using the classifier; and blocking the at least one packet. A system and a computer program product are also disclosed.

Abstract: A method and system for provisioning access data in a second application on a mobile device using a first application on the mobile device. Authentication data may be input into the first application, and an authentication code may be requested from a remote server. After the authentication code is received by the first application in the mobile device, it can pass the authentication code to a second application that initiates an access data provisioning process.

Abstract: When a merchant fails to provide payment service details, a system matches in real time information from a data processor with data from the payment service to allow matching a request from the payment system to a particular transaction. The matching system may use high speed buffers and hardware logic to rapidly match related data from different sources at speeds of thousands a second or more. This allows characterization of the transaction for recognition of current offers applicable to the transaction as well as generation of future offers.

Abstract: In some embodiments, a method includes receiving zonal topology information related to a zonal topology of a plurality of zones; utilizing the zonal topology information to perform a level strength assessment of each level of a plurality of levels associated with the zonal topology of the plurality of zones; and based on the level strength assessment of each level of the plurality of levels, scaling a target number of resources to at least a first level of the plurality of levels of the zonal topology. In some embodiments of the method, the level strength assessment includes performing a level-by-level breadth analysis of each level of the plurality of levels of the zonal topology.

Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.

Abstract: Systems and methods for processing a financial transaction are provided. In a method conducted at an issuing server computer associated with a first entity, a transaction request message is transmitted to an acquiring server computer associated with a second entity. The transaction request message is in respect of a push transaction in which funds from the first entity are transferred to the second entity and includes a first set of data elements. In response to transmitting the transaction request message, a transaction response message and a second set of data elements are received. The second set of data elements are associated with the first set of data elements and the financial transaction is processed using information contained in the first set of data elements and the second set of data elements.

Abstract: Multiple different non-financial loyalty currencies held by different issuers are used by a consumer as financial tender for a transaction with a merchant. Each issuer pays to a primary issuer the financial currency value of the non-financial loyalty currencies being held in return for a corresponding reduction of the balance of non-financial loyalty currency. For each reduced balance, the primary issuer adds an equivalent primary loyalty currency to a primary loyalty account for the consumer. The primary issuer pays the merchant for the transaction in financial currency and makes an equivalent reduction in the balance of the primary loyalty currency. The financial value of each loyalty currency may be dependent upon its use in a transaction with a competitor of a merchant supplying loyalty currency to the consumer.

Abstract: An entity may generate digital account credentials when a new account is approved for generation by an authorizing entity that controls or issues new accounts. A user may contact an authorizing entity to open a new account with the authorizing entity. The authorizing entity may authenticate the user and may approve a new account to be generated for the user. The user may wish to conduct transactions immediately upon approval. However, the authorizing entity may not immediately generate a physical identification device along with an actual account identifier associated with the new account. An intermediary entity may generate digital account credentials for the new account immediately after the authorizing entity approves generation of the new account, provide the digital account credentials to the account holder, and process transactions using the digital account credentials.

Abstract: A method and system for central hub reconciliation is disclosed. The central hub reconciliation can provide for improved methods of reconciliation between a buyer (e.g., a request realization party) and a supplier (e.g., a request originating party). A central hub server may receive a data file comprising remittance data and payment data from a request realization computer. The remittance data is associated with a request provided from a request originating computer to the request realization computer. The central hub server ay then generate a unique identifier for the data file, and provide the payment data and the unique identifier to an authorizing entity computer requesting payment on behalf of the request realization computer. The central hub provides the remittance data and the unique identifier to the request originating computer which updates a repository using the payment data and the remittance data upon finding a match.

Abstract: Described are a system, method, and computer program product for reconfiguring a data table for processing on a server cluster. The method includes extracting a data table from a relational database and determining whether the data table includes a column having a range of values with a uniform distribution. The method also includes, in response to determining that the data table includes the column, classifying the column as a candidate column for splitting the data table. The method further includes, in response to determining that the data table does not include the column, inserting an index column into the data table and classifying the index column as the candidate column. The method further includes splitting the data table based on the candidate column and distributing each subdivision to a node of the server cluster so as to cause the server cluster to collectively process the data table.