Abstract: Disclosed are a method and system for generating a behavior profile for a new entity. The method is performed in response to and immediately after a new entity is added to a fraud detection system. The method includes generating a doppelganger behavior profile for the new entity based on feature data of the new entity and pre-existing entities. Generating the profile includes determining a similarity score for each pre-existing entity, ranking the plurality of pre-existing entities based on the score, selecting pre-existing entities based on the ranking, and combining behavior profiles of the preexisting entities to produce the profile. The method also includes assigning the profile to the new entity and monitoring the new entity. The method further includes detecting fraud, an anomaly, and/or malicious intent based on the profile, and automatically suspending an aspect of the new entity in response to the detection.

Abstract: Described herein is a platform for providing a resource catalog local to an appliance device, such that the appliance device is able to generate a transaction related to one or more resources within the resource catalog. In some embodiments, the appliance device may receive resource information within streaming data. For example, the appliance device may receive an indication that a portion of streaming media data is related to a resource. Upon determining that a portion of streaming data is related to a resource, the appliance device may be configured to store the portion of data in relation to the identified resource. A user may retrieve and/or execute the portion of streaming data at a later date. In some embodiments, the user may request that a transaction be conducted with respect to the resource and a corresponding transaction request may be generated by the appliance device.

Abstract: Described herein is a platform and method for determining a confidence level associated with a transaction that utilizes dynamic data. In some embodiments, the confidence level is determined based on location data received in relation to the transaction. For example, some embodiments are directed to storing first location information collected from a mobile device provided in a request for the dynamic data, receiving second location information related to a transaction conducted using the dynamic data, and comparing the two with respect to the amount of time that has elapsed between collection of each to determine a confidence level associated with a likelihood that the transaction is authentic.

Abstract: A method and system for generating a behavior profile for a new entity to be added to a behavior-monitored system include receiving feature data of a new entity and feature data of a plurality of pre-existing entities from at least one data source. The plurality of pre-existing entities are associated with a plurality of pre-existing behavior profiles. A doppelganger behavior profile is determined for the new entity based at least partially on the feature data of the new entity and the feature data of the plurality of pre-existing entities, and the doppelganger behavior profile is assigned to the new entity. A target action is implemented with respect to the new entity based at least partially on the doppelganger behavior profile assigned to the new entity.

Abstract: Described herein is a platform for providing a resource catalog local to an appliance device, such that the appliance device is able to generate a transaction related to one or more resources within the resource catalog. In some embodiments, the appliance device may receive resource information within streaming data. For example, the appliance device may receive an indication that a portion of streaming media data is related to a resource. Upon determining that a portion of streaming data is related to a resource, the appliance device may be configured to store the portion of data in relation to the identified resource. A user may retrieve and/or execute the portion of streaming data at a later date. In some embodiments, the user may request that a transaction be conducted with respect to the resource and a corresponding transaction request may be generated by the appliance device.

Abstract: Embodiments of the invention provision multiple payment tokens on a communication device. The communication device may be provisioned with multiple limited use keys (LUK), each LUK being associated with a specific type of transaction. When the communication device is used for a transaction, the communication device automatically determines a type of the transaction and selects an appropriate LUK based on the determined transaction type. The selected LUK may be used to create a cryptogram, which can be used to verify the transaction.

Abstract: Techniques described herein include a platform and process for provisioning user information onto a machine-to-machine device in order to enable the machine-to-machine device to conduct transactions utilizing the user information. In some embodiments, a user device is used to relay information between a machine-to-machine device and a provisioning service provider computer. In some embodiments, a machine-to-machine device is connected to the provisioning service provider computer via a network connection. Upon receiving a request to provision the machine-to-machine device, the service provider computer may identify the device from a device identifier. The service provider computer may generate an access credential or token for the machine-to-machine device. The access credential, token, and/or one or more policies may be provisioned onto the machine-to-machine device.

Abstract: Techniques described herein include a platform and process for provisioning user information onto a machine-to-machine device in order to enable the machine-to-machine device to conduct transactions utilizing the user information. In some embodiments, a user device is used to relay information between a machine-to-machine device and a provisioning service provider computer. In some embodiments, a machine-to-machine device is connected to the provisioning service provider computer via a network connection. Upon receiving a request to provision the machine-to-machine device, the service provider computer may identify the device from a device identifier. The service provider computer may generate an access credential or token for the machine-to-machine device. The access credential, token, and/or one or more policies may be provisioned onto the machine-to-machine device.

Abstract: Described herein is a platform for providing a resource catalog local to an appliance device, such that the appliance device is able to generate a transaction related to one or more resources within the resource catalog. In some embodiments, the appliance device may receive resource information within streaming data. For example, the appliance device may receive an indication that a portion of streaming media data is related to a resource. Upon determining that a portion of streaming data is related to a resource, the appliance device may be configured to store the portion of data in relation to the identified resource. A user may retrieve and/or execute the portion of streaming data at a later date. In some embodiments, the user may request that a transaction be conducted with respect to the resource and a corresponding transaction request may be generated by the appliance device.

Abstract: Described herein is a platform for providing a resource catalog local to an appliance device, such that the appliance device is able to generate a transaction related to one or more resources within the resource catalog. In some embodiments, the appliance device may receive resource information within streaming data. For example, the appliance device may receive an indication that a portion of streaming media data is related to a resource. Upon determining that a portion of streaming data is related to a resource, the appliance device may be configured to store the portion of data in relation to the identified resource. A user may retrieve and/or execute the portion of streaming data at a later date. In some embodiments, the user may request that a transaction be conducted with respect to the resource and a corresponding transaction request may be generated by the appliance device.

Abstract: Disclosed are methods for authorizing a transaction, including receiving a policy message, the policy message including a policy ruleset for determining whether a transaction is authorized and biometric parameters for a machine learning algorithm for authenticating an identity of a user involved in a transaction, receiving biometric measurement data associated with a biometric measurement of a user involved in the transaction, calculating an authentication score based on the biometric measurement data using the machine learning algorithm, wherein the authentication score includes an indication of whether an identity of the user is authenticated based on the biometric measurement data, determining whether the transaction satisfies the policy ruleset for determining authorization of the transaction, and transmitting a decision message, wherein the decision message includes an indication of whether the transaction satisfies the policy ruleset. Systems and computer program products are also disclosed.

Abstract: Embodiments of the invention provision multiple payment tokens on a communication device. The communication device may be provisioned with multiple limited use keys (LUK), each LUK being associated with a specific type of transaction. When the communication device is used for a transaction, the communication device automatically determines a type of the transaction and selects an appropriate LUK based on the determined transaction type. The selected LUK may be used to create a cryptogram, which can be used to verify the transaction.

Abstract: Methods and systems for evaluating metrics (e.g., quality of service metrics) corresponding to a monitored computer, detecting metric anomalies, and issuing alerts, are disclosed. A metrics collecting agent, operating on a monitored computer, collects metrics corresponding to the monitored computer and/or one or more monitored services. These metrics are transmitted to a monitoring server that dynamically determines metric thresholds corresponding to normal metrics and anomalous metrics. Using these metric thresholds, along with a machine learning model, the monitoring server can determine whether one or more metrics are anomalous, automatically issue alerts to security and operations teams, and/or transmit a control instruction to the monitored computer in order to fix the issue causing the anomalous metrics.

Abstract: Embodiments of the invention provision multiple payment tokens on a communication device. The communication device may be provisioned with multiple limited use keys (LUK), each LUK being associated with a specific type of transaction. When the communication device is used for a transaction, the communication device automatically determines a type of the transaction and selects an appropriate LUK based on the determined transaction type. The selected LUK may be used to create a cryptogram, which can be used to verify the transaction.

Abstract: Methods and systems for evaluating microservice system level activities including system calls and commands, and generating security policies for microservices are disclosed. A microservice agent, operating on a microservice host, can collect system level activity data corresponding to a plurality of microservices operating on the microservice host. The microservice agent can transmit the system level activity data to a microservice evaluator that can use the system level activity data to train machine learning models to identify normal and abnormal microservice system level activities. The normal and abnormal system level activities can be used to generate security policies that can be applied to the microservices. Microservices that perform abnormal system level activities or system level activities that violate security policies can be paused or terminated.

Abstract: Methods and systems for evaluating metrics (e.g., quality of service metrics) corresponding to a monitored computer, detecting metric anomalies, and issuing alerts, are disclosed. A metrics collecting agent, operating on a monitored computer, collects metrics corresponding to the monitored computer and/or one or more monitored services. These metrics are transmitted to a monitoring server that dynamically determines metric thresholds corresponding to normal metrics and anomalous metrics. Using these metric thresholds, along with a machine learning model, the monitoring server can determine whether one or more metrics are anomalous, automatically issue alerts to security and operations teams, and/or transmit a control instruction to the monitored computer in order to fix the issue causing the anomalous metrics.

Abstract: A method and system for protecting access to remote systems, such as resource datases containing sensitive resources, such as cryptographic keys or personally identifying information, is disclosed. A server can receive a plurality of access requests from a requesting entity. The server can identify an entity profile corresponding to the access requests, as well as a machine learning model corresponding to the entity profile. The access requests can be used to form access sequences, which can be evaluated by the machine learning model. The machine learning model returns an anomaly score that can be compared to a threshold. If the anomaly score exceeds the threshold, the server can prevent further access to the remote system, for example, by revoking a credential associated with the requesting entity.

Abstract: Methods and systems for inducing model shift in a malicious computer's machine learning model is disclosed. A data processor can determine that a malicious computer uses a machine learning model with a boundary function to determine outcomes. The data processor can then generate transition data intended to shift the boundary function and then provide the transition data to the malicious computer. The data processor can repeat generating and providing the transition data, thereby causing the boundary function to shift over time.

Abstract: Embodiments automatically select one of the multiple pre-generated payment cards provisioned on a mobile device. The multiple pre-generated payment cards (real or virtual) may each have a different credit limit. The mobile device may automatically select one of the multiple payment cards based on a transaction value of a transaction that is being conducted. An available credit limit of the selected payment card may be equal to or slightly greater than the transaction value. In some embodiments, the available credit limit of the selected payment card may be closer to the transaction value than the available credit limits of the remaining payment cards. In some embodiments, the different payment cards may be provisioned in a chip-and-pin based smart credit card or mobile wallet.

Abstract: Methods and systems for detecting and correcting model shift in machine learning models are disclosed. A computer can receive a set of input data from a data source. The computer can apply the input data to a machine learning model to produce a first set of classification data. The computer can perform a metadata test and validate the current machine learning model and the set of input data using a plurality of previously generated machine learning models. The plurality of previously generated machine learning models can produce a plurality of sets of classification data, which can be compared to the first set of classification data. Based on the comparison, the computer can determine whether the set of input data is associated with a malicious entity.