Abstract: Systems, methods, and non-transitory computer readable media relate to smartcard biometric enrollment. In an embodiment that does not require a user to visit a central location to provide fingerprint images, an activation code corresponding to a unique ID that uniquely identifies a user of a service is generated and sent to the user. In response, at least one finger image is received from a user device. The image is processed to isolate a fingerprint image, which is used to generate a biometric template that is sent to a smartcard manufacturer and used to configure a smartcard for biometric authentication of the user. In another embodiment, a kiosk/ATM provides smartcard biometric enrollment by detecting a smartcard in the smartcard reader, verifying an ID of a user associated with the smartcard, capturing a biometric image from the user, processing the biometric image to generate a biometric template, and storing the biometric template on the smartcard.

Abstract: Systems and methods are provided for managing digital identities associated with users. One exemplary method includes receiving, at a computing device, an encrypted message from a communication device associated with a user where the message includes a changed attribute for the user. The method also includes generating a first hash of a first digital identity for the user with the changed attribute and generating a second hash of a second digital identity of the user stored in a ledger data structure. And, in response to the first hash not matching the second hash, the method then includes broadcasting a pending status of the first digital identity to a relying party for the second digital identity, and storing a certification of the changed attribute, received from the relying party in response to the pending status, based on verification of the changed attribute by the relying party.

Abstract: Systems and methods are provided for use in provisioning a biometric image template to a card device. One example portable communication device includes a processor, a wireless communication interface coupled to the processor, and an input device coupled to the processor. The processor is configured to transmit to a card device, via the wireless communication interface, a certificate associated with the portable communication device, whereby the portable communication device is authenticated by the card device, receive from the card device, via the wireless communication interface, a certificate associated with the card device, and authenticate the card device based on the received certificate. After the card device is authenticated, the processor is configured to capture, via the at least one input device, a biometric image of the user and provision, via the wireless communication interface, the captured biometric image to the card device.

Abstract: A method for real-time invoice updating and account-to-account payment includes: receiving invoice data based on presentation of an invoice by a distributor to a recipient at a delivery location, modification of the invoice by the recipient, and acceptance of the invoice by the recipient; generating a request for payment (RFP) message based on the invoice data; transmitting the RFP message to a financial institution associated with the recipient via a financial institution of the distributor; receiving, from the financial institution associated with the distributor, a payment confirmation for the invoice based on a real-time payment from the financial institution associated with the recipient; generating reconciliation data based on the payment confirmation and the invoice data; and transmitting the reconciliation data to a computing device of the distributor and a computing device of the recipient.

Abstract: Systems and methods are provided for managing user identities in networks. One example method includes receiving, at a communication device, a request from a relying party for an assertion of an identity of a user where the communication device includes a software development kit (SDK). The method also includes, after receiving the request for the assertion, authenticating, by the communication device, the user and, based on a successful authentication of the user, compiling, via the SDK, an assertion packet including an attestation regarding authentication of the user where the assertion packet is signed with a private key of a private-public key pair stored in a memory of the communication device. The method then includes transmitting the assertion packet to the relying party.

Abstract: A method for real-time invoice updating and account-to-account payment includes: receiving invoice data based on presentation of an invoice by a distributor to a recipient at a delivery location, modification of the invoice by the recipient, and acceptance of the invoice by the recipient; generating a request for payment (RFP) message based on the invoice data; transmitting the RFP message to a financial institution associated with the recipient via a financial institution of the distributor; receiving, from the financial institution associated with the distributor, a payment confirmation for the invoice based on a real-time payment from the financial institution associated with the recipient; generating reconciliation data based on the payment confirmation and the invoice data; and transmitting the reconciliation data to a computing device of the distributor and a computing device of the recipient.

Abstract: A method for facilitating payment across different enterprise ecosystems through the use of a gateway platform includes: receiving, by a receiver of a processing server, a payment request message from a first computing system, wherein data included in the payment request message is formatted according to a first data format; translating, by a processor of the processing server, the data included in the payment request message into a second data format; transmitting, by a transmitter of the processing server, the translated payment request message to a second computing system; receiving, by the receiver of the processing server, a payment confirmation message; and transmitting, by a transmitter of the processing server, an update message to a third computing system different from the first computing system.

Abstract: Systems and methods are provided for managing user identities in networks. One exemplary method includes receiving, at a communication device, an API call request for a credential from a relying party. The communication device includes an application that incorporates an SDK. After receiving the API call request for the credential, the communication device authenticates a user associated with the communication device and identified in the API call request. After authentication of the user the communication device generates, via the SDK, a private-public key pair and stores the private key in memory. The communication device compiles, via the SDK, a credential packet include the public key and identity data associated with the user and transmits the credential packet to the relying party, whereby the relying party is registered to the SDK to request assertions of an identity of the user.

Abstract: Systems and methods are provided for verifying identities of users. One example computer-implemented method includes requesting a unique ID for a user, from a software development kit (SDK) in a mobile device, and issuing the unique ID for the user. The method also includes generating, by the SDK, a public/private key pair specific to the unique ID, prompting the user to capture an image of a government issued document, and capturing the image of the document. The method further includes validating, by the mobile device, the identity of the user based on the image of the document and, based on the validation, (i) converting the image via a one-way hash function, (ii) signing the hashed image with the private key of the public/private key pair, and (iii) transmitting the signed hashed image, the unique ID, and the public key of the public/private key pair to an identification provider.

Abstract: Systems, methods, and non-transitory computer readable medium use external databases for biometric authentication. A server receives a request for authentication of a user from a requestor. A notification is sent to a user device associated with the user from the server. A biometric image is received within the server in response to the notification. A biometric ID of the user is sent from the server to an external database for identifying a biometric template stored with the external database. An authentication result indicative of a match between the biometric image and the biometric template is determined and the authentication result is sent to the requestor. The external databases are owned by a third party, and the biometric template of the user was previously generated and stored within the external database in association with the biometric ID.

Abstract: Systems and methods are provided for verifying identities of users. One exemplary method includes generating a unique identifier (ID) for a user, generating a public/private key pair associated with the unique ID for the user, and receiving at least two images. The images include a first image associated with a physical document indicative of an identity of the user and a second image comprising an image of at least part of the user. The exemplary method further includes validating an integrity of the first image, converting at least the first image to one-way hashed data, when the integrity of the first image is valid, and transmitting the hashed data signed with the private key, the unique ID and the public key to an identification provider, whereby a digital identity record for the user is stored in a ledger data structure.

Abstract: Methods and apparatus for securing access to an encrypted personal data store on a mobile device. In some embodiments, a universal integrated circuit card (UICC) processor receives, from a mobile device processor of a mobile device having an encrypted Personal Data Store (PDS), a PDS access request associated with a mobile application, then determines that access control rules are stored in at least one access control rules database and transmits to the mobile device processor, the access control rules governing access to the data in the encrypted PDS. The process also includes the UICC processor receiving a request for a symmetric shared secret and transmitting the symmetric shared secret to the mobile device processor for use in accessing the PID of the user stored in the encrypted PDS in accordance with the access control rules.

Abstract: Systems and methods are provided for use in provisioning a biometric image template to a card device. One example portable communication device includes a processor, a wireless communication interface coupled to the processor, and an input device coupled to the processor. The processor is configured to transmit to a card device, via the wireless communication interface, a certificate associated with the portable communication device, whereby the portable communication device is authenticated by the card device, receive from the card device, via the wireless communication interface, a certificate associated with the card device, and authenticate the card device based on the received certificate. After the card device is authenticated, the processor is configured to capture, via the at least one input device, a biometric image of the user and provision, via the wireless communication interface, the captured biometric image to the card device.

Abstract: Systems, methods, and non-transitory computer readable media relate to smartcard biometric enrollment. In an embodiment that does not require a user to visit a central location to provide fingerprint images, an activation code corresponding to a unique ID that uniquely identifies a user of a service is generated and sent to the user. In response, at least one finger image is received from a user device. The image is processed to isolate a fingerprint image, which is used to generate a biometric template that is sent to a smartcard manufacturer and used to configure a smartcard for biometric authentication of the user. In another embodiment, a kiosk/ATM provides smartcard biometric enrollment by detecting a smartcard in the smartcard reader, verifying an ID of a user associated with the smartcard, capturing a biometric image from the user, processing the biometric image to generate a biometric template, and storing the biometric template on the smartcard.

Abstract: Systems, methods, and non-transitory computer readable media relate to smartcard biometric enrollment. In an embodiment that does not require a user to visit a central location to provide fingerprint images, an activation code corresponding to a unique ID that uniquely identifies a user of a service is generated and sent to the user. In response, at least one finger image is received from a user device. The image is processed to isolate a fingerprint image, which is used to generate a biometric template that is sent to a smartcard manufacturer and used to configure a smartcard for biometric authentication of the user. In another embodiment, a kiosk/ATM provides smartcard biometric enrollment by detecting a smartcard in the smartcard reader, verifying an ID of a user associated with the smartcard, capturing a biometric image from the user, processing the biometric image to generate a biometric template, and storing the biometric template on the smartcard.

Abstract: Systems and methods are provided for use in provisioning a biometric image template of a user to a card device associated with the user. One exemplary method includes authenticating, by a card device, a portable communication device associated with the user based on a certificate associated with the portable communication device and receiving, at the card device, a biometric image of the user from the portable communication device after the portable communication device is authenticated. The method then includes storing, by the card device, the biometric image of the user in a memory of the card device as a biometric image template of the user, whereby the user may be authenticated, by the card device, based on a subsequent biometric image matching the biometric image template.

Abstract: Methods and systems for protecting sensitive data and applications on a mobile device. In an embodiment, a mobile device processor of a mobile device downloads, from a digital wallet server computer, a mobile wallet application including a white box software development kit (SDK) which includes code protection processes, then obfuscates, by running the code protection processes of the white box SDK, consumer financial data and consumer authentication data and stores the obfuscated consumer financial data and consumer authentication data in a regular memory of the mobile device. The process also includes protecting, by the mobile device processor running the white box SDK, sensitive applications stored in the regular memory which execute during a transaction from attack, and re-obfuscating, by the mobile device processor, at least one of the consumer financial data and the consumer authentication data according to a predetermined time interval.

Abstract: Systems and methods are provided for enabling, providing, and managing digital identities in association with mobile devices. One example method includes determining, by a mobile device, that identity data of a user is changed, and prompting the user to identify a third party separate from the mobile device to authenticate the user. The method also includes requesting the third party to authenticate the user, and causing an authentication interface of the third party to be displayed at the mobile device where the authentication interface solicits login credentials for an account of the user at the third party. The method then includes granting, by the mobile device, access to one or more aspects of a mobile application installed at the mobile device, in response to an indication of a successful authentication of the user from the third party.

Abstract: Systems and methods are provided for managing digital identities associated with users. One exemplary method includes receiving, at a computing device, an encrypted message from a communication device associated with a user where the message includes a changed attribute for the user. The method also includes generating a first hash of a first digital identity for the user with the changed attribute and generating a second hash of a second digital identity of the user stored in a ledger data structure. And, in response to the first hash not matching the second hash, the method then includes broadcasting a pending status of the first digital identity to a relying party for the second digital identity, and storing a certification of the changed attribute, received from the relying party in response to the pending status, based on verification of the changed attribute by the relying party.

Abstract: A secure on-device cardholder authentication method and system. In an embodiment, a consumer's mobile device uses a mobile application to receive a user authentication request from an entity. A biometric data capture request is then transmitted to a biometric sensor of the mobile device, and a determination made that the mobile application is authorized to use an authenticator API. Next, the mobile device processor prompts the user to provide at least one form of biometric data in accordance with business rules, receives a user authentication response when the user provided biometric data matches locally stored biometric data, generates a positive user authentication response message, and transmits the positive user authentication response message to the entity.