Abstract: A method for device based biometric authentication includes: storing, in a computing device, an encrypted biometric template; storing, in a first memory of the computing device, at least a first application program; storing, in a second memory of the computing device, at least a second application program and an encryption key, wherein the second memory is a trusted execution environment; receiving, by the second application program of the computing device, a validation request submitted by the first application program; receiving, by an input device of the computing device, biometric data; decrypting, by the second application program of the computing device, the encrypted biometric template using the encryption key; validating, by the second application program of the computing device, the received biometric data using the decrypted biometric template; and transmitting, by the second application program of the computing device, a result of the validation to the first application program.

Abstract: A method for registration of a biometric template in a computing device includes: storing, in a first memory of a computing device, a biometric module; receiving, by an input device of the computing device, biometric data of a user; generating, by the biometric module of the computing device, a template based on the biometric data; generating, by a generation module of the computing device, a cryptographic key pair comprised of a private key and a corresponding public key using an encryption algorithm; encrypting, by an encryption module of the computing device, the generated template using the private key; storing, in a second memory of the computing device, the private key, wherein the second memory is a trusted execution environment; and storing, in the computing device, the encrypted template.

Abstract: Methods and systems for authenticating both a browser-based user mobile device and the user in association with an online transaction. In an embodiment, the process includes receiving, by a cloud-based authentication service computer, a user authentication request from a user mobile device. A mobile transaction application determines that the user and the entity involved in the online transaction are enrolled in a cloud-based authentication service, identifies a user data structure and a user profile, determines that the received user authentication data and user mobile device identification data matches data stored in the user profile, and determines that a requirement of the entity is satisfied. The mobile transaction application then transmits a positive user authentication message to an entity computer.

Abstract: According to some embodiments, a requesting application executing on a mobile device may request a transport layer security key pair in connection with a payment transaction. Responsive to the request, a trusted execution environment client of the mobile device may route a request to a payment application executing in a secure trusted execution environment of the mobile device. It may then be arranged, within the secure trusted execution environment, to create the transport layer security key pair and provide key pair to the requesting application. Moreover, in some embodiments, the mobile device may transmit payment transaction information to an access control server and receive a request for biometric authentication. It may then be arranged for hardware within the mobile device to biometrically authenticate a user of the mobile device.

Abstract: A method for generating a 3D object for visualizing multivariate data includes gathering subscriber information about subscribers of a network, receiving a user request to generate the 3D object, and generating object-data specifying a three-dimensional contour that models a relationship between at least two variables of the subscriber information and a measure. The three-dimensional contour is based on the received request and on the subscriber information, and the object data is generated in a format that is printable by a 3D printer. The object data is transmitted to the user.

Abstract: One or more devices may receive attribute information identifying multiple attributes associated with a client device; classify the client device based on the attribute information; and provide, based on classifying the client device, classification information to a network device to cause the network device to associate a particular policy set, of multiple policy sets, with the client device. The classification information may identify a classification of the client device. The particular policy set may be based on the classification of the client device and may include an instruction used to process a data flow provided to or provided from the client device.

Abstract: A secure on-device cardholder authentication method and system. In an embodiment, a consumer's mobile device uses a mobile application to receive a user authentication request from an entity. A biometric data capture request is then transmitted to a biometric sensor of the mobile device, and a determination made that the mobile application is authorized to use an authenticator API. Next, the mobile device processor prompts the user to provide at least one form of biometric data in accordance with business rules, receives a user authentication response when the user provided biometric data matches locally stored biometric data, generates a positive user authentication response message, and transmits the positive user authentication response message to the entity.

Abstract: The described examples provide a system and methods for identifying a location of a mobile device within an indoor venue using cellular communication signals obtained while the mobile device is within the indoor venue. An array of antennas arranged within the indoor venue detects cellular communication signals transmitted by the mobile device. The detected cellular communication signals have detectable and measurable signal parameters that allow the location of the mobile device within the indoor venue and an identifier of the mobile device to be determined. The determined identifier of the mobile device may also be used to identify the mobile device subscriber. The mobile device indoor location information may be used to update an anonymized subscriber profile associated with the mobile device subscriber.

Abstract: An open, on-device Cardholder Verification Method (“CVM”) controller may receive CVM policies from issuers and store the policies in a database. The open, on-device CVM controller may then receive a request from a remote mobile device, and automatically determine at least one issuer associated with the request. Appropriate CVM policies may be retrieved and transmitted to the remote mobile device. An open, on-device CVM application executing on the mobile device may then receive a CVM authentication request, associated with a payment token, from a payment application. Responsive to the authentication request, a CVM policy may be accessed based on the payment token. It may then be arranged for an authenticator of the mobile device to authenticate a user in accordance with the CVM policy. When the user is authenticated, an authentication success indication may be sent from the open, on-device CVM application to the payment application.

Abstract: Systems and methods for managing information about content transmission are disclosed. In some implementations, a first mobile device communicates with a second mobile device, via a short-range radio of the first mobile device, to either send or receive a content item. The first mobile device tags the content item with a tag. The tag identifies the second mobile device. The first mobile device transmits to a server, via an additional radio of the first mobile device, data identifying the content and the second mobile device. The additional radio is different from the short-range radio. The data is transmitted to the server for analyzing short-range radio transmissions between mobile devices.

Abstract: A payment device includes an application storage device for storing a plurality of payment applications and a capture module for capturing user verification information. The payment device also includes a verification module. The verification module is interfaced to the capture module. The verification module is for receiving and verifying the captured user verification information and for outputting a user verification result. The payment device further includes a shared cardholder verification method (CVM) module, which is interfaced to the verification module. The shared CVM module receives the user verification result and also receives a reference to one of the payment applications. The shared CVM module responds to the verification result by outputting an application credential to the payment application to which it was referred.

Abstract: According to some embodiments, a requesting application executing on a mobile device may request a transport layer security key pair in connection with a payment transaction. Responsive to the request, a trusted execution environment client of the mobile device may route a request to a payment application executing in a secure trusted execution environment of the mobile device. It may then be arranged, within the secure trusted execution environment, to create the transport layer security key pair and provide key pair to the requesting application. Moreover, in some embodiments, the mobile device may transmit payment transaction information to an access control server and receive a request for biometric authentication. It may then be arranged for hardware within the mobile device to biometrically authenticate a user of the mobile device.

Abstract: A system for adaptive application of device settings is disclosed. In the system, a first device may receive information identifying settings that are applied to one or more second devices. The settings may correspond to interactions, by a user, with the one or more second devices over a period of time. The one or more second devices be may non-mobile devices associated with one or more facilities. The first device may determine information identifying one or more conditions, associated with environmental conditions or conditions associated with the user's mood or physical state, under which the settings are applied to the one or more second devices; store information that correlates the settings of the one or more second devices with the one or more conditions; determine that at least one of the one or more conditions is met; and apply the settings to the one or more second devices.

Abstract: One or more devices may store attribute information identifying multiple attributes associated with a client device that is associated with a particular classification; reclassify the client device based on the attribute information; and provide, based on reclassifying the client device, classification information to a network device to cause the network device to associate a particular policy set, of multiple policy sets, with the client device. The classification information may identify an updated classification of the client device. The updated classification may be different from the particular classification. The particular policy set may be based on the updated classification of the client device. The particular policy set may include an instruction used to process a data flow provided to or provided from the client device.

Abstract: A method for generating a 3D object for visualizing multivariate data includes gathering subscriber information about subscribers of a network, receiving a user request to generate the 3D object, and generating object-data specifying a three-dimensional contour that models a relationship between at least two variables of the subscriber information and a measure. The three-dimensional contour is based on the received request and on the subscriber information, and the object data is generated in a format that is printable by a 3D printer. The object data is transmitted to the user.

Abstract: Systems and methods for multi-factor user authentication techniques usable in transactions. In some embodiments, an authentication platform receives a request to authenticate a user in conjunction with an online transaction and determines an authentication rule. The authentication platform then transmits an authentication request to the user's mobile device, receives authentication response data from the user mobile device, and authenticates the user in conjunction with the transaction when the authentication response data matches stored user authentication data. An authentication message is then transmitted to the user's mobile device. In some embodiments, the authentication response data is biometric data of the user obtained from at least one authenticator of the user's mobile device.

Abstract: Multi-factor authentication techniques are described that use secure push authentication technology for transactions. An embodiment includes receiving, by an assurance platform operating as an authentication service platform, a user authentication request and transaction data from an access control server (ACS), determining an authentication rule, generating a user validation request message, transmitting the user validation request message to a user mobile device, and receiving user authentication data. The assurance platform then validates the user authentication data, transmits a device authentication request, receives a device authentication response signed with a private key of the user, and authenticates the user based on the device authentication response and private key.

Abstract: The sharing of content from one mobile station with a group of mobile stations using near-field communication (NFC) may be initiated, for example, by the one mobile station establishing a NFC link with another mobile station. The one mobile station verifies that the linked mobile station is part of the group, and transmits information regarding the content to be shared to the linked mobile station using NFC. The one mobile station uploads the content to a server using the mobile communication network, such that the content can be retrieved from the server via the mobile communication network by all other mobile stations in the group. The one mobile station or the server can send a notification to the other mobile stations in the group including information for retrieving the uploaded content.

Abstract: A mobile device includes a transceiver for performing wireless communication; one or more secure elements which execute applications in a secure environment; a near field communication system for performing wireless communication independent of the transceiver and at a lower amount of power than said transceiver; and a contactless front end included in the near field communications system for receiving a data message from a near field communication device. The contactless front end includes a filter list for evaluating the data message and for controlling whether each data message is transmitted further into the mobile device.

Abstract: The described examples provide a system and methods for identifying a location of a mobile device within an indoor venue using cellular communication signals obtained while the mobile device is within the indoor venue. An array of antennas arranged within the indoor venue detects cellular communication signals transmitted by the mobile device. The detected cellular communication signals have detectable and measurable signal parameters that allow the location of the mobile device within the indoor venue and an identifier of the mobile device to be determined. The determined identifier of the mobile device may also be used to identify the mobile device subscriber. The mobile device indoor location information may be used to update an anonymized subscriber profile associated with the mobile device subscriber.