Abstract: A method for generating a smart protocol includes providing, by a server computer system, a user interface to one or more of a plurality of users. The server computer system may receive, via the user interface, input specifying terms corresponding to a smart protocol that is to be deployed on a particular blockchain platform. The specified terms may include the plurality of users associated with the smart protocol and a web resource to be used to identify one or more external data. An execution of the smart protocol may be based on a value of the external data. Based on the specified terms, the server computer system may generate, without further input from the plurality of users, the smart protocol. The server computer system may deploy the smart protocol to the particular blockchain platform.

Abstract: Methods and systems for digital hot wallet protection are provided. A payment channel is established via a Layer-2 network of a cryptocurrency blockchain for transferring a cryptocurrency balance from a first digital wallet of a service provider to a second digital wallet of a trusted entity over a plurality of commitment transactions. A transaction receipt for each commitment transaction is transmitted to the trusted entity via a secure communication channel previously established between the service provider and the trusted entity outside of the Layer-2 network. A transaction log of the service provider is modified so that it no longer represents the current transaction state of the payment channel. Responsive to detecting a breach of the first wallet, a transaction is broadcast to a Layer-1 network of the blockchain for transferring the total cryptocurrency balance from the first wallet to the second wallet.

Abstract: Methods and systems for digital hot wallet protection are provided. A payment channel is established via a Layer-2 network of a cryptocurrency blockchain for transferring a cryptocurrency balance from a first digital wallet of a service provider to a second digital wallet of a trusted entity over a plurality of commitment transactions. A transaction receipt for each commitment transaction is transmitted to the trusted entity via a secure communication channel previously established between the service provider and the trusted entity outside of the Layer-2 network. A transaction log of the service provider is modified so that it no longer represents the current transaction state of the payment channel Responsive to detecting a breach of the first wallet, a transaction is broadcast to a Layer-1 network of the blockchain for transferring the total cryptocurrency balance from the first wallet to the second wallet.

Abstract: Methods and systems are presented for providing a framework for facilitating time-sensitive cryptocurrency transactions for users. When a request for processing a time-sensitive cryptocurrency transaction using funds from a cryptocurrency wallet is received from a user, a transaction system first verifies whether the cryptocurrency wallet has a balance to cover the cryptocurrency transaction. The transaction system also verifies the ownership of the cryptocurrency wallet based on an asynchronous method. The user generates verification data without any input from the transaction system, and based on a private key associated with the cryptocurrency wallet, a generator function, and a user-generated value. Without knowing the user-generated value, the transaction system verifies the ownership of the cryptocurrency wallet based on the verification data, and processes the transaction for the user.

Abstract: Methods and systems for digital hot wallet protection are provided. A payment channel is established via a Layer-2 network of a cryptocurrency blockchain for transferring a cryptocurrency balance from a first digital wallet of a service provider to a second digital wallet of a trusted entity over a plurality of commitment transactions. A transaction receipt for each commitment transaction is transmitted to the trusted entity via a secure communication channel previously established between the service provider and the trusted entity outside of the Layer-2 network. A transaction log of the service provider is modified so that it no longer represents the current transaction state of the payment channel Responsive to detecting a breach of the first wallet, a transaction is broadcast to a Layer-1 network of the blockchain for transferring the total cryptocurrency balance from the first wallet to the second wallet.

Abstract: Methods and systems described herein may implement blockchain cryptocurrency transactions in a variety of environments. An online transaction processor may provide operations for cryptocurrency conversions. The transaction processor may detect that a user is involved in a cryptocurrency transaction with another entity, which is requested to be processed using an amount of cryptocurrency and using an off-chain amount of the cryptocurrency. The transaction processor may determine that the entity does not have a digital wallet, node, or the like on a layer two network to receive and/or process the off-chain balance for the cryptocurrency. The transaction processor may then, after a risk assessment, determine that the user may access the amount of the cryptocurrency from an on-chain balance available to a digital wallet of the cryptocurrency. The transaction processor may make that on-chain amount available and may request repayment via the user's off-chain balance.

Abstract: A method for generating a smart protocol includes providing, by a server computer system, a user interface to one or more of a plurality of users. The server computer system may receive, via the user interface, input specifying terms corresponding to a smart protocol that is to be deployed on a particular blockchain platform. The specified terms may include the plurality of users associated with the smart protocol and a web resource to be used to identify one or more external data. An execution of the smart protocol may be based on a value of the external data. Based on the specified terms, the server computer system may generate, without further input from the plurality of users, the smart protocol. The server computer system may deploy the smart protocol to the particular blockchain platform.

Abstract: Systems and methods for providing a threat intelligence system include a system provider device that downloads, through communication over a network and from one or more targeted websites, a plurality of images of a first environment. Based on an OCR process, the system provider device may extract a set of textual data corresponding to a subset of images of the plurality of images, where the subset of images depict text. The system provider device stores the set of textual data in an indexed and searchable database. The system provider device assigns a threat assessment score to each image based on the set of textual data, and the threat assessment score may be updated based on comparison of the set of textual data with other sets of textual data. Based on the threat assessment score being greater than a threshold value, the system provider device may generate a security alert.

Abstract: Methods and systems are presented for tracking activities that occur off of a first layer blockchain in in a second layer network built on the first layer blockchain. In one embodiment, a computer system determines that a transfer of cryptocurrency from a first node to a second node has transpired in the second layer network based on querying channel capacities in the second layer network. The computer system determines a first public address for the first node based on information associated with a first channel that connects the computer system and the first node in the second layer network, and determines a second public address for the second node based on information associated with a second channel that connects the computer system and the second node in the second layer network. The first public address and the second public address are used to monitor activity in the first layer blockchain.

Abstract: There are provided systems and methods for an automated device data retrieval and analysis platform. A service provider server invokes an instance of an application in a remote processing environment using device data associated with the application and sends a control message that prompts the instance to send a request to a web server for a process script that invokes a process executable in the remote processing environment. The service provider server obtains traffic data a behavior of application data based on an interaction between the instance and the web server, and determines features of the application in a native state from the behavior of the application data. The server generates a data profile of the application that indicates the features in the native state and provides the data profile to a remote engine to detect potential malicious activity associated with the application from the detection operation.

Abstract: Techniques are disclosed relating to determining a risk score for domains associated with a transaction. In some embodiments, a transaction computer system receives transaction details for a transaction between a consumer and a merchant, where the transaction details are received from the merchant real-time with the transaction and include a set of transaction URLs for subsequent use in the transaction. The computer system may receive, from a browser of the consumer that is used to initiate the transaction, URL referrer information real-time with the transaction, where the URL referrer information indicates a referring web page to the transaction computer system. The computer system may determine, using the set of transaction URLs and the URL referrer information, a set of domains for the transaction and then determine a risk score for the set of domains. The computer system may determine, based on the risk score, whether to allow the transaction.

Abstract: Methods and systems for assessing and evaluating vulnerabilities of a networked system are presented. A list of known vulnerabilities that have been disclosed in the public may be obtained. The networked system may be scanned from an external perspective to obtain network information of the networked system. A subset of the known vulnerabilities may be determined to be relevant to the networked system based on correlations between the vulnerabilities and the network information. The networked system may also be analyzed from an internal perspective to determine impacts of the relevant known vulnerabilities to the networked system. The impact of a vulnerability may be determined based on the type of data and/or the type of services that may be accessible in an attack that exploits the vulnerability. The vulnerabilities may then be ranked and addressed based on the impacts.

Abstract: Device identification data, network connection data, and other related data may be analyzed to determine an account classification, particularly before the account has even been used (or before extensive use has occurred). Computer system security may be improved via an intelligent engine that detects certain device and network connection factors in association with particular user actions, such as account creation. Monitoring be performed over a period of time for subsequent analysis.

Abstract: Techniques are disclosed relating to determining a risk score for domains associated with a transaction. In some embodiments, a transaction computer system receives transaction details for a transaction between a consumer and a merchant, where the transaction details are received from the merchant real-time with the transaction and include a set of transaction URLs for subsequent use in the transaction. The computer system may receive, from a browser of the consumer that is used to initiate the transaction, URL referrer information real-time with the transaction, where the URL referrer information indicates a referring web page to the transaction computer system. The computer system may determine, using the set of transaction URLs and the URL referrer information, a set of domains for the transaction and then determine a risk score for the set of domains. The computer system may determine, based on the risk score, whether to allow the transaction.

Abstract: There are provided systems and methods for a machine learning model for probabilistic anomaly detection in streaming device data. A server obtains a plurality of features associated with a user interaction between a user device and the server. The server selects a combination of features from the plurality of features, where the combination of features comprises features having a variance of expected values that exceeds a threshold variance. The server selects a prediction engine to process the combination of features with a corresponding non-parametric statistical model of a plurality of non-parametric statistical models and to generate a prediction indicating a likelihood that the combination of features represents an anomaly corresponding to fraudulent activity. The server issues a remedial action to the user device through an application programming interface with a remedial action engine based on the prediction for applying the remedial action on the user interaction.

Abstract: There are provided systems and methods for an automated device data retrieval and analysis platform. A service provider server invokes an instance of an application in a remote processing environment using device data associated with the application and sends a control message that prompts the instance to send a request to a web server for a process script that invokes a process executable in the remote processing environment. The service provider server obtains traffic data a behavior of application data based on an interaction between the instance and the web server, and determines features of the application in a native state from the behavior of the application data. The server generates a data profile of the application that indicates the features in the native state and provides the data profile to a remote engine to detect potential malicious activity associated with the application from the detection operation.

Abstract: Techniques are disclosed relating to determining a risk score for domains associated with a transaction. In some embodiments, a transaction computer system receives transaction details for a transaction between a consumer and a merchant, where the transaction details are received from the merchant real-time with the transaction and include a set of transaction URLs for subsequent use in the transaction. The computer system may receive, from a browser of the consumer that is used to initiate the transaction, URL referrer information real-time with the transaction, where the URL referrer information indicates a referring web page to the transaction computer system. The computer system may determine, using the set of transaction URLs and the URL referrer information, a set of domains for the transaction and then determine a risk score for the set of domains. The computer system may determine, based on the risk score, whether to allow the transaction.

Abstract: There are provided systems and methods for an automated device data retrieval and analysis platform. A service provider server invokes an instance of an application in a remote processing environment using device data associated with the application and sends a control message that prompts the instance to send a request to a web server for a process script that invokes a process executable in the remote processing environment. The service provider server obtains traffic data a behavior of application data based on an interaction between the instance and the web server, and determines features of the application in a native state from the behavior of the application data. The server generates a data profile of the application that indicates the features in the native state and provides the data profile to a remote engine to detect potential malicious activity associated with the application from the detection operation.

Abstract: Device identification data, network connection data, and other related data may be analyzed to determine an account classification, particularly before the account has even been used (or before extensive use has occurred). An account with direct or indirect access to databases may be created by a user, where a service provider may wish to assess the account's creation to detect if a bad actor is generating the account to engage in malicious computing actions or fraud. The account's creation data may be scored by an intelligent engine that detects malicious or fraudulent account creations, for example, based on whether a virtual private network is used to create the account, whether a VoIP phone number is being used, etc. The account may be monitored over a period of time and the account activities analyzed again to determine whether technical data associated with the account indicates a particular risk classification is appropriate.

Abstract: Techniques are disclosed relating to determining a risk score for domains associated with a transaction. In some embodiments, a transaction computer system receives transaction details for a transaction between a consumer and a merchant, where the transaction details are received from the merchant real-time with the transaction and include a set of transaction URLs for subsequent use in the transaction. The computer system may receive, from a browser of the consumer that is used to initiate the transaction, URL referrer information real-time with the transaction, where the URL referrer information indicates a referring web page to the transaction computer system. The computer system may determine, using the set of transaction URLs and the URL referrer information, a set of domains for the transaction and then determine a risk score for the set of domains. The computer system may determine, based on the risk score, whether to allow the transaction.