Abstract: Provided is a computer-implemented method for authenticating a customer during payment transactions based on biometric identification parameters of the customer that includes receiving image data associated with an image template for identification of a customer, receiving image data associated with an image of a biometric identification parameter of the customer during a payment transaction between the customer and a merchant, establishing a short-range communication connection with a user device associated with the customer during the payment transaction between the customer and the merchant, authenticating an identity of the customer for the payment transaction via the short-range communication connection, determining an account identifier of an account of the customer based on authenticating the identity of the customer for the payment transaction, and processing the payment transaction using the account identifier of the account of the customer. A system and computer program product are also disclosed.

Abstract: Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for providing, along with a token, a token assurance level and data used to generate the token assurance level. At the time a token is issued, one or more Identification and Verification (ID&V) methods may be performed to ensure that the token is replacing a PAN that was legitimately used by a token requestor. A token assurance level may be assigned to a given token in light of the type of ID&V that is performed and the entity performing the ID&V. Different ID&Vs may result in different token assurance levels. An issuer may wish to know the level of assurance and the data used in generating the level of assurance associated with a token prior to authorizing a payment transaction that uses the token.

Abstract: In a system for verifying transactions, when a user with a portable communication device nears a resource provider location, the portable communication device provides an indication to a transaction processing system of its proximity to the location. The portable communication device then provides a universally unique identifier (UUID) of a base station of the resource provider to the transaction processing system, which generates a hash using the UUID and a primary account number (PAN) of a portable transaction device that is associated with the portable communication device. When the user conducts a transaction with the portable transaction device at the provider, the provider generates a separate hash from the UUID and the PAN and sends the hash to the transaction processing system. A match between the hashes is taken into account as a positive indicator that the transaction is not fraudulent and the resource provider is complying with the system.

Abstract: In a system for verifying transactions, when a user with a portable communication device nears a resource provider location, the portable communication device provides an indication to a transaction processing system of its proximity to the location. The portable communication device then provides a universally unique identifier (UUID) of a base station of the resource provider to the transaction processing system, which generates a hash using the UUID and a primary account number (PAN) of a portable transaction device that is associated with the portable communication device. When the user conducts a transaction with the portable transaction device at the provider, the provider generates a separate hash from the UUID and the PAN and sends the hash to the transaction processing system, A match between the hashes is taken into account as a positive indicator that the transaction is not fraudulent and the resource provider is complying with the system.

Abstract: The invention is directed to a system that enables an authentication process that involves secure multi-party computation. The authentication process can be performed between a user device operated by a user and an access device. The user device and the access device may conduct the authentication process such that enrollment information and authentication information input by the user is not transmitted between the devices. Instead, the user device may determine and utilize obfuscated values associated with the authentication information. The user device may also determine an obfuscated authentication function that can be utilized to determine an authentication result without revealing enrollment information and authentication information associated with the user. The user can be authenticated based on the authentication result.

Abstract: A first biometric sample of a user is received by an access device from a user device. First biometric information is generated in an obscured format, based on the first biometric sample. A plurality of biometric information is received in an obscured format. The plurality of biometric information corresponds to a plurality of users, and was obtained from biometric samples of the plurality of users. The first biometric information in the obscured format is compared to the plurality of biometric information in the obscured format, and a match result is generated based on the comparing. The match result is provided to a server computer. Based on the match result, information indicating that one of the plurality of users that is associated with one of the plurality of biometric information is the user associated with the first biometric information is received.

Abstract: Described herein are a system and techniques for enabling biometric authentication without exposing the authorizing entity to sensitive information. In some embodiments, the system receives a biometric template from a user device which is encrypted using a public key associated with the system. The encrypted biometric template is then provided to a second entity along with a biometric identifier. Upon receiving a request to complete a transaction that includes the biometric identifier and a second biometric template, the second entity may encrypt the second biometric template using the same public key associated with the system and perform a comparison between the two encrypted biometric templates. The resulting match result data file is already encrypted and can be provided to the system to determine an extent to which the two biometric templates match.

Abstract: Embodiments of the invention involve using biometric templates to wirelessly authenticate individuals. In one embodiment, a mobile device may generate a first biometric template and a first public value from a first biometric sample of a user and generate a first cryptographic key by passing the first biometric template to a fuzzy extractor's generate function. An access device may generate a second biometric template from a second biometric sample of the user, generate a second secret cryptographic key by passing the second biometric template and the first public value to the fuzzy extractor's reproduce function, encrypt the second biometric template with the second secret cryptographic key, and broadcast the encrypted template to a plurality of nearby mobile devices including the mobile device. If the mobile device is able to decrypt the encrypted template with the first cryptographic key, the access device can associate the user with the mobile device.

Abstract: A method and system for provisioning access data in a second application on a mobile device using a first application on the mobile device. Authentication data may be input into the first application, and an authentication code may be requested from a remote server. After the authentication code is received by the first application in the mobile device, it can pass the authentication code to a second application that initiates an access data provisioning process.

Abstract: Systems and methods are described for provisioning access credentials to a mobile device using device and authorization codes. Once provisioned, a mobile device can be used to conduct a transaction.

Abstract: Embodiments of the invention involve using biometric templates to wirelessly authenticate individuals. In one embodiment, a mobile device may generate a first biometric template and a first public value from a first biometric sample of a user and generate a first cryptographic key by passing the first biometric template to a fuzzy extractors generate function. An access device may generate a second biometric template from a second biometric sample of the user, generate a second secret cryptographic key by passing the second biometric template and the first public value to the fuzzy extractors reproduce function, encrypt the second biometric template with the second secret cryptographic key, and broadcast the encrypted template to a plurality of nearby mobile devices including the mobile device. If the mobile device is able to decrypt the encrypted template with the first cryptographic key, the access device can associate the user with the mobile device.

Abstract: Embodiments are directed to a method for securely performing biometric authentication online. The method described can be used to securely perform biometric authentication on a mobile device. For protecting the privacy of the user's biometric data, a cryptographic comparison protocol can be used to perform matching of encrypted templates. For example, the cryptographic comparison protocol may involve Fuzzy Extractors (FE), Homomorphic Encryption (HE), and/or Secure Multi-Party Computation (SMPC).

Abstract: Techniques for intelligently deciding the optimal authenticator(s) from amongst those supported by an electronic device are described. The authentication system according to some embodiments may include a dynamic machine learner that incorporates the attributes of: (i) user behavior attributes (e.g., preferred authenticator); (ii) device attributes (e.g., hardware and software specifications, applications, etc.); and (iii) operating environment attributes (e.g., ambient light, noise, etc.), as well as the interplay between the aforementioned attributes over time to make the decision. In some embodiments, the authentication activities and patterns of other users of similar type (e.g., users exhibiting similar behavior across different operating environments) can also be learned and employed to improve the decision making process over time.

Abstract: Embodiments are directed to a method for securely performing biometric authentication online. The method described can be used to securely perform biometric authentication on a mobile device. For protecting the privacy of the users biometric data, a cryptographic comparison protocol can be used to perform matching of encrypted templates. For example, the cryptographic comparison protocol may involve Fuzzy Extractors (FE), Homomorphic Encryption (HE), and/or Secure Multi-Party Computation (SMPC).

Abstract: Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for providing, along with a token, a token assurance level and data used to generate the token assurance level. At the time a token is issued, one or more Identification and Verification (ID&V) methods may be performed to ensure that the token is replacing a PAN that was legitimately used by a token requestor. A token assurance level may be assigned to a given token in light of the type of ID&V that is performed and the entity performing the ID&V. Different ID&Vs may result in different token assurance levels. An issuer may wish to know the level of assurance and the data used in generating the level of assurance associated with a token prior to authorizing a payment transaction that uses the token.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for providing, along with a token, a token assurance level and data used to generate the token assurance level. At the time a token is issued, one or more Identification and Verification (ID&V) methods may be performed to ensure that the token is replacing a PAN that was legitimately used by a token requestor. A token assurance level may be assigned to a given token in light of the type of ID&V that is performed and the entity performing the ID&V. Different ID&Vs may result in different token assurance levels. An issuer may wish to know the level of assurance and the data used in generating the level of assurance associated with a token prior to authorizing a payment transaction that uses the token.

Abstract: Systems and methods are described for provisioning access credentials to a mobile device using device and authorization codes. Once provisioned, a mobile device can be used to conduct a transaction.

Abstract: Provided is a computer-implemented method for authenticating a customer during payment transactions based on biometric identification parameters of the customer that includes receiving image data associated with an image template for identification of a customer, receiving image data associated with an image of a biometric identification parameter of the customer during a payment transaction between the customer and a merchant, establishing a short-range communication connection with a user device associated with the customer during the payment transaction between the customer and the merchant, authenticating an identity of the customer for the payment transaction via the short-range communication connection, determining an account identifier of an account of the customer based on authenticating the identity of the customer for the payment transaction, and processing the payment transaction using the account identifier of the account of the customer. A system and computer program product are also disclosed.

Abstract: Systems and methods are described for provisioning access credentials to a mobile device using device and authorization codes. Once provisioned, a mobile device can be used to conduct a transaction.