Abstract: Provided is a computer-implemented method for authenticating a customer during payment transactions based on biometric identification parameters of the customer that includes receiving image data associated with an image template for identification of a customer, receiving image data associated with an image of a biometric identification parameter of the customer during a payment transaction between the customer and a merchant, establishing a short-range communication connection with a user device associated with the customer during the payment transaction between the customer and the merchant, authenticating an identity of the customer for the payment transaction via the short-range communication connection, determining an account identifier of an account of the customer based on authenticating the identity of the customer for the payment transaction, and processing the payment transaction using the account identifier of the account of the customer. A system and computer program product are also disclosed.

Abstract: A first biometric sample of a user is received by an access device from a user device. First biometric information is generated in an obscured format, based on the first biometric sample. A plurality of biometric information is received in an obscured format. The plurality of biometric information corresponds to a plurality of users, and was obtained from biometric samples of the plurality of users. The first biometric information in the obscured format is compared to the plurality of biometric information in the obscured format, and a match result is generated based on the comparing. The match result is provided to a server computer. Based on the match result, information indicating that one of the plurality of users that is associated with one of the plurality of biometric information is the user associated with the first biometric information is received.

Abstract: Real time cognitive reasoning using a circuit with varying confidence level alerts including receiving a first set of data results and a second set of data results; transferring a first unit of charge from a first charge capacitor on the A-B circuit to a collection capacitor on the A-B circuit for each of the first set of data results that indicates a positive data point; transferring a second unit of charge from a second charge capacitor to the collection capacitor for each of the second set of data results that indicates a positive data point; and triggering a first sense amp on the A-B circuit if the charge on the collection capacitor exceeds a first charge threshold, indicating that the positive data points in the first set of data results is greater than the positive data points in the second set of data results to a first statistical significance with a first confidence level.

Abstract: A method by an access device comprising obtaining a first biometric sample of a user; generating a first biometric template or a derivative thereof from the first biometric sample; transmitting the first biometric template or the derivative thereof to a mobile device, wherein the mobile device or the user determines if the access device is an authentic access device; receiving a confirmation of a match between the first biometric template and a second biometric template on the mobile device; and conducting a transaction between the access device and the mobile device, after the mobile device or the user determines that the access device is authentic.

Abstract: Real time cognitive reasoning using a circuit with varying confidence level alerts including receiving a first set of data results and a second set of data results; transferring a first unit of charge from a first charge capacitor on the A-B circuit to a collection capacitor on the A-B circuit for each of the first set of data results that indicates a positive data point; transferring a second unit of charge from a second charge capacitor to the collection capacitor for each of the second set of data results that indicates a positive data point; and triggering a first sense amp on the A-B circuit if the charge on the collection capacitor exceeds a first charge threshold, indicating that the positive data points in the first set of data results is greater than the positive data points in the second set of data results to a first statistical significance with a first confidence level.

Abstract: The invention is directed to a system that enables an authentication process that involves secure multi-party computation. The authentication process can be performed between a user device operated by a user and an access device. The user device and the access device may conduct the authentication process such that enrollment information and authentication information input by the user is not transmitted between the devices. Instead, the user device may determine and utilize obfuscated values associated with the authentication information. The user device may also determine an obfuscated authentication function that can be utilized to determine an authentication result without revealing enrollment information and authentication information associated with the user. The user can be authenticated based on the authentication result.

Abstract: Client devices can send access request messages to resource management computers to request access to a resource. A data security hub can provide centralized routing between different client devices, resource management computers, and authentication data processing servers. The data security hub can reduce the risk of sensitive authentication information from leaking (e.g., due to a breach) by limiting the amount or types of authentication information distributed to the data processing servers. The data security hub can limited the authentication information being distributed based on its sensitivity, the trust level of the client device, and the security level of the requested resource. The data security hub can also evaluate the client devices and data processing servers to identify security breaches and can cancel or reroute access requests accordingly. Thus, the data security hub can maintain resource security while better preserving the privacy of the client device's authentication information.

Abstract: A biometric matching process is disclosed. The biometric matching process may be used to obtain access to a resource managed by an access device using only biometric information. In some embodiments, a biometric template is stored in relation to a user device and/or account information, and is obscured. Upon receiving a request for access to a resource from an access device, the system may identify a number of user devices in proximity to the access device. Biometric templates associated with each of those user devices may be compared to a biometric template received from the access device. Upon identifying a match, the system may provide the access device with account information stored in relation to the matched biometric template. The access device may then complete a transaction using the provided account information and grant access to the requested resource.

Abstract: A method by an access device comprising obtaining a first biometric sample of a user; generating a first biometric template or a derivative thereof from the first biometric sample; transmitting the first biometric template or the derivative thereof to a mobile device, wherein the mobile device or the user determines if the access device is an authentic access device; receiving a confirmation of a match between the first biometric template and a second biometric template on the mobile device; and conducting a transaction between the access device and the mobile device, after the mobile device or the user determines that the access device is authentic.

Abstract: Methods and systems for performing demographics filtering based on biometric information are disclosed. An access terminal can capture a biometric instance corresponding to a user, such as a fingerprint scan, iris scan, etc. The access terminal can determine demographics information from the biometric instance, such as the age, biological sex, or ethnicity of the user. The access terminal can compare the demographics information to demographics information stored on a group of mobile devices corresponding to a group of users, in order to identify candidate user mobile devices. Once candidate user mobile devices are identified, the access terminal can perform a biometric match between the biometric instance corresponding to the user and biometric instances stored on the candidate user mobile devices. Once a biometric match and the corresponding mobile device are determined, the access terminal can conduct a further interaction with the mobile device.

Abstract: The invention is directed to a system that enables an authentication process that involves secure multi-party computation. The authentication process can be performed between a user device operated by a user and an access device. The user device and the access device may conduct the authentication process such that enrollment information and authentication information input by the user is not transmitted between the devices. Instead, the user device may determine and utilize obfuscated values associated with the authentication information. The user device may also determine an obfuscated authentication function that can be utilized to determine an authentication result without revealing enrollment information and authentication information associated with the user. The user can be authenticated based on the authentication result.

Abstract: Techniques for intelligently deciding the optimal authenticator(s) from amongst those supported by an electronic device are described. The authentication system according to some embodiments may include a dynamic machine learner that incorporates the attributes of: (i) user behavior attributes (e.g., preferred authenticator); (ii) device attributes (e.g., hardware and software specifications, applications, etc.); and (iii) operating environment attributes (e.g., ambient light, noise, etc.), as well as the interplay between the aforementioned attributes over time to make the decision. In some embodiments, the authentication activities and patterns of other users of similar type (e.g., users exhibiting similar behavior across different operating environments) can also be learned and employed to improve the decision making process over time.

Abstract: Techniques for intelligently deciding the optimal authenticator(s) from amongst those supported by an electronic device are described. The authentication system according to some embodiments may include a dynamic machine learner that incorporates the attributes of: (i) user behavior attributes (e.g., preferred authenticator); (ii) device attributes (e.g., hardware and software specifications, applications, etc.); and (iii) operating environment attributes (e.g., ambient light, noise, etc.), as well as the interplay between the aforementioned attributes over time to make the decision. In some embodiments, the authentication activities and patterns of other users of similar type (e.g., users exhibiting similar behavior across different operating environments) can also be learned and employed to improve the decision making process over time.

Abstract: Embodiments of the invention involve using biometric templates to wirelessly authenticate individuals. In one embodiment, a mobile device may generate a first biometric template and a first public value from a first biometric sample of a user and generate a first cryptographic key by passing the first biometric template to a fuzzy extractors generate function. An access device may generate a second biometric template from a second biometric sample of the user, generate a second secret cryptographic key by passing the second biometric template and the first public value to the fuzzy extractors reproduce function, encrypt the second biometric template with the second secret cryptographic key, and broadcast the encrypted template to a plurality of nearby mobile devices including the mobile device. If the mobile device is able to decrypt the encrypted template with the first cryptographic key, the access device can associate the user with the mobile device.

Abstract: Embodiments of the invention are directed to a system and methods for determining a likelihood that an image that includes a user is a spoof or fake. In some embodiments, focus values are determined for various parts of the image during a focus sweep. The focus values may represent a focus point at which a particular part of the image is sharp. In some embodiments, the focus values may be determined only for the sections of the image that correspond to a face within the image. From the focus values, the system may determine a relative depth of various parts of the image. Using the relative depths, the system may generate a rough depth map for the image. The depth map may be analyzed to determine a likelihood that the image is authentic.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: Embodiments of the invention involve using biometric templates to wirelessly authenticate individuals. In one embodiment, a mobile device may generate a first biometric template and a first public value from a first biometric sample of a user and generate a first cryptographic key by passing the first biometric template to a fuzzy extractors generate function. An access device may generate a second biometric template from a second biometric sample of the user, generate a second secret cryptographic key by passing the second biometric template and the first public value to the fuzzy extractors reproduce function, encrypt the second biometric template with the second secret cryptographic key, and broadcast the encrypted template to a plurality of nearby mobile devices including the mobile device. If the mobile device is able to decrypt the encrypted template with the first cryptographic key, the access device can associate the user with the mobile device.

Abstract: Provided is a computer-implemented method for authenticating a customer during payment transactions based on biometric identification parameters of the customer that includes receiving image data associated with an image template for identification of a customer, receiving image data associated with an image of a biometric identification parameter of the customer during a payment transaction between the customer and a merchant, establishing a short-range communication connection with a user device associated with the customer during the payment transaction between the customer and the merchant, authenticating an identity of the customer for the payment transaction via the short-range communication connection, determining an account identifier of an account of the customer based on authenticating the identity of the customer for the payment transaction, and processing the payment transaction using the account identifier of the account of the customer. A system and computer program product are also disclosed.

Abstract: Systems and methods are disclosed in which data associated with a transaction are protected with encryption. At an access device, a PIN associated with a payment account may be encrypted with a first key derived from an initial key of the access device and sensitive data associated with the payment account may be encrypted with a second key derived from the initial key. At a secure module associated with a host server encrypted sensitive data of an authorization request message may be decrypted. The secure module associated with the host server can re-encrypt the sensitive data using a zone encryption key associated with a payment processing network. A translated authorization request message including the re-encrypted sensitive data can be transmitted by the merchant server to the payment processing network.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.