Abstract: A method for performing a key recovery process is disclosed. The method comprises entering, in a user device, a user identifier unique to a user. The user device may then obscure the user identifier to form an obscured user identifier. The user device may then transmit the obscured user identifier to a first and second entity computer. The method may then include the first entity computer generating a first output using the obscured user identifier and a first share, and the second entity computer generates a second output using the obscured user identifier and a second share. As a response to transmitting the obscured identifier, the user device may receive the first output from the first entity computer and the second output from the second entity computer. The user device may then generate a secret key after processing the first output and the second output, completing the key recovery process.

Abstract: A method is disclosed. The method includes generating, by a first user device in association with a second user device, a second secret key on the second user device. The second secret key is derived from a first secret held by the first user device. The method includes generating a first commitment, transmitting., to the second user device, the first commitment, receiving, from the second user device, a second commitment, receiving, from the second user device, a random value and a ciphertext. The ciphertext is generated using the first commitment, the second commitment, and the random value. The method also includes verifying the ciphertext, and in response to verifying the ciphertext, modifying a group to include the second user device.

Abstract: In a system for verifying transactions, when a user with a portable communication device nears a resource provider location, the portable communication device provides an indication to a transaction processing system of its proximity to the location. The portable communication device then provides a universally unique identifier (UUID) of a base station of the resource provider to the transaction processing system, which generates a hash using the UUID and a primary account number (PAN) of a portable transaction device that is associated with the portable communication device. When the user conducts a transaction with the portable transaction device at the provider, the provider generates a separate hash from the UUID and the PAN and sends the hash to the transaction processing system, A match between the hashes is taken into account as a positive indicator that the transaction is not fraudulent and the resource provider is complying with the system.

Abstract: A zwitterionic polysiloxane polymer (e.g., a polyurethane elastomer) composition having poly(dialkylsiloxane) blocks and a zwitterionic moiety is prepared by the copolymerization of a poly(dialkylsiloxane) diol, a diisocyanate, a tertiary amine alkyl diol, and a poly(dialkylsiloxane) diamine to form a poly(urethane urea) copolymer. A substituted saturated heterocylic compound is reacted with the tertiary amine of the poly(urethane urea) copolymer to introduce a zwitterionic group into the poly(urethane urea) copolymer backbone. A polysiloxane polymer having a zwitterionic moiety is prepared by reacting a diallyl tertiary amine compound and a substituted saturated heterocylic compound to form a diallyl zwitterionic macromer and cross-linking a vinyl terminated poly(dialkylsiloxane) and the diallyl zwitterionic macromer with a curing agent to introduce a zwitterionic group into the poly(dialkylsiloxane) polymer.

Abstract: A method is disclosed. The method comprises receiving, by a user device from an identity network computer, a query set comprising a plurality of test identity attributes; encrypting, by the user device, the query set to form an obscured query set; computing, by the user device, a zero-knowledge proof using the obscured query set and an encrypted identity attribute associated with a user operating the user device; and transmitting, by the user device to the identity network computer, the obscured query set and the zero-knowledge proof, wherein the identity network computer verifies the zero-knowledge proof, retrieves an encrypted identity attribute associated with the user, evaluates the obscured query set with respect to the encrypted identity attribute, and transmits a result of the evaluation to a relying party computer.

Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.

Abstract: Described herein are a system and techniques for detecting whether biometric data provided in an access request is genuine or a replay. In some embodiments, the system uses an machine learning model trained using genuine and replay sample data which is optimized in order to produce a result set in which results for the genuine samples are pulled closer to a genuine center and results for the replay samples are pushed away from the genuine center. Subjecting input biometric data (e.g., an audio sample) to the trained model results in a classification of the input biometric data as genuine or replay, which can then be used to determine whether or not to verify the input biometric data.

Abstract: A method is disclosed. The method comprises receiving, by an identity network computer, a query set including a plurality of test identity attributes. After receiving the query set, the identity network computer may retrieve derivatives of identity attributes associated with a user, and an encrypted trapdoor, then compute an obscured query set using the query set, and optionally the derivatives of identity attributes. The identity network computer may transmit the obscured query set (i) and the encrypted trapdoor to a user device associated with the user, which generates and transmits a first modified trapdoor and the obscured query set to a relying party computer, or (ii) and a second modified trapdoor to the relying party computer. The relying party computer may thereafter use the obscured query set, and the first modified trapdoor or the second modified trapdoor, to determine if the identity attributes is a member of the query set.

Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.

Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.

Abstract: A method is disclosed. The method comprises receiving, by a digital identity computer, a request for personal data associated with a user. The digital identity computer may retrieve encrypted personal data, wherein the personal data is encrypted with a public key associated with the user. The digital identity computer may encrypt the encrypted personal data with a first public key associated with a relying party or derivative thereof to form subsequently encrypted personal data. The method may then proceed to transmit the subsequently encrypted personal data or derivative thereof to a relying party computer, or a user device. If the user device receives the subsequently encrypted personal data, the user device may thereafter transmit the subsequently encrypted personal data or derivative thereof to the relying party computer. Then, the relying party computer obtains the personal data from the subsequently encrypted personal data or derivative thereof.

Abstract: Embodiments are directed to a method for securely performing biometric authentication online. The method described can be used to securely perform biometric authentication on a mobile device. For protecting the privacy of the user's biometric data, a cryptographic comparison protocol can be used to perform matching of encrypted templates. For example, the cryptographic comparison protocol may involve Fuzzy Extractors (FE), Homomorphic Encryption (HE), and/or Secure Multi-Party Computation (SMPC).

Abstract: A method is disclosed. An authentication node may receive a plurality of encrypted match values, wherein the plurality of encrypted match values were formed by a plurality of worker nodes that compare a plurality of encrypted second biometric template parts derived from a second biometric template to a plurality of encrypted first biometric template parts derived from a first biometric template. The authentication node may decrypt the plurality of encrypted match values resulting in a plurality of decrypted match values. The authentication node may then determine if a first biometric template matches the second biometric template using the plurality of decrypted match values. An enrollment node may be capable of enrolling a biometric template and storing encrypted biometric template parts at worker nodes.

Abstract: Described herein are a system and techniques for identifying and preventing certain fraud attacks that may be used to defeat facial recognition systems. In embodiments of the system described herein, biometric data may be segregated into regions, which are then processed separately and in parallel. Likeness scores are determined for each of the separate regions. By tracking individual region likeness scores used in access requests in accordance with embodiments of the disclosure, the system is able to identify potential fraud attacks that cannot be detected using conventional systems.

Abstract: A method and system of using a vehicle mounted camera device to authenticate a user during an interaction is disclosed. The method includes receiving interaction data regarding an interaction between a user operating a communication device and an access device, the user being near other candidate users. The method then includes determining one or more match indicators, the match indicators generated by comparing different sample biometric templates of the user with different enrolled biometric templates. At least one of the different biometric sample templates may be an image-based biometric template and at least one may be a voice print biometric template. Then the method includes identifying the user based on at least the match indicator associated with the voice print biometric template. The method then includes, if the match indicators are positive match indicators, initiating a process on behalf of the user.

Abstract: Embodiments are directed to a method for securely performing biometric authentication online. The method described can be used to securely perform biometric authentication on a mobile device. For protecting the privacy of the users biometric data, a cryptographic comparison protocol can be used to perform matching of encrypted templates. For example, the cryptographic comparison protocol may involve Fuzzy Extractors (FE), Homomorphic Encryption (HE), and/or Secure Multi-Party Computation (SMPC).

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: Embodiments relate to systems, apparatuses, and methods for performing transaction signing utilizing asymmetric cryptography and a private ledger. A transaction data is signed by a user device using a private key, and may be utilized in an authorization request message without including a real credential of the user. A transaction verification and accounting module (TVAM) can verify the signed transaction data and can continue processing the transaction.

Abstract: A method is disclosed. The method comprises receiving, by an identity network computer, a query set including a plurality of test identity attributes. After receiving the query set, the identity network computer may retrieve derivatives of identity attributes associated with a user, and an encrypted trapdoor, then compute an obscured query set using the query set, and optionally the derivatives of identity attributes. The identity network computer may transmit the obscured query set (i) and the encrypted trapdoor to a user device associated with the user, which generates and transmits a first modified trapdoor and the obscured query set to a relying party computer, or (ii) and a second modified trapdoor to the relying party computer. The relying party computer may thereafter use the obscured query set, and the first modified trapdoor or the second modified trapdoor, to determine if the identity attributes is a member of the query set.

Abstract: A method is disclosed. The method includes constructing a table by encrypting a plurality of unencrypted match values using a public key to produce a plurality of encrypted match values. Each unencrypted match value being an indication of a degree of match between an input biometric template and an enrollment template. The method includes arranging each row so that each row has a match value and a corresponding encrypted match value. The method also includes storing, in a database, the table comprising the plurality of encrypted match values and the plurality of unencrypted match values. The server computer can be programmed to receive an encrypted biometric template and the table is used to determine a match value using the encrypted biometric template, and the match value is used to determine if a person is enrolling a biometric template associated with the encrypted biometric template more than once.