Abstract: Embodiments are directed to a method for securely performing biometric authentication online. The method described can be used to securely perform biometric authentication on a mobile device. For protecting the privacy of the users biometric data, a cryptographic comparison protocol can be used to perform matching of encrypted templates. For example, the cryptographic comparison protocol may involve Fuzzy Extractors (FE), Homomorphic Encryption (HE), and/or Secure Multi-Party Computation (SMPC).

Abstract: A method is disclosed. The method includes a server computer receiving, from a user device, a first encrypted biometric template, wherein the server computer stores a plurality of encrypted enrollment biometric templates, and a table comprising a plurality of encrypted match values and corresponding unencrypted match values. The server computer can then, for each of the plurality of encrypted enrollment biometric templates, input the first encrypted biometric template and an encrypted enrollment biometric template into a function to obtain an encrypted match value. The server computer can then, for each of the plurality of encrypted enrollment biometric templates, determine if the encrypted match value corresponds to an unencrypted match value using the table, wherein the unencrypted match value is greater than a threshold. The server computer can then provide a notification to the user device or another device associated with the unencrypted match value.

Abstract: A server-side biometric authentication system is disclosed that can split data knowledge and processes, so that extensive collusion would be required in order for a fraudster to compromise the system. Biometric data provided by a user during authentication can be matched with a combination of pieces of a biometric template stored across two or more server(s), rather than on a consumer device as is typically done. More specifically, at the time of enrollment, a biometric template can be split into two or more fragments. Each of the fragments can be encrypted and stored on a template storage server. At a later point in time, during authentication, biometric data provided by a user (e.g., from a fingerprint) can be compared against a reconstructed version of the biometric template where each fragment of the template is retrieved from a matcher computer and combined together.

Abstract: Methods and systems for performing demographics filtering based on biometric information are disclosed. An access terminal can capture a biometric instance corresponding to a user, such as a fingerprint scan, iris scan, etc. The access terminal can determine demographics information from the biometric instance, such as the age, biological sex, or ethnicity of the user. The access terminal can compare the demographics information to demographics information stored on a group of mobile devices corresponding to a group of users, in order to identify candidate user mobile devices. Once candidate user mobile devices are identified, the access terminal can perform a biometric match between the biometric instance corresponding to the user and biometric instances stored on the candidate user mobile devices. Once a biometric match and the corresponding mobile device are determined, the access terminal can conduct a further interaction with the mobile device.

Abstract: Embodiments of the disclosure are directed to a real-time payments settlement system based on distributed ledgers, which may be implemented with blockchain technology. The distributed ledgers may be separate and distinct and each ledger can be used to track, record, and settle transactions between users of a pool account. The ledgers may also be interconnected with one another by being connected to a main ledger, and this network of ledgers can be used to track, record, and facilitate settlement of transactions between users of different pool accounts that are associated with different ledgers. This provides redundancy, transparency, and data access controls, while enabling multicurrency, cross-border transactions to be quickly verified, performed, and settled on a per-transaction basis while reducing the capital requirements of its users.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device comprising a server computer receiving a payment request including encrypted payment information. The encrypted payment information being generated by a mobile payment application of the mobile device and being encrypted using a third party key. The method further comprises decrypting the encrypted payment information using the third party key, determining a transaction processor public key associated with the payment information, and re-encrypting the payment information using the transaction processor public key. The method further comprises sending a payment response including the re-encrypted payment information to a transaction processor.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device comprising a server computer receiving a payment request including encrypted payment information. The encrypted payment information being generated by a mobile payment application of the mobile device and being encrypted using a third party key. The method further comprises decrypting the encrypted payment information using the third party key, determining a transaction processor public key associated with the payment information, and re-encrypting the payment information using the transaction processor public key. The method further comprises sending a payment response including the re-encrypted payment information to a transaction processor.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: Described herein are a system and techniques for detecting whether biometric data provided in an access request is genuine or a replay. In some embodiments, the system uses an machine learning model trained using genuine and replay sample data which is optimized in order to produce a result set in which results for the genuine samples are pulled closer to a genuine center and results for the replay samples are pushed away from the genuine center. Subjecting input biometric data (e.g., an audio sample) to the trained model results in a classification of the input biometric data as genuine or replay, which can then be used to determine whether or not to verify the input biometric data.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: A method and system for performing a calculation of a privacy preserving scalar product are provided. A first party and a second party (e.g., a first computer and a second computer) possessing a first vector and a second vector respectively, can concurrently determine the scalar product of the two vectors, without revealing either vector to the other party. Each vector can be masked and then encrypted using a public key of an asymmetric key pair. Using homomorphic encryption operations, the scalar product of the vectors can be determined while the vectors are still encrypted. Each party can compare the scalar product, or a value derived from the scalar product against a predetermined threshold. As an example, two parties can perform the scalar product to compare two biometric templates expressed as vectors without revealing the biometric templates to one another, preserving the privacy of persons corresponding to those biometrics.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: Systems and methods are disclosed in which data associated with a transaction are protected with encryption. At an access device, a PIN associated with a payment account may be encrypted with a first key derived from an initial key of the access device and sensitive data associated with the payment account may be encrypted with a second key derived from the initial key. At a secure module associated with a host server encrypted sensitive data of an authorization request message may be decrypted. The secure module associated with the host server can re-encrypt the sensitive data using a zone encryption key associated with a payment processing network. A translated authorization request message including the re-encrypted sensitive data can be transmitted by the merchant server to the payment processing network.

Abstract: A server-side biometric authentication system is disclosed that can split data knowledge and processes, so that extensive collusion would be required in order for a fraudster to compromise the system. Biometric data provided by a user during authentication can be matched with a combination of pieces of a biometric template stored across two or more server(s), rather than on a consumer device as is typically done. More specifically, at the time of enrollment, a biometric template can be split into two or more fragments. Each of the fragments can be encrypted and stored on a template storage server. At a later point in time, during authentication, biometric data provided by a user (e.g., from a fingerprint) can be compared against a reconstructed version of the biometric template where each fragment of the template is retrieved from a matcher computer and combined together.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: Systems and methods are disclosed in which data associated with a transaction are protected with encryption. At an access device, a PIN associated with a payment account may be encrypted with a first key derived from an initial key of the access device and sensitive data associated with the payment account may be encrypted with a second key derived from the initial key. At a secure module associated with a host server encrypted sensitive data of an authorization request message may be decrypted. The secure module associated with the host server can re-encrypt the sensitive data using a zone encryption key associated with a payment processing network. A translated authorization request message including the re-encrypted sensitive data can be transmitted by the merchant server to the payment processing network.

Abstract: A server-side biometric authentication system is disclosed that can split data knowledge and processes, so that extensive collusion would be required in order for a fraudster to compromise the system. Biometric data provided by a user during authentication can be matched with a combination of pieces of a biometric template stored across two or more server(s), rather than on a consumer device as is typically done. More specifically, at the time of enrollment, a biometric template can be split into two or more fragments. Each of the fragments can be encrypted and stored on a template storage server. At a later point in time, during authentication, biometric data provided by a user (e.g., from a fingerprint) can be compared against a reconstructed version of the biometric template where each fragment of the template is retrieved from a matcher computer and combined together.

Abstract: Systems and methods for facilitating an exchange of assurance for an individual transaction are disclosed. A method includes receiving an authorization request message for a transaction from an access device, and determining a coverage entity from a plurality of coverage entities for the transaction, the plurality of coverage entities available to provide coverage for the transaction. The method also includes linking, by the server computer, the coverage entity to the transaction, and transmitting, an authorization response message to the access device.

Abstract: A server-side biometric authentication system is disclosed that can split data knowledge and processes, so that extensive collusion would be required in order for a fraudster to compromise the system. Biometric data provided by a user during authentication can be matched with a combination of pieces of a biometric template stored across two or more server(s), rather than on a consumer device as is typically done. More specifically, at the time of enrollment, a biometric template can be split into two or more fragments. Each of the fragments can be encrypted and stored on a template storage server. At a later point in time, during authentication, biometric data provided by a user (e.g., from a fingerprint) can be compared against a reconstructed version of the biometric template where each fragment of the template is retrieved from a matcher computer and combined together.

Abstract: A server-side biometric authentication system is disclosed that can split data knowledge and processes, so that extensive collusion would be required in order for a fraudster to compromise the system. Biometric data provided by a user during authentication can be matched with a combination of pieces of a biometric template stored across two or more server(s), rather than on a consumer device as is typically done. More specifically, at the time of enrollment, a biometric template can be split into two or more fragments. Each of the fragments can be encrypted and stored on a template storage server. At a later point in time, during authentication, biometric data provided by a user (e.g., from a fingerprint) can be compared against a reconstructed version of the biometric template where each fragment of the template is retrieved from a matcher computer and combined together.