Abstract: Conversations between an intelligent, machine-based chat bot and a user of a website or an application support a computing paradigm called Conversation as a Platform (CaaP) to dynamically generate payment agreements that enable asynchronous actions to be performed for e-commerce transactions which the user may use to confirm the transaction, change the terms (e.g., payment method, ship-to address, shipping method, etc.), or cancel the transaction. Upon opt-in by the user to the payment agreement, a cloud-based wallet provider gives a payment credential URL (Uniform Resource Locator) to the chat bot provider that is called to receive an actual payment credential, and which may also be used for subsequent transactions.

Abstract: Conversations between an intelligent, machine-based chat bot and a user of a website or an application support a computing paradigm called Conversation as a Platform (CaaP) to dynamically generate payment agreements that enable asynchronous actions to be performed for e-commerce transactions which the user may use to confirm the transaction, change the terms (e.g., payment method, ship-to address, shipping method, etc.), or cancel the transaction. Upon opt-in by the user to the payment agreement, a cloud-based wallet provider gives a payment credential URL (Uniform Resource Locator) to the chat bot provider that is called to receive an actual payment credential, and which may also be used for subsequent transactions.

Abstract: A mechanism to export a payment instrument from a secured database to a user device based on a binding between the user device and an identifier associated with the owner of the payment instrument. A computing system performs the following: binds a device ID that is associated with a user device to a user ID that is associated with an owner of a payment instrument and records a representation of the binding in a secured database; generates an identifier that signifies that the user device that is associated with the device ID has been granted permission to export payment instrument information; returns the identifier to the user device; receives from the user device a payload that includes the identifier, the user ID, and the device ID; and exports an encrypted version of the payment instrument information to the user device.

Abstract: In an embodiment, a one-time use, cryptographically strong binding key is received from a user device that is outside the control of the computing system. Payment instrument information related to a payment instrument is received from the user device. An identifier for the binding key and an identifier for the payment instrument information is generated and the identifiers are returned to the user device. A payload including at least the identifiers for the binding key and the payment instrument information and a user identifier are received from the user device. The identifiers for the binding key and the payment instrument information are used to access the payment instrument information and the binding key. An association between the user identifier and the payment instrument information is stored in a secure database.

Abstract: A computing device supports a Web Authentication (WebAuthN) application program interface (API) that is configured to exposes functionalities that may substitute for those utilized in the EMV (Europay, Mastercard, and Visa) standard for transactions using smart payment instruments like debit and credit cards that include embedded computer chips. The functionality of the WebAuthN-compliant computing device is analogous to a physical card in the conventional chip and PIN (personal identification number) where the chip serves as proof of payment device and the PIN as proof of payment account holder.

Abstract: A computing device, supporting a web browser and one or more biometric sensors for recognizing a device user by capturing biometric characteristics such as the user's face, iris, or fingerprints, is configured to enable web applications to authenticate the user using password-less or two-factor scenarios to enhance online security while reducing password risks such as password guessing, phishing, and keylogging attacks. The present user and device authentication enables online activities having high potential risks, such as online purchases, to be completed securely and conveniently by providing strong cryptographic proof of both the user and a computing device that is trusted by the user.