Abstract: Techniques are disclosed relating to tokenized account information with integrated authentication. In some embodiments, a shared secret key is used for tokenization and authentication. In some embodiments, a payment device stores an encrypted version of the secret key and decrypts the secret key based on a user-provided password. In some embodiments, the payment device uses the secret key and a moving factor to generate a limited-use password. In some embodiments, the payment device uses the limited-use password to modify a first identifier of an account of the user. In some embodiments, the authentication system retrieves a stored version of the secret key and a copy of the account number using a second identifier. In some embodiments, the authentication system generates the limited-use password based on the stored secret key and a moving factor, de-tokenizes the modified first identifier, and compares the result with the retrieved copy of the account number.

Abstract: Aspects of the embodiments are directed to an augmented reality Completely Automated Public Turing test to tell Computers and Humans Apart (“captcha”). Upon determining that a user, operating a user device, is attempting to access a website, a host server can cause a camera on the user device to activate and begin streaming and image feed to the host device across a network. The host device can determine an appropriate augmentation to the image feed that is germane to the context and/or environment of what is being displayed in the image feed. The augmentation can be displayed to the user on a display of the user device. The augmentation can also include a prompt instructing the user how to interact with the augmentation. The host server can determine whether to grant the user access based on the user's interaction with the augmentation.

Abstract: Provided is a process that includes: receiving, with a first device, a request to authenticate a user; obtaining, with the first device, an unstructured-data authentication input; extracting, with the first computing device, a plurality of features of the unstructured-data authentication input to form a structured-data representation; determining, with the first device, a first instance of a value that deterministically varies; and determining, with the first device, a first encrypted value based on both the structured-data representation and the first instance of the value that deterministically varies; and sending, with the first device, the first encrypted value to a second computing device

Abstract: Technologies are provided herein and include embodiments for protecting applications and information on a user computing device and include generating a menu of icons including an application icon and a decoy icon that correspond to a mobile application in a mobile device, where the application icon is assigned to a first location in the menu and the decoy icon is assigned to a second location in the menu. The embodiment further includes communicating icon location information to the mobile application, providing the menu of icons for display on a display screen of the mobile device, receiving a first indication of user input to select the decoy icon in the menu of icons, invoking the mobile application based on the decoy icon being selected, and communicating, to the mobile application based on the decoy icon being selected, second location information indicating the second location in the menu of icons.

Abstract: Aspects of the embodiments are directed to systems, methods, and computer program products that facilitate authentication of a user for providing authentication for access to secured services using an interactive voice response (IVR) service. A user device can include an application. The application can prompt the user to register with an authentication service to create an authentication credential. The user device can receive from the authentication service an authentication secret key. The application can prompt the user for a fingerprint scan, which the application can use to secure the authentication secret key. The user, when attempting to access a secured service, can provide another fingerprint scan to unlock the authentication secret key. The application can generate a one-time-password from the authentication secret key, and can transmit that OTP to an authentication service associated with the secured service provider.

Abstract: Provided is a process that includes: receiving, with a first device, a request to authenticate a user; obtaining, with the first device, an unstructured-data authentication input; extracting, with the first computing device, a plurality of features of the unstructured-data authentication input to form a structured-data representation; determining, with the first device, a first instance of a value that deterministically varies; and determining, with the first device, a first encrypted value based on both the structured-data representation and the first instance of the value that deterministically varies; and sending, with the first device, the first encrypted value to a second computing device.

Abstract: Techniques are disclosed relating to tokenized account information with integrated authentication. In some embodiments, a shared secret key is used for tokenization and authentication. In some embodiments, a payment device stores an encrypted version of the secret key and decrypts the secret key based on a user-provided password. In some embodiments, the payment device uses the secret key and a moving factor to generate a limited-use password. In some embodiments, the payment device uses the limited-use password to modify a first identifier of an account of the user. In some embodiments, the authentication system retrieves a stored version of the secret key and a copy of the account number using a second identifier. In some embodiments, the authentication system generates the limited-use password based on the stored secret key and a moving factor, de-tokenizes the modified first identifier, and compares the result with the retrieved copy of the account number.

Abstract: Techniques are disclosed relating to authorizing varying levels of access to computer resources. In one embodiment, consider an authorization server, a resource server that includes a resource (for example, a data item), and an application server operable to incorporate the resource into its own functionality. The authorization server may receive information indicative of a grant of access privileges by a user, authorizing the application server to access the resource. The authorization server may be configured to provide the application server with varying levels of access to the resources of the resource server. For example, the authorization server may provision a plurality of access tokens corresponding to the grant of access privileges to the application server. The plurality of access tokens may each be associated with a scope of access and a duration. In various embodiments, the duration of an access token may be based on its corresponding scope of access.

Abstract: Aspects of the embodiments are directed to an augmented reality Completely Automated Public Turing test to tell Computers and Humans Apart (“captcha”). Upon determining that a user, operating a user device, is attempting to access a website, a host server can cause a camera on the user device to activate and begin streaming and image feed to the host device across a network. The host device can determine an appropriate augmentation to the image feed that is germane to the context and/or environment of what is being displayed in the image feed. The augmentation can be displayed to the user on a display of the user device. The augmentation can also include a prompt instructing the user how to interact with the augmentation. The host server can determine whether to grant the user access based on the user's interaction with the augmentation.

Abstract: A method includes determining a match score indicative of similarities between (1) signal information associated with a current route being traveled by a user in connection with a transaction with a merchant and (2) signal information associated with an established route traveled by the user in connection with a previous transaction between the user and the merchant, wherein the signal information comprises signal signatures that identify one or more signal emitters identified along each route. The method also includes determining whether the current route matches the established route based on whether the match score is above a threshold. The method further includes if the match score is below the threshold, transmitting a message indicating that the user was not authenticated.

Abstract: A device unlock pattern (“pattern password”) is static in that the same pattern is entered each time to unlock a device. Due to this repetition, a pattern password may be discovered by an application that captures touchscreen gestures, by inspection of fingerprints or smudges on a screen, or simply by an onlooker that views the pattern password being entered. A variable hint pattern can be used to impede discovery. A hint pattern is a sub-pattern (“hint”) of the pattern password to be completed for device unlock. A variable hint pattern can impede discovery by changing the sub-pattern at a defined change threshold related to unlock attempts. The device can randomly change the sub-pattern or randomly change the missing portions of the pattern password at each change threshold. As a result, different inputs complete the pattern password. This variance stymies the methods typically used to discover pattern passwords.

Abstract: Aspects of the embodiments are directed to methods, systems, and computer program products for shared mobile wallet transactions. In embodiments, a mobile device can transmit a shared mobile wallet transaction request message to a mobile device operated by a shared mobile wallet contributor across a network connection; receive, from the shared mobile wallet contributor, a wallet transaction packet, the wallet transaction packet comprising a monetary contribution value and an identifier of the shared mobile wallet contributor; create a shared mobile wallet transaction packet comprising a monetary contribution value for the user, an identifier of the user, the monetary contribution value for the shared mobile wallet contributor, and an identifier of the shared mobile wallet contributor; and transmit the shared mobile wallet transaction packet to a point of sale device across a communications link. The communications link can be a near-field communications link.

Abstract: A method includes determining a number of matching signal signatures within (1) ambient signal information for an order location and (2) ambient signal information for a delivery location, wherein the ambient signal information comprises signal signatures that identify a plurality of signal emitters at each location. The method also includes determining whether the delivery location matches the order location based on the number of matching signal signatures. The method further includes transmitting a message to a delivery operator indicating whether the delivery location matches the order location.

Abstract: Single sign on technology enables shared access to a protected service, such as an application, from a plurality of dynamically associated computing devices. After logging into the application from one of the computing device, a user may access the application from the other computing devices without re-authentication. A user may also log out from the application from any of the computing device. Unique machine identifications, such as device DNA, for identifying each of the computing devices are used in, for example, a method, apparatus (such as a login server) and computer program product. A single session may be shared across multiple computing devices. The same authentication token, such as a SAML token, may also be used for all of the computing devices having the same user session.

Abstract: A method for two factor authentication is described. The method comprises a server receiving an activation code for verification from a mobile device. The server generates an encrypted secret key using the activation code The secret key is encrypted and sent to the mobile device. The server receives a first token generated by the mobile device. The server generates a second token using the secret key, determines whether the first token is identical to the second token, and syncs information with the mobile device.

Abstract: Provided is a process that includes: receiving, with a first device, a request to authenticate a user; obtaining, with the first device, an unstructured-data authentication input; extracting, with the first computing device, a plurality of features of the unstructured-data authentication input to form a structured-data representation; determining, with the first device, a first instance of a value that deterministically varies; and determining, with the first device, a first encrypted value based on both the structured-data representation and the first instance of the value that deterministically varies; and sending, with the first device, the first encrypted value to a second computing device

Abstract: A method includes receiving a security profile comprising user-defined rules for processing sensitive data, and identifying a plurality of sensitive data components in a data file according to the security profile. The method further includes generating a respective format-preserving token for each of the identified plurality of sensitive data components. The method additionally includes generating a corresponding token key for each of the respective-format preserving tokens, and replacing each of the plurality of sensitive data components in the data file with the respective format-preserving token. Further, the method includes cryptographically camouflaging each of the token keys using a first password and storing each of the cryptographically camouflaged token keys.

Abstract: Techniques are disclosed relating to generating tokens dynamically using payment keys. In some embodiments, a computer system may receive a transaction authorization request including a transaction token. The computer system may, in some embodiments, identify a transaction account number and a plurality of payment keys that were sent to a user device. Further, in some embodiments, the computer system may generate an authentication token that is usable to validate the transaction token.

Abstract: Techniques are disclosed relating to authenticating a user via a lock screen. In one embodiment, a computer device presents a two-dimensional matrix of elements on a display of the computing device and detects a continuous gesture performed by a user on the display over the two-dimensional matrix of elements. In some embodiments, the gesture includes a first portion selecting a first set of the elements and a second portion selecting a second set of the elements. In response to detecting the continuous gesture, the computer device authenticates the user based on the selected first set of elements and initiates performance of an action based on the second set of elements such as execution of a particular application, opening a particular file, opening a particular menu of an application, etc.

Abstract: To protect confidential data, a mobile device determines whether the mobile device is at a location susceptible to visual capture of confidential data entered into the phone by external cameras. The mobile device determines whether focus of a display is on a field in which confidential data is entered. If the mobile device determines that it is at a location susceptible to an external imaging device visually capturing confidential data input into the input field, then the mobile device activate a light source on a same side as the screen presenting the display.