Abstract: A biometric electronic signature authenticated key exchange (“BESAKE”) token processing system. The system includes a storage location having a plurality of biometric reference templates. The system further includes an authentication computing system having a processor and instructions. The instructions configured to cause the authentication computing system to receive a signing party identifier and the BESAKE token from a signing party. The BESAKE token having a biometric sample encrypted using an encryption key. The instructions further configured to generate a decryption key and decrypt the encrypted biometric sample from the BESAKE token. The instructions further configured to match the biometric sample with a biometric reference template and transmit to a biometric service provider computing system a match request. The instructions further configured to determine a signing party identity via a binary match value.

Abstract: Systems, methods, and apparatuses of creating a repair token for a distributed ledger are provided. A method includes identifying an error in the distributed ledger via a computing system. The error is associated with a first block on the distributed ledger. The method further includes creating the repair token having content of the first block and a correction to the error via the computing system.

Abstract: An example method includes receiving an encrypted biometric enrollment data and user identifier data. The encrypted biometric enrollment data includes at least one biometric enrollment sample from a user encrypted using an encryption key. The encryption key is generated based on a user secret and the user identifier is associated with the user. The user identifier is matched with a stored user secret. A decryption key is generated based on the stored user secret. The encrypted biometric enrollment data is decrypted using the decryption key. The at least one biometric enrollment sample is retrieved from the decrypted biometric enrollment data. The at least one biometric enrollment sample is processed using a biometric processing algorithm to generate a biometric reference template. A biometric reference template identifier uniquely identifying the biometric reference template is generated. An encryption key is generated based on the stored user secret and encrypts an enrollment confirmation message.

Abstract: A method includes receiving an update biometric reference sample and a user identifier by a computing system and retrieving a previous biometric reference template record in a storage location based on the user identifier by the computing system. The previous biometric reference template record includes a previous biometric reference template generated using a previous biometric reference sample. The method further includes comparing the update biometric reference sample to the previous biometric reference template by the computing system and, responsive to determining that a biometric data type of the update biometric reference sample is different than that of the previous biometric reference template, generating an update biometric reference template by the computing system. The method further includes generating an update biometric reference template record by the computing system.

Abstract: A unique transaction key (Tk) is established amongst multiple entities using a common hardware security module (HSM) with a common HMAC key (HK) and transaction scheme name (T). The transaction key (Tk) can be used for various cryptographic functions (e.g. encryption, MAC, HMAC, key management) with one or more messages at the transaction or session level.

Abstract: Example implementations include a method for using tokens between two entities including a client device and a server, by generating, by a first one-way function of the client device, a first intermediate value from a transaction count corresponding to a number of transactions involving an original data, the first intermediate value being unique to a first verification transaction at a server, generating, by a second one-way function of the client device, a second intermediate value from the first intermediate value, the second intermediate value being unique to a second verification transaction at the server, sending, by the client device, a first token based on the first intermediate value to the server to execute the first verification transaction, and sending, by the client device, a second token based on the second intermediate value to the server to execute the second verification transaction.

Abstract: Systems and methods relating to leveraging group signature technology allowing a group manager to control an account with several members whether in a family or business environment. In some instances, this allows for control of a single account verifiable through a digital signature that is presented to the outside, but further allows for great granular control by the group manager on spending and functionality available to each individual member.

Abstract: Systems and methods in accordance with present implementations can include decrypting, by one or more processors, a data packet using a session key to recover a decrypted data packet, the data packet comprising a data element encrypted with a first content-specific key associated with a shared secret, the data packet encrypted with the session key, and decrypting, by the one or more processors, the data element of the decrypted data packet using a second content-specific key corresponding to a data type of the data element, to recover a decrypted data element.

Abstract: Systems and methods for verifying an identity of a user. A method includes generating a tokenized biometric sample by tokenizing a biometric sample associated with the user by a computing system. The method further includes generating a digitally-signed tokenized biometric sample by digitally signing the tokenized biometric sample with a private key associated with the user by the computing system. The method further includes, responsive to a biometric reference template matching a signing party biometric sample associated with a signing party and a record, determining that the user matches the signing party by the computing system. The biometric reference template is based on biometric data extracted from the biometric sample. Authenticity and data integrity of the record is determined based on each of the record, the tokenized biometric sample, and a public key of a public/private key pair comprising the private key.

Abstract: Various embodiments relate to a method of receiving an original message, share-holder list, and threshold amount. The original message is tokenized resulting in a tokenized message. A plurality of shares are generated from the tokenized message using a message sharing algorithm of a secret sharing scheme. Each of the plurality of shares is signcrypted using a public key and a private key associated with the shared secret provider computing system and a public key of a respective one of the share-holders included in the share-holders list, resulting in a plurality of signcrypted shares. The plurality of signcrypted shares is distributed to the respective ones of the share-holders according to the public key used to signcrypt the respective signcrypted share. The authenticity and data integrity of the first share of the plurality of signcrypted shares can be determined by using the public key associated and a public/private key pair associated with the share-holder.

Abstract: Examples described herein relate to systems, apparatuses, methods, and non-transitory computer-readable medium for recovering a session object associated with a secure session established by a security protocol server, including receiving, by a recovery server, an encrypted session object from the security protocol server, wherein the encrypted session object is unique to the secure session, generating, by the recovery server, a recovery key based on a first initial key and a recovery key sequence number, wherein the recovery key sequence number corresponds to a number of times that secure sessions have been established since the first initial key is received by the security protocol server, and decrypting, by the recovery server, the encrypted session object using the recovery key to generate the session object associated with the secure session.

Abstract: A system, method, and apparatus for carrying out a value transfer is provided. A method includes receiving, by a computing system of a financial institution, a de-signcrypted value transfer message including terms of a value transfer from an account of a sending party to an account of a merchant, wherein a receiving party desires to make a purchase from the merchant and the value transfer is a payment from the sending party account to the merchant account; and one or more spending limitations on the desired purchase, wherein the payment is contingent on the desired purchase meeting the spending limitations. The method then includes verifying the authenticity of the de-signcrypted message using a public key of the sending party and a private key of the financial institution; and dispersing funds according to the terms of the value transfer.

Abstract: Systems and applications are described that use group signature technology to allow for anonymous and/or semi-anonymous feedback while allowing for the application of rules and parameters. The use of group signature technology may serve to potentially mitigate or prevent malicious identification of individuals or entities providing a communication such as feedback. Feedback may range from constructive feedback all the way to the ‘whistleblower’ variety. It may be desirable to identify the individuals as belonging to a particular group or having a particular status or position while maintaining the anonymity of the individuals within the particular group.

Abstract: A method for gesture-based multi-factor authentication includes mapping a gesture password to a first substitution string, generating a cryptographic key using the first substitution string as an input to a password authenticated key exchange protocol, encrypting a challenge response with the cryptographic key to generate an encrypted challenge response, and transmitting, to a relying party computing system, a first authentication message comprising the encrypted challenge response and a user identifier identifying a user.

Abstract: Various arrangements relate to a method performed by a processor of a computing system. An example method includes tokenizing a first value using a tokenization algorithm to generate a first token. The first value and first key are inputs of the tokenization algorithm. A message is generated. The message includes a first value identifier associated with the first value and a first key generation identifier associated with the generation of the first key. The message is associated with the first token. A second key is generated. A second value is tokenized using a tokenization algorithm to generate a second token. The second value and second key are inputs of the tokenization algorithm.

Abstract: A method comprises receiving, by a computing system from a signing party, a signing party identifier and a token. The token includes an encrypted biometric sample encrypted using an encryption key and an encrypted record of an electronic agreement encrypted using the encryption key, the encrypted record cryptographically bound with the encrypted biometric sample. The method further includes receiving, by the computing system from the signing party, a message and determining, based on the message, that the signing party is rescinding the electronic agreement. The computing system then retrieves a stored knowledge factor associated with the signing party identifier, generates a decryption key using the stored knowledge factor as an input to a password authenticated key exchange protocol, decrypts the encrypted biometric sample from the token using the decryption key to retrieve a biometric sample, and transmits the biometric sample to the signing party.

Abstract: A method can include generating a cryptogram by encrypting, by a hardware security module (HSM), a keyed-hash message authentication code (HMAC) key by a master key encryption key (MK); transmitting, a database server, the cryptogram; destroying the cryptogram at the HSM, in response to the transmitting the cryptogram to the database server; receiving, from the database server, the cryptogram and an ID generated by the database server; generating a wallet password based on the ID and the cryptogram; generating a data encryption key (DK) retrievable via the wallet password; transmitting, to the database server, the DK without the wallet password; destroying the wallet password in response to the transmitting the DK to the database server; decrypting the cryptogram into a decrypted HMAC key; regenerating the wallet password using the ID and the decrypted HMAC key; encrypting the regenerated wallet password; transmitting, to the database server, the encrypted regenerated wallet password.

Abstract: A system having one or more processors. The one or more processors receive data having a request for transferring ownership of a portion of a security from a first user computing system. A portion of the data is signed by a signer with a group signature having an extension. The one or more processors further receive a request to link an identity of the signer and open the identity of the signer. The one or more processors provide to a regulator information corresponding to the group signature and a signature of a transferee being linked to the group signature. The one or more processors generate signing ability of a second user computing system associated with an identifier of the transferee. Generating the signing ability of the second user computing system to use the group signature transfers the ownership of the portion of the security.

Abstract: A biometric electronic signature authenticated key exchange (“BESAKE”) token processing system. The system includes a storage location having a plurality of biometric reference templates. The system further includes an authentication computing system having a processor and instructions. The instructions configured to cause the authentication computing system to receive a signing party identifier and the BESAKE token from a signing party. The BESAKE token having a biometric sample encrypted using an encryption key. The instructions further configured to generate a decryption key and decrypt the encrypted biometric sample from the BESAKE token. The instructions further configured to match the biometric sample with a biometric reference template and transmit to a biometric service provider computing system a match request. The instructions further configured to determine a signing party identity via a binary match value.

Abstract: Systems and methods for using ring usage certificate extensions are described. Some implementations described limit the ability of signers using a ‘ring signature’ from using public key certificates to create the ring signatures without the permission of the creators of those respective public key certificates. An implementation may describe receiving a request to validate, receiving a plurality of digital certificates associated with the request to validate, determining the request to validate requires validation of a ring signature using the plurality of digital certificates, determining one or more of the plurality of digital certificates comprises a ring usage certificate extension, analyzing the ring usage certificate extension to retrieve a value associated with the ring usage certificate extension, and failing validation of the request based on determining the request to validate requires validation of the ring signature and based on the value associated with the ring usage certificate extension.