Abstract: In some instances, a method for authenticating a user using key pair authentication is provided. The method comprises enrolling the user into key pair authentication by generating a private and public key pair for an authentication domain, accessing the content on the first domain based on enrolling the user into the key pair authentication with a key pair authentication server using the private and public key pair for the authentication domain, requesting access for different content on a second domain, based on enrolling the user into the key pair authentication for the first domain, redirecting a browser from the second domain to the authentication domain, and accessing the different content on the second domain based on performing the key pair authentication with the key pair authentication server using the private and public key pair for the authentication domain.

Abstract: Embodiments of the disclosure provide a method for enhancing standard authentication systems to include risk-based decisions. Risk-based decisions can be selectively implemented within existing authentication systems to strategically modify and supplement security if an unacceptable risk is detected. Embodiments capture information pertaining to a user and user device. Information is stored to create a profile for the user and user device. A comparison between the stored information and live data can be performed within authentication systems to optimize security. If the results of the comparison demonstrate the presence of an acceptable risk, then the need for subsequent authentication can be reduced or eliminated, which improves a user experience.

Abstract: Embodiments of the disclosure provide a method for enhancing standard authentication systems to include risk-based decisions. Risk-based decisions can be selectively implemented within existing authentication systems to strategically modify and supplement security if an unacceptable risk is detected. Embodiments capture information pertaining to a user and user device. Information is stored to create a profile for the user and user device. A comparison between the stored information and live data can be performed within authentication systems to optimize security. If the results of the comparison demonstrate the presence of an acceptable risk, then the need for subsequent authentication can be reduced or eliminated, which improves a user experience.

Abstract: In some instances, a method for authenticating a user using key pair authentication is provided. The method comprises enrolling the user into key pair authentication by generating a private and public key pair for an authentication domain, accessing the content on the first domain based on enrolling the user into the key pair authentication with a key pair authentication server using the private and public key pair for the authentication domain, requesting access for different content on a second domain, based on enrolling the user into the key pair authentication for the first domain, redirecting a browser from the second domain to the authentication domain, and accessing the different content on the second domain based on performing the key pair authentication with the key pair authentication server using the private and public key pair for the authentication domain.

Abstract: A method for performing searches of user information comprises: receiving an initial dataset including the user information; calculating distance metrics between pairs of data in the initial dataset; performing unsupervised learning on the initial dataset to obtain a plurality of total number of clusters, each total number of clusters covering the initial dataset; determining efficacy measures for each total number of clusters using a plurality of distance metric thresholds; determining a desired efficacy measure in the efficacy measures, the desired efficacy measure corresponding to a desired distance metric threshold in the plurality of distance metric thresholds; determining a desired total number of clusters in the plurality of total number of clusters, the desired total number of clusters corresponding to the desired distance metric threshold; and performing unsupervised learning on the initial dataset using the desired total number of clusters to obtain a number of data representations of the user infor

Abstract: A system includes at least one web server, a storage, and a suspicious access attempt detector. The at least one web server is configured to receive and process a plurality of access attempts from a plurality of user devices over a network, and to provide access attempt information corresponding to the plurality of access attempts to a storage, wherein access attempt information for each respective access attempt comprises an access signature corresponding to the respective access attempt. The suspicious access attempt detector configured to: obtain the access attempt information corresponding to the plurality of access attempts from the storage; analyze the access attempt information corresponding to the plurality of access attempts to detect suspicious access attempts out of the plurality of access attempts, wherein analyzing the access attempt information is based on respective access signatures corresponding to the plurality of access attempts; and output a result of the detection.

Abstract: A method for secret sharing utilizing multiple features of an input includes: receiving a registration input; obtaining features from the registration input; generating a secret key and a plurality of shared keys according to a shared secret scheme; associating each of the plurality of shared keys with a respective feature of the registration input; generating a plurality of additional features associated with additional keys having a similar format as a shared key associated with a respective feature; storing the plurality of shared keys associated with respective features together with the plurality of additional keys associated with additional features; and encrypting an element to be protected by the secret key using the secret key.

Abstract: A fraud detection system includes one or more processors and one or more non-transitory computer-readable mediums having processor-executable instructions stored thereon. The processor-executable instructions, when executed by the one or more processors, facilitate: obtaining a dataset of transaction data corresponding to a plurality of transactions between a plurality of users and a plurality of merchants; applying one or more filters to remove transaction data corresponding to certain transactions from the dataset; analyzing transaction data corresponding to remaining transactions of the dataset for detecting one or more potential target merchant(s) and/or for detecting one or more potentially comprised user(s); and outputting a detection result indicative of the one or more potential target merchant(s) and/or the one or more potentially comprised user(s).

Abstract: A method for performing approximate string matching comprises: obtaining a predefined distance error threshold and user information, the user information including a list of strings; calculating distance metrics for pairs of strings in the list of strings; determining a positive list and a negative list based on the calculated distance metrics for the pairs of strings; determining histogram representations of the list of strings; determining true positive rates and false positive rates for one or more histogram thresholds based on the positive list, the negative list, and calculated histogram distances between pairs within the histogram representations; and obtaining an acceptable histogram threshold from the one or more histogram thresholds based on an acceptable true positive rate and an acceptable false positive rate.

Abstract: A system includes at least one web server, a storage, and a suspicious access attempt detector. The at least one web server is configured to receive and process a plurality of access attempts from a plurality of user devices over a network, and to provide access attempt information corresponding to the plurality of access attempts to a storage, wherein access attempt information for each respective access attempt comprises an access signature corresponding to the respective access attempt. The suspicious access attempt detector configured to: obtain the access attempt information corresponding to the plurality of access attempts from the storage; analyze the access attempt information corresponding to the plurality of access attempts to detect suspicious access attempts out of the plurality of access attempts, wherein analyzing the access attempt information is based on respective access signatures corresponding to the plurality of access attempts; and output a result of the detection.

Abstract: Embodiments of the disclosure provide a method for enhancing standard authentication systems to include risk-based decisions. Risk-based decisions can be selectively implemented within existing authentication systems to strategically modify and supplement security if an unacceptable risk is detected. Embodiments capture information pertaining to a user and user device. Information is stored to create a profile for the user and user device. A comparison between the stored information and live data can be performed within authentication systems to optimize security. If the results of the comparison demonstrate the presence of an acceptable risk, then the need for subsequent authentication can be reduced or eliminated, which improves a user experience.

Abstract: Embodiments of the disclosure provide a method of incorporating multiple authentication systems and protocols. The types of authentication systems and protocols can vary based on desired assurance levels. A Centralized Authentication System together with an authentication policy dictates acceptable authentication systems. Authorization data for each authorization system are captured and packaged into a single Object Data Structure. The authorization data can be compared to data stored in an identity store for authentication. The authorization data can also be used for user and device registration and for transferring an authentication or registration token from a previously authenticated and registered device to a new device.

Abstract: Embodiments of the disclosure provide a method of establishing a user profile using multiple channels. Embodiments allow compatibility of the user profile across several authentication systems. The user profile is created upon registration and is updated with attributes after authenticating and authorizing the user according to a pre-defined assurance level. The user profile contains attributes pertaining to the user and user device. The attributes can be analyzed by authentication systems to optimize data security.

Abstract: Embodiments of the disclosure provide a method of establishing a user profile using multiple channels. Embodiments allow compatibility of the user profile across several authentication systems. The user profile is created upon registration and is updated with attributes after authenticating and authorizing the user according to a pre-defined assurance level. The user profile contains attributes pertaining to the user and user device. The attributes can be analyzed by authentication systems to optimize data security.

Abstract: Embodiments of the disclosure provide a method for enhancing standard authentication systems to include risk-based decisions. Risk-based decisions can be selectively implemented within existing authentication systems to strategically modify and supplement security if an unacceptable risk is detected. Embodiments capture information pertaining to a user and user device. Information is stored to create a profile for the user and user device. A comparison between the stored information and live data can be performed within authentication systems to optimize security. If the results of the comparison demonstrate the presence of an acceptable risk, then the need for subsequent authentication can be reduced or eliminated, which improves a user experience.

Abstract: A method for performing approximate string matching comprises: obtaining a predefined distance error threshold and user information, the user information including a list of strings; calculating distance metrics for pairs of strings in the list of strings; determining a positive list and a negative list based on the calculated distance metrics for the pairs of strings; determining histogram representations of the list of strings; determining true positive rates and false positive rates for one or more histogram thresholds based on the positive list, the negative list, and calculated histogram distances between pairs within the histogram representations; and obtaining an acceptable histogram threshold from the one or more histogram thresholds based on an acceptable true positive rate and an acceptable false positive rate.

Abstract: A method for performing searches of user information comprises: receiving an initial dataset including the user information; calculating distance metrics between pairs of data in the initial dataset; performing unsupervised learning on the initial dataset to obtain a plurality of total number of clusters, each total number of clusters covering the initial dataset; determining efficacy measures for each total number of clusters using a plurality of distance metric thresholds; determining a desired efficacy measure in the efficacy measures, the desired efficacy measure corresponding to a desired distance metric threshold in the plurality of distance metric thresholds; determining a desired total number of clusters in the plurality of total number of clusters, the desired total number of clusters corresponding to the desired distance metric threshold; and performing unsupervised learning on the initial dataset using the desired total number of clusters to obtain a number of data representations of the user infor

Abstract: A method for secret sharing utilizing multiple features of an input includes: receiving a registration input; obtaining features from the registration input; generating a secret key and a plurality of shared keys according to a shared secret scheme; associating each of the plurality of shared keys with a respective feature of the registration input; generating a plurality of additional features associated with additional keys having a similar format as a shared key associated with a respective feature; storing the plurality of shared keys associated with respective features together with the plurality of additional keys associated with additional features; and encrypting an element to be protected by the secret key using the secret key.

Abstract: A method for secret sharing utilizing multiple features of an input includes: receiving a registration input; obtaining features from the registration input; generating a secret key and a plurality of shared keys according to a shared secret scheme; associating each of the plurality of shared keys with a respective feature of the registration input; generating a plurality of additional features associated with additional keys having a similar format as a shared key associated with a respective feature; storing the plurality of shared keys associated with respective features together with the plurality of additional keys associated with additional features; and encrypting an element to be protected by the secret key using the secret key.

Abstract: Embodiments of the disclosure provide a method of incorporating multiple authentication systems and protocols. The types of authentication systems and protocols can vary based on desired assurance levels. A Centralized Authentication System together with an authentication policy dictates acceptable authentication systems. Authorization data for each authorization system are captured and packaged into a single Object Data Structure. The authorization data can be compared to data stored in an identity store for authentication. The authorization data can also be used for user and device registration and for transferring an authentication or registration token from a previously authenticated and registered device to a new device.