Abstract: A method and associated system. Multiple virtual triples for an entity of multiple entities identified within a first data source are generated. Each virtual triple consists of a subject, a predicate, and an object. The subject is the entity. The predicate is a relationship between the entity and other entities identified within the first data source. The object is associated with an attribute of the entity. The subject, the predicate, and the object are each identified within the first data source. A degree of similarity between two entities of the two or more entities is identified by comparing the respective frequency metrics of the two entities. The two entities within the data structure are associated in response to a determination that an identified degree of similarity between the two entities exceeds a first predetermined threshold.

Abstract: Methods and systems may provide for technology to conduct a machine learning analysis of data access statistics with respect to a plurality of separate datasets and determine a time-dependent access pattern based on the machine learning analysis, wherein the time-dependent access pattern includes an expert access trend, a curation access trend and a knowledgebase access trend. The technology may also generate one or more data management recommendations with response to the plurality of separate datasets based on the time-dependent access pattern.

Abstract: A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.

Abstract: A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.

Abstract: A method for utilizing a registration authority to facilitate a certificate signing request is disclosed. In at least one embodiment, a registration authority computer may receive a certificate signing request associated with a token requestor. The registration authority may authenticate the identity of the token requestor and forward the certificate signing request to a certificate authority computer. A token requestor ID and a signed certificate may be provided by the certificate authority computer and forwarded to the token requestor. The token requestor ID may be utilized by the token requestor to generate digital signatures for subsequent token-based transactions.

Abstract: A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

Abstract: A method is disclosed. The method comprising: receiving, by an access control sewer via a directory sewer from an authentication requestor, an authentication request comprising an account identifier, and information regarding a prior authentication method on the account identifier and a current authentication method for the account identifier associated with a transaction; performing, by the access control server, a risk analysis for the transaction based at least in part on the information and a threshold; authenticating, by the access control server, the user of the account identifier using the information, the account identifier, and a result of the risk analysis; modifying, by the access control server, an authentication response to include an authentication indicator, and transmitting, by the access control sewer, the authentication response to the authentication requestor.

Abstract: A method for utilizing a registration authority to facilitate a certificate signing request is disclosed. In at least one embodiment, a registration authority computer may receive a certificate signing request associated with a token requestor. The registration authority may authenticate the identity of the token requestor and forward the certificate signing request to a certificate authority computer. A token requestor ID and a signed certificate may be provided by the certificate authority computer and forwarded to the token requestor. The token requestor ID may be utilized by the token requestor to generate digital signatures for subsequent token-based transactions.

Abstract: Techniques for provisioning access data may include receiving, by a first application installed on a communication device, user input selecting an account to provision to a second application installed on the communication device. The first application may invoke the second application and send a session identifier (ID) to the second application. The second application may send a user ID associated with the second application, a device ID, and the session ID to the first application. The first application may then generate encrypted provisioning request data and send the encrypted provisioning request data to the second application. The second application may send the encrypted provisioning request data to a remote server computer to request access data that can be used to access a resource. The second application may receive the access data provided by the remote server computer based on validation of the encrypted provisioning request data.

Abstract: A method and associated system. Multiple virtual triples for an entity of multiple entities identified within a first data source are generated. Each virtual triple consists of a subject, a predicate, and an object. The subject is the entity. The predicate is a relationship between the entity and other entities identified within the first data source. The object is associated with an attribute of the entity. The subject, the predicate, and the object are each identified within the first data source. A degree of similarity between two entities of the two or more entities is identified by comparing the respective frequency metrics of the two entities. The two entities within the data structure are associated in response to a determination that an identified degree of similarity between the two entities exceeds a first predetermined threshold.

Abstract: A method and associated system. Entities within a first data source are identified. For each entity identified within the first data source, attributes of the entity identified within the first data source and/or relationships between the entity identified within the first data source and other entities identified within the first data source are identified. The attributes and/or relationships identified within the first data source are associated with a first entity identified within a data structure. For each entity identified within the first data source, a frequency metric characterizing the entity identified within the first data source is generated. The frequency metric is based on a frequency at which each attribute and/or relationship identified within the first data source is associated with the entity identified within the first data source. A degree of similarity between two entities of the entities is identified, by comparing the frequency metrics of the two entities.

Abstract: A method to search for at least one relationship pattern in a plurality of runtime artifacts is provided. The method may include detecting at least one data manipulation statement in the plurality of runtime artifacts. The method may also include extracting at least one relationship clause from the detected at least one data manipulation statement. The method may further include parsing the extracted at least one relationship clause. The method may include generating at least one normalized syntax tree based on the parsed at least one relationship clause. The method may also include performing a classification and a snippet discovery on the generated at least one normalized syntax tree.

Abstract: Methods and systems may provide for technology to conduct a machine learning analysis of data access statistics with respect to a plurality of separate datasets and determine a time-dependent access pattern based on the machine learning analysis, wherein the time-dependent access pattern includes an expert access trend, a curation access trend and a knowledgebase access trend. The technology may also generate one or more data management recommendations with response to the plurality of separate datasets based on the time-dependent access pattern.

Abstract: A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.

Abstract: A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.

Abstract: The present systems and methods provide for secured communication between a mobile device and a server/gateway. The systems and methods can be used, for example, as a way to confirm whether or not a transaction was actually authorized by the user, thereby settling a chargeback dispute for a previously executed transaction. The method comprises receiving the dispute regarding the transaction including associated transaction data, and retrieving a digital signature associated with the transaction data, the digital signature computed by signing the transaction data. The digital signature is then verified using a public key, wherein the public key corresponds to a private key stored on a mobile device. It is then determined whether or not the transaction is fraudulent based on a verification result of the digital signature.

Abstract: Techniques for provisioning access data may include receiving, by a first application installed on a communication device, user input selecting an account to provision to a second application installed on the communication device. The first application may invoke the second application and send a session identifier (ID) to the second application. The second application may send a user ID associated with the second application, a device ID, and the session ID to the first application. The first application may then generate encrypted provisioning request data and send the encrypted provisioning request data to the second application. The second application may send the encrypted provisioning request data to a remote server computer to request access data that can be used to access a resource. The second application may receive the access data provided by the remote server computer based on validation of the encrypted provisioning request data.

Abstract: Techniques for provisioning access data may include receiving, by a first application installed on a communication device, user input selecting an account to provision to a second application installed on the communication device. The first application may invoke the second application and send a session identifier (ID) to the second application. The second application may send a user ID associated with the second application, a device ID, and the session ID to the first application. The first application may then generate encrypted provisioning request data and send the encrypted provisioning request data to the second application. The second application may send the encrypted provisioning request data to a remote server computer to request access data that can be used to access a resource. The second application may receive the access data provided by the remote server computer based on validation of the encrypted provisioning request data.

Abstract: Systems and methods are provided for pre-provisioning a first device with a token. The token on the first device may be linked to any real credential using an application on a second device. Because the token may be maintained using the second device, the first device may be a “dumb” device while the second device is a “smart” device. The real credential may be changed and updated on the second device, such that the same token is linked to different real credentials at different times. An identifier may be assigned to the first device and stored in association with its provisioned token in a token vault. The identifier may be used by a user to register and activate the token with the application on the second device.

Abstract: A method to search for at least one relationship pattern in a plurality of runtime artifacts is provided. The method may include detecting at least one data manipulation statement in the plurality of runtime artifacts. The method may also include extracting at least one relationship clause from the detected at least one data manipulation statement. The method may further include parsing the extracted at least one relationship clause. The method may include generating at least one normalized syntax tree based on the parsed at least one relationship clause. The method may also include performing a classification and a snippet discovery on the generated at least one normalized syntax tree.