Abstract: A method includes a server computer receiving, from a first data provider computer, encrypted data derived from first identity data and a cryptographic key or derivative thereof stored at the first data provider computer. The server computer transmits, to a second data provider computer, the encrypted data and/or the cryptographic key or derivative thereof. The server computer receives, from the second data provider computer, intermediate data derived from second identity data stored at the second data provider computer. The server computer determines if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted. The server computer removes one of encrypted first identity data, derived from the first identity data, and encrypted second identity data, derived from the second identity data, from a memory in the server computer.

Abstract: In some embodiments, a malware detection system includes an attack channel removal unit, a feature extraction unit coupled to the attack channel removal unit, and a graphical encoding unit coupled to the feature extraction unit and a malware detection unit. In some embodiments, based upon graphically-encoded component-based features and monotonic features extracted from attack-channel-free software output by the attack channel removal unit, the malware detection unit detects malware in software input into the malware detection system. In some embodiments, the monotonic features extracted from the attack-channel free software and the graphically-encoded component-based features are combined to generate a combination monotonic-component based feature vector. In some embodiments, the combination monotonic-component based feature vector is used to detect malware using the malware detection system.

Abstract: Systems, methods, and computer program products are provided for privacy-preserved data services using generative AI abstraction. The system includes at least one processor configured to generate a user profile based on identification data of a user by inputting the identification data to a generative machine learning model, generate abstracted datasets based on outputs of the generative machine learning model, and associate abstracted datasets with the user profile. The at least one processor is further configured to receive a request message from a third-party computing device comprising a query and a token associated with the user profile, determine the user profile based on the token, and generate outputs based on the query and the abstracted datasets associated with the user profile. The at least one processor is further configured to communicate a response message to the third-party computing device based on the outputs.

Abstract: A method includes receiving a first encrypted first identity attribute. A first doubly encrypted first identity attribute is formed by encrypting the first encrypted first identity attribute. A second doubly encrypted first identity attribute is formed by encrypting the first encrypted first identity attribute. They are transmitted to a user device, which removes a user layer of encryption on each to form a second encrypted first identity attribute and a third encrypted first identity attribute. Layers of encryption are added to the second encrypted first identity attribute to form a third doubly encrypted first identity attribute and the third encrypted first identity attribute to form a fourth doubly encrypted first identity attribute. The server computer receives them and transmits, to the second identity provider computer, the fourth doubly encrypted first identity attribute. The second identity provider computer obtains a first identity attribute and compares it to a second identity attribute.

Abstract: A method includes a server computer receiving, from a first data provider computer, encrypted data derived from first identity data and a cryptographic key or derivative thereof stored at the first data provider computer. The server computer transmits, to a second data provider computer, the encrypted data and/or the cryptographic key or derivative thereof. The server computer receives, from the second data provider computer, intermediate data derived from second identity data stored at the second data provider computer. The server computer determines if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted. The server computer removes one of encrypted first identity data, derived from the first identity data, and encrypted second identity data, derived from the second identity data, from a memory in the server computer.

Abstract: A method includes generating a second public key and a second private key of a second public-private key pair, and transmitting the second public key to a first user device, which stores an encrypted biometric template. The encrypted biometric template is a biometric template encrypted with a first public key of a first public-private key pair. The first user device encrypts the encrypted biometric template with the second public key to form a double encrypted biometric template. The method includes receiving the double encrypted biometric template from the first user device, decrypting the double encrypted biometric template using the second private key to obtain the encrypted biometric template, determining a test biometric template and encrypting the test biometric template, comparing the encrypt-test biometric template and the encrypted biometric template to obtain an encrypted biometric match score, and transmitting the encrypted biometric match score to a server computer.

Abstract: Provided is a computer-implemented method for authenticating a customer during payment transactions based on biometric identification parameters of the customer that includes receiving image data associated with an image template for identification of a customer, receiving image data associated with an image of a biometric identification parameter of the customer during a payment transaction between the customer and a merchant, establishing a short-range communication connection with a user device associated with the customer during the payment transaction between the customer and the merchant, authenticating an identity of the customer for the payment transaction via the short-range communication connection, determining an account identifier of an account of the customer based on authenticating the identity of the customer for the payment transaction, and processing the payment transaction using the account identifier of the account of the customer. A system and computer program product are also disclosed.

Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.

Abstract: A delegated biometric authentication system and related methods are disclosed. Using the system, a user can securely delegate biometric authentication to a public device from his communication device. This public device may be an Internet of things device that is not owned by the user, such as a computer, smart TV, tablet, etc. The public device may operate in a public place, such as a hotel or library. The communication device may be the users own smartphone or tablet, etc. A fuzzy vault process can be used to store the user's biometric template in the system Embodiments preserver the user's privacy without compromising authentication security and user convenience.

Abstract: A method includes receiving a first encrypted first identity attribute. A first doubly encrypted first identity attribute is formed by encrypting the first encrypted first identity attribute. A second doubly encrypted first identity attribute is formed by encrypting the first encrypted first identity attribute. They are transmitted to a user device, which removes a user layer of encryption on each to form a second encrypted first identity attribute and a third encrypted first identity attribute. Layers of encryption are added to the second encrypted first identity attribute to form a third doubly encrypted first identity attribute and the third encrypted first identity attribute to form a fourth doubly encrypted first identity attribute. The server computer receives them and transmits, to the second identity provider computer, the fourth doubly encrypted first identity attribute. The second identity provider computer obtains a first identity attribute and compares it to a second identity attribute.

Abstract: A method includes a server computer receiving, from a first data provider computer, encrypted data derived from first identity data and a cryptographic key or derivative thereof stored at the first data provider computer. The server computer transmits, to a second data provider computer, the encrypted data and/or the cryptographic key or derivative thereof. The server computer receives, from the second data provider computer, intermediate data derived from second identity data stored at the second data provider computer. The server computer determines if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted. The server computer removes one of encrypted first identity data, derived from the first identity data, and encrypted second identity data, derived from the second identity data, from a memory in the server computer.

Abstract: Methods and systems for performing federated private anomaly detection are disclosed. An anomaly detector computer can collaborate with an aggregator computer and an account management computer in order to train machine learning models, which can be used to classify events as not fraudulent or fraudulent. The anomaly detector computer can obliviously use private information (e.g., account flags and account flag values) held by the account management computer to train and use the machine learning models, such that the anomaly detector does not become aware of the account flags or account flags values. Such a system can be used, for example, for the detection and prevention of financial crime. The anomaly detector computer can use the account flag information possessed by the account management computer to identify fraudulent events performed by customers of the organization operating the account management computer.

Abstract: Provided are systems for determining adversarial examples that include at least one processor to determine a first additional input from a plurality of additional inputs based on a proximity of the first additional input to an initial input, determine a second additional input from the plurality of additional inputs based on a proximity of the second additional input to the first additional input, generate a first vector embedding, a second vector embedding and a third vector embedding based on the second additional input, generate a first relational embedding, a second relational embedding, and a third relational embedding based on the third vector embedding and the first vector embedding, concatenate the first relational embedding, the second relational embedding, and the third relational embedding to provide a concatenated version, and determine whether the first input is an adversarial example based on the concatenated version. Methods and computer program products are also provided.

Abstract: A method, performed by a digital identity computer, for processing a resource request is disclosed. The method includes receiving. from a user device operated by a user, a resource request and indication of identity attributes needed to process the resource request. The digital identity computer may then retrieve an identity token associated with the user and compute an authentication score based on the sensitivity and rarity of the identity attributes indicated. The authentication score can be used to determine an authentication process. After determining and executing the authentication process with the user device, the digital identity computer may then grant the user device access to the resource requested.

Abstract: Provided are systems for determining adversarial examples that include at least one processor to determine a first additional input from a plurality of additional inputs based on a proximity of the first additional input to an initial input, determine a second additional input from the plurality of additional inputs based on a proximity of the second additional input to the first additional input, generate a first vector embedding, a second vector embedding and a third vector embedding based on the second additional input, generate a first relational embedding, a second relational embedding, and a third relational embedding based on the third vector embedding and the first vector embedding, concatenate the first relational embedding, the second relational embedding, and the third relational embedding to provide a concatenated version, and determine whether the first input is an adversarial example based on the concatenated version. Methods and computer program products are also provided.

Abstract: Methods and systems for privacy-preserving identity attribute verification are presented. During an interaction between a relying entity and a user, a relying entity computer can transmit a policy token to a user device. The policy token may indicate the information needed by the relying entity in order to perform the interaction. The user device can verify the policy token, then use the policy token in conjunction with an identity token to generate a zero-knowledge proof. The user device may transmit the zero-knowledge proof to an identity service provider computer. The identity service provider computer may verify the zero-knowledge proof, then generate a verification message. The identity service provider computer may sign the verification message and transmit the signed verification message to the relying entity computer. The relying entity computer may verify the verification message and complete the interaction with the user.

Abstract: The present disclosure describes a method and system for training a robust source code model in a neural network. The neural network trains on a large-scale dataset and adversarial examples to improve the classification accuracy of the source code model. The system generates adversarial examples based on a sequence of transformations, modeled by a mapping function in the feature-space.

Abstract: Provided is a computer-implemented method for authenticating an identification document. The method includes determining, with at least one processor, whether image data associated with the identification document has at least one predetermined indicia. In response to determining that the image data has the at least one predetermined indicia, the method includes determining whether the at least one predetermined indicia corresponds to at least one invalidation mark on the identification document, and, in response to determining that the at least one predetermined indicia corresponds to the at least one invalidation mark, determining, that the identification document is invalid. In response to determining that the identification document is invalid, the method includes preventing or causing the prevention of at least one action from being performed. A system and computer program product for authenticating identification documents are also disclosed.

Abstract: A method is disclosed. The method comprises receiving, by a user device from an identity network computer, a query set comprising a plurality of test identity attributes; encrypting, by the user device, the query set to form an obscured query set; computing, by the user device, a zero-knowledge proof using the obscured query set and an encrypted identity attribute associated with a user operating the user device; and transmitting, by the user device to the identity network computer, the obscured query set and the zero-knowledge proof, wherein the identity network computer verifies the zero-knowledge proof, retrieves an encrypted identity attribute associated with the user, evaluates the obscured query set with respect to the encrypted identity attribute, and transmits a result of the evaluation to a relying party computer.

Abstract: Training an adversarial perturbation detector comprises accessing a training set comprising an enrolled biometric sample xi and a public biometric sample x of an enrolled user, and submitted biometric samples x? of a second user, the submitted biometric samples x? comprising perturbed adversarial samples x?+?x?. A transformation function k(?) is provided having learnable a parameter ? and a classifier having a learnable parameter ?. The training set is used to learn the parameters ? and ? by inputting the training set to the transformation function k(?). The transformation function k(?) generates transformed enrolled samples k(xi), a transformed public biometric sample k(x), and a transformed adversarial sample k(x?+?x?). The classifier classifies the transformed adversarial sample k(x?+?x?) as a success or as a fail based on the transformed enrolled samples k(xi). Based on a result of the classification, the learnable parameters ? and ? are updated.