Abstract: Disclosed are various embodiments for a service for decentralized browser based wallets. Various embodiments of the present disclosure can receive a first passcode and a second passcode from a security provider device. Various embodiments can use a cryptowallet to decrypt a first encrypted private key using the first passcode to generate a decrypted private key. Various embodiments can use a cryptowallet to sign a transaction request with the decrypted private key. Various embodiments can use a cryptowallet to generate a second encrypted private key by encrypting the decrypted private key using the second passcode.

Abstract: A hybrid identity service system is disclosed. The system may receive a transaction request. The system may generate a first passcode and a second passcode. The system may decrypt a first encrypted private key with the first passcode to recover a private key. The system may sign the transaction request with the private key and may encrypt the private key with the second passcode to generate a second encrypted private key.

Abstract: The present disclosure presents systems and related methods for customer defined limited use authorization. One such method comprises implementing a customer defined generation control associated with a parent transaction account; receiving a request to generate the electronic payment token from at least one of an issuer web app or an issuer native app; verifying that the generation control condition has been satisfied; generating via a tokenization engine, the electronic payment token in response to the request to generate the electronic payment token, wherein generating the electronic payment token further comprises storing an expanded set of token controls comprising customer defined authorization control as token data; and transmitting, via the tokenization engine, the electronic payment token to the customer mobile device responsive to the generation control condition being verified as being satisfied.

Abstract: The present disclosures presents system and methods for blockchain based payment networks. One such method comprises preparing, by a payment network, a request to complete a transaction from an digital currency account associated with a payer digital wallet for entry on a blockchain ledger, wherein the request to complete the transaction includes an amount and a payee address associated with a fiat currency account; sending the request to complete the transaction to the blockchain ledger; approving the request to complete the transaction; and adjusting a balance of the payer digital wallet and a balance of the fiat currency account in response to approval of the request to complete the transaction by writing the transaction comprising the amount and the payee address to the blockchain ledger, wherein a value of the digital currency substantially matches a value of the fiat currency.

Abstract: Methods and systems are provided for making secure financial transactions, such as purchase payments, using rich Internet applications (RIA) running an RIA runtime (also referred to as a platform or framework) on the user's smart phone or other mobile device. Embodiments differ from the usual way of re-directing a user from a third-party application and authenticating the user by providing secure in-line payments from a rich Internet application running on an RIA runtime. A system includes: a mobile device executing a rich Internet application running on an RIA runtime; a payment library communicating with the RIA runtime and a service provider, for which the payment library communicates with the service provider to authenticate the rich Internet application; and in response to authentication by the service provider, facilitates secure financial transactions via the rich Internet application.

Abstract: Systems and methods for the calculation of a dynamic trust score are disclosed. The dynamic trust score may indicate a likelihood that the consumer will complete the transaction in a positive manner. The system may calculate the dynamic trust score based on various static and dynamic variables including digital identity data, internal data, third-party data, private data, and/or data from the transaction initiated by the consumer.

Abstract: A system for customer defined limited use authorization. The system may receive an identification credential from at least one of an issuer native app or an issuer web app and receive a customer data. The system may determine a valid customer identity in response to the receiving the identification credentials and the customer data The system may receive a request to generate a token from at least one of the issuer web app or the issuer native app, wherein the request comprises at least one of the identification credential or a parent transaction account, and wherein the request comprises at least one of a customer defined authorization control or a customer defined generation control.

Abstract: A payment network is operated with a blockchain-based ledger. In one embodiment, a request is prepared to complete a transaction from an account associated with a payer digital wallet for entry on a blockchain. The request includes an amount and a payee identifier associated with a payee digital wallet. The request is sent to the blockchain and approved. A balance of the payer digital wallet and a balance of the payee digital wallet are adjusted in response to approval of the request to complete the transaction by at least writing a portion of data associated with the transaction comprising the amount and the payee identifier to the blockchain. A reputation ledger associated with the account is recorded in the blockchain in association with the transaction. The reputation ledger includes at least one reputation score associated with at least one previous transaction conducted by the account.

Abstract: Methods and systems are provided for making secure financial transactions, such as purchase payments, using rich Internet applications (RIA) running an RIA runtime (also referred to as a platform or framework) on the user's smart phone or other mobile device. Embodiments differ from the usual way of re-directing a user from a third-party application and authenticating the user by providing secure in-line payments from a rich Internet application running on an RIA runtime. A system includes: a mobile device executing a rich Internet application running on an RIA runtime; a payment library communicating with the RIA runtime and a service provider, for which the payment library communicates with the service provider to authenticate the rich Internet application; and in response to authentication by the service provider, facilitates secure financial transactions via the rich Internet application.

Abstract: A client device comprises a first secure element and a second secure element. The first secure element comprises a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction. The second secure element comprises a second computer-readable medium having a security key, a payment instrument, stored authentication data and instructions for generating a secure payment information message responsive to the payment application. The secure payment information message comprises the payment instrument and is encrypted in accordance with the security key.

Abstract: Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate a key pair comprising a public key and a private key. The first computing device can generate a first shared secret using the private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.

Abstract: A system and method for facilitating electronic commerce over a network, according to one or more embodiments, includes communicating with a user via a user device and a business entity via a business entity device over the network, monitoring user navigation events over the network, determining a mood of the user based on user navigation behavior, marketing to the user based on the mood of the user, and storing user information related to the user navigation events and the mood of the user.

Abstract: A system and method for facilitating electronic commerce over a network, according to one or more embodiments, includes communicating with a user via a user device and a business entity via a business entity device over the network, monitoring user navigation events over the network, determining a mood of the user based on user navigation behavior, marketing to the user based on the mood of the user, and storing user information related to the user navigation events and the mood of the user.

Abstract: Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate a key pair comprising a public key and a private key. The first computing device can generate a first shared secret using the private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.

Abstract: An approach for real time, round trip pseudonymization (a.k.a. anonymization or tokenization) of data on the fly, in real time, enabling remote secure processing of sensitive data such as by a cloud service. Sensitive data remains on premises with the client at all times. A user may thus run extensive queries that return sensitive data without noticing that such data was pseudonymized in transit.

Abstract: Methods and systems are provided for making secure financial transactions, such as purchase payments, using rich Internet applications (RIA) running an RIA runtime (also referred to as a platform or framework) on the user's smart phone or other mobile device. Embodiments differ from the usual way of re-directing a user from a third-party application and authenticating the user by providing secure in-line payments from a rich Internet application running on an RIA runtime. A system includes: a mobile device executing a rich Internet application running on an RIA runtime; a payment library communicating with the RIA runtime and a service provider, for which the payment library communicates with the service provider to authenticate the rich Internet application; and in response to authentication by the service provider, facilitates secure financial transactions via the rich Internet application.

Abstract: Embodiments of systems and methods for client and/or server authentication are provided. In one embodiment, a method includes sending information from a mobile network device to a server, wherein the information comprises a seed that is used by both the mobile network device and the server to compute a series of one time passwords. The method also includes receiving, by the mobile network device, a succession of one time passwords generated by the server throughout a session. And the method further includes comparing the received one time passwords generated by the server throughout the session to corresponding one time passwords generated at the mobile network device. In this manner, the server can be authenticated. In various embodiments, the process may be reversed to facilitate client, e.g., mobile network device, authentication.

Abstract: Methods and systems are provided for making secure financial transactions, such as purchase payments, using rich Internet applications (RIA) running an RIA runtime (also referred to as a platform or framework) on the user's smart phone or other mobile device. Embodiments differ from the usual way of re-directing a user from a third-party application and authenticating the user by providing secure in-line payments from a rich Internet application running on an RIA runtime. A system includes: a mobile device executing a rich Internet application running on an RIA runtime; a payment library communicating with the RIA runtime and a service provider, for which the payment library communicates with the service provider to authenticate the rich Internet application; and in response to authentication by the service provider, facilitates secure financial transactions via the rich Internet application.

Abstract: A system may perform operations including transmitting a service request to a service provider, wherein the service request includes a device identifier of the computer-based system or a device fingerprint of the computer-based system; receiving a seed one-time password (OTP) to the computer-based system from the service provider, wherein the seed OTP comprises a random number that is valid for a predetermined time period and is discarded after first use; calculating a one-time password (OTP) by applying a hash function to the seed OTP, wherein the hash function is based on the device identifier of the computer-based system or the device fingerprint of the computer-based system; transmitting a response OTP to the service provider for validation by the service provider, wherein the response OTP is different from the seed OTP; and receiving a validation result from the service provider.

Abstract: An identity and security system may register a user associated with a mobile device and a user identity that comprises characteristics of the user. The system may assign a reputation score and a spend propensity score to the user identity. The system may base the reputation score on a plurality of reputation assessments, and the spend propensity score on a history of transactions and non-transactions by the user. The system may also detect the mobile device at a merchant location, and it may transmit at least one of the reputation score and the spend propensity score to a POS device at the merchant location in response to detecting the mobile device at the merchant location.