Abstract: Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate a key pair comprising a public key and a private key. The first computing device can generate a first shared secret using the private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.

Abstract: A system and method for facilitating electronic commerce over a network, according to one or more embodiments, includes communicating with a user via a user device and a business entity via a business entity device over the network, monitoring user navigation events over the network, determining a mood of the user based on user navigation behavior, marketing to the user based on the mood of the user, and storing user information related to the user navigation events and the mood of the user.

Abstract: A system and method for facilitating electronic commerce over a network, according to one or more embodiments, includes communicating with a user via a user device and a business entity via a business entity device over the network, monitoring user navigation events over the network, determining a mood of the user based on user navigation behavior, marketing to the user based on the mood of the user, and storing user information related to the user navigation events and the mood of the user.

Abstract: Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate a key pair comprising a public key and a private key. The first computing device can generate a first shared secret using the private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.

Abstract: An approach for real time, round trip pseudonymization (a.k.a. anonymization or tokenization) of data on the fly, in real time, enabling remote secure processing of sensitive data such as by a cloud service. Sensitive data remains on premises with the client at all times. A user may thus run extensive queries that return sensitive data without noticing that such data was pseudonymized in transit.

Abstract: Methods and systems are provided for making secure financial transactions, such as purchase payments, using rich Internet applications (RIA) running an RIA runtime (also referred to as a platform or framework) on the user's smart phone or other mobile device. Embodiments differ from the usual way of re-directing a user from a third-party application and authenticating the user by providing secure in-line payments from a rich Internet application running on an RIA runtime. A system includes: a mobile device executing a rich Internet application running on an RIA runtime; a payment library communicating with the RIA runtime and a service provider, for which the payment library communicates with the service provider to authenticate the rich Internet application; and in response to authentication by the service provider, facilitates secure financial transactions via the rich Internet application.

Abstract: Embodiments of systems and methods for client and/or server authentication are provided. In one embodiment, a method includes sending information from a mobile network device to a server, wherein the information comprises a seed that is used by both the mobile network device and the server to compute a series of one time passwords. The method also includes receiving, by the mobile network device, a succession of one time passwords generated by the server throughout a session. And the method further includes comparing the received one time passwords generated by the server throughout the session to corresponding one time passwords generated at the mobile network device. In this manner, the server can be authenticated. In various embodiments, the process may be reversed to facilitate client, e.g., mobile network device, authentication.

Abstract: Methods and systems are provided for making secure financial transactions, such as purchase payments, using rich Internet applications (RIA) running an RIA runtime (also referred to as a platform or framework) on the user's smart phone or other mobile device. Embodiments differ from the usual way of re-directing a user from a third-party application and authenticating the user by providing secure in-line payments from a rich Internet application running on an RIA runtime. A system includes: a mobile device executing a rich Internet application running on an RIA runtime; a payment library communicating with the RIA runtime and a service provider, for which the payment library communicates with the service provider to authenticate the rich Internet application; and in response to authentication by the service provider, facilitates secure financial transactions via the rich Internet application.

Abstract: A system may perform operations including transmitting a service request to a service provider, wherein the service request includes a device identifier of the computer-based system or a device fingerprint of the computer-based system; receiving a seed one-time password (OTP) to the computer-based system from the service provider, wherein the seed OTP comprises a random number that is valid for a predetermined time period and is discarded after first use; calculating a one-time password (OTP) by applying a hash function to the seed OTP, wherein the hash function is based on the device identifier of the computer-based system or the device fingerprint of the computer-based system; transmitting a response OTP to the service provider for validation by the service provider, wherein the response OTP is different from the seed OTP; and receiving a validation result from the service provider.

Abstract: An identity and security system may register a user associated with a mobile device and a user identity that comprises characteristics of the user. The system may assign a reputation score and a spend propensity score to the user identity. The system may base the reputation score on a plurality of reputation assessments, and the spend propensity score on a history of transactions and non-transactions by the user. The system may also detect the mobile device at a merchant location, and it may transmit at least one of the reputation score and the spend propensity score to a POS device at the merchant location in response to detecting the mobile device at the merchant location.

Abstract: A system and method for facilitating electronic commerce over a network, according to one or more embodiments, includes communicating with a user via a user device and a business entity via a business entity device over the network, monitoring user navigation events over the network, determining a mood of the user based on user navigation behavior, marketing to the user based on the mood of the user, and storing user information related to the user navigation events and the mood of the user.

Abstract: A system may generate a seed one-time password (OTP). The system may also perform steps including transmitting the seed OTP to a user device, receiving a response OTP from the user device, and calculating an expected response OTP by applying a function to the seed OTP. The system may then compare the response OTP to the expected response OTP and send a result in response to comparing the response OTP to the expected response OTP.

Abstract: A payment network is operated with a blockchain-based ledger. In one embodiment, a request is prepared to complete a transaction from an account associated with a payer digital wallet for entry on a blockchain. The request includes an amount and a payee identifier associated with a payee digital wallet. The request is sent to the blockchain and approved. A balance of the payer digital wallet and a balance of the payee digital wallet are adjusted in response to approval of the request to complete the transaction by at least writing a portion of data associated with the transaction comprising the amount and the payee identifier to the blockchain. A reputation ledger associated with the account is recorded in the blockchain in association with the transaction. The reputation ledger includes at least one reputation score associated with at least one previous transaction conducted by the account.

Abstract: A user who is authorizing a delegate to make a purchase using funds from an account of the user sends information to a payment provider. The information includes a picture of the delegate, along with information such as a merchant name, a maximum amount, a type of purchase, item information, and/or any other transaction limitations/restrictions. The payment provider then transmits this information to the merchant. A one-time code or number may be communicated to the delegate. When the delegate is ready to make a payment with the user account, the delegate gives the delegate's name and/or other identifying information to the merchant, along with the payment code. The merchant enters the information and is shown a picture of the delegate. If there is a match, the payment may be submitted for processing. In one embodiment, a photo of the delegate may be taken by the merchant and the image transmitted to the user. The user may then be requested to confirm the delegate as an authorized delegate.

Abstract: A system for operating a payment network with a blockchain-based ledger may prepare a request to complete a transaction from an account associated with a payer digital wallet for entry on the blockchain. The request may include an amount and payee address associated with a payee digital wallet. The system may also send the request to the blockchain using a blockchain interface. The system may approve or decline the request. The system may further adjust a balance of the payer a balance of the payee to reflect approval of the request. The adjustment may include writing the transaction to the blockchain.

Abstract: A system may receive a primary image containing a first set of facial feature data. The primary image may be sent by a facial recognition device for association with a user account. The system may also retrieve a secondary image from a secondary image source. The secondary image may contain a second set of facial feature data. The secondary image may further depict a user associated with the user account. The system may then compare the first set of facial feature data to the second set of facial feature data to determine whether the primary image depicts the user associated with the user account.

Abstract: Systems and methods for the calculation of a dynamic trust score are disclosed. The dynamic trust score may indicate a likelihood that the consumer will complete the transaction in a positive manner. The system may calculate the dynamic trust score based on various static and dynamic variables including digital identity data, internal data, third-party data, private data, and/or data from the transaction initiated by the consumer.

Abstract: Systems and methods for facilitating financial transactions over a network include a merchant device, a client device and a payment processing device. The merchant device is adapted to allow a merchant to provide items for purchase via the network. The client device is adapted to allow a user to access the merchant device via the network and view the items for purchase. The client device is adapted to provide a payment mechanism to the user. The user generates a purchase request for an item by selecting the one item, dragging the item to the payment mechanism, and dropping the item over the payment mechanism. The payment processing device is adapted to receive the purchase request from the client device via the network and authorize the user to purchase the item from the merchant based on information passed with the purchase request.

Abstract: A system for conducting transactions without a debit card or credit card may receive a request to complete a transaction including authentication data associated with a transaction account and a captured biometric template. The transaction request may lack information contained on a typical debit card or credit card. The system may identify the transaction account using the authentication data associated with the transaction account. The transaction account may be associated with a stored biometric template stored in a biometric data store. The system may also compare the stored biometric template with the captured biometric template. In response to the stored biometric template conflicting with the captured biometric template, the system may decline the transaction.

Abstract: A user may apply for an account on an account registration page. The account issuer may receive a phone number of a mobile device used to apply for the account. The account issuer may transmit the phone number to a carrier integration server which may obtain user information from the wireless carrier for the mobile device. The account issuer may autofill fields on the account registration page with the user information. The user may upload a photograph of the user and an identification card. The account issuer may perform facial recognition to verify the identity of the user.