Abstract: Cognitive analysis, including artificial intelligence, is implemented to dynamically determine service discovery and service binding. Specifically, cognitive analysis is used to determine a client's capabilities and based on the capabilities, a service version is selected and coupled/bound to the client. As a result of such loose coupling/binding with service signatures, service version upgrade at the client is not mandatory in the event of a server-side service version upgrade.

Abstract: Computer-implemented cyber-security, behavior-generated, event-type signed processes and machines provide for authentication and immutable transactions to overcome security risks. Clients submit requests for an immutable transactions and interactions responsive to the request are sent by the server to the client. The server generates behavioral expectations for the interactions, stores them for future comparison purposes, and transmits those to the client. The client executes user events for the interactions. The client behaviorally analyzes the user events and generates behavioral vectors corresponding to the user events. Intermediate client hashes that culminate in a final client hash are generated. User events are sent to the server. The server generates a server hash based on the behavioral expectations and the user events. The server compares the final client hash to the server hash to determine if the transaction is authentic and should be stored as immutable.

Abstract: Systems, computer program products, and methods are described herein for identification and verification of brute force attacks using hash signature segmentation and behavior clustering analysis. The present invention is configured to receive a plurality of access attempts and an associated plurality of hash values; determine a failure request load based on the plurality of access attempts; determine whether the failure request load meets a failure threshold, wherein, in an instance where the failure request load meets the failure threshold, separating the plurality of access attempts associated with the failure request load into a plurality of hash clusters; generate a behavior cluster for each hash cluster based on shared behavior data of the plurality of access attempts; and determine, based on the behavior cluster for each hash cluster, a likelihood of misappropriation for each access attempt of the plurality of access attempts.

Abstract: Aspects of the disclosure relate to detecting and preventing malware attacks using simulated analytics and continuous authentication. An application server may receive device information and processing capabilities information of a client device. Based on the device information and the processing capabilities information, the application server may generate analytical output data indicating, for each transaction executed on the client device, a transaction processing time. The application server may receive transaction information associated with a transaction being executed at the client device. Based on the received transaction information and the analytical output data, the application server may simulate the transaction being executed at the client device and determine expected payload data. The application server may receive an authorization request including actual payload data associated with the transaction being executed at the client device.

Abstract: Aspects of the disclosure relate to preserving text and speech semantics using real-time virtual corpora in live interactive chatbot sessions. A computing platform may receive user input and may determine whether characteristics of the input are identifiable. Based on determining the characteristics are identifiable, the computing platform may populate the characteristics using a global corpora and may use the populated characteristics to generate a response to the input. Alternatively, based on determining the characteristics are unidentifiable, the computing platform may determine whether the same or a similar input is stored in a virtual corpora. If the same or a similar input is stored in the virtual corpora, the computing platform may generate a response to the input using the virtual corpora. Alternatively, if the same or a similar input was not previously received, the computing platform may gather information from the user to generate a response to the input.

Abstract: A database manager segments data stored in a database into a plurality of data segments and randomly combines the data segments into a plurality of data chromosomes that form an initial generation of a genetic algorithm. The database manager then runs multiple iterations of the genetic algorithm on the initial generation, wherein each iteration forms a new generation of data chromosomes based on data segments having the highest optimization metrics from a previous generation, wherein the optimization metric of a data segment represents a degree of importance of the data segment. When the genetic algorithm converges a fitness score is calculated for each data segment, wherein the fitness score of a data segment equals a number of iterations of the genetic algorithm the data segment survived before the genetic algorithm was terminated. Data is deleted from the database based on the fitness scores of the data segments.

Abstract: Computer-implemented multi-device and multi-channel processes and machines authenticate ATM transactions by independently generating authentication hashes based on authorization arrays of varying length in which array cells have been wiped out based on a one time passcode sent by a server to a user's smart electronic device and then entered via that channel into the ATM either automatically or manually. The arrays are salted based on characteristics of the user's smart electronic device or the like. If the authentication hashes independently generated by the ATM and the server match, the ATM transaction is authorized.

Abstract: Embodiments of the present invention comprise systems, methods, and computer program products providing an artificial intelligence (AI) powered solution to self-heal script failures and to maintain UI code as up-to-date according to application changes. The invention introduces the use of convolutional neural networks (CNNs) in test automation for visual identification of UI objects and classification of corresponding code language requirements for the UI objects. The invention may include building dynamic UI objects in the event of detected failures within a test environment.

Abstract: Computer-implemented cyber-security processes and machines provide proactive anti-forensics activity detection and prevention to safeguard the integrity of transactions and their associated log details or other data using artificial intelligence and/or machine learning, thereby ensuring that all transactions and logs within the system are complaint for cyber forensics, and helping to make reactive forensic tasks more robust by adding proactive monitoring and compliance activity.

Abstract: Restricted access tokens are cognitively generated that provide cyber forensic specialists restricted access to applications that require investigation. Cognitive analysis is performed on case details and, in some instances, evidence logs of previously investigated applications to determine parties involved in the investigation and applications requiring investigation. In response to identifying one of the applications, the case details, applicable evidence logs and the identified application are cognitively analyzed to determine operations that are required to be performed in the application and a time required to perform the operations. A restricted access token is generated that is specific to the assigned specialist, the case, and the application.

Abstract: A method of securing a data set using encryption and scaling. The data set comprises a modeling and validation section with each section having text and numeric data. For each section, the method encrypts text data using a public key and scales numeric data using a scaling factor. The method builds a model by applying the encrypted modeling section to the algorithm to generate modeling text data, numeric data, and patterns derived therefrom. The method generates validation text data, numeric data, and patterns derived therefrom by applying the encrypted validation section to the model. The method compares the patterns from each section and validates the model based on the comparison. The method decrypts the generated modeling text data and validation text data using a private key and descales the modeling numeric data and validation numeric data using the scaling factor. The method verifies the model by comparing the decrypted text data and descaled numeric data to the same in the data set.

Abstract: Cognitive analysis, including artificial intelligence, is implemented to dynamically determine service discovery and service binding. Specifically, cognitive analysis is used to determine a client's capabilities and based on the capabilities, a service version is selected and coupled/bound to the client. As a result of such loose coupling/binding with service signatures, service version upgrade at the client is not mandatory in the event of a server-side service version upgrade.

Abstract: Aspects of the disclosure relate to detecting and preventing botnet attacks using client-specific event payloads. A computing platform may receive a request to access data within an enterprise organization. The computing platform may monitor the movement of peripheral devices that are used to populate the data access request and may detect an event associated with each movement. The computing platform may generate an alpha-numeric event code and an alpha-numeric user interface code for each event, determine the location of each event, and categorize each event. The computing platform may generate a client-specific event payload using the unique alpha-numeric codes and the location and categorization of the event. The computing platform may generate a simulated client event payload using the unique alpha-numeric codes. The computing platform may determine whether to approve or deny the data access request based on whether the client-specific event payload matches the simulated client event payload.

Abstract: A machine learning (ML) attack detection and prevention system may monitor operation of an explainable artificial intelligence (AI) model processed by an application server to provide a product or service to a user. The AI model outputs explainable data and/or other outputs used in decision making. The ML attack detection and prevention system derives business rules based on the explainable data produced by the explainable AI model. Additionally, the ML attack detection and prevention system processes rules repositories of simulation failure data, historical failure data and business rules to derive possible fraud rules based on the data collected in above step. Based on a comparison of rules derived from the AI model output and the possible fraud rules, the ML attack detection and prevention system issues an alert if a fraud condition is suspected and causes the application server to revert back to a previous version of the AI model.

Abstract: A model designer improves the security of a machine learning model in certain embodiments. Instead of storing the model in a central location, the training data used to build and train the model is stored across several different databases and/or datacenters. The training data is divided into portions and stored as a circular linked list across these databases and/or datacenters. The model designer retrieves the training data and incrementally builds and trains the model using the training data. The incremental error and bias of the model is used to locate training data between datacenters. Additionally, fake training data is appended to the circular linked list and the model designer tracks how much training data is used before hitting fake training data.

Abstract: A system configured for implementing continuous authentication for a software application is disclosed. The system receives a request from a user to login to an account of the user on the software application. The software application uses open authentication to allow the user to login to the account of the user. Once the user is logged in, the system activates continuous authentication based on monitored user behavior information associated with the user received from one or more organizations. The system monitors accessing the account of the user by monitoring behaviors of a person accessing the account of the user. The system determines whether the behaviors of that person correspond to the monitored user behavior information of the user. If the behaviors of that person correspond to the monitored user behavior information of the user, the system grants the first person to the account of the first user.

Abstract: Embodiments of the present invention provide a system for authenticating process operations on a network using context locked progressive session tokens. The system is configured for receiving a first request associated with a first process operation from a user device, authorizing the first request, generating a first session token associated with the first process operation, transmitting the first session token to the user device, wherein the first session token is used to validate a second process operation associated with the application, receiving a second request associated with the second process operation from the user device, authorizing the second request, generating a second session token associated with the second process operation using at least the first session token, and transmitting the second session token to the user device, wherein the second session token is used to validate subsequent process operation associated with the application.

Abstract: Secure access to data within a communications platform is provided on a need-to-know basis. Inputs provided at the communication platform are intercepted and cognitively analyzed to determine context of the interaction and related data requirements. In response, data access rules are generated and/or retrieved and applied at an access gateway. As data requests as received from the called party from within the communications platform, the data access rules are applied to the request to determine if a match exists and, if so, data access rules-based access is provided to the data. In response to determining the context of the interaction, a context access token is generated and communicated to a virtual database assembler, which assembles a virtual database that only contains data responsive to the context of the interaction.

Abstract: Systems, methods and apparatus are provided for light-based authentication of a payment card. The payment card may include a randomized mix of materials. The materials may include transparent or translucent materials. A light source may shine light on a surface of the payment card. Light passing through the card may generate a light pattern that is unique to the payment card. The light pattern may be captured and compared to a reference light pattern to authenticate the payment card. In some embodiments, photodetectors may detect light patterns generated through interactions with the card materials.

Abstract: Aspects of the disclosure relate to cognitive auditing of client bound data. A computing platform may intercept a request from a user device to an application server. The computing platform may identify content requested by the user device and generate predicted response data based on the requested content. The computing platform may transmit the request to the application server. The computing platform may receive, from the application server, actual response data. The computing platform may validate the actual response data by comparing the actual response data with the predicted response data. Based on comparing the actual response data with the predicted response data, the computing platform may identify whether the actual response data matches the predicted response data. Based on identifying that the actual response data matches the predicted response data, the computing platform may send the actual response data to the user device.