Abstract: A credential security tool may avoid storing payment credentials at online services. Generally, the credential security tool issues authorization tokens to merchants when users attempt to store payment credentials with the merchants. The merchants store these authorization tokens rather than the payment credentials. When a user initiates a transaction with a merchant, the merchant can present the authorization token to receive a masked card that can be used to complete the transaction. When the merchant presents the masked card for payment, the credential security tool can use the actual card information to complete the transaction.

Abstract: A credential security tool may avoid storing payment credentials at online services. Generally, the credential security tool issues authorization tokens to merchants when users attempt to store payment credentials with the merchants. The merchants store these authorization tokens rather than the payment credentials. When a user initiates a transaction with a merchant, the merchant can present the authorization token to receive a masked card that can be used to complete the transaction. When the merchant presents the masked card for payment, the credential security tool can use the actual card information to complete the transaction.

Abstract: Secure access to data within a communications platform is provided on a need-to-know basis. Inputs provided at the communication platform are intercepted and cognitively analyzed to determine context of the interaction and related data requirements. In response, data access rules are generated and/or retrieved and applied at an access gateway. As data requests as received from the called party from within the communications platform, the data access rules are applied to the request to determine if a match exists and, if so, data access rules-based access is provided to the data. In response to determining the context of the interaction, a context access token is generated and communicated to a virtual database assembler, which assembles a virtual database that only contains data responsive to the context of the interaction.

Abstract: Embodiments of the present invention provide a system for authenticating process operations on a network using context locked progressive session tokens. The system is configured for receiving a first request associated with a first process operation from a user device, authorizing the first request, generating a first session token associated with the first process operation, transmitting the first session token to the user device, wherein the first session token is used to validate a second process operation associated with the application, receiving a second request associated with the second process operation from the user device, authorizing the second request, generating a second session token associated with the second process operation using at least the first session token, and transmitting the second session token to the user device, wherein the second session token is used to validate subsequent process operation associated with the application.

Abstract: An authentication subsystem receives a request for authentication of a user to access a server. A voiceprint is determined for the user based on recordings of the user speaking. Authentication phrases is determined for the user based on the voiceprint. Based public user data and/or user transaction data, user knowledge is determined which reflects topics about which the user has knowledge. An authentication question is generated based on the authentication phrases and the user knowledge. An anticipated answer to the authentication question one of the authentication phrases. The authentication question is provided to a device operated by the user. If a response voiceprint associated with an actual spoken response to the authentication question sufficiently matches an anticipated voiceprint for an expected recording of the anticipated answer, the user is granted access to the server. Otherwise, access to the server is denied.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product structured for identifying potential misappropriation attempts into a technology resource and enforcing a credential lockout. In some embodiments, a system is structured for receiving a user credential associated with a first log-on attempt to access a technology resource, determining whether the user credential matches a stored valid credential, and, if it does not match, performing a misappropriation assessment. The misappropriation assessment includes evaluating and weighting a plurality of potential misappropriation factors, determining a misappropriation score from the weighted plurality of potential misappropriation factors, and adding the misappropriation score to a cumulative misappropriation score for the technology resource.

Abstract: A DDOS attack preventer implements an unconventional way of detecting and preventing DDOS attacks. The attack preventer receives and analyzes requests from a particular IP address or device. The attack preventer will track various characteristics of each request (e.g., characteristics of the data in the requests, characteristics of the input used to generate the requests, and characteristics of the device used to generate the requests). The attack preventer will analyze these characteristics to determine whether the requests are human-generated or machine-generated. If the requests are human-generated, the attack preventer services the requests. If the requests are machine-generated, the attack preventer rejects the requests.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product structured for generation and validation of secure authentication codes. In some embodiments, the system is structured for fetching screen coordinates for a user device, generating a keypad layout, and numbering the keypad layout to produce an authentication keypad. The system is also structured for generating an authentication string, generating a final authentication code hash from the authentication string and a pattern of the authentication string as input into the authentication keypad, and transmitting the authentication keypad and authentication string to a user device.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product structured for continuous authentication and encryption. In some embodiments, the system is structured for receiving content from an entity system, displaying the content as masked content, and determining, using cognitive analysis, that a user wearing smart glasses is viewing a first portion of the masked content through the smart glasses, where the first portion of the masked content is associated with a first content hash. The system is also structured for identifying a first decryption key associated with the first content hash and determining a first cognitive hash. The system is also structured for receiving a first wearable hash from the smart glasses, comparing the first cognitive hash to the first wearable hash, and in response to the first cognitive hash matching the first wearable hash, transmitting the first decryption key to the smart glasses.

Abstract: A defect analysis device configured for real-time monitoring of a user's interaction with an application running within a production environment and definition of a prioritization level of a defect identified in a module developed for integration into the application running within the production environment. The defect analysis device identifies new user flows through an application, and stores the underlying software classes used to facilitate a given task associated with the new user flows. In addition, the defect analysis device monitors software classes changed in a development environment, and matches the changed software classes to one or more flows, such that a prioritization level of the changed classes may be defined.

Abstract: A system strengthens the identification and authentication process by bringing in additional information about the user that was previously unused. The merchant in the system first provides a pre-authentication token generated using the information provided through the user's payment card. If a processing server and/or identification server validate that information, the pre-authentication token is communicated back to the merchant. The merchant then initiates a pre-authentication session and provides in that session information about the user in the merchant's possession (e.g., information gleaned from security camera footage like apparent age, height, gender, license plate number, hairstyle, etc.) The pre-authentication session is then communicated to the processing server and/or identification server to be used to further identify and authenticate the user.

Abstract: A model designer improves the security of a machine learning model in certain embodiments. Instead of storing the model in a central location, the training data used to build and train the model is stored across several different databases and/or datacenters. The training data is divided into portions and stored as a circular linked list across these databases and/or datacenters. The model designer retrieves the training data and incrementally builds and trains the model using the training data. The incremental error and bias of the model is used to locate training data between datacenters. Additionally, fake training data is appended to the circular linked list and the model designer tracks how much training data is used before hitting fake training data.

Abstract: A model designer improves the security of a machine learning model in certain embodiments. Instead of storing the model in a central location, the training data used to build and train the model is stored across several different databases and/or datacenters. The training data is divided into portions and stored as a circular linked list across these databases and/or datacenters. The model designer retrieves the training data and incrementally builds and trains the model using the training data. The incremental error and bias of the model is used to locate training data between datacenters. Additionally, fake training data is appended to the circular linked list and the model designer tracks how much training data is used before hitting fake training data.

Abstract: A client-server security architecture is disclosed that uses a masked grid, a seed, and mutual unlocking techniques to authentication a client device with a server machine using a one-time code (OTC). The client device in the client-server architecture stores a masked grid that is used to unlock an authentication code using a seed. Once mutually unlocked, the client device may generate an OTC to attempt to authenticate the client device with a server machine. The server machine validates that OTC with the OTC stored at the server to confirm they match. Each subsequent access may repeat the aforementioned steps. Moreover, in a multi-device ecosystem, a plurality of client devices may leverage a primary client device to connect with the server machine. For example, one or more subordinate client devices may connect to the primary client device to then tunnel through to the server machine in a secure manner.

Abstract: Embodiments of the present invention provide a system for authenticating process operations on a network using context locked progressive session tokens. The system is configured for receiving a first request associated with a first process operation from a user device, authorizing the first request, generating a first session token associated with the first process operation, transmitting the first session token to the user device, wherein the first session token is used to validate a second process operation associated with the application, receiving a second request associated with the second process operation from the user device, authorizing the second request, generating a second session token associated with the second process operation using at least the first session token, and transmitting the second session token to the user device, wherein the second session token is used to validate subsequent process operation associated with the application.

Abstract: A client-server security architecture is disclosed that uses a masked grid, a seed, and mutual unlocking techniques to authentication a client device with a server machine using a one-time code (OTC). The client device in the client-server architecture stores a masked grid that is used to unlock an authentication code using a seed. Once mutually unlocked, the client device may generate an OTC to attempt to authenticate the client device with a server machine. The server machine validates that OTC with the OTC stored at the server to confirm they match. Each subsequent access may repeat the aforementioned steps. Moreover, in a multi-device ecosystem, a plurality of client devices may leverage a primary client device to connect with the server machine. For example, one or more subordinate client devices may connect to the primary client device to then tunnel through to the server machine in a secure manner.

Abstract: Embodiments of the present invention provide a system for authenticating process operations on a network using context locked progressive session tokens. The system is configured for receiving a first request associated with a first process operation from a user device, authorizing the first request, generating a first session token associated with the first process operation, transmitting the first session token to the user device, wherein the first session token is used to validate a second process operation associated with the application, receiving a second request associated with the second process operation from the user device, authorizing the second request, generating a second session token associated with the second process operation using at least the first session token, and transmitting the second session token to the user device, wherein the second session token is used to validate subsequent process operation associated with the application.

Abstract: A regression test generator device configured for real-time monitoring of a user's interaction with an application running within a production environment and definition of a scope of regression testing to be carried out on one or more components of the application in response to changes made within a development environment. The regression test generator device identifies new user flows through an application, and stores the underlying software classes used to facilitate a given task associated with the new user flows. In addition, the regression test generator device monitors software classes changed in a development environment, and matches the changed software classes to one or more flows that are to be regression tested.

Abstract: A client-server security architecture is disclosed that uses a masked grid, a seed, and mutual unlocking techniques to authentication a client device with a server machine using a one-time code (OTC). The client device in the client-server architecture stores a masked grid that is used to unlock an authentication code using a seed. Once mutually unlocked, the client device may generate an OTC to attempt to authenticate the client device with a server machine. The server machine validates that OTC with the OTC stored at the server to confirm they match. Each subsequent access may repeat the aforementioned steps. Moreover, in a multi-device ecosystem, a plurality of client devices may leverage a primary client device to connect with the server machine. For example, one or more subordinate client devices may connect to the primary client device to then tunnel through to the server machine in a secure manner.

Abstract: A client-server security architecture is disclosed that uses a masked grid, a seed, and mutual unlocking techniques to authentication a client device with a server machine using a one-time code (OTC). The client device in the client-server architecture stores a masked grid that is used to unlock an authentication code using a seed. Once mutually unlocked, the client device may generate an OTC to attempt to authenticate the client device with a server machine. The server machine validates that OTC with the OTC stored at the server to confirm they match. Each subsequent access may repeat the aforementioned steps. Moreover, in a multi-device ecosystem, a plurality of client devices may leverage a primary client device to connect with the server machine. For example, one or more subordinate client devices may connect to the primary client device to then tunnel through to the server machine in a secure manner.