Abstract: A method includes determining a match score indicative of similarities between (1) signal information associated with a current route being traveled by a user in connection with a transaction with a merchant and (2) signal information associated with an established route traveled by the user in connection with a previous transaction between the user and the merchant, wherein the signal information comprises signal signatures that identify one or more signal emitters identified along each route. The method also includes determining whether the current route matches the established route based on whether the match score is above a threshold. The method further includes if the match score is below the threshold, transmitting a message indicating that the user was not authenticated.

Abstract: Provided is a process that includes: receiving, with a first device, a request to authenticate a user; obtaining, with the first device, an unstructured-data authentication input; extracting, with the first computing device, a plurality of features of the unstructured-data authentication input to form a structured-data representation; determining, with the first device, a first instance of a value that deterministically varies; and determining, with the first device, a first encrypted value based on both the structured-data representation and the first instance of the value that deterministically varies; and sending, with the first device, the first encrypted value to a second computing device.

Abstract: Techniques are disclosed relating to authorization of asset sharing for transactions by other user accounts. In some embodiments, an apparatus is configured to transmit a request to a mobile device on behalf of a first user account. In some embodiments, the apparatus is configured to receive, from the mobile device in response to the request, an electronic message in a format recognized by an authorization computing system. In some embodiments, the electronic message includes a constraint for a transaction, a replenishment key, and a hash value generated based on at least a portion of other information in the message. In some embodiments, the apparatus is configured to transmit the electronic message for communication to the authorization computing system. In some embodiments, the apparatus is configured to receive transaction authorization based on a comparison of the hash value in the electronic message and a copy of the hash value from the mobile device.

Abstract: A computer system includes a service terminal, a server computer system, and a mobile device and is used to facilitate a transaction between a user and the service terminal. The service terminal receives authentication information from the user and sends the authentication information to the computer server system. Before transaction resolves, the server computer system sends a request to the mobile device to gather environmental information from one or more sensors in the physical environment of the mobile device. In response, the mobile device identifies sensors, communications with one or more sensors, and receives environmental information. The mobile device sends indications of the environmental information, which the server computer system receives and evaluates. Based on the evaluating, the server computer system determines to alter the transaction, and based on the determination to alter the transaction sends a command altering the transaction to the service terminal.

Abstract: Technologies are provided herein and include embodiments for protecting applications and information on a user computing device and include generating a menu of icons including an application icon and a decoy icon that correspond to a mobile application in a mobile device, where the application icon is assigned to a first location in the menu and the decoy icon is assigned to a second location in the menu. The embodiment further includes communicating icon location information to the mobile application, providing the menu of icons for display on a display screen of the mobile device, receiving a first indication of user input to select the decoy icon in the menu of icons, invoking the mobile application based on the decoy icon being selected, and communicating, to the mobile application based on the decoy icon being selected, second location information indicating the second location in the menu of icons.

Abstract: According to one aspect of the present disclosure, a payment initiation request is received at a point of sale (POS) device from a user device. A challenge string stored at the POS device is transmitted from the POS device to the user device based on the payment initiation request. Payment information and a signed version of the particular challenge string are received at the POS device from the user device. The signed version of the particular challenge string is based on a private key associated with the user device and the particular challenge string. An authentication request including the signed version of the particular challenge string is transmitted from the POS device to a server device. An indication of whether the user device is authenticated is received at the POS device, from the server device, based on the authentication request, and a payment protocol is executed using the payment information.

Abstract: Techniques are disclosed relating to performing repeated secondary user authentication. An authentication computer system may receive, from a server computer system, a request to authenticate a user to a service that is provided by the server computer system. The authentication computer system may cause an out-of-band authentication message to be sent to an authentication application associated with the user. The authentication computer system may receive an authentication response including an authentication code that is generated, without user input, by the authentication application. The authentication server may determine whether to authenticate the authentication response and send an authentication indication to the server computer system.

Abstract: To protect confidential data, a mobile device determines whether the mobile device is at a location susceptible to visual capture of confidential data entered into the phone by external cameras. The mobile device determines whether focus of a display is on a field in which confidential data is entered. If the mobile device determines that it is at a location susceptible to an external imaging device visually capturing confidential data input into the input field, then the mobile device activate a light source on a same side as the screen presenting the display.

Abstract: An authentication server receives an item authentication query message requesting authentication of an item that is available from a computer server. An authentication score for the item is generated based on information contained in the item authentication query message. The authentication score is then provided for display at a client terminal. Authentication of the information contained in the item authentication query provides a level of computer security to end-users.

Abstract: In accordance with the teachings of the present disclosure, a method is provided for reducing the chances of shoulder surfing. The method may include determining an approximate angle of orientation of a mobile device and selecting one of first or second input key layouts, based upon the approximate angle of orientation. The first input key layout may be a standard layout of alphanumeric characters and the second input key layout may be a disordered layout of the alphanumeric characters. The method may also include displaying the selected one of the first or second input key layouts at a graphical user interface of the mobile device and receiving an input of sensitive information at the graphical user interface.

Abstract: Aspects of the embodiments are directed to an augmented reality Completely Automated Public Turing test to tell Computers and Humans Apart (“captcha”). Upon determining that a user, operating a user device, is attempting to access a website, a host server can cause a camera on the user device to activate and begin streaming and image feed to the host device across a network. The host device can determine an appropriate augmentation to the image feed that is germane to the context and/or environment of what is being displayed in the image feed. The augmentation can be displayed to the user on a display of the user device. The augmentation can also include a prompt instructing the user how to interact with the augmentation. The host server can determine whether to grant the user access based on the user's interaction with the augmentation.

Abstract: Provided is a process that includes: receiving, with a first device, a request to authenticate a user; obtaining, with the first device, an unstructured-data authentication input; extracting, with the first computing device, a plurality of features of the unstructured-data authentication input to form a structured-data representation; determining, with the first device, a first instance of a value that deterministically varies; and determining, with the first device, a first encrypted value based on both the structured-data representation and the first instance of the value that deterministically varies; and sending, with the first device, the first encrypted value to a second computing device

Abstract: Technologies are provided herein and include embodiments for protecting applications and information on a user computing device and include generating a menu of icons including an application icon and a decoy icon that correspond to a mobile application in a mobile device, where the application icon is assigned to a first location in the menu and the decoy icon is assigned to a second location in the menu. The embodiment further includes communicating icon location information to the mobile application, providing the menu of icons for display on a display screen of the mobile device, receiving a first indication of user input to select the decoy icon in the menu of icons, invoking the mobile application based on the decoy icon being selected, and communicating, to the mobile application based on the decoy icon being selected, second location information indicating the second location in the menu of icons.

Abstract: Aspects of the embodiments are directed to systems, methods, and computer program products that facilitate authentication of a user for providing authentication for access to secured services using an interactive voice response (IVR) service. A user device can include an application. The application can prompt the user to register with an authentication service to create an authentication credential. The user device can receive from the authentication service an authentication secret key. The application can prompt the user for a fingerprint scan, which the application can use to secure the authentication secret key. The user, when attempting to access a secured service, can provide another fingerprint scan to unlock the authentication secret key. The application can generate a one-time-password from the authentication secret key, and can transmit that OTP to an authentication service associated with the secured service provider.

Abstract: Provided is a process that includes: receiving, with a first device, a request to authenticate a user; obtaining, with the first device, an unstructured-data authentication input; extracting, with the first computing device, a plurality of features of the unstructured-data authentication input to form a structured-data representation; determining, with the first device, a first instance of a value that deterministically varies; and determining, with the first device, a first encrypted value based on both the structured-data representation and the first instance of the value that deterministically varies; and sending, with the first device, the first encrypted value to a second computing device.

Abstract: A method of providing a dynamic user details-based password policy includes steps of receiving a first set of information from a user and in response to receiving the first set of information, determining a first sensitivity score. The method also includes determining whether the first sensitivity score is greater than a baseline sensitivity score. The baseline sensitivity score may be based on historic account information from the user and requirements for an historic account password are based on the baseline sensitivity score. The method further includes in response to determining that the first sensitivity score is greater than the baseline sensitivity score, prompting the user to modify the historic account password to create a first password. Requirements for the first password are based on the first sensitivity score and require increased strength of the first password relative to the historic account password.

Abstract: Aspects of the embodiments are directed to an augmented reality Completely Automated Public Turing test to tell Computers and Humans Apart (“captcha”). Upon determining that a user, operating a user device, is attempting to access a website, a host server can cause a camera on the user device to activate and begin streaming and image feed to the host device across a network. The host device can determine an appropriate augmentation to the image feed that is germane to the context and/or environment of what is being displayed in the image feed. The augmentation can be displayed to the user on a display of the user device. The augmentation can also include a prompt instructing the user how to interact with the augmentation. The host server can determine whether to grant the user access based on the user's interaction with the augmentation.

Abstract: A method includes determining a match score indicative of similarities between (1) signal information associated with a current route being traveled by a user in connection with a transaction with a merchant and (2) signal information associated with an established route traveled by the user in connection with a previous transaction between the user and the merchant, wherein the signal information comprises signal signatures that identify one or more signal emitters identified along each route. The method also includes determining whether the current route matches the established route based on whether the match score is above a threshold. The method further includes if the match score is below the threshold, transmitting a message indicating that the user was not authenticated.

Abstract: A device unlock pattern (“pattern password”) is static in that the same pattern is entered each time to unlock a device. Due to this repetition, a pattern password may be discovered by an application that captures touchscreen gestures, by inspection of fingerprints or smudges on a screen, or simply by an onlooker that views the pattern password being entered. A variable hint pattern can be used to impede discovery. A hint pattern is a sub-pattern (“hint”) of the pattern password to be completed for device unlock. A variable hint pattern can impede discovery by changing the sub-pattern at a defined change threshold related to unlock attempts. The device can randomly change the sub-pattern or randomly change the missing portions of the pattern password at each change threshold. As a result, different inputs complete the pattern password. This variance stymies the methods typically used to discover pattern passwords.

Abstract: Aspects of the embodiments are directed to methods, systems, and computer program products for shared mobile wallet transactions. In embodiments, a mobile device can transmit a shared mobile wallet transaction request message to a mobile device operated by a shared mobile wallet contributor across a network connection; receive, from the shared mobile wallet contributor, a wallet transaction packet, the wallet transaction packet comprising a monetary contribution value and an identifier of the shared mobile wallet contributor; create a shared mobile wallet transaction packet comprising a monetary contribution value for the user, an identifier of the user, the monetary contribution value for the shared mobile wallet contributor, and an identifier of the shared mobile wallet contributor; and transmit the shared mobile wallet transaction packet to a point of sale device across a communications link. The communications link can be a near-field communications link.