Abstract: A computer-implemented method to initiate a token transfer process for transferring respective first quantities of tokens between a plurality of pairs of sender nodes and respective recipient nodes using a blockchain.

Abstract: Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device.

Abstract: An agent that may assist a service provider of gaming services with registering/signing up users, with accepting funds/money from a user and depositing these funds in a gaming account of the user for the user to play games with, and/or with receiving requests from a user to withdrawal funds from the user's account and paying the user the withdrawn funds. The agent may also assist a user in obtaining a report of an account of the user, the account being associated with a service provider that provides gaming services.

Abstract: Examples include an apparatus which accesses secure pages in a trust domain using secure lookups in first and second sets of page tables. For example, one embodiment of the processor comprises: a decoder to decode a plurality of instructions including instructions related to a trusted domain; execution circuitry to execute a first one or more of the instructions to establish a first trusted domain using a first trusted domain key, the trusted domain key to be used to encrypt memory pages within the first trusted domain; and the execution circuitry to execute a second one or more of the instructions to associate a first process address space identifier (PASID) with the first trusted domain, the first PASID to uniquely identify a first execution context associated with the first trusted domain.

Abstract: Improved systems and methods of providing computer security and countering attacks on computing systems by protecting control data such as a return address from being disclosed or modified. A stack canary is enhanced with randomization to prevent brute-force attacks and information leakage, providing a more effective sentinel to detect attempts to overwrite a return address on the stack. A shadow stack is enhanced with concealment of the return address from the stack, encoding of the return address in memory, and replacement of the real return address with a substitute value to detect attempted manipulation of the return address on the call stack and prevent it from succeeding. By enhancing randomization of the stack canary and using a shadow stack to encode and conceal the return address, the disclosed technology enhances security of a computing system against stack smashing, ROP attacks, and JIT-ROP attacks.

Abstract: A method for ensuring precedence for the processing of a blockchain transaction to prevent loss of cryptographic currency includes receiving a new blockchain transaction by a blockchain node in a blockchain network, confirming the new blockchain transaction including identifying a precedence transaction that was previously conducted and stored in the blockchain that involves both blockchain wallets included in the new blockchain transaction, including the new blockchain transaction in a new block that is generated, and distributing the new block to additional nodes in the blockchain network for confirmation and addition to the blockchain.

Abstract: A computer implemented method includes: receiving, by the computing system, a transaction authorization request, the transaction authorization request including a plurality of transaction conditions, the transaction authorization request relating to a request for a payment from a user's payment account to a recipient; provisioning, by the computing system, a plurality of limited-use payment tokens, each of the limited use payment tokens structured to expire according to a transaction condition; discarding, by the computing system, at least one limited-use payment token based on a determination that the at least one limited-use token is expired; receiving, by the computing system upon completion of a transaction, a limited-use payment token from the plurality of limited-use payment tokens; and transmitting, by the computing system to the recipient, a payment corresponding to the received limited-use payment token.

Abstract: A tracking system determines a location of a tracking device associated with a user using one or more access points at the location. Each access point at the location is configured to detect and couple with the tracking device when the tracking device is within a communicative range of the access point. An access point provides updates on the tracking device's presence, as well as the tracking device's arrival to and departure from the communicative range of the access point, to a tracking server. The tracking server determines, from these updates, whether the tracking device is at the location. The user may be notified, via a mobile device, of the tracking device's location.

Abstract: A system for and method of utilizing the low energy transmitter of a user device to communicate with a point-of-sale terminal in order to permit a consumer to conduct a purchase or other transaction with little or no interaction with the user device are disclosed. The system and method may also permit a purchase card processor to request additional levels of validation or authorization from the consumer in cases where the risk level of a transaction is high.

Abstract: There is provided an information processing apparatus including a processor that determines, on the basis of a predetermined condition, a transaction between a first virtual asset granted on the basis of a learning unit being certified to a user being educated and a second virtual asset different from the first virtual asset.

Abstract: A computer-implemented method includes receiving, by a recipient bank computer system, a previously used token from a point of sale (POS) device, the previously used token identifying a previous transaction as transferring funds to a merchant from a payor associated with the recipient bank computer system. The method also includes transmitting, by the recipient bank computer system, the previously used token to a messaging hub computer system. The method also includes receiving, by the recipient bank computer system, at least one of a card number or a payment credential, from the messaging hub computer system, the at least one of the card number or the payment credential associated with the previous transaction. The method also includes processing, by the recipient bank computer system, a refund using the at least one of the card number or the payment credential.

Abstract: An account validation system may include an account validation server. The server may store an order purchase history for accounts. The order purchase history may include a purchased product. The server may obtain an account identifier from a user device for a given user and communicate the purchased product to the user device for display thereon based upon a corresponding account associated with the account identifier. The server may communicate a fake product that is inconsistent with the order purchase history to the user device and based upon the order purchase history for the corresponding account. The server may also cooperate to prompt the given user to differentiate the purchased product from the fake product, and determine, based upon the user device, whether the given user has differentiated the purchased product from the fake product, and when so, validate the corresponding account.

Abstract: Techniques are provided for fraud mitigation using enhanced spatial features. One method comprises obtaining transaction data associated with a transaction; obtaining a machine learning module trained using training transaction data for multiple geographic areas to learn a correlation of the training transaction data with fraudulent activity for each geographic area; extracting a transaction address from the transaction data; determining a given geographic area for the transaction using the transaction address; determining values for a predefined spatial feature for a predefined region that includes the transaction address in the given geographic area using a query of an external online data source; applying the determined values for the predefined spatial feature to the machine learning module to obtain an anomaly score for the transaction; and initiating a predefined remedial step and/or a predefined mitigation step when the transaction is determined to be a predefined anomaly based on the anomaly score.

Abstract: A method for managing a consent receipt under an electronic transaction, comprising: receiving a request to initiate a transaction between the entity and the data subject; providing a privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; accessing the privacy policy associated with the entity; storing one or more provisions of the privacy policy associated with the entity; providing a user interface for consenting to the privacy policy associated with the entity; receiving a selection to consent to the privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; generating, by a third-party consent receipt management system, a consent receipt to the data subject; and storing the generated consent receipt.

Abstract: A system and method for electronic payment that involves generating and then using a temporary token based on a legacy PAN (Primary Account Number) to conduct an electronic transaction. The token is generated by transforming the PAN using specific inputs such that the original PAN can be recovered by manipulating the token in various ways as disclosed herein. One potential manipulation that may be used is encryption/decryption. The token is transmitted to a portable electronic device such that the portable electronic device may present the token to a point-of-sale device. The POS communicates the token to a server which validates the token by, among other things, recovering the PAN. If the PAN is recovered as expected a validation message is returned to the POS device.

Abstract: In some embodiments, inputs provided to an application are securely stored and processed. In some embodiments, input data is obtained via a user interface of an application accessed on a network device and the input data is stored in a physical memory area of temporary storage of the network device. The physical memory area of the temporary storage is configured to be designated for securely storing data processed by the application and to remain designated for securely storing data processed by the application when the network device is rebooted. The physical memory area is inaccessible to other applications. The input data is processed via the physical memory area of the temporary storage in accordance with instructions of the application, and, in response to a reboot of the network device, the designation of the physical memory area of the temporary storage to securely store data processed by the application is reapplied.

Abstract: A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature.

Abstract: Various examples are directed to a host device comprising a memory system, a host device memory, and a processor. The processor is programmed to receive from the memory system a first logical-to-physical (L2P) pointer message that comprises a first L2P pointer and a first digital signature. The processor executes a cryptographic operation based at least in part on the first L2P pointer and a cryptographic key and verifies the first digital signature based at least in part on the cryptographic operation. The processor caches the first L2P pointer at the host device memory.

Abstract: Association of personal, financial, and/or business-related identification information with a mobile communication device (MCD) is provided for herein. For example, an MCD can be associated with a financial account and can further include an identification component that verifies an identity of a user of the MCD. Identity can be verified by biometric analysis (e.g., finger/thumb print scan), username and password, optical feature scan, or a combination thereof or of like mechanisms, for instance. Accordingly, the claimed subject matter provides a mechanism to verify identification of a user of an MCD and incorporate user ID into remote data exchange, including remote financial transactions, with one or more networked devices.

Abstract: [Problem] Provided are a management device and a cryptocurrency system capable of smoothly operating an entire system by detecting fraud on cryptocurrencies without using enormous calculation amounts. [Solution] A management device connected to a plurality of user devices via a network, the management device including: an issued information storage area that stores a cryptocurrency ID of an issued cryptocurrency; an account information storage area that stores account information in association with one or a plurality of cryptocurrency IDs; and a history information storage area that stores history information of a cryptocurrency in association with a cryptocurrency ID.

Abstract: An example operation may include one or more of receiving a request for trust information of an off-chain data source from a client, determining a category type of the off-chain data source from among a plurality of category types based on the request, retrieving a reliability value of the off-chain data source linked to one or more of an identity of the off-chain data source and the determined category type from a reliability database implemented via a distributed ledger shared among a plurality of peer nodes, and transmitting the retrieved reliability value linked to the category type to the client.

Abstract: The claimed solution relates to a method of making transactions in the blockchain framework using a protected hardware and software complex to ensure secure storage of digital currencies (cryptocurrencies) and control the entire lifecycle of multiple wallets simultaneously to make transactions in the blockchain network. Basic features of the hardware and software complex include the effective control over the entire life cycle of cold wallets, generation of digital wallets and secure storage of their private keys in an isolated environment using the hardware security modules (HSM), as well as maintaining the multiple level authentication of blockchain transactions. It is possible to use all the features of the complex due to compatibility with the application programming interface (API), which enables to integrate the complex into the existing software solutions, for example, banking systems.

Abstract: The invention provides a novel and advantageous solution for controlling or influencing use of and/or access to a resource. This resource may be a device, such as an IoT (Internet of Things) device or a process. The invention is implemented via a distributed ledger (blockchain). This may be the Bitcoin blockchain or some alternative blockchain platform/protocol. In an illustrative embodiment, the controlled resource is a parking meter.

Abstract: A work authorization system comprising a credential provider which is installed on a data processing unit of an automated analyzer instrument comprising a device for entering data, a server comprising an interface for receiving data from the credential provider and information for authentication of a user, a database containing all relevant data necessary for authentication of the user and a device for sending messages.

Abstract: In one aspect, a method for processing a card-not-present account-on-file transaction is provided. The transaction involves a cardholder using payment card information stored by a merchant. The method includes receiving an authorization request message for the transaction, the authorization request message received at a payment network from an acquirer associated with the merchant and receiving an authorization response message, the authorization response message received at the payment network from an issuer. The authorization response includes a denial indicator indicating that the transaction has been denied. The method further includes querying a database coupled to the payment network to determine whether the database includes updated payment card information for a payment card associated with the transaction.

Abstract: A fine-grained scalable time-versioning support for large-scale property graph databases includes receiving a request, wherein the request includes an entity identifier (ID) and reference time information, and searching entries of a first table using the entity ID as a first key. Matching an entry is performed corresponding to the first key in the first table, determining the entry is valid based at least in part on comparing the reference time information of the request with stored time information for the entry, and responsive to the determination, creating a second key, wherein the second key concatenates an ID associated with the entity ID with the reference time information of the request. Searching a second table is performed having entries based at least in part on the second key, and responsive to searching the second table, retrieving data associated with the second key.

Abstract: In accordance with an embodiment, described herein is a system and method for enabling in-place record content management. A records management agent within a content management system can communicate with a records management system in an asynchronous manner, such as in response to a request or prompt, or in combination with check-in of content into the content management system. The records management agent can fetch a records folders hierarchy from the records management system for use in selecting record policies to be applied to content. The records management agent can associate content with selected records folders within the records folders hierarchy, and can update metadata corresponding to the content. The records management agent can send the updated metadata to the records management system. In an embodiment, the records management agent can be provided as a reusable, pluggable component within an existing content management system.

Abstract: A computer-implemented method of providing enriched transaction data for a transaction requiring an authorization is provided, the transaction performed using a computer system having a processor and a memory device. The method includes storing transaction data received from an input channel, the transaction data including a transaction identifier. An execution plan is retrieved based at least in part on the transaction identifier. The transaction data is processed across an enrichment processor based on the execution plan to generate at least one fraud score for the transaction. The transaction data is enriched to include at least one of the fraud score and an enriched data object. The enriched data is transmitted to an authorizing party for authorization.

Abstract: A method for providing recommendations of creative professionals to complete a project is provided. The method includes receiving information related to a project, the information including a first set of criteria associated with the project. The method includes determining, using a statistical model, a vector representation corresponding to a candidate creative professional based on the information related to the project. The method also includes determining respective vector representations of a first set of creative professionals based at least in part on profile information related to each of the creative professionals. The method includes determining respective distances of each of the respective vector representations from the vector representation corresponding to the candidate creative professional. Further, the method includes providing a second set of creative professionals as recommendations for being assigned to the project based at least in part on the respective distances.

Abstract: In one example in accordance with the present disclosure, a computing device is described. The computing device includes an encryption device to encrypt, using an encryption key, a document to be rendered. A generating device generates multiple shares of a decryption key using a secret-sharing scheme. A threshold number of the multiple shares allows decryption of the document. A transmit device transmits different shares of the multiple shares to different devices. The document is rendered when the threshold number of multiple shares are rejoined at a rendering device.

Abstract: Methods are provided for achieving consensus among an order in which write requests are received by various ones of a plurality of nodes in a distributed system using a shared data structure. The plurality of nodes are organized into groups of nodes and successively larger groupings of groups, based on physical proximity. A consensus protocol is used to achieve consensus among groups of nodes, and then among the groupings of groups of nodes in a logical tree structure up to a root level virtual node. Recovery from failure of all nodes in a group is supported.

Abstract: A system and method of providing secondary syndicated content on a client device includes detecting external Primary Source Content and Primary Source Content on the client device directly and identifying a Content Identifier and synchronization cue of the Primary Source Content on the client device. The method also includes subscribing to a channel associated with the Primary Source Content on the client device and generating and displaying secondary syndicated content on the client device as a function of the synchronization cue, such that the secondary syndicated content is synchronized to a current temporal segment of the Primary Source Content.

Abstract: Various arrangements relate to a method performed by a processor of a computing system. An example method includes hashing a first salted value to generate a first hashed salted value. The first salted value includes a first salt value and a value. A first tuple is generated. The first tuple includes the first hashed salted value and a first token. The first token is associated with the value. A first BAT message is generated. The first BAT message includes the first salt value. The first BAT message is associated with the first tuple. A second salted value is hashed to generate a second hashed salted value. The second salted value includes a second salt value and a value. A second tuple is generated. The second tuple includes the second hashed salted value and a second token. The second token is associated with the value. A second BAT message is generated.

Abstract: Methods, systems, and computer-readable media herein disclose providing or sharing access to an asset. A request for sharing the asset from a consuming party may be received. The asset may be verified as a registered asset. The request may be sent for approval by a provisioning party. The request may include details about a transaction for which sharing the asset has been requested and a specification of the asset requested for sharing. Approval may be provided with restriction parameters. In turn, a first digital token may be generated. A request for the transaction may be received from the consuming party. Transaction details may be verified against the restriction parameters. A second digital token associated with the asset from an asset custodian may be received. A request to perform the transaction may be sent to the asset custodian. A confirmation of a processed transaction from the asset custodian may be received.

Abstract: A system for protecting a computer system interfacing with peripheral elements via a generic port associated with an open standard interface, the system comprising at least one protection device configured for installation between the computer system and its peripheral element/s and including a pair of computer-peripheral interfaces and a uni-directional data flow limiter (e.g. Uni-directional buffer) intermediate the computer-peripheral interfaces.

Abstract: A system and method for determining a point in time compliance status of a computing system with a security guideline standard (SGS) wherein the computing system has a command line shell available through a native operating system, the method comprising inputting into a host computer of the computing system a SGS package that represents a scripted SGS that is a non-text file and is encrypted that provides instructions for an evaluation of a computing system's compliance with the SGS under consideration wherein the SGS package performs at least a portion of an automated evaluation of a compliance status at the point in time of the computing system under consideration when the SGS package is decrypted by the computing system; sending a command query from the decrypted SGS package to the selected device of the computer system; compiling in a locally hosted database of the host computer compliance results sent from the selected device of the computing system in response to the command query from the decrypted SGS

Abstract: An authentication/authorization tool authenticates entity data received from an official third party and authorizes the distribution of the authenticated data based on an authorization token provided by a mobile device of the entity. The tool determines, based on the entity data and an entity preferences database, different portions of the entity data that are of different data types and data repositories that are authorized to receive each data type. The tool receives an authorization token from a mobile device of the entity and uses the authorization token to determine whether data distribution is authorized. Responsive to determining, based on the data authorization token, that distribution of the data is authorized, the tool automatically transmits the data portions to the entity's data repositories to update information stored therein, according to preferences of the entity.

Abstract: A method of providing secure ledger distribution for interbank settlement includes maintaining a first consensus layer in a mainchain among a plurality of nodes of the centralized computer system and a second consensus layer in a first private sidechain among at least one node of the centralized computer system and computer systems of at least a first sender bank and a first receiver bank, each of which have an account with the central bank. A first transaction is received from the computer system of the first sender bank as a first payment request. It is determined that the first transaction is valid and consensus is reached on a distributed ledger in the mainchain. A first finality proof for the first transaction is forwarded to the first private sidechain. The first transaction is added to a first private ledger accessible only within the first private sidechain.

Abstract: Transaction data is obtained relating to a current purchase transaction. An account indicator is retrieved. The transaction data is used to transform the account indicator. The transformed account indicator is encrypted to generate an encrypted account indicator.

Abstract: A method includes initiating, by a payor computing device, a financial transaction to send payment of a particular amount to a payee computing device using a first cryptocurrency. The payee computing device accepts a desired currency. The method further includes placing a hold on an amount of collateral cryptocurrency based on a request to process the financial transaction. The method further includes sending, by the payor computing device, a first amount of the first cryptocurrency equal to the particular amount to the cryptocurrency acceptance network computing device, converting, by a cryptocurrency exchange device, the first amount of the first cryptocurrency to an amount of the desired currency equal to the particular amount, and sending the amount of the desired currency to a payee banking computing device. The method further includes seeking a desired number of confirmations of the first amount of the first cryptocurrency from a consensus network.

Abstract: A computer-implemented method for managing enterprise transactions includes creating an overlay to a physical communications network, adding one or more nodes to the overlay, designating one or more nodes of the overlay as super nodes, generating a distributed ledger to store the transactions, and replicating the distributed ledger to all nodes of the overlay. Generating the distributed ledger includes receiving, at the super nodes, transactions from the one or more nodes, assigning, by the super nodes, the transactions to a variable size block, validating, by the super nodes, the variable size block, and linking the validated variable size block to the distributed ledger.

Abstract: A computing system includes a network interface, a customer database, and a processing circuit. The processing circuit receives information indicative of a first purchase by a customer, establish an aspect of the first purchase as a network authentication credential for the customer, receive a first request to connect to the network from a customer device associated with the customer after completion of the first purchase, transmit a first query to the customer device prompting the customer to input information regarding the aspect of the first purchase, receive a customer-input response to the first query, authenticate the first request by determining that the customer-input response to the first query corresponds to the established aspect of the first purchase, and authorize connection of the customer device to the network based at least in part on the first request being authenticated.

Abstract: Implementations of the present disclosure include receiving a content of a confidential transaction of a client node, by a consensus node of a blockchain network, wherein the content of the confidential transaction includes one or more commitment values of the confidential transaction generated by the client node by applying a cryptographic commitment scheme to transaction data of the confidential transaction, and encrypted transaction information generated by encrypting the transaction data using a secret key of the client node, wherein a secret key is obtained by the client node according to a threshold secret sharing scheme with a plurality of client nodes, and one or more zero-knowledge proofs of the transaction data; verifying that the confidential transaction is valid based on the content of the confidential transaction; and storing the encrypted transaction information on a blockchain of the blockchain network.

Abstract: A device and method are provided. The device includes a controller, a memory, and a transceiver. The controller generates authentication information based on a user input to the device. The memory stores the generated authentication information. The transceiver receives authentication information, which is generated by a point of sale (POS) terminal based on a user input to the POS terminal, from the POS terminal, when the device enters within a predetermined range from the POS terminal. The controller compares the generated authentication information with the received authentication information, and provides card information which is used in a transaction with respect to an item or a service to the POS terminal based on a result of the comparison.

Abstract: The invention relates to a method and system that implements a customer account automation framework. A mobile device or system comprises: a memory that accesses customer profile data, customer transaction data and payment rules data; and a computer processor, coupled to the memory, programmed to: identify one or more rules, each rule comprising an event and an action, wherein the one or more rules comprise one of: notification, confirmation and automation and an associated device; receive one or more rule suggestions automatically generated based on customer behavior and transaction data; receive one or more sponsored rule suggestions automatically generated based on sponsor data; accept at least one suggested rule, wherein the suggested rule comprises a corresponding event and a corresponding action; detect an occurrence of the event; and automatically perform the action.

Abstract: A system and method for enabling global and remote flash sale or daily deal commerce through unsecured electronic channels are provided. The system provides an innovative and new standard that not only enhances consumer convenience but also solves a large shortcoming by providing customers an alternative to online electronic purchasing for these types of offers. The system and method allows customers to receive and instantly purchase special offers in an entirely off-line fashion.

Abstract: A method for consumer-initiated transactions with encrypted tokens includes: storing a first cryptographic key pair comprising an account public key and an account private key, a merchant public key, an account token associated with a transaction account, an account identifier, and an issuing institution identifier; receiving transaction data for a proposed payment transaction including a transaction amount; generating a transaction order including the transaction data; generating a cryptographic checksum for the generated transaction order; generating a digital signature over the cryptographic checksum using the account private key; generating a payment token including the issuing institution identifier, the account identifier, the transaction amount, and the account token; encrypting the payment token using the account private key; and transmitting the encrypted payment token and signed cryptographic checksum to a point of sale device.

Abstract: A data authentication system stores a data fingerprint representing data distributed from a data source to a data recipient, allowing the data recipient to authenticate the data. The data authentication system receives, from a data source, a first data fingerprint that represents a digital entity distributed by the data source to a data recipient. A representation of the first data fingerprint is sent for storage on a blockchain. A request is received from a data recipient to authenticate the digital entity, where the request includes a second data fingerprint that represents the digital entity as distributed to the data recipient. The data authentication system authenticates the second data fingerprint against the stored first data fingerprint to verify that the data recipient received authentic data.

Abstract: The present invention is directed blockchain systems and censuses protocols that adopt a pipelining technique. The systems and protocols involve a committee of consensus nodes that include proposer nodes and voter nodes. Each proposer node can send two or more unnotarized proposals to the voter nodes, and the voter nodes can vote on an unnotarized proposal when they have the same freshest notarized chain or block. A sequence number is provided to facilitate the operation of the systems and protocols. The sequence number can be used to determine the freshest notarized chain or block and the finalized chain and switch proposer node. The systems and protocols also provide other features such as chain syncer, committee election scheme, and committee reconfiguration. The systems and protocols further provide a simple finalization process and thus have a low finalization time.

Abstract: A method including receiving a first application user credential associated with a user profile; comparing, for a first match, the first application user credential with a stored second application user credential, wherein the stored second application user credential is associated with a user identity; and responsive to finding a first match, verifying the user identity by performing the following: communicating with a card using near field communication; receiving a public key of a key pair of the card and cardholder identification information of an account holder of the card; instructing the card to generate a digital signature; receiving the digital signature from the card; verifying the digital signature using the public key; and comparing, for a second match, at least a portion of the user identity with at least a portion of the cardholder identification information.