Abstract: Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.

Abstract: A method includes communicating with a remote server computer via a first mobile device to receive in the first mobile device a payment token associated with a PAN (primary account number). The PAN identifies a payment account owned by a user of the first mobile device. The method further includes provisioning the payment token from the first mobile device to a second mobile device in proximity to the first mobile device. The provisioning includes transfer of data from the first mobile device to the second mobile device.

Abstract: A system including a processing circuit configured to collect at least first contact information of a beneficiary, identify a risk associated with the beneficiary, automatically calculate a risk score for an electronic transaction based on the risk, determine that the risk score exceeds a first threshold value and displaying a notification on the user device associated with the electronic transaction, receive data from the user device, wherein the data includes at least second contact information corresponding to the beneficiary, compare the first contact information and the second contact information with additional data, wherein comparing includes analyzing the call records or the emails and determining that a user conducted at least one mitigation activity of the displayed mitigation activities, recalculate the risk score based on the at least one mitigation activity, and display the recalculated risk score on the user device.

Abstract: The subject matter of this specification generally relates to cloud-hosted certificate lifecycle management (CLM) to on-premises certificate authority (CA) communication. In some implementations, a method includes receiving a task request specifying a requested task and an identifier specifying a location for task execution, determining the requested task and that the location for task execution for the requested task is at an on-premises CA device, in response to determining the requested task and that the location of the task is at the on-premises CA device, storing a request task data entry that links the task request to the location for task execution, providing a notification to an on-premises CA gateway, and in response to the notification, providing the requested task for task execution. In some implementations, the remote CA gateway plug-in module maintains a constant communication connection with the on-premises CA gateway via a persistent client-initiated communication protocol.

Abstract: According to a present invention embodiment, a system for granting access to applications associated with different blockchains comprises one or more memories and at least one processor coupled to the one or more memories. The system verifies a non-fungible token of a first blockchain is owned by a user. The non-fungible token is indicated by the user for access to an application associated with a second blockchain. Information for the second blockchain is retrieved from information for different blockchains associated with the non-fungible token. A blockchain address of the second blockchain is verified as being associated with the user based on the information for the second blockchain to grant access to the application. Embodiments of the present invention further include a method and computer program product for granting access to applications associated with different blockchains in substantially the same manner described above.

Abstract: A blockchain agnostic token network is described. In an example, a request to purchase a non-fungible token (NFT) minted on a blockchain from a seller is received. Based at least in part on context data associated with at least one of the user, the seller, or a digital asset associated with the NFT, a plurality of available blockchains is determined for holding the NFT. Information associated with the plurality of blockchains is surfaced and one of the plurality of blockchains is determined for holding the NFT. Based at least in part on the determined blockchain, the NFT is transferred to the determined blockchain and associated with a user account for subsequent viewing.

Abstract: Programmable telematics systems, methods and apparatus for two-way transmission of data and information between fleet vehicles and a fleet management system. The systems and methods employ a programmable telematics communications unit (TCU) configured to connect to a communications port of a vehicle, enabling two-way transmission of data and information between a fleet management system and vehicles in the fleet. The TCU device includes cellular data connectivity enabling communication with the management system through existing cellular telephone networks. The programmable TCU may be toggled between multiple operating modes, wherein the TCU provides different functionality, such that a single vehicle may participate in multiple vehicle programs at different points in time, including separate vehicle rental and vehicle sharing programs.

Abstract: Systems and methods for fraud monitoring are disclosed, including: receiving a transaction request associated with a first instrument of a user; extracting, characteristics of the transaction request; identifying, by the first processor, user data based on the transaction request; determining a fraud severity value and notification value based on inputting the characteristics and user data into a fraud machine learning model; performing a first fraud action based on the fraud severity value; wherein the first fraud action is at least one selected from the group of locking the first instrument for a period of time, deactivating the first instrument, and electronically transmitting a first query message to a user device associated with the first instrument; and transmitting a fraud notification based on the notification value, wherein the fraud notification includes severity information associated with the fraud severity value.

Abstract: Digital fingerprints include data indicative of interior features or structures of an object. The physical object may be rigid or malleable. The digital fingerprints may also include data indicative of features on an exterior surface of the object. Digital fingerprints may uniquely identify an object with respect to other objects, even with respect to other objects of a same type or class of objects. The technology may be relatively invariant to changes in scale, rotation, affine, homography, perspective, and illumination as between a reference digital fingerprint and a later acquired or generated digital fingerprint. Digital fingerprints may be used to authenticate an object as being a second instance or appearance of a previously digitally fingerprinted object.

Abstract: After receiving an authorization result from a user, an authorization server sets a deadline for re-authorization, performs wait processing until the deadline, and thereafter issues an access token.

Abstract: A computer system for verifying whether two existing sets of confidential electronic data are identical by transforming the two existing sets of confidential electronic data into two new sets of electronic data that are no longer confidential, and then comparing the two new sets of electronic data. As a result, the confidentiality of the two existing sets of electronic data is maintained.

Abstract: In one embodiment, a method includes establishing, by an identity agent installed on a device, a connection to a browser installed on the device and generating, by the identity agent, first device information, a public key, and a private key. The method also includes communicating, by the identity agent, the first device information and the public key to an authentication service and receiving, by the identity agent, a unique identifier from the authentication service. The method further includes generating, by the identity agent, a first signature of the first device information and communicating, by the identity agent, the first signature, the first device information, and the unique identifier to the browser.

Abstract: A computer system (10) comprises a plurality of computers (20a, 20b, 20c, 20d). Each of the computers (20a, 20b, 20c, 20d) comprises a store (22, 24, 26, 28). Each of the computers is configured to provide one or more labels to replace determined data in documents stored in the store (22, 24, 26, 28), and to produce encoded documents including the one or more labels to replace the determined data in the documents. The computer system (10) further comprises a machine learning computer system (30) configured to train the plurality of computers (20a, 20b, 20c, 20d) based on the encoded documents from the plurality of computers (20a, 20b, 20c, 20d).

Abstract: A method of data transfer from a tenant to a service provider comprises encrypting the data with a public key of a key pair generated by a secure device within the service provider system. The data thus cannot be accessed by the service provider during transmission. The data is generated with a corresponding access control list, which specifies that a valid certificate must be presented in order to grant a particular use of the data once stored. The tenant can thus retain control of the use of the data even though it has been transferred out of the tenant system. A method of controlling use of data securely stored in the service provider system comprises issuing a use certificate having an expiry time to the party requesting use of the data. The use certificate must be validated before use of the stored data is granted. This enables the tenant to grant use of the stored data for a limited time period.

Abstract: An apparatus for detecting a phishing website based on website icons is disclosed. A disclosed example apparatus includes parser circuitry to parse code of a first website, detector circuitry to detect, based on the parsed code, a first website icon and a first Uniform Resource Locator (URL) corresponding to the first website, and hash generator circuitry to generate a first hash of the first website icon, and store the first hash in association with the first URL in a hash entry of an icon hash database, the hash entry to be used for determining that a second website is a phishing website when (a) the first hash matches a second hash of a second website icon corresponding to the second website, and (b) a first portion of the first URL matches a second portion of a second URL corresponding to the second website.

Abstract: A system and method for conducting a privileged communication session between a client user and an attorney subscriber includes initiating a communication session between the client user and the attorney member in response to a communication session request, via a communication application where the communication session is configured to be selectively conducted via the communication application in a non-privileged mode and in a privileged mode such that in the non-privileged mode, the communication session is conducted via a communication server in communication with a user client computing device and an attorney computing device, and such that in the privileged mode the communication session is conducted via a direct communication link initiated via the communication application such that, in the privileged mode the communication server is disconnected from the direct communication link.

Abstract: Embodiments include a provider computing system associated with a provider including at least one processing circuit configured to present, by a graphical user interface while a bill pay application is in an unlaunched state, a notification including a plurality of summaries of at least one bill, automatically launch the bill pay application in response to the customer selecting a summary of the plurality of summaries of at least one bill, and automatically navigate to a sub-screen presenting the selected summary. The least one processing circuit further configured to receive, via the bill pay application, a request to pay an amount of funds to a biller, generate a payment request, provide at least one post to a funds account circuit based on the payment request, and generate and provide a payment data object to a biller computing system.

Abstract: A certificate revocation manager performs scheduled synchronization of a certificate revocation table with certificate revocation lists (CRLs) independent of connection requests from clients. The certificate revocation table includes entries that each indicate a client certificate that has been revoked by a certificate authority (CA). On a scheduled basis, the certificate revocation manager synchronizes the entries of the certificate revocation table with current CRLs obtained from different CAs. When a service at receives a request from a client to establish a connection, the service generates a composite key based on a CA identifier and a certificate identifier of a client certificate provided by the client. The service performs a lookup on the certificate revocation table based on the composite key. Based on a result of the lookup, the certificate revocation manager determines whether the client certificate is revoked.

Abstract: An identity verification device for verification of a digital credential includes a user device communication interface for operative communication with a user device associated with a human user. The user device communication interface is operative to receive from the user device the digital credential of the human user stored locally on the user device. The device also includes a relying party communication interface operative to send a request to an intermediary credential service platform for verification of the digital credential presented by the user device, and to receive verification of the digital credential from the platform after application of an issuing authority credentialing standard to the digital credential. The device further includes a verification indicator operative to provide an indication of verification status of the digital credential to the relying party associated with the identity verification device.

Abstract: A data mining method, system, and non-transitory computer readable medium include obtaining a subset of public records of data in a public domain and performing data mining, via private domain data, within the subset of the public records of data to find data in the public domain corresponding to a particular individual.

Abstract: A method for consumer-initiated transactions with encrypted tokens includes: storing a first cryptographic key pair comprising an account public key and an account private key, a merchant public key, an account token associated with a transaction account, an account identifier, and an issuing institution identifier; receiving transaction data for a proposed payment transaction including a transaction amount; generating a transaction order including the transaction data; generating a cryptographic checksum for the generated transaction order; generating a digital signature over the cryptographic checksum using the account private key; generating a payment token including the issuing institution identifier, the account identifier, the transaction amount, and the account token; encrypting the payment token using the account private key; and transmitting the encrypted payment token and signed cryptographic checksum to a point of sale device.

Abstract: A device may receive, from client devices of users, user data identifying the users, client device data identifying the client devices, and transaction card data identifying transaction cards, and may receive transaction account data identifying transaction accounts. The device may process the user data, the client device data, the transaction card data, and the transaction account data, with a machine learning model, to determine trust scores for the transaction cards, and may identify trusted transaction cards based on the trust scores. The device may receive, from trusted client devices associated with the trusted transaction cards, location data identifying locations of the trusted client devices and communication data indicating communications between the trusted transaction cards and the trusted client devices. The device may generate a card mapping for the trusted transaction cards based on the location data and the communication data, and may perform actions based on the card mapping.

Abstract: According to certain embodiments, a method performed by a trust anchor comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with a hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and receiving a response encrypted using the random value (K). The response is received from the hardware component. The method further comprise encrypting a schema using the random value (K) and sending the encrypted schema to the hardware component. The schema indicates functionality that the hardware component is authorized to enable.

Abstract: Securing digital assets in a vault that interfaces with multiple different third-party wallets to store keys/mnemonics. The vault interface accepts input from multiple different party wallets to combine multiple encryptions and secure storage techniques. Numerous cryptographic mechanisms are employed to securely pull a mnemonic phrase from a third-party wallet and into an institution's vault. A customer's mnemonic phrase is securely transported from a personal wallet into a secured institution's encrypted vault using the power of HSM to encrypt and decrypt a customer's mnemonic phrase securely.

Abstract: A device may receive a uniform resource locator (URL) and encrypted data. The device may download a first application from an application server based on the URL. The device may download and execute the first application. The first application may receive the encrypted data.

Abstract: Systems and methods are provided to enable a user to conduct a transaction using their credentials stored on a secure server computer (e.g., a computer associated with a partner such as another merchant) by merely presenting their authentication data at a physical location via an auxiliary device. An auxiliary device may be provided for interfacing with a partners backend server (e.g., the secure server computer). In some embodiments, biometric authentication may provide a mechanism for a true seamless and potentially frictionless (in the case of modalities that do not require physical contact) interaction. Payment can occur without any need for a card, phone, wearable, or any other user device as long as the auxiliary device is able to recognize the user and retrieve a credential that can be linked to that user.

Abstract: A first document including a decrypting version of a first key and a second document including a representation of a login token are received from the first compute device. An encrypted second key that has been encrypted by an encrypting version of the first key is received after receiving the login token from a second compute device. The second compute device stores the encrypting version of the first key before the receiving of the first document. The encrypted second key is decrypted using the decrypting version of the first key to obtain a plaintext second key. Encrypted sensor data that includes plaintext sensor data that has been (1) captured prior to the receiving of the first document, and (2) encrypted by the plaintext second key is received from the second compute device. The encrypted sensor data is decrypted using the plaintext second key to obtain the plaintext sensor data.

Abstract: More effective authentication protocols for provisioning electronic devices are provided. An approval signal responsive to a provisioning request may be transmitted in real-time, such as under four seconds in certain embodiments. An authentication score for the provisioning request may be calculated even after transmitting the approval signal. In certain embodiments, information gathered from the successful provisioning of a device can be used in the authentication scoring process. Authentication scores deemed to fall below a requisite threshold may be used to suspend the provisioned device, therefore, limit the ability for the device to utilize the account, however, without withdrawing the approval or granted digital token. Certain implementations may negate the need to transmit further approvals or confirmations following determining an authentication score met a threshold.

Abstract: A system and method is disclosed for providing vendors an alternative to a password-based security system. The system and method also allows vendors to manage secure transactions by leveraging various message authentication techniques while allowing the vendor full control over related processes such as payment processing and fulfillment. The system and method also monitors message requests from customers for the vendor to guarantee that the communication has not been compromised. Consolidating the authentication of users to their messaging minimizes the need for each individual vendor to maintain their own password for access to a customer account. This eliminates the requirement that customers generate a password thus increasing convenience and decreasing security risks associated with the use of passwords. This decreases risk not only for customer and vendor but also decreases the risk exposure across the internet-as the system scales.

Abstract: A system includes masking servers, transport servers, and signal servers. Each transport server stores masking server Internet Protocol (IP) addresses. Each signal server is configured to store transport server IP addresses, receive an update request from a client, and send the transport server IP addresses to the client in response to the update request. Each transport server is configured to receive a request data payload for a destination target server from the client, select a masking server, and send the request data payload to the selected masking server. The selected masking server is configured to send the request data payload to the target server, receive a response data payload from the target server, and send the response data payload to the transport server from which the request data payload was received. The transport server that receives the response data payload sends the response data payload to the client.

Abstract: The subject matter of this specification generally relates to cloud-hosted certificate lifecycle management (CLM) to on-premises certificate authority (CA) communication. In some implementations, a method includes receiving a task request specifying a requested task and an identifier specifying a location for task execution, determining the requested task and that the location for task execution for the requested task is at an on-premises CA device, in response to determining the requested task and that the location of the task is at the on-premises CA device, storing a request task data entry that links the task request to the location for task execution, providing a notification to an on-premises CA gateway, and in response to the notification, providing the requested task for task execution. In some implementations, the remote CA gateway plug-in module maintains a constant communication connection with the on-premises CA gateway via a persistent client-initiated communication protocol.

Abstract: A computer-based method for providing a loyalty identifier to a merchant using a payment network is described. The method includes storing data including at least one loyalty identifier associated with a cardholder enrolled in a loyalty program and a corresponding payment card identifier, receiving a first authorization request message for a payment transaction initiated by a first cardholder using a first payment card at an originating merchant, the first authorization request message including a first merchant identifier and a first payment card identifier, determining a first loyalty program associated with the originating merchant based in part on the first merchant identifier and the data stored in the memory, determining a first loyalty identifier associated with the first cardholder for the first loyalty program based in part on the first payment card identifier and the data stored in the memory, and providing the first loyalty identifier to the originating merchant.

Abstract: The present disclosure provides a system for generation and verification of signatures via user specific tokens. This system allows a user to create a token to include with or use instead of a signature, with the token generally called a “Signature Token.” The Signature Token may be a numeric token, alphanumeric token, or other appropriate character set. The system may additionally determine or assign a signature level to a signature token based on the user device information, signature information, or some combination thereof. A Signature Token can be verified by a third party, thereby authenticating the user's signature. The system provides easy access for the creation of signature tokens and verifying the tokens.

Abstract: A system for managing a financial account in a low cash mode. The system may include a memory storing instructions, and a processor configured to execute the instructions to perform operations. The operations may include providing an interface; providing a notification to a user when a balance in the first account is deemed to be in low cash mode; presenting, when the first account balance is deemed to be in low cash mode, an option for a transfer request; receiving, a selection of the option for the transfer request to connect the first account with a second account; transferring funds from the second account to the first account; notifying the user that funds have been transferred from the second account to the first account; and further notifying the user that the balance in the first account is greater than the threshold value.

Abstract: A request may be received to transfer from a first entity to a second entity a right related to a digital asset stored in an on-demand database system. The on-demand database system may provide computing services to a plurality of entities via the internet. A token associated with the digital asset may be identified. The token may being included in a smart contract recorded within a distributed trust ledger and may be owned by a first distributed trust ledger account. The smart contract may be executed within the distributed trust ledger to record a transfer of the token from the first distributed trust ledger account to a second distributed trust ledger account. The on-demand database system may be updated to include one or more database entries reflecting the recorded transfer.

Abstract: The subject matter of this specification generally relates to cloud-hosted certificate lifecycle management (CLM) to on-premises certificate authority (CA) communication. In some implementations, a method includes receiving a task request specifying a requested task and an identifier specifying a location for task execution, determining the requested task and that the location for task execution for the requested task is at an on-premises CA device, in response to determining the requested task and that the location of the task is at the on-premises CA device, storing a request task data entry that links the task request to the location for task execution, providing a notification to an on-premises CA gateway, and in response to the notification, providing the requested task for task execution. In some implementations, the remote CA gateway plug-in module maintains a constant communication connection with the on-premises CA gateway via a persistent client-initiated communication protocol.

Abstract: Methods, systems, and media are provided for enabling encryption key distribution when a processor is in offline mode. When offline, key distribution servers can distribute private/public key pairs in place of the processor. The servers can distribute a private key to a first server for encryption of data and a public key to the processor, when it is online, to decrypt the data.

Abstract: Digital fingerprints include data indicative of interior features or structures of an object. The physical object may be rigid or malleable. The digital fingerprints may also include data indicative of features on an exterior surface of the object. Digital fingerprints may uniquely identify an object with respect to other objects, even with respect to other objects of a same type or class of objects. The technology may be relatively invariant to changes in scale, rotation, affine, homography, perspective, and illumination as between a reference digital fingerprint and a later acquired or generated digital fingerprint. Digital fingerprints may be used to authenticate an object as being a second instance or appearance of a previously digitally fingerprinted object.

Abstract: The system generates a validation tool in response to receiving an indication to initiate validation. The system identifies at least one media content item based on a user profile, and generates at least one question based on the at least one media content item. The at least one media content item may include an image, a video, text, or a combination thereof. The system determines at least one answer corresponding to the at least one question. The question and answer may be determined based on a question template. For example, the template may be selected based on attribute types or values of the at least one media content item. The system generates the at least one question for output on an output device. Upon receiving input indicative to an answer, the system compares the inputted answer to the determined answer to determine whether to validate the user.

Abstract: In some implementations, a masking device may receive rules and a document object model (DOM) structure. Each rule may indicate a corresponding element, a corresponding pattern, and a type of remediation. The DOM structure may include elements, where each element is associated with text. The masking device may traverse the DOM structure to identify elements that map to corresponding elements indicated by the rules. The masking device may determine whether text, associated with the identified elements, is sensitive information by determining whether the text maps to corresponding patterns indicated by the rules. The masking device may perform validation on the sensitive information. The masking device may modify the DOM structure based on the sensitive information, the validation, and a type of remediation indicated by the rules. Accordingly, the masking device may output the modified DOM structure.

Abstract: A payment managing system and method for enhancing the security of electronic user payment data can include employing a two factor authentication and keeping e-commerce host system outside the PCI scope. The two-factor authentication can include using a session ID and a one-time token (OTT). The session ID can identify a payment session that is initiated upon initiation of an e-commerce transaction. The payment managing system can provide a computing device initiating the transaction an iFrame to handle input user input data on an information resource. The OTT can be used to tokenize the user input data. The OTT can be included in payment authorization requests sent to the payment managing system. The payment managing system can obtain payment authorization without the user payment data being shared with e-commerce host systems.

Abstract: A media system replaces content in a first sequence of media content. The media system presents the first sequence of media content to an end-user and generates a fingerprint of the sequence of media content. The fingerprint is for comparison with a plurality of reference fingerprints so as to identify the first sequence of media content and determine a reference position within the first sequence of media content. The media system sends a request for a replacement sequence of content to a content replacement system, and receives replacement media content selected based on the identified first sequence of media content. The media system presents the replacement media content to the end-user instead of the first sequence of media content. Presenting the replacement media content begins at a position in the first sequence of media content that is determined based on the reference position.

Abstract: Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to authenticate a user on the computing device in order to unlock an operating system based on a first recovery key. A key rotation command can be received from the management service. The key rotation command can include an instruction to rotate the first recovery key. The computing device can generate a second recovery key and transmit the second recovery key to the management service.

Abstract: A method of data transfer from a tenant to a service provider comprises encrypting the data with a public key of a key pair generated by a secure device within the service provider system. The data thus cannot be accessed by the service provider during transmission. The data is generated with a corresponding access control list, which specifies that a valid certificate must be presented in order to grant a particular use of the data once stored. The tenant can thus retain control of the use of the data even though it has been transferred out of the tenant system. A method of controlling use of data securely stored in the service provider system comprises issuing a use certificate having an expiry time to the party requesting use of the data. The use certificate must be validated before use of the stored data is granted. This enables the tenant to grant use of the stored data for a limited time period.

Abstract: Systems and methods for fraud monitoring are disclosed, including: receiving a transaction request associated with a first instrument of a user; extracting, characteristics of the transaction request; identifying, by the first processor, user data based on the transaction request; determining a fraud severity value and notification value based on inputting the characteristics and user data into a fraud machine learning model; performing a first fraud action based on the fraud severity value; wherein the first fraud action is at least one selected from the group of locking the first instrument for a period of time, deactivating the first instrument, and electronically transmitting a first query message to a user device associated with the first instrument; and transmitting a fraud notification based on the notification value, wherein the fraud notification includes severity information associated with the fraud severity value.

Abstract: An automated voting platform can allow a user to register to vote, view information about candidates, and submit votes in an election using his or her own personal computing device. To minimize the likelihood of voter fraud, the automated voting platform can implement an authentication process that requires the user to submit biometric or other identification information prior to being enabled to access the user's account with the automated voting platform. This authentication process can also require the user to repeatedly submit biometric information thereby ensuring that the same user continues to use the computing device while accessing the user's account.

Abstract: A method for creating a secure channel for updating a digital currency hardware wallet application: upon receiving a security operation execution instruction, obtaining a public key and a certificate number of a host computer from within the security operation execution instruction, obtaining a corresponding certificate of the host computer according to the certificate number, and verifying the certificate of the host computer using the public key of the host computer; when receiving a verification instruction, obtaining the public key of the host computer according to a key version number and a key ID in the verification instruction, generating a receipt according to a temporary public key of the host computer, the public key of the host computer and a generated session key which are in the verification instruction, and sending the receipt to the upper computer; upon receiving the application update instruction, using the session key to decrypt application data ciphertext in the application update instructio

Abstract: A media system replaces content in a first sequence of media content. The media system presents the first sequence of media content to an end-user and generates a fingerprint of the sequence of media content. The fingerprint is for comparison with a plurality of reference fingerprints so as to identify the first sequence of media content and determine a reference position within the first sequence of media content. The media system sends a request for a replacement sequence of content to a content replacement system, and receives replacement media content selected based on the identified first sequence of media content. The media system presents the replacement media content to the end-user instead of the first sequence of media content. Presenting the replacement media content begins at a position in the first sequence of media content that is determined based on the reference position.

Abstract: An information processing apparatus in the present invention includes: an acquisition unit that acquires first history information indicating that a procedure related to boarding of a passenger in an airport was performed with biometric authentication and second history information indicating that the procedure was performed with reading of a medium; and an output unit that outputs usage status of the biometric authentication in the procedure based on the first history information and the second history information.

Abstract: Aspects of the disclosure relate to a smart contactless card to detect real-time suspicious card readers or other fraudulent devices. Prior to a transaction, the smart contactless card detects suspicious card readers or fraudulent devices. An alert may be generated upon detection of any suspicious or fraudulent card reader. In some arrangements, the smart contactless card may utilize machine learning models or machine learning capabilities to detect suspicious card readers. The smart contactless card may pair with other smart contactless cards to detect and alert users to suspicious card readers or other fraudulent devices. The paired smart contactless cards may share information regarding suspicious card readers or fraudulent devices over a semi-autonomous data-sharing network. A vulnerability score may be generated and used to determine if a card reader or other payment device is suspicious.