Abstract: Disclosed are systems and methods that require/force bots to access and interact with webpages at a similar level to humans, by including an executable script that generates/updates a test value for a webpage. The client devices must perform certain processing and/or rendering of the webpage to call the computations necessary for generating the updated test value. The script must be executed as a function of processing and/or rendering the webpage. The script may be retrieved from the webserver as a function of processing and/or rendering the webpage. When the browser executes this script, the browser generates the updated test value. At some point, the client device submits a request for certain process with the updated test value. The server compares the inbound test value from the client device against an initial/previously received test value or an expected test value to determine whether the browser is being operated by a human.

Abstract: Systems and methods for improved security authentication are disclosed. In some embodiments, an improved system for security authentication may include a plurality of computing devices, and a server system communicatively coupled to the plurality of computing devices. The server system may be configured to receive a request for security authentication, determine an authorization providing computing device from among the plurality of computer devices based on authentication preferences stored in a database communicatively coupled to the server system, generate and transmit authentication information to the determined authorization providing computing device, receive, from an initiating computing device an authentication input, determine whether the received authentication input matches the transmitted authentication information, and complete the request for security authentication when the received authentication input matches the generated and transmitted authentication information.

Abstract: A system and method are disclosed that leverage multi-factor authentication features of a service provider and intelligent call routing to increase security and efficiency at a customer call center. Pre-authentication of customer support requests reduces the potential for misappropriation of sensitive customer data during call handling. A contactless card uniquely associated with a client may provide a second factor of authentication via a backchannel to reduce the potential for malicious third-party impersonation of the client prior to transfer of the call to the customer call center. Pre-authorized customer support calls may be intelligently and efficiently routed directly to call center agents, without incurring further delay. During call handling, call center agents may initiate further client authentication processes, including contactless card authentication requests, over one or more different communication channels for authorizing access to sensitive information or to allay suspicion.

Abstract: Systems and methods for facilitating authentication for payment transactions using pattern-based time bound passwords. More specifically, techniques disclosed herein enable authentication of payment transactions performed by a user at a merchant terminal based on a pre-registered pattern provided by the user within a pre-defined time period limit. The pre-registered pattern drawn in the pre-defined time period is registered as a password for authenticating any payment transaction performed by the user using a payment card which is associated with an account of the user in an issuing bank. If the user provides the pre-registered pattern within the pre-defined time period limit, the payment transaction is authenticated. In another embodiment, such pattern-based time bound password is used as a second level authentication in which first level authentication is performed by a personal identification number.

Abstract: Exemplary system, method, and computer-accessible medium for transmitting or generating an encrypted message(s) to or for a receiver(s) from a sender(s), can be provided, which can include, for example, generating an electronic public key(s) and an electronic private key(s) for the sender(s), generating first information based on (i) data of the sender(s), (ii) a state(s) of the sender(s), and/or (iii) a type of the sender(s), electronically selecting an electronic message signal(s) and a time stamp(s) based on the first information, generating a message(s) based on the electronic message signal(s) and the time stamp(s), generating the encrypted message(s) by encrypting the message(s) using the electronic private key(s), and transmitting the encrypted message(s) to the receiver(s).

Abstract: A secure method for resetting the password for an account is disclosed. During the setup of the account, the user can provide the service provider with a media file, and when the user asks the service provider to reset the password for the account, the user will be prompted with several media files. The user can be asked to identify the media file that the user provided to the service provider at the time of the setup of the account. If the user properly identifies the media file, the password will be reset.

Abstract: A device may receive a request from a first user device to access a protected device. The device may verify a user identity of a user of the first device based on user credentials and determine that an authentication code is needed to authenticate the request to access the protected device. The device may dynamically generate multiple codes and transmit the multiple codes to a second user device associated with the user identity of the user of the first device. A first code, of the multiple codes, may correspond to a correct authentication code needed to authenticate the request to access the protected device. The device may transmit a message including an instruction for identifying the correct authentication code from among the multiple codes, receive a second code from the first device, compare the second code and the first code, and selectively authenticate the request to access the protected device.

Abstract: A method for establishing account controls for a transaction account through specially configured personal identification numbers includes: storing, in an account profile, an account identifier, standard personal identification number (PIN), and blocking PIN; receiving a first authorization request for a first payment transaction including the account identifier, a merchant identifier, and the blocking PIN; inserting the merchant identifier into the account profile; receiving a second authorization request for a second payment transaction including the account identifier and the merchant identifier; and transmitting an authorization response in response to the second authorization request including a response code indicating decline of the second payment transaction.

Abstract: An information processing system including a communication unit that acquires information related to an interaction between objects from a sensing device that detects the interaction between the objects, an emotion information database constructed by accumulating an evaluation value used when an emotion value of each object generated based on the information related to the interaction between the objects is calculated, a certification unit that certifies the sensing device and issues certification information to the sensing device, and an authentication unit that authenticates the information related to the interaction transmitted from the sensing device based on the certification information issued to the sensing device.

Abstract: Systems and methods are provided for authenticating mobile payments from a customer account to a merchant. The systems and methods may include a financial service provider receiving a request to authorize an electronic transaction at a point-of-sale. A financial service provider server computer may verify that the customer is present at the point-of-sale using received location data. An image having distorted text such as a captcha may be transmitted to a device at the point-of-sale, and the customer may read the captcha aloud. A voice sample of the customer may be sent to the financial service provider for comparison to stored voice recordings, to verify that the customer's voice sample is authentic if the voice matches a previously generated voice recording for the account. If the voice sample is authentic, the financial service provider may authorize the mobile payment.

Abstract: A method for managing customers for a store includes generating first account identification information from stored account information of a customer. The method also includes transmitting a list of candidate payees within a predefined distance of a current geolocation of a personal communication device of the customer and identifying the store as a party to a transaction with the customer based on feedback. The method still further includes receiving, from the store, a transaction message indicating the customer is a counterparty to the transaction, the transaction message comprising second account identification information received at the communication device of the store from the customer. The method also includes determining the first account identification information matches the second account identification information.

Abstract: An access control system includes a verification computing system that stores access rights information and credential proxies received from user devices, receives from a local access control subsystem an input credential and input credential proxy derived therefrom and received from a present user, identifies the access rights information associated with the user according to the input credential proxy and the stored credential proxy, requests and receives a stored credential from the user device of the present user, and compares the stored credential to the input credential to authorize the present user. The access rights information is for each of the users to access spaces with the local access control subsystems. The stored credential proxies are derived from stored credential received by the user devices using an algorithm. The input credential proxies are derived from the input credentials using the algorithm.

Abstract: A secret computation system is a secret computation system for performing computation while keeping data concealed, and comprises a cyphertext generation device that generates cyphertext by encrypting the data, a secret computation device that generates encrypted basic statistics by performing secret computation of predetermined basic statistics using the cyphertext while keeping the cyphertext concealed, and a computation device that generates decrypted basic statistics by decrypting the encrypted basic statistics and performs predetermined computation using the decrypted basic statistics.

Abstract: Described are techniques for differentiating humans from bots. The techniques including a computer-implemented method comprising presenting a motion-based challenge-response instruction to a user via a user interface of a first device of a plurality of devices associated with the user and communicatively coupled to one another by a network, where the motion-based challenge-response instruction describes at least one motion that is performable by the user and detectable by at least one of the plurality of devices, and where the motion-based challenge-response instruction is configured to differentiate humans from bots. The method further comprises determining that device data from one or more of the plurality of devices matches the at least one motion. The method further comprises authenticating the first device in response to determining that the device data matches the at least one motion, where authenticating the first device indicates that the user is a human.

Abstract: An automated payment method performed by an automated payment system include: receiving a payment request for a home shopping order from a user of a home shopping server associated with a home shopping broadcast; performing, in an authentication processor, authentication processing on the user based on a user information included in the payment request; and performing, in a payment processor, payment processing corresponding to the payment request based on the user information in response to successful authentication of the user.

Abstract: Embodiments disclosed herein are related to generating and using a private key recovery seed based on random words extracted from a generated story to recover the private key. An input story is received from a user. The story includes random words and filler words that were previously generated. The number of random words generated is based on an entropy level. The random words included in the story are extracted. This means that the user does not need to enter any random words that are not included in the story to recover the private key. The random words are input into a first key recovery mechanism to thereby generate a private key recovery seed. The private key recovery seed is then input into a second private key recovery mechanism, the second private key recovery mechanism generating a recovered private key upon performing a recovery operation on the private key recovery seed.

Abstract: A computer-implemented authentication method, the method comprising: matching a brain pattern sequence with a predetermined password to allow access to a system, wherein the brain pattern sequence is calculated by analyzing a signal slope of a slope threshold of the brain activity to determine a timing and a duration of the brain activity.

Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: An authentication device includes: a wearing position determination unit that determines a wearing position, the wearing position being a position at which a wearable article comprising a sensor is being worn on a body; and an authentication unit that performs authentication by using biometric information of the body, the biometric information being detected by the sensor at the wearing position.

Abstract: A method for protected communication is provided. The method comprises defining master keys for different service domains within the scope of influence of a vehicle manufacturer generating a master key reference for the vehicle within the range of influence of the vehicle manufacturer, securely introducing one or more of the cryptographic keys derived from at least one of the defined master keys and the associated master key reference into the vehicle, and transmitting to an external server a message signed with one of the derived cryptographic keys, which is additionally provided with the master key reference and the current status of the vehicle. The method further comprises deriving the at least one cryptographic key in the external server from the master key identified by the master key reference depending on the key status of the vehicle, and checking the authenticity of the signed message with the derived cryptographic key.

Abstract: Example implementations relate to transposed passwords. A computing device may comprise a processing resource; and a memory resource storing machine-readable instructions to cause the processing resource to: receive an entered password; generate, based on the entered password, a transposed version of the entered password; compare the transposed version of the password to a stored password; and grant access based on the comparison.

Abstract: A system that uses a client's behavioral biometrics—mouse dynamics, keystrokes, and mouse click patterns—to create a Machine Learning (ML) based customized security model for each client/user to secure website log-ins. The ML model can differentiate the user of interest from an impersonator—human or non-human (robot). The model collects relevant behavioral biometric data from the client when a new account is created by the client/user on a website or when the client initially logs-in to the website. The collected biometric data are used to train an ensemble of ML-based classifiers—a Multilayer Perceptron (MLP) classifier, a Support Vector Machine (SVM) classifier, and an Adaptive Boosting (AdaBoost) classifier—in the model. The trained versions of these classifiers are polled to give an optimal prediction in real-time (while the user is logging in). As a result, real-time fraud detection can be accomplished without impacting the log-in performance of the website.

Abstract: A card includes a secure element hosting applications instances. An external interface receive, from an external card reader, an application selection command selecting one application instance from a set of one or more selectable application instances. A biometric interface is configured to acquire biometrics of a user via biometric sensor. A processor compares the acquired biometric data to reference biometric data stored in the card and set the selectable application instance set depending on the outcome of the biometric data comparison. An instance of a non-biometric application is provided in the set only in case of positive comparison. A non-biometric application is thus now biometric-secured. Personalized parameters configuring the instance of a same application may be determined based on the acquired biometrics, allowing configurations of the card to be proposed for several different users.

Abstract: There is provided a computer implemented method of authenticating a user, comprising: receiving a sequence of key-related events of a manually typed text by a user using a keyboard, extracting a plurality of sub-features from the sequence of key-related events, for each instance of a plurality of instances of a respective n-gram of a plurality of n-grams extracted from the text, computing a plurality of statistical features for each respective n-gram from the plurality of sub-features extracted for the plurality of instances of the respective n-grams, feeding the plurality of statistical features computed for each of the plurality of n-grams into a trained machine learning (ML) model, and triggering a security process when the ML model outputs an indication of non-authentication of the user.

Abstract: Techniques are provided for using tokenization in conjunction with “behind-the-wall” JWT authentication. “Behind-the-wall” JWT authentication refers to JWT authentication techniques in which the JWT stays exclusively within the private network that is controlled by the web application provider. Because the JWT stays within the private network, the security risk posed by posting the JWT in a client cookie is avoided. However, because JWT is used behind-the-wall to authenticate a user with the services requested by the user, the authentication-related overhead is significantly reduced.

Abstract: A method comprises an authentication agent receiving a communications protocol message from a login agent of a client attempting to login to a target system. The authentication agent determines a login metric associated with the protocol message. The login metric comprises a latency, network, and/or data entry metric. The authentication agent receives credentials associated with an authentic client of the target system and compares the login metric with a registered metric associated with the authentic client. Based on the login metric comporting with the registered metric, the authentication agent continues login processing or performs a non-comporting metric action. Another method comprises the authentication agent sending a training request to the login agent, receiving a training response, determining a login metric associated with the training response, and recording the login metric among registered metrics of an authentic client. A computing system can implement the methods.

Abstract: A method of facilitating the exchange of data between a user having a computing device, and a remote entity, where a first connection has been established between the user and the remote entity, and where the user has associated data exchange information with an application on the computing device, the data exchange information defining properties of the data to be exchanged between the user and the remote entity.

Abstract: The technology disclosed herein provides a proof-of-work key wrapping system that uses key fragments to cryptographically control access to data. An example method may include: encrypting a first cryptographic key to produce a wrapped key, wherein the first cryptographic key enables a computing device to access content; splitting a second cryptographic key into a plurality of key fragments, wherein the second cryptographic key is for decrypting the wrapped key; selecting a set of cryptographic attributes for deriving at least one of the plurality of key fragments, wherein the set of cryptographic attributes are selected in view of a characteristic of the computing device; and providing the wrapped key and the set of cryptographic attributes to the computing device, the set of cryptographic attributes facilitating determination of the second cryptographic key.

Abstract: A method may include transmitting, at a mobile device executing a keyboard application, a request for a user specific data value to a computing device; receiving, from the computing device, an authentication request with a challenge message; encrypting the challenge message with a private key associated with the keyboard application; transmitting the encrypted challenge message to the computing device for authentication by the computing device; receiving the user specific data value from the server based on the server successfully authenticating the encrypted challenge message; and presenting the user specific data value in the keyboard application on the mobile device.

Abstract: Methods, apparatus, systems, and articles of manufacture to deconflict malware or content remediation are disclosed. An example apparatus includes at least one processor and memory including instructions that, when executed, cause the at least one processor to at least identify data to be encoded into a token, compute a hashed string based on the data to be encoded, determine a number of characters to be included in the token, select a subset of characters from the hashed string, and generate the token using the subset of characters from the hashed string.

Abstract: Embodiments disclosed herein are related to the deauthorization of a private key associated with a decentralized identifier. While a user of a computing system is authenticated as a decentralized identifier, the system detects user input, and determines based on that user input that the private key associated with the decentralized identity is to be revoked. In response to this determination, the private key is deauthorized so that the private key cannot be used to perform actions for the decentralized identity at least until the private key is restored.

Abstract: Certain aspects of the present disclosure provide techniques for privacy-preserving execution of a workflow in a software application. Embodiments include generally includes receiving homomorphically encrypted inputs from a client device corresponding to user-provided data needed to calculate a result for a step of a workflow in the software application. A result is calculated for the step of the workflow using the received homomorphically encrypted inputs. The calculated result is returned to the client device. The calculated result is homomorphically encrypted as a result of calculating the result using the received homomorphically encrypted inputs.

Abstract: A system, apparatuses, and methods for device and network security are discussed herein. In an example, a security device for providing security to user-entered inputs includes a universal serial bus (“USB”) port configured to receive a connector of an input device and a USB connector configured to connect to a port of a user device. The apparatus also includes a processor configured to receive a string of characters from the input device that correspond to inputs made by a user into a web browser or application on the user device. The processor adds at least one security character to the string of characters to generate a watermark string, and transmits the watermark string to the user device. The processor is configured to format the at least one security character such that only the string of characters are displayed in the web browser or the application at the user device.

Abstract: A computer-implemented method is described for enabling recovery of one or more digital assets held on a blockchain by a user under a public key Pk after a corresponding private key Sk for accessing the one or more digital assets is lost. The computer implemented method comprises setting access for the one or more digital assets held on the blockchain under the public key Pk and accessible using the corresponding private key Sk of the user such that the one or more digital assets are also accessible using a private key x shared by a congress on the blockchain network, the congress comprising a group of users on the blockchain network, each member of the congress having a private key share xi, the private key share xi to be used in a threshold signature scheme in which at least a threshold of private key shares must be used to generate a valid signature through the combination of partial signatures of the congress to access the one or more digital assets on behalf of the user.

Abstract: The technology disclosed herein provides a proof-of-work key wrapping system that uses key thresholding to cryptographically control data access. An example method may include: accessing a plurality of cryptographic key shares, wherein two or more of the plurality of cryptographic key shares enable access to content; selecting, by a processing device, a set of cryptographic attributes in view of a characteristic of a computing device; encrypting the plurality of cryptographic key shares to produce a plurality of wrapped key shares, wherein at least one of the plurality of cryptographic key shares is encrypted in view of the set of cryptographic attributes; and providing a wrapped key share of the plurality of wrapped key shares and at least one of the cryptographic attributes to the computing device, wherein the at least one cryptographic attribute facilitates deriving an access key from the plurality of wrapped key shares.

Abstract: A system and method for of temporary password management may include: obtaining, by a password management entity, a request to login a local device into an authentication authority; generating, by the password management entity, a temporary password; sending, by the password management entity, the temporary password to the authentication authority; sending, by the password management entity, the temporary password to a user device; obtaining, at the authentication authority the temporary password from the local device; comparing, by the authentication authority, the temporary password obtained from the local device with the temporary password obtained from the password management entity; and authorizing the login if a match is found.

Abstract: A communication adapter includes: an input unit receiving an operation for requesting transition to a setting mode; a mode setting unit setting a communication mode to the setting mode when the input unit receives the operation for requesting transition to the setting mode; a character string generation unit generating a random character string when receiving a connection start request from a terminal in the setting mode; an image generation unit converting the random character string into image data indicating an image that is difficult for a machine to recognize; an encryption processing unit encrypting transmission data to be transmitted to the terminal using the random character string as an encryption key, and decrypting reception data received from the terminal using the random character string; and a communication processing unit transmitting the image data and the encrypted transmission data to the terminal, and receiving the reception data from the terminal.

Abstract: A near field communication device included in a secure transaction card provides an addition and/or transitional communication link for communicating secure transaction information. The near field communication device may be selectively engaged or disengaged and, when engaged, either active or passive modes of operation of the near field communication device can be selected. in the active mode, secure transaction information is transmitted upon establishment of a communication link with a complementary near field communication device. In the passive mode, secure transaction information is transmitted upon interrogation from a complementary near field communication device. Secure transaction information is generated and stored for transmission in a memory and at least a portion of the memory is erased or nulled upon transmission or upon expiration of a selected period of time.

Abstract: A method, apparatus, and computer program product are disclosed for facilitating two-way email communication in manner that obfuscates sender and recipient email addresses. The method includes receiving a correspondence request indication; assigning a first transaction address to a sender and a second transaction address to a recipient; receiving a message from the sender; associating the message from the sender with the first transaction address; and causing a transmission of the message from the sender to the recipient using the first transaction address. A corresponding apparatus and computer program product are also provided.

Abstract: There is provided a computer-implemented method for securing a transaction. The method comprises receiving or determining 193 a plurality of sub-charges associated with the transaction; and determining 195 a password to secure completion of the transaction based on the plurality of the sub-charges.

Abstract: The disclosed systems and techniques enable an enterprise system to store contact emails for users while avoiding storing and managing personal email addresses for the user. For example, the enterprise system may forward personal email addresses to an aliasing server configured to generate alias email addresses based on the personal email addresses. The aliasing server may operate as a “middle man” that receives emails directed to the email addresses and that forwards the emails to the personal email addresses (when appropriate). The enterprise system may store and maintain the alias email addresses in lieu of storing the personal email addresses.

Abstract: A system and method is provided to register a user; assign a primary account number (PAN) to the user; create an account; create a unique cipher with keys; link, by a trusted source of identification, the PAN to an attribute of the user and to the account; receive the keys at a user device; remove the keys; generate data by a third-party to request the user to perform a transaction; present the PAN to the third-party; receive a transaction request detail; receive the data at a transaction processor based on a unique identifier of the PAN; identify the user using the unique identifier; authenticate the user; request, by the transaction processor, the device to release a key associated with the transaction request detail; decrypt stored information; and send a response, including the decrypted stored information, from the transaction processor to the third-party, thereby identifying the user.

Abstract: This specification provides techniques for secure authentication. One example method includes receiving a login request from a computing device, wherein the login request includes a variable apparatus identifier (ID) associated with the computing device; in response to receiving the login request, determining that the variable apparatus ID corresponds to a user account; in response to determining that the variable apparatus ID corresponds to a user account, determining that an update of the variable apparatus ID is requested based on a timestamp included in the variable apparatus ID and a current time; in response to determining that the update of the variable apparatus ID is requested, generating an updated variable apparatus ID associated with the computing device; and transmitting an account login permission instruction and the updated variable apparatus ID to the computing device.

Abstract: The present disclosure relates generally to computer security and human-computer interaction, and, more particularly, to systems and methods for providing improved user authentication and verification techniques by way of credential-less or near credential-less user input.

Abstract: An access management system including a server is provided. The server receives, from a client device, a request to log into the server with first information specifying identifying a user that has logged into the client device and second information specifying the client device. The server authenticates the client device using the second information and accesses a service provided by an external apparatus and receive a token for accessing the service. The server associates, in memory, the first information with the received token to enable subsequent access to the service, by the server.

Abstract: A signature generation method performed by an electronic apparatus is provided. A message abstract is generated according to a to-be-signed message and eigenvalues of a plurality of signature parties, an eigenvalue of a signature party being based on a random number of the signature party. Public keys and sub signatures of the plurality of signature parties are obtained, and a sub signature of the signature party is based on the random number of the signature party, the message abstract, and private keys of the plurality of signature parties. An aggregation public key is generated according to the public keys of the plurality of signature parties, and a length of the aggregation public key is less than a length of the plurality of public keys after splicing. An aggregation signature is generated according to a sum value of the plurality of sub signatures and the message abstract.

Abstract: A management device (181) calculates, from access information transmitted from a token terminal (121) and a site seed assigned to a server (161), a user seed, and registers the user seed in the token terminal (121). The token terminal (121) obtains a share seed to be shared with the server (161) independently therefrom, calculates a key code from the share seed and the user seed, and presents the key code to the user. When the user enters the key code to an access terminal (141), the access terminal (141) transmits, to the server (161), a request having the key code specified. The server (161) obtains access information relating to the transmitted request, calculates a checkup seed from the access information and the site seed assigned to the server (161), obtains a share seed independently from the token terminal (121), calculates a checkup code from the share seed and the checkup seed, and sets a necessary condition for sign-in that is consistent between the key code and the checkup code.

Abstract: System(s), method(s), and device(s) that generate and use single-use financial account card numbers (SUFACNs) to facilitate secure processing of financial transactions are presented. A user registers a financial account(s) with a financial transaction platform (FTP), a user profile comprising user-related information is created, and a personal identification number (PIN) is associated with the user. When making a purchase locally or online, the user's portable communication device (PCD) accesses the FTP via an application or web site, the PCD synchronizes with the FTP, and the PCD and FTP each respectively generate the same SUFACN(s) based in part on time of generation and PIN. The SUFACN is presented to the seller's register component via scanning (e.g., when SUFACN is a barcode) or entering the SUFACN. The register component sends the SUFACN to the FTP, which interacts with the user's financial account(s) to facilitate payment.

Abstract: A dual-factor PIN based authentication system and method uses a cryptogram provided by a contactless card associated with the client in association with a PIN stored by the contactless card to authenticate the client. In some embodiments, cryptogram authentication may be preconditioned upon a PIN match determination by the contactless card. In other embodiments, the cryptogram may be formed at least in part using the personal identification number (PIN) stored on the contactless card encoded using a dynamic key stored by the contactless card and uniquely associated with the client. Authentication may be achieved by comparing the cryptogram formed using the PIN against an expected cryptogram generated an expected PIN and an expected dynamic key.