Abstract: Disclosed are exemplary embodiments of systems and methods for facilitating services associated with transaction requests. In an exemplary embodiment, a method generally includes receiving, from a first entity, a transaction request for a payment account transaction. The transaction request includes a primary account number (PAN) for a payment account involved in the transaction. The exemplary method also includes overwriting the PAN in the transaction request with a non-PAN identifier (NPI), where a first segment of the PAN is identical to a first segment of the NPI and where the NPI is an invalid PAN. The exemplary method further includes routing the transaction request to a service, whereby the service is able to be implemented for the transaction request based, in part, on the first segment of the NPI while the PAN remains anonymous to the service.

Abstract: Methods that can facilitate more optimized relocation of data associated with a memory are presented. In addition to a memory controller component, a memory manager component can be employed to increase available processing resources to facilitate more optimal execution of higher level functions. Higher level functions can be delegated to the memory manager component to allow execution of these higher level operations with reduced or no load on the memory controller component resources. A uni-bus or multi-bus architecture can be employed to further optimize data relocation operations. A first bus can be utilized for data access operations including read, write, erase, refresh, or combinations thereof, among others, while a second bus can be designated for higher level operations including data compaction, error code correction, wear leveling, or combinations thereof, among others.

Abstract: A system for and method of reconciling access data from a plurality of organizational systems with that of data comprising access rights of members of that organization. The system and method provide a means for identifying inconsistencies between the data representing actual access and that of data representing granted access rights which should be in place for various past and present users. Identified inconsistencies are reported to parties responsible for compliance with organizational and regulatory rules so that those parties can investigate and correct errors before they result in failure to meet service level or regulatory requirements.

Abstract: Systems and methods of providing third-party applications with access to functionalities of a proprietary communication network via a network as a service (NaaS) software development kit (SDK) are disclosed. The NaaS SDK includes a web authentication broker and a WebSocket handler, and may include additional modules to facilitate network access. The NaaS SDK authenticates the user account and establishes a communication connection with the proprietary communication network, which is then used to further access functionalities of the proprietary communication network. The communication connection may be used to establish media connections for specific communication sessions over the proprietary communication network, such as making or receiving voice calls.

Abstract: Provided are a system and method for authenticating a transaction. The authentication method may be performed by a user computing device, and may include providing, to a merchant device, account information for payment of a transaction, receiving, from the merchant device, a request to authenticate the transaction using payment software of the user device, and executing the payment software in a virtual environment. The executed payment software may authenticate, with an external server, that the account is paired with the payment software of the user device, and transmit a result of the authenticating to a payment network.

Abstract: A risk control method includes: acquiring risk information of a current user operation; calculating, for an identity verification mode corresponding to historical identity verification, a security coefficient according to the risk information and security information corresponding to the identity verification mode, and calculating an estimated operation risk according to the security coefficient and an amount corresponding to the user operation; and performing prescribed risk control processing on the user operation when the estimated operation risk satisfies a preset condition, and waiving performing prescribed risk control processing on the user operation when the estimated operation risk does not satisfy the preset condition.

Abstract: A computer processor and a security enhancing chip may be provided. In one aspect, the computer processor may comprise a storage for storing an encryption key, a central processing unit (CPU) configured to execute one or more software programs, and a circuit configured to calculate a hash function to generate a hash value for data loaded into the computer processor and generate an authentication token for a request initiated by a software program running on the CPU. In another aspect, the security enhancing chip may comprise a first storage for storing an encryption key, a second storage for storing a certificate, a hash storage and circuit components configured to validate, using the first certificate, command(s) adding the encryption key to the first storage and storing a first hash to the hash storage, and to process a request if a second hash in the request is equal to the first hash.

Abstract: In an example, a method of managing access to resources managed by heterogeneous resource servers having different policy document formats in a cloud services environment includes obtaining, at an identity and access management (IAM) service, a policy document describing privileges of an end user with respect to accessing at least one resource of the resources managed by a resource server of the heterogeneous resource servers; sending the policy document from the IAM service to an resource server endpoint designated by the resource server for validation; storing, by the IAM service, the policy document in a datastore in response to a determination by the resource server endpoint that the policy document is valid; and generating, by the IAM service, an indication that the policy document is invalid in response to a determination by the resource server endpoint that the policy document is invalid.

Abstract: A method for authentication includes receiving consumer information associated with a consumer transmitted over a first data network in a processor operated by an account issuer; determining available account authentication options based on the received consumer information and a database of potential authentication options stored in a memory in the processor; selecting a set of available authentication options from the available account authentication options based on a database of attributes for the potential authentication options stored in the memory in the processor; transmitting consumer information to an authentication provider associated with a selected authentication option over a second data network; receiving an authentication confirmation over the second data network in the processor; and updating the database of attributes for the potential authentication options to include information regarding a successful authentication and the authentication provider associated with the selected authenticatio

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to receive from a first device a digital key, receive from a second device an encrypted data item, decrypt the encrypted data item using the digital key to obtain a decrypted data item, and verify the decrypted data item matches a reference data item, and responsive to the decrypted data item matching the reference data item, grant access to at least one of the first device and the second device.

Abstract: A method for connecting a mobile device with a vehicle-based system is described. The vehicle based-system comprises a first device and a second device that are both in possession of a system key. For an initial connection request between the first device and the mobile device, a token pair comprising a plaintext token and an encrypted token has been provided. The encrypted token is obtainable by applying the system key to at least the plaintext token. The mobile device is connected with the vehicle-based system by receiving, for a subsequent connection request with the second device and from the mobile device, the token pair comprising the plaintext token and the encrypted token. The token pair is verified using at least the system key. The subsequent connection is accepted upon successful verification of the token pair.

Abstract: A mobile device verification method for a facility includes the mobile device requesting authorization to permit entry to and/or exit from the facility, validating the mobile device request, and verifying, as a mobile device enters and exits the facility, that the mobile device is the mobile device whose authorization request was validated.

Abstract: Provided is a heterogeneous network of independently provided system components for detecting and verifying time and location of endpoints. In one aspect, a method includes receiving, at a first network component and from a second network component, a set of instructions for generating tokens in association with an application service; generating, at the first network component, the tokens based on the set of instructions; transmitting, by the first network component and according to the set of instructions, one or more of the tokens to one or more proximity emitter devices; receiving, from a user device, a message including a token received by the user device from at least one of the one or more proximity emitter devices; and validating the token to confirm that the token is from among the tokens generated by the first network component, the validation allowing the user device access to the application service.

Abstract: Devices and methods for single sign-on and regulatory compliance involve a processor of a communication device executing a first entity application that stores user authentication data on a secure vault element of the communication device. Thereafter, the stored user authentication data is retrieved from the secure vault element by the processor executing a second entity application, and the processor executing the second entity application logs the user into the second entity application based on the user authentication data retrieved from the secure vault element without requiring entry of further user authentication data.

Abstract: A method for provisioning a payment account to a mobile wallet includes receiving a request to provision a payment token configured to facilitate a mobile wallet transaction. The method includes receiving a payment account configured for provision to a mobile wallet, generating the payment token responsive to the request to provision the payment token, associating the payment token with the payment account, receiving account information for the payment account, receiving address information from a mobile device associated with the mobile wallet, the address information uniquely identifying the mobile wallet, and provisioning the payment token associated with the payment account to the mobile wallet responsive to receiving the address information and the account information.

Abstract: Transaction cards, systems and methods configured with card validation and fingerprint or other activation features. In one embodiment, an exemplary transaction card may comprise transaction circuitry configured to conduct purchase transactions, at least one fingerprint sensor, data storage configured to store fingerprint reference data, communication circuitry, card control circuitry configured to activate or otherwise control the card based on fingerprint verification, and computer readable media storing instructions for transmitting fingerprint verification information when a purchase transaction is attempted to POS device and/or an online entity.

Abstract: An access control method for controlling access to data requested from an electronic information system. The method comprises receiving a request for the data, determining a user identity associated with the request; gathering the requested data from one or more data sources by an orchestrator for input to a cognitive engine; analyzing the requested data; based on results of analyzing the requested data, deciding on whether the user identity can be allowed to access the requested data; providing feedback by the user identity; and updating a learning module based on the feedback.

Abstract: The disclosure includes novel encryption and/or decryption methods and systems that provide various security benefits. More specifically, the disclosure includes a description of a file encryption process and its ability to dynamically control permissions on who is allowed to decrypt the file. Moreover, the disclosed process permits an encrypted file to be freely distributed without losing the ability to govern/regulate decryption.

Abstract: A computing system architecture includes a token generator communicable with a client token agent. The client token agent is communicable with a client database access agent. A database management system is communicable with the token agent. The database management system is communicable with the client database access agent. A client authorization management system is communicable with the database management system. The client authorization management system stores a list of authorized operations for a client. The list of authorized operations is configured to be changeable during a client login session.

Abstract: An unlocking method and an unlocking apparatus are provided. According to an example, the unlocking method comprises: determining whether a mobile terminal to be unlocked exists; and sending a preset instruction to the mobile terminal when the mobile terminal to be unlocked exists, where the preset instruction is configured to control the mobile terminal to unlock a display screen.

Abstract: Disclosed are methods, systems, and devices for facilitating secure and private communications, via a website or application of a third-party computing system (TPCS), between a user device and a service provider computing system (SPCS). The communications may be conducted via a frame in a website served by the TPCS. The TPCS may serve a website that incorporates a customizable SDK component provided by the SPCS. The communications allow the user to, for example, open a new account. The SDK component may be initialized via a script from the SPCS, and authenticated via a session token obtained from the SPCS via the TPCS. The SDK component may provide user information, input into the frame, to the SPCS via API calls to the SPCS. The user does not navigate away from the website while securely engaging the SPCS. The third-party/partner need not develop its own user interface, security protocols, etc.

Abstract: A method includes detecting, by a computing device, activation of a link to content served by a remote server, and in response to detecting activation of the link, attempting to load a passive mixed content item from the computing device. The method also includes determining whether the passive mixed content item successfully loaded. The method further includes, in response to determining the passive mixed content item successfully loaded, accessing, using an application on the computing device, the content from the remote server. In addition, the method includes, in response to determining the passive mixed content item did not successfully load, accessing, using a web browser, the content from the remote server.

Abstract: Embodiments are directed to a method of providing access verification for a system that includes activating a security control device, which is in communications with a host device. The method also includes having the security control device receiving a verification signal coming from outside the system while being locally-based, and comparing the verification signal to a table of stored criteria values. The device then chooses a response based on that comparison and sends an access determination signal based on the response.

Abstract: Disclosed are methods, systems, and devices for facilitating secure and private communications, via a website or application of a third-party computing system (TPCS), between a user device and a service provider computing system (SPCS). The communications may be conducted via a frame in a website served by the TPCS. The TPCS may serve a website that incorporates a customizable SDK component provided by the SPCS. The communications allow the user to, for example, open a new account. The SDK component may be initialized via a script from the SPCS, and authenticated via a session token obtained from the SPCS via the TPCS. The SDK component may provide user information, input into the frame, to the SPCS via API calls to the SPCS. The user does not navigate away from the website while securely engaging the SPCS. The third-party/partner need not develop its own user interface, security protocols, etc.

Abstract: Disclosed are methods, systems, and devices for facilitating secure and private communications, via a website or application of a third-party computing system (TPCS), between a user device and a service provider computing system (SPCS). The communications may be conducted via a frame in a website served by the TPCS. The TPCS may serve a website that incorporates a customizable SDK component provided by the SPCS. The communications allow the user to, for example, open a new account. The SDK component may be initialized via a script from the SPCS, and authenticated via a session token obtained from the SPCS via the TPCS. The SDK component may provide user information, input into the frame, to the SPCS via API calls to the SPCS. The user does not navigate away from the website while securely engaging the SPCS. The third-party/partner need not develop its own user interface, security protocols, etc.

Abstract: A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource.

Abstract: User authentication techniques that use a companion device associated with a mobile computing device are described. The companion device receives a user authentication request from a user authentication service via the mobile computing device, displays information related to the user authentication request, receives an approval of the user authentication request, and transmits the approval of the user authentication request to the service via the mobile computing device. In one embodiment, after transmitting the approval, the companion device receives a token from the mobile computing device that includes a value obtained from the service, signs the token with a private key of a securely-stored signing key pair and provides the signed token to the service via the mobile computing device. In another embodiment, after the companion device transmits the approval to the mobile computing device, the mobile computing device provides a personal identification code from secure storage to the service.

Abstract: A disclosed method performed by a network device can include intercepting cryptographic certificates of host servers received in response to requests for encrypted connections between host servers and user devices, and determining that each encrypted connection is a suspicious connection or a normal connection based on a certificate validation policy. The method can further include causing decryption or metadata analysis of any suspicious encrypted connection and bypassing decryption or metadata analysis of any normal encrypted connection.

Abstract: Certain embodiments of the present disclosure relate to systems and methods that control access to system resources, such as interfaces, access rights to events, query systems, and other suitable system resources. Further, certain embodiments of the present disclosure relate to a collision detection technique that is implemented to control which and/or a number of queue positions within a queue that are processed. In some implementations, a collision may be detected when two or more users request the same access right within a defined time period.

Abstract: A method for signing up a user to a service for controlling at least one functionality in a vehicle (10) by means of a user terminal (20) comprises the following steps: —communicating a user identifier and an identifier associated with the vehicle (10) to a server (50); —having the server (50) authenticate an electronics unit (11) of the vehicle (10); —in the event of successful authentication, registering the user identifier and the identifier associated with the vehicle (10) in association with one another in the server (50).

Abstract: A method and apparatus for authenticating a user commerce account associated with a merchant of a commerce platform are described. The method may include initiating authentication of the user commerce account associated with the merchant of the commerce platform from a commerce platform user interface of a user device, the user commerce account established for a user of the merchant. The method may also include sending an electronic message to a mobile device associated with the user account at the commerce platform, wherein the electronic message comprises an authentication code, and receiving the authentication code from the commerce platform user interface. Furthermore, the method may include generating an authentication key for the mobile device in response to matching the received authentication code with the sent authentication code and receiving a cookie provided from the commerce platform to the mobile device.

Abstract: Embodiments are provided for receiving media content based on the user media preferences. An example implementation includes a one or more servers receiving data representing a guest list for an upcoming event corresponding to a first user account, the guest list indicating multiple guests corresponding to respective second user accounts of a second cloud service and querying one or more streaming media services for music preferences corresponding to the multiple guests. The one or more servers receive, from the one or more streaming media services, data representing respective music preferences corresponding to the multiple guests and generate a playlist of audio tracks based on the received respective music preferences corresponding to the multiple guests. During the event, the server(s) cause the playlist to be queued in a playback queue for playback by one or more playback devices of a particular media playback system registered with the first user account.

Abstract: Aspects of the subject disclosure may include, for example, initializing a secure timer in a wireless device, determining whether a subscriber identification module (SIM) card installed in the wireless device comprises a carrier identity that matches a carrier identity stored in the machine-readable medium, establishing a network connection with a trusted server, starting the secure timer if the SIM card and network connection are satisfactory, periodically checking the network connection and SIM card until expiry of the secure timer, penalizing the secure timer responsive to a failure of the network connection or SIM card check, and responsive to expiry of the secure timer, unlocking a SIM lock. Other embodiments are disclosed.

Abstract: Method and System for performing secure card less transactions using a user device is disclosed. Initially, an authenticated banking application is downloaded on the user device wherein the downloaded application is linked to a user by a unique ID. To perform a transaction, the user logs in to the downloaded application and after login the user device and the ATM are securely paired, wherein the ATM also has a location based unique ID. The secure pairing process uses parameters such as a specific application identifier and a transaction terminal identifier. Once the user initiates the secure pairing process, the ATM displays a unique number generated by the bank server. The unique number is linked to the user and is entered in the portable device. Further, biometric authentication is performed and after validating a token ID is generated where a User specific UI is obtained and rendered onto the user device.

Abstract: Content is selectively provided to users of mobile devices within a venue including an on-site wireless network. User authorization requests and/or user account registration data are transmitted to the on-site wireless network from mobile devices within the venue. Attributes such as user interests and professions, which comprise inferred user profiles, are obtained using the network traffic data. Identities of mobile devices are established based on a combination including two or more of network identifiers, mobile device signatures, and browser signatures. The inferred user profiles are correlated with the mobile device identities. The inferred user profiles are aggregated into user profile groups and then matched with a content provider's intended target profiles. Content is transmitted to the mobile devices corresponding to the intended target profiles and based on correlation of the inferred user profiles with identities of the devices.

Abstract: Techniques for managing an application token may include providing, by a first service provider application on a communication device to a first service provider computer, a first request for a first application token, receiving, by an account management application on the communication device from a token service computer in communication with the first service provider computer, the first application token, and storing the first application token in a token container in the account management application.

Abstract: Aspects described herein relate to methods, devices and systems that allow for a client device, as part of a remote access or cloud-based network environment, to map external user identities to desktops and applications. Local user accounts can be dynamically generated on a virtual delivery agent. A mapping of the local user account to an external identity can be secured using signed tokens and maintained by a broker machine that allocates resources for the deployment of particular applications to the client device from the virtual delivery agent. This allows for the removal of any dependency on an Active Directory for maintaining user identities or federated sign-on services, greatly simplifying the management of user identities within the system and allowing for greater compatibility across client devices.

Abstract: A client transmits a user identifier and a password to a server via an application programming interface (API). The client establishes an authenticated session with the server in which the client has a first set of permissions for operations associated with the API. The client receives, responsive to a verification of the user identifier and password by the server, a logon response and a shared secret. The client generates a one time passcode (OTP) based upon the shared secret. The client sends the OTP to the server via the API. Responsive to the server validating the OTP against the shared secret, the server grants a second set of permissions for operations associated with the API.

Abstract: Disclosed herein are various systems, methods, and processes for sharing a storage device with multiple virtual machines. A pseudo-identity is created for a storage device. Information in a hypervisor is configured to modify a response to a command issued to the storage device by a virtual machine. Physical characteristics of the storage device are determined and it is also determined whether the physical characteristics are acceptable. If the physical characteristics are acceptable, a virtual disk associated with the virtual machine is used. If the physical characteristics are unacceptable, a mapping of the virtual machine is migrated to another storage device.

Abstract: A method for establishing a trust association includes receiving, by a server, a request to associate a web source with an account, the request having a link to the web source, and accessing, by the server, the web source in response to the request to associate. The method further includes locating, by the server and within the web source, a tag associated with the account, creating, by the server and in response to locating the tag within the web source, a trust association between the account and the web source, and providing, by the server, an indicating of the trust association for display in a user interface of a client device.

Abstract: Aspects of the present disclosure are directed to electronic computer implemented methods of data communication. At least one method includes, via a data communications network, receiving one or more mobile EDI token datasets associated with each of one or more mobile devices; each of the mobile EDI token datasets including a mobile online ID attribute data element, a beacon attribute data element and biometric ID attribute data element; via a data communications network, receiving a matching score attribute data element associated with at least one of the mobile EDI token datasets; electronically processing and authenticating the least one mobile EDI token dataset based on the received matching score attribute data element; and via a data communications network, transmitting the mobile online ID attribute associated with the authenticated mobile EDI token dataset.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include associating a token with a computing device, defining preferences for the computing device, and conveying, by the computing device, the token and the preferences to an event processing system. Upon the event processing system, an event message from a computing system via a one-way firewall and matching the computing device preferences to the event message, the event processing system can convey the token and the event message to a push notification system. In some embodiments, upon the push notification service receiving the token and the event message, the mobile device can be identified based on the token, and the event message can be conveyed to the computing device. The event messages may include a severity level, and the preferences may include a severity threshold and a message detail level.

Abstract: Disclosed are various approaches for implementing an application authentication wrapper. An authentication request, such as a Kerberos request, is created for authenticating the computing device. The authentication request is encrypted to generate an encrypted authentication request. The encrypted authentication request is then forwarded to a reverse proxy server. An encrypted authentication response is received from the reverse proxy server. The encrypted authentication response, such as a Kerberos response, is then decrypted to generate a corresponding authentication response, which is then forwarded to the computing device that generated the authentication request.

Abstract: An example method of implementing server-driven notifications to mobile applications may include: receiving, by a mobile computing device, a message from a notification server, wherein the message comprises a payload identifying a mobile application running on the mobile computing device; translating the payload into a local notification including an identifier of the mobile application; causing the local notification to be displayed on the mobile computing device; and responsive to receiving a user interface event associated with the local notification, processing the user interface event by a handler of the mobile application.

Abstract: Embodiments of the disclosure provide a method of incorporating multiple authentication systems and protocols. The types of authentication systems and protocols can vary based on desired assurance levels. A Centralized Authentication System together with an authentication policy dictates acceptable authentication systems. Authorization data for each authorization system are captured and packaged into a single Object Data Structure. The authorization data can be compared to data stored in an identity store for authentication. The authorization data can also be used for user and device registration and for transferring an authentication or registration token from a previously authenticated and registered device to a new device.

Abstract: A remotely managing and controlling system and a remotely managing and controlling method are provided to a user for receiving feedback information and control right of the target device through a remote connecting device. To achieve the above goal, a remote control program is proposed and installed in a controlling device, named controlling terminal, and the target device, to determine whether operation modes can be executed through the remote connecting device. The remote connecting device transmits control commands and data to the target device, and receives the feedback information and the control right of the target device. Then, the controlling terminal can control the target device according to the feedback information for increasing the efficiency of data management. Further, the system and the method can receive a location of the target device through a tracing platform, and control the target device for increasing security of data stored in the target device.

Abstract: A first controllable appliance receives from a second controllable appliance a command for causing the first controllable appliance to be placed into a state and, in response, determines a trust level of the second controllable appliance. When it is determined that the second controllable appliance is trustworthy, the first controllable appliance executes the command. When it is determined that the second controllable appliance is untrustworthy, the first controllable appliance ignores the command. Otherwise, the first controllable appliance enters into a state in which the first controllable appliance waits for at least a predetermined period of time for a user to confirm whether or not the first controllable appliance should be caused to execute the command.

Abstract: An apparatus and a method for registering a device in a cloud server are provided. The apparatus includes detecting the device by using short-range communication, requesting an authentication code used for registering the device in the cloud server from an account server in response to the device being detected, receiving the authentication code from the account server, and transmitting the received authentication code and connection address information of the cloud server to the device.

Abstract: Apparatuses, systems, methods, and computer program products are disclosed for distributed and/or decentralized data aggregation. A method includes determining a user's electronic credentials for a third party service provider. A method includes detecting that access to a third party service provider is unavailable. A method includes processing, using machine learning, a website of a third party service provider to determine a prediction of an input location for a user's electronic credentials. A method includes accessing a third party service provider using a predicted input location for a user's electronic credentials to download data associated with the user from the third party service provider.

Abstract: Disclosed are a transaction card and an information displaying method. The transaction card includes a card body, a power supply, a graphic code generation circuit, and a display device. The power supply, the graphic code generation circuit, and the display device are embedded within the card body. The power supply is connected to the graphic code generation circuit and the display device. The graphic code generation circuit is configured to generate a graphic transaction code based on transaction account information of a user. The display device is configured to display the graphic transaction code.