Systems and methods for executing sequential suboperations over multiple communication networks. In some aspects, the system receives, via a first communication network, from an external system, an operation related to an aggregated virtual container. The system generates sequential suboperations including a first suboperation associated with a provider of the aggregated virtual container and the external system and a second suboperation associated with the user and the provider of the aggregated virtual container. If the first suboperation is executed successfully, the system transmits the second suboperation to a user system associated with the aggregated virtual container. If the second suboperation is executed successfully, the system generates a first message indicating that the operation has been executed and transmits the first message via the first communication network to the external system.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
2.
RESTRICTIVE ENDORSEMENT DETECTION AND MERGER DURING UPLOAD PROCESS
Systems for performing endorsement-based techniques on document during a document upload process are disclosed. During the document upload process, a document upload application may determine whether an endorsement is required on the document to be uploaded, the type of endorsement that is required, and whether the required endorsement is present on the document. Upon determining that an endorsement is required but is missing from the document, document upload application may retrieve and merge the required endorsement with the document as part of the document upload process.
In some aspects, a computing system may use a machine learning model to determine whether a computer security policy should be modified to reduce the likelihood of a cyber security incident. Through the use of a machine learning model, unsafe combinations of access grants or permissions may be identified and modified to prevent cyber security incidents from occurring. The computing system may input a representation of a computer security policy into a machine learning model, which has been trained on a dataset that includes representations of computer security policies. The computing system may generate output indicating a likelihood that the first computing system will be involved in a cyber security incident. Based on the output satisfying a first threshold, the computing system may generate a recommendation to modify the first computer security policy. The computing system may modify the first computer security policy based on the recommendation.
In some embodiments, a system may obtain first feedback indicating one or more first signal‑strength‑related results corresponding with one or more first token interactions occurring in connection with presentation of one or more first components at one or more first locations of a user interface of a user device. Based on the first feedback, the system may obtain one or more second locations of the user interface and cause presentation of one or more second components at the one or more second locations of the user interface. The system may obtain second feedback indicating one or more second signal-strength-related results corresponding with one or more second token interactions. Using the first and second feedback, the system may update a user interface presentation location at which to present a component for a token interaction within a profile associated with a user of the user device.
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
G06K 7/10 - Methods or arrangements for sensing record carriers by corpuscular radiation
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
G07C 9/00 - Individual registration on entry or exit
5.
SYSTEM AND METHOD FOR PROCESSING FINANCIAL TRANSACTION HAVING A BOUND MERCHANT
A system and method for processing a bound payment method is disclosed. A customer can create a virtual card number for use solely at a specific retailer. In this scenario, when the payment method is used for a financial transaction, it becomes necessary to verify that the financial transaction is being carried out with the bound merchant. In embodiments, the virtual card number (VCN) information is received and analyzed to identify the exchange entity and a bound entity associated with the VCN. If it is determined that the merchant associated with the transaction does not match the bound merchant associated with the VCN, then the customer is notified of the discrepancy and provided an opportunity to confirm the dispute the denial.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
G06Q 30/06 - Buying, selling or leasing transactions
Aspects described herein may relate to a transaction exchange platform using a streaming data platform (SDP) and microservices to process transactions in accordance with corresponding workflows. The transaction exchange platform may generate configuration transaction objects to reconfigure microservices with salt values and time periods of salt value validity. Further, the microservices may retrieve transaction objects from a streaming data platform and generate hash signatures as part of determining the validity of the transaction objects. Furthermore, in some aspects the microservices may retrieve salt values for transaction objects that cannot be verified due to the absence of a hash signature. The salt values may be retrieved from a blockchain associated with the streaming data platform and may be used to update the microservice to include the salt value.
G06Q 20/02 - Payment architectures, schemes or protocols involving a neutral third party, e.g. certification authority, notary or trusted third party [TTP]
H04L 9/00 - Arrangements for secret or secure communications; Network security protocols
G06Q 20/10 - Payment architectures specially adapted for home banking systems
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
Example embodiments herein disclose systems and methods for the secure cryptographic authentication of contactless cards by distributed entities. In an example embodiment, a distributed network authentication system can comprises a client node and a distributed ledger node in data communication with the client node, wherein the distributed ledger can contain a database storing a mapping. The client node can receive, from a client device, an authentication request, and responsive to the authentication request, transmit, to the distributed ledger node, a query. The distributed ledger node can receive, from the client node, the query, submit the query to the database, receive, from the database responsive to the query, an identification of at least one selected from the group of a validation node and a validation node address, and transmit, to the client node, the identification.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
8.
SYSTEMS AND METHODS FOR DETERMINING TRUSTED DEVICES
Disclosed embodiments may include a system for determining trusted devices. The system may receive data corresponding to a plurality of users. The system may receive, via a plurality of user devices associated with the plurality of users, a respective request to conduct a plurality of transactions. The system may generate, via an MLM and based on the data, trust scores associated with the plurality of users and the plurality of user devices, wherein each trust score indicates a probability that a user device, of the plurality of user devices, is associated with a user of the plurality of users. The system may determine whether each trust score of a plurality of trust scores exceeds a predetermined threshold. Responsive to determining a trust score of the plurality of trust scores exceeds the predetermined threshold, the system may conduct fraud prevention action(s) with respect to a corresponding user device and user.
Systems and methods include registering use of a virtual certification number (VCN) at a secure entity by receiving, at an external gateway, a registration request comprising an external request code and a primary account number (PAN), wherein the external request code is unique to the secure entity, determining that the external request code is an unregistered external request code, receiving a tokenized PAN based on the PAN, receiving an account identifier by applying the tokenized PAN to a certification mechanism tool application programing interface (API), generating a certification mechanism reference identifier by encrypting a certification mechanism associated with the account identifier and the tokenized PAN, updating a database to associate the certification mechanism reference identifier with the external request code, and transmitting, via the external gateway, a registration authentication to an external entity, the registration authentication comprising the external request code.
Disclosed herein are system, method, and computer program product embodiments for vaultless tokenization. Alphanumeric values may be determined based on numeric values generated from a hash of numeric user information shuffled through a plurality of randomly generated alphanumeric tables. The numeric user information and the alphanumeric values may be used to generate a table index. Shuffled numeric user information may be generated based on the table index and a plurality of randomly generated numeric tables, and transformed to alphanumeric user information (e.g., via format-preserving encryption, additive cipher, etc.). Each character of the alphanumeric user information may be shuffled through a different alphanumeric table of the plurality of alphanumeric tables identified for the character based on the table index.Moreover, an alphanumeric token may be generated based on the shuffled characters of the alphanumeric user information.
G09C 5/00 - Ciphering or deciphering apparatus or methods not provided for in other groups of this subclass, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages
H04L 9/00 - Arrangements for secret or secure communications; Network security protocols
Methods and systems described herein relate to authenticating users-based on generating images that have modified features. More specifically, the methods and systems generate these images by processing existing training data to identify a common feature in existing photos that may be modified, and then modifying that feature with the use of generative adversarial networks.
Methods and systems are described herein for determining auxiliary parameters within datasets, the auxiliary parameters being used to segregate the datasets such that anomaly detection may be performed on the segregated datasets. Based on anomaly detection, alert conditions may then be identified. In particular, a system may, using a machine learning model, determine for a particular target feature (e.g., a parameter being monitored) one or more auxiliary features (other parameters) that effect the values of that parameter and transmit the target feature and the auxiliary features in a message to a monitoring system indicating which features to monitor. The collected data may then be received by the system and transformed into a timeseries dataset, which may then be used to detect anomalies within the data and thereby identify any anomalous points.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Systems and methods for apportioning cloud-based resources through the use of domain name services based on real-time cloud-based database engine traffic patterns. For example, the system may monitor incoming cloud-based database engine traffic over a plurality of disparate computer network resources. The system may generate a first recommendation for domain name service based on the first difference, wherein the first recommendation requests a modification of an allocation of the plurality of disparate computer network resources.
H04L 41/0897 - Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities by horizontal or vertical scaling of resources, or by migrating entities, e.g. virtual resources or entities
Methods and systems are described herein for identifying the location and nature of any blur within one or more images received as a user communication and generating an appropriate correction. The system utilizes a first machine learning model, which is trained to identify blurred components of inputted images and determine whether the blurred components are located in portions of the inputted images comprising textual information. The system may apply a corrective action selected by the first machine learning model, which may comprise stitching blurred images together to a sharp product image and/or some other method appropriate for rectifying images received.
G06V 10/26 - Segmentation of patterns in the image field; Cutting or merging of image elements to establish the pattern region, e.g. clustering-based techniques; Detection of occlusion
Systems and methods for authentication may include an authentication system. The authentication system may include a processor and a memory. The memory may contain a unique identifier, a counter, a session key, and a PAN sequence number. The processor may be configured to receive an authentication request. The processor may be configured to generate, in response to the authentication request, a virtual card number and a dynamic security code based on mapping with a plurality of parameters of a cryptogram including at least one selected from the group of the unique identifier, the counter, the session key, and the PAN sequence number. The processor may be configured to transmit the virtual card number and the dynamic security code to complete the authentication request.
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
Disclosed embodiments include aspects that relate to authentication of contactless interactions. Identifying information can be provided from multiple sources. A chip-embedded card can be registered to an individual and include identifying information associated with the information. During a contactless transaction, identifying information can be acquired. An individual's identity can be validated based on identifying information. A chip-embedded card can be read by a card reader at a particular location providing physical presence information. In one instance, identifying information from the chip-embedded card can be compared to other identifying information to determine whether there is a match or mismatch. A confidence score can be computed based on the amount and type of information provided. An individual's identity can be validated when the confidence score satisfies a threshold.
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
17.
PARALLEL SECRET SALT GENERATION AND AUTHENTICATION FOR ENCRYPTED COMMUNICATION
In a method of facilitating encrypted communications between a transmitting system having a unique identifier and a receiving system, a key generation system generates at least one encryption master key for use with the unique identifier and an encryption algorithm to produce a transmitting system-unique encryption key. The key generation system also generates a shared secret master key for use with the unique identifier and a second encryption algorithm to produce a shared secret value. The at least one encryption master key and the shared secret master key are then stored in an encryption information database. The key generation system transmits the at least one encryption master key and shared secret information to the transmitting system and transmits the at least one encryption master key, the shared secret master key and the unique identifier to the receiving data processing system.
Logic may provide enforce a rate limit for product offers and generate a product token associated for product authentication. Logic may determine a rate limit associated with the product based on an identity of the consumer in a cryptogram for a transaction. Logic may compare the rate limit with a quantity of purchases of the product with a payment instrument provided for payment for the transaction, the rate limit to limit purchases of the product via the payment instrument or by the consumer associated with the payment instrument. Logic may approve the transaction based on comparison of the rate limit in response to the rate limit being greater than purchases of the product. Logic may create a product token via the cryptogram, the product token encoded via the cryptogram, the product token to uniquely identify the product and logic may cause transmission of the product token to the consumer.
Example embodiments of systems and methods for a cryptographic bypass system, comprising: a contactless card; and a server, wherein the server is configured to: receive a cryptogram and location data after a tap of the contactless card to a client device, identify a first merchant based on the location data, set a flag associated with the first merchant and the contactless card, receive a transaction request from a merchant payment system of the first merchant associated with the contactless card, wherein the transaction request indicates a transaction amount, and approve the transaction request when the transaction amount exceeds a first transaction limit when the flag is set.
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
Systems and methods for implementing an automated system and process for facilitating a streamlined and secure transfer of authenticated user data over a network. The process may be initiated via activation of a customized hyperlink displayed on a web interface. The customized hyperlink being operationally integrated with an encryption and authentication providing system to trigger one or more data collection and/or authentication operations that enable an automated retrieval of authenticated user information in a secure fashion. One aspect of the security involves an authentication scheme facilitated by context-switching between a mobile browser-initiated http/https session and one or more data collection and/or authentication functionalities provided by one or more applications stored on a user mobile device. The secure data retrieval process may be further supplemented by a cryptographic exchange of request and/or response messages enabled by a back-end integration with the encryption and authentication providing system.
In some implementations, a system may receive an automatic transaction request associated with an amount. The system may determine that transferring the amount associated with the automatic transaction request from a main account would cause a value associated with the main account to fail to satisfy a threshold. The system may generate an alternative transaction processing instruction to prevent the automatic transaction request from causing the value associated with the main account to fail to satisfy the threshold. The system may process the automatic transaction request according to the alternative transaction processing instruction, wherein processing the automatic transaction request includes: processing the automatic transaction request using one or more alternative accounts or using the main account after the value of the main account has changed to a level sufficient to satisfy the threshold and cover the amount associated with the automatic transaction request.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
22.
SYSTEMS AND METHODS FOR EXTRACTING IN-VIDEO MOVING TEXT IN LIVE VIDEO STREAMS
In some embodiments, user extraction of in-video text may be facilitated. In some embodiments, a video associated with a video communication session may be processed to detect moving text to which a first user is referring in the video. Based on the detection of the moving text, location information associated with the moving text may be determined. For example, the location information may indicate spatial locations of the moving text. Based on the text location information, a graphical text location indicator may be overlayed on the video (e.g., on a first portion of a user interface of a user device) where the graphical text location indicator is presented proximate the moving text. Selectable text corresponding to the moving text and an auxiliary indicator corresponding to the graphical text location indicator may be presented on a second portion of the user interface.
H04N 21/44 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs
G06F 40/40 - Processing or translation of natural language
G06V 40/20 - Movements or behaviour, e.g. gesture recognition
23.
COMPUTER-BASED SYSTEMS CONFIGURED TO DECOUPLE DELIVERY OF PRODUCT CONFIGURATION CHANGES ASSOCIATED WITH CONTINUOUS INTEGRATION/CONTINUOUS DELIVERY PROGRAMMING PIPELINES AND METHODS OF USE THEREOF
Systems and methods are disclosed for providing a CI/CD pipeline that decouples delivery of product configuration changes from code and similar changes, otherwise bundled/handled together with such configuration changes, for delivery to a running application in production. An exemplary method may include configuring components of CI/CD application in production to subscribe to application updates during runtime; processing an update to the application; processing and/or handling the update to process only configuration changes for propagation to subscribed components; validating the configuration changes; and instructing a workflow engine to perform steps such as: determine whether the configuration changes are needed for each component, update the components in runtime memory, if so, and provide the validated changes as an update in a next processing cycle to deploy such changes during the runtime.
Disclosed are systems and methods for adaptive partitioning of memory and storage resources of a first cluster node of a cluster system, comprising a plurality of nodes; wherein the first node includes one or more shards; and a client device in data communication with the plurality of nodes, wherein the first node is configured to: receive a client request, identify one of the one or more shards based on the client request, retrieve shard rules of the identified shard, determine an allocation of one or more memory slots of the identified shard based on the client request, lock the one or more memory slots, and perform one or more operations on the one or more memory slots associated with the client request based on the allocation.
Systems and methods, as described herein, may comprise and/or utilize data governance systems to enable end-to-end encrypted communications between an organization and third parties as well as between systems internal to the organization. The data governance systems may enforce compliance with an organization's data governance policies, as well as various laws, rules, and/or policies, for encrypted communications and/or other encrypted data payloads.
Systems and methods for implementing a single step processing for two-step transactions involving an initial and a final amount. The proposed systems and methods incorporates a built-in logical operations and parameter acquisition scheme for identification of two-step transaction and internal computation of the final amount based on user specified logical operations and input parameters. Data values, corresponding to the input parameters, may be dynamically extracted from the transactions string and/or obtained from one or more applications running on the user device, and subsequently, processed with the specified logical operations to generate a final transaction amount from the initial transaction amount referenced in the transaction request. The final transaction amount may then be validated and a single authentication response transmitted to a payment gateway initiating the request.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
27.
SYSTEMS AND METHODS FOR REAL-TIME CYBER INCIDENT DETECTION IN DATA SPARSE ENVIRONMENTS USING ARTIFICIAL INTELLIGENCE
The systems and methods use a gradient boosted decision tree, which may be trained in data sparse environments. The system also uses a data transformation step to collapse complex data into a standardized feature input (e.g., a fixed length feature input) that may be processed by the model with a constant (or near-constant) lookup time and with minimal latency. Finally, the system generates a dual variable output that provides both a metric of whether a communication is fraudulent and/or unauthorized as well as a confidence level of that determination.
Techniques for protecting data using two password asymmetric encryption based on time-constrained password-based partner tokens. To encrypt data, a first partner computing device receives a first partner token from a second computing device. The first partner computing device decrypts the first partner token to recover first public key data generated by the second partner computing device. The first partner computing device derives a cryptographic encryption key to encrypt the data based on the first public key data, and based on first private key data generated by the first partner computing device. The second computing device may decrypt the encrypted data based on a second partner token generated by the first partner computing device, using a cryptographic decryption key derived using second private key data generated by the second computing device and second public key data generated by the first computing device and embedded and encrypted in the second partner token.
SYSTEMS AND METHODS FOR USING MACHINE LEARNING MODELS TO ORGANIZE AND SELECT ACCESS-RESTRICTED COMPONENTS FOR USER INTERFACE TEMPLATES BASED ON CHARACTERISTICS OF ACCESS TOKEN TYPES
Systems and methods for providing variable and temporary access to account content for a user in a secured manner through the use of an access token with variable properties are described. The systems and methods provide improved navigability to account content accessed via the access token through the customization of user interfaces. For example, the system and methods may generate user interface templates that comprise a recommended selection and organization of user input fields and/or user interface pages.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
Embodiments disclosed herein provide techniques for secure PIN management for contactless cards using an application on a computing device such as a mobile computing device. In some embodiments, the computing device may have an application installed enabling the computing device to act as a secure endpoint that enables communication between the contactless card and a backend server to facilitate PIN management. For example, the application may enable a mobile device to be utilized to view and/or change the PIN associated with a contactless card that is brought in proximity of the mobile device.
A system and techniques to perform functions within a multiple banking system environment utilizing switchboard routing. In one aspect, a computer-implemented method includes receiving, by a node in a system, a request to establish a session to perform a function from a client device, where the function is at least partially performed utilizing a contactless card, generating, by the node, session information corresponding to the session to perform the function, where the session information includes a nonce and a signed session token, sending, by the node, the session information to-the client device, receiving, by the node, a message from the contactless card via the client device, extracting, by the node, an issuer identifier from the message, the issuer identifier associated with the issuer of the contactless card, identifying, by the node, a device associated with issuer identifier, and communicating, by the node, with the device to securely perform the function.
G07F 7/08 - Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card
In some implementations, a device may perform a scan of a content of one or more files in a code repository for violations of one or more compliance rules, where the one or more files indicate a configuration for infrastructure to be provisioned in a cloud computing environment. The device may identify that the content of the one or more files includes at least one violation of the one or more compliance rules. The device may modify the content of the one or more files to correct the at least one violation in accordance with the one or more compliance rules. The device may determine a probability as to whether a build of code of the code repository, using the one or more files with the content modified, is likely to pass. The device may transmit a request to merge the one or more files into the code repository.
Methods and systems described herein for processing of codes stored within security objects may involve scanning a multitude of codes using the security object. When the codes have been scanned, the security object may store the codes until the mechanism is triggered by, for example, detection of a code processing device. As the security object cycles through the stored codes, it may detect a sound from the code processing device, and then a subsequent sound indicating that a first code and a second code have been processed. The security object may determine whether some codes (e.g., between the first code and the second code) may have been skipped and based on that determination, the security object may update cycling time (e.g., time each code is displayed) and then cycle through the other codes.
G06K 17/00 - Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups , e.g. automatic card files incorporating conveying and reading operations
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
G06K 19/06 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
G06K 7/14 - Methods or arrangements for sensing record carriers by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
G06K 7/10 - Methods or arrangements for sensing record carriers by corpuscular radiation
34.
BROWSER PROVISIONED VIRTUAL PAYMENT CARD FOR AN AUTHORIZED USER
Disclosed embodiments pertain to provisioning a virtual payment card for an authorized user in a browser. A primary cardholder can request the addition of an individual as an authorized user on the primary cardholder's account. Further information regarding the individual can be solicited and utilized to compute a risk score associated with adding the individual as an authorized user. Further processing of the request, including whether to terminate or continue, can be based on comparing the risk score to a predetermined threshold. If processing is continued, a virtual payment card linked to the primary cardholder account is generated. Next, the virtual card can be added as a payment method to a browser profile of the individual on a network-accessible computing resource. Subsequently, the authorized user can access the virtual card to make online shopping payments with a web browser personalized with the browser profile.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
Provided are approaches for customizing transaction cards using a replaceable insert. In some approaches, the transaction card may include a body comprising a first main side opposite a second main side, a first end opposite a second end, and a first side opposite a second side, wherein a chip is coupled to the first main side of the body. An insert may be positioned within a recess along the first main side, wherein a first magnetic material of the recess and a second magnetic material of the insert are positioned proximate one another to increase retention between the insert and the body.
Disclosed are methods and systems for granting a guest contact account access. For instance, a request to grant account access to a guest contact that includes guest contact information and account access permission(s) may be received from a first application executing on a first device of an account managing contact. An account session for the guest contact may be generated based on the request, and an electronic communication including a link to provide account session access may be generated and transmitted to a second device of the guest contact. A second application may be opened on the second device upon link selection, where a user interface thereof includes an identity verification prompt. Upon verification, the account session may activate to provide the guest contact account access through the second application. The guest contact's account access may then be revoked based on a determination of an account session termination event occurring.
Aspects described herein may relate to a transaction exchange platform using a streaming data platform (SDP) and microservices to process transactions in accordance with corresponding workflows. The transaction exchange platform may receive transactions from origination sources, which may be added to the SDP as transaction objects. Microservices on the transaction exchange platform may interact with the transaction objects based on configured workflows associated with the transactions. Further, the microservices may leverage machine-learning models to determine whether transaction objects may be more effectively processed using alternative or secondary workflows. Processing on the transaction exchange platform may facilitate clearing and settlement of transactions. Some aspects may provide for dynamic and flexible reconfiguration of workflows.
In some implementations, a system may obtain, from a first data repository, a first dataset that includes event data associated with a generic schema. The system may infer an event-specific schema that defines an organizational structure for the event data based on common attributes identified among a plurality of events included in the event data using one or more data analytics functions. The system may store, in a second data repository, a second dataset in which the event data is partitioned based on the organizational structure defined by the event-specific schema. The system may generate a third dataset that includes a subset of the event data included in the second dataset that satisfies one or more registration parameters related to an extract, transform, load (ETL) use case. The system may provide the third dataset to an ETL system configured to process the third dataset based on the ETL use case.
In some embodiments, validation of a network operation based on screenshot-derived uniform resource locator (URL) data may be facilitated. In some embodiments, in connection with use by a user of a first token associated with a first entity, user activity data associated with the user may be stored in a database in association with the first token. In some embodiments, the first user activity data may comprise first URL data and first timestamps associated with the first URL data. After the storage of the first user activity data, a first action request for a first action involving use of the first token may be obtained. A validation process may be performed on the first action by performing a first query of the database for user activity data based on the first action request.
Methods and systems are described herein for bypassing secondary tiers of authentication for particular security categories. An authentication system, when authenticating a user, may receive an authentication request with authentication data enabling authentication through a multi-tier authentication mechanism. When the request has been authenticated through a multi-tier authentication mechanism, the authentication system may identify a category associated with the request and generate a temporal unlock flag for that category of future requests, such that the temporal unlock flag indicates that multi-tier authentication is not required for a predetermined amount of time for requests of that category. The temporal unlock flag may be inserted into the user's record. When future requests of that same category are received, only a single-tier authentication mechanism may be required for authentication.
In some implementations, a system may obtain a graphical user interface (GUI) template that includes tiles corresponding to plug-ins. The system may generate, from the GUI template, category GUIs corresponding to categories and including a subset of the tiles. The system may identify account identifier(s) associated with a user identifier and one or more of the categories. The system may generate a user-specific GUI associated with a user account associated with the user identifier and including a subset of the category GUIs based on the account identifier(s). The the plug-ins corresponding to the subset of the tiles may incorporate account data associated with at least one of the user account or the account identifier(s). The system may transmit, to a user device associated with the user account, the user-specific GUI.
H04W 4/14 - Short messaging services, e.g. short message service [SMS] or unstructured supplementary service data [USSD]
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Disclosed embodiments may include a method for using accounts with multiple profiles where the system allows a primary user to create one or more secondary user profiles. Each secondary user profile is associated with its own VCN and one or more attributes. The one or more attributes can be used to limit the spending ability of each secondary user individually with hard and soft spending limits including merchant category, overall spending, and geographic limits. Purchases by a secondary user that violate the soft limits may be allowed by the primary user using an application associated with the primary account number. Attributes can be assembled by the primary user to create specific and creative spending limits. The system associates each transaction with the user profile using the specific VCN and generates a GUI for the primary user showing the second user profile, its current balance, and transaction history.
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06Q 20/36 - Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
44.
MOBILE WEB BROWSER AUTHENTICATION AND CHECKOUT USING A CONTACTLESS CARD
A merchant page in a browser may receive selection of a first financial institution. The merchant page may generate a uniform resource identifier (URI) directed to an application. At least a portion of the URI may be registered with the application and the first financial institution in a mobile operating system. Responsive to receiving selection of the URI, the mobile OS may launch the application, which may authenticate credentials for an account. The application may associate the user ID parameter and the session ID parameter with the account and receive a cryptogram from a contactless card. The application may receive, from a server, an indication specifying the server verified the cryptogram. The OS may launch the browser, which may refresh the page. The refreshed page may include a virtual card number (VCN) in a first form field. A transaction may be processed based on the VCN.
Disclosed embodiments pertain to systems and methods related to user authentication with a virtual payment card. A virtual card number can be requested as a login credential for a user. A virtual card number can be transmitted through a credit card payment network to a financial institution that issued the virtual card for payment authorization. The user can subsequently be authenticated in response to a granted payment authorization by the financial institution. The financial institution can execute a machine learning model trained to infer fraud based on a usage pattern associated with a virtual card number. Granting or denying payment authorization can depend on a confidence score returned by the model regarding the likelihood of fraud. A virtual card number associated with authentication can include one or more distinguishing characteristics in one instance. Further, virtual card numbers can include use restrictions in time and location.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
A software development kit (SDK) in an application may receive a selection of a uniform resource locator (URL) in a form for a transaction. The SDK may present an SDK interface overlaid on the application. The SDK may receive selection of an interface element in the SDK interface. The SDK may present, in the SDK interface, orientation instructions. The SDK may receive payment information and a cryptogram from the contactless card and transmit the cryptogram to a server. The SDK may receive a result specifying the server decrypted the cryptogram and present a permissions element. The SDK may fill the payment information in one or more fields of the form and receive input specifying to process the transaction using the payment information. The application may transmit the payment information to a server associated with the merchant to process the transaction.
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06Q 20/12 - Payment architectures specially adapted for electronic shopping systems
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
G06Q 20/02 - Payment architectures, schemes or protocols involving a neutral third party, e.g. certification authority, notary or trusted third party [TTP]
47.
SHARING DATA ACROSS CLOUD REGIONS AND CLOUD PLATFORMS OF CLOUD-BASED DATA WAREHOUSING SYSTEMS
Methods, systems, devices, and computer-readable media used by a cloud data management system for collecting data from accounts hosted by a cloud-based data warehousing system on different cloud platforms or in different cloud regions of a cloud platform. Collection of data in the multi-cloud platform and/or multi-cloud region environments may be facilitated by the on-demand creation of one or more data collection accounts. Based on the collected data, one or more recommendations, notifications, or alerts associated with usage of the data warehousing system may be generated.
Systems as described herein may implement a data management ecosystem for databases. A computing device may receive, from a first user device, a request to migrate one or more data objects from a sandbox to a production environment. The production environment may include a plurality of data warehouses that may be provided as a service in a cloud computing environment, and computing resources are dynamically allocated to the plurality of data warehouses. The computing device may determine lineage information and update a database catalog of the data warehouses with the lineage information. The computing device may identify sensitive data contained within the one or more data objects and generate tokenization for the sensitive data. Based on the lineage information in the database catalog and the tokenization, the computing device may generate a migration plan and cause the at least one of the plurality of data warehouses to execute the migration plan.
G06F 16/25 - Integrating or interfacing systems involving database management systems
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
49.
TECHNIQUES TO PROCESS CONTACTLESS CARD FUNCTIONS IN A MULTIPLE BANKING SYSTEM ENVIRONMENT
G06Q 20/02 - Payment architectures, schemes or protocols involving a neutral third party, e.g. certification authority, notary or trusted third party [TTP]
Systems as described herein may implement IP address whitelisting for signed Uniform Resource Locators (URLs). A computing device may receive, from a first user device, a first request to access a resource. The computing device may determine a first identifier of the first user device. After an authentication of the first user device, the computing device may generate a pre-signed URL indicating a location of the resource. The computing device may generate a signed URL by prefixing the pre-signed URL with the first identifier of the first user device. The computing device may receive a second request to access the resource. Based on comparing a second identifier corresponding to the second request with the first identifier in the signed URL, the computing device may grant or deny the second request access to the resource.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 67/146 - Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
H04L 101/35 - Types of network names containing special prefixes
51.
SYSTEMS AND METHODS FOR RISK AWARE OUTBOUND COMMUNICATION SCANNING
Systems and methods for securing data for outbound communication may include: determining a risk profile for the outbound communication based, the outbound communication comprising data modules including at least a payload, an origination endpoint, and a destination endpoint; determining a scanning policy from a plurality of scanning policies, based on the determined risk profile; determining a secure machine learning model from a plurality of secure machine learning models, based on the determined risk profile, wherein the secure machine learning model is determined based on an authentication level corresponding to the determined risk profile; providing one or more data modules to the secure machine learning model, based on the determined scanning policy; receiving a sanitized version of the payload based on an output of the secure machine learning model; and providing the sanitized version of the payload for the outbound communication.
Systems, methods, apparatuses, and computer-readable media for configuring applications on a device using a contactless card. An application executing on a device may receive a cryptogram from a contactless card associated with an account. The application may transmit the cryptogram to a server. The application may receive, based on the cryptogram, configuration information for a plurality of applications associated with the account. The application may modify a respective configuration of each application on the device based on the configuration information.
A method, system and computer program product for generating and managing a timebound virtual payment card are disclosed. A primary account holder requests a virtual payment card linked to their account to share spending with a third party while maintaining the security of their account. In the request, the account holder specifies a recipient and conditions for use of the virtual payment card including recurring temporal parameters. A service managed by the card issuing financial institution receives the request and generates a virtual card configured to the parameters specified. Thereafter, the service sends the virtual card to the specified recipient. After activating the virtual payment card, the recipient attempts a purchase at a merchant. Upon checkout, the service receives a request from the merchant and based on the transaction information in the request, determines whether the transaction meets the conditions for use and approves or denies the transaction accordingly.
A system and method for preventing government identification-based fraud is disclosed. When a government identification submission session is initiated, several layers of security checks are performed to ensure that the user behind the session is not a fraudster. First, a session check is performed to ensure that the user device has not initiated more than a predetermined number of sessions within a predetermined time. Next, an attempt check is made in order to ensure that the user has not made more than a predetermined number of government identification submission attempts during the current session. Next, a dual-authentication check is performed to ensure that the phone number provided for the dual-authentication has not been used more than a maximum number of times during a recent period of time. And lastly, a general risk assessment is performed to look for any remaining high-risk flags.
Methods and systems are disclosed for using a feature hierarchy with multiple levels with a different number of features at different levels to segment a dataset. The mechanism may use the first level of the hierarchy to segment a dataset into multiple datasets and then generate a timeseries dataset for each segment. Those timeseries datasets may be input into an anomaly detection model to identify a number of anomalies detected within those segments. Based on the number of anomalies not reaching a threshold, a second level of the hierarchy may be used to segment the dataset. Those segments may be input into the anomaly detection model to determine a number of anomalies for the second level. This process may continue until a level of the hierarchy is determined such that the number of anomalies reaches the threshold. The mechanism may then generate a security rule to deal with the anomalies.
Embodiments disclosed are directed to a computing system that performs steps to automatically identify risk control features and entities in a risk control document. The computing system regenerates, by a semantic prediction machine learning (ML) model, phrases in a risk control document. The computing system then classifies, by the semantic prediction ML model, risk control features associated with the regenerated phrases. Subsequently, the computing system corrects, by a discriminative natural language processing (NLP) model, the classified risk control features based on the phrases and the regenerated phrases.
Methods, systems, devices, and computer-readable media for a quarantining system are provided. A message comprising an application programming interface (API) request may be sent by a client device to a service provider system for access to a first application. The message may be received at a gateway of the service provider system. The gateway may determine that the API request is associated with potentially harmful, malicious, or otherwise unexpected activity. The message may be routed to a quarantine environment and a decoy API configured to interface with a decoy application that uses decoy information to emulate the requested first application may be identified. The API request may be modified to call the decoy API. The decoy application may be executed and a decoy response generated. The decoy response may be sent to the client device in response to the API request.
In some implementations, an autonomous vehicle may receive information associated with an order including multiple items. The autonomous vehicle may, after traveling to a first pickup location and obtaining a subset of the items in the order, identify one or more alternative pickup locations having respective inventories including one or more items that are unavailable at the first pickup location. The autonomous vehicle may generate one or more virtual credentials linked to a primary credential associated with a user that submitted the order and use the one or more virtual credentials to obtain, at each alternative pickup location, one or more items that were unavailable at the first pickup location. The autonomous vehicle may travel to a final destination to deliver the subset of the multiple items obtained from the first pickup location and the one or more items obtained from each of the one or more alternative pickup locations.
H04W 4/02 - Services making use of location information
H04W 4/021 - Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
H04W 4/029 - Location-based management or tracking services
H04W 4/35 - Services specially adapted for particular environments, situations or purposes for the management of goods or merchandise
G06Q 20/12 - Payment architectures specially adapted for electronic shopping systems
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
59.
SYSTEM AND METHOD FOR PROVIDING TEMPORARY VIRTUAL PAYMENT CARD
A system and method for providing a temporary virtual payment card are provided. The system includes a user device, an administrator processing system, an account processing system, and a database. The system is configured to receive a request for a temporary virtual payment card, verify the user, and provide a temporary virtual payment card.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
G06Q 20/06 - Private payment circuits, e.g. involving electronic currency used only among participants of a common payment scheme
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06Q 40/02 - Banking, e.g. interest calculation or account maintenance
60.
SYSTEM AND METHOD FOR FACILITATING TRANSACTION ACCOUNT PROVISIONING
In a method for broadcasting account provisioning information, user datum encryption information is transmitted to a plurality of account processing systems. A request to share account provisioning information is received from a user device associated with an account holder. A user datum of the account holder is encrypted using the encryption information and transmitted to the account processing systems. A response is received from at least one of the account processing systems, the response including an indication that the account holder has a transaction account processed by that account processing system. A request for confirmation that the account provisioning information should be shared is sent to the user device and a confirmation response is received from the user device that includes permission to share account provisioning information. Account provisioning information is then transmitted to one or more of the account processing systems.
In a method for broadcasting account provisioning information, user datum encryption information is transmitted to a plurality of account processing systems. A request to share account provisioning information is received from a user device associated with an account holder. A user datum of the account holder is encrypted using the encryption information and transmitted to the account processing systems. A response is received from at least one of the account processing systems, the response including an indication that the account holder has a transaction account processed by that account processing system. A request for confirmation that the account provisioning information should be shared is sent to the user device and a confirmation response is received from the user device that includes permission to share account provisioning information. Account provisioning information is then transmitted to one or more of the account processing systems.
G06Q 20/02 - Payment architectures, schemes or protocols involving a neutral third party, e.g. certification authority, notary or trusted third party [TTP]
In a method for provisioning account information of a payment card, user datum encryption information is transmitted to a transaction data processing system. A user datum encrypted using the user datum encryption information and a request to share account provisioning information is received from the transaction data processing system when the payment card is present by a user at the transaction data processing system. A user account associated with the payment card is determined and the user of the payment card is authenticated. A request for confirmation that the account provisioning information should be shared is sent to a user device associated with the user account and a confirmation response is received from the user device that includes permission to share account provisioning information. Account provisioning information is then transmitted to the transaction data processing system.
G06Q 20/02 - Payment architectures, schemes or protocols involving a neutral third party, e.g. certification authority, notary or trusted third party [TTP]
In a method for providing provisioning information, a central data processing system receives from a transaction data processing system, an encrypted user datum associated with a client user of the transaction data processing system; receives from at least one of a plurality of account administrator data processing systems, a response comprising a notification that a user account administrated by that account administrator data processing system is associated with the client user; receives an account administrator selection message including identification of a user-selected account administrator from an account administrator list; transmits to the account administrator data processing system associated with the user-selected account administrator, a provisioning request for client user account provisioning information; receives from the account administrator data processing system associated with the user-selected account administrator, the client user account provisioning information; and transmits to the transaction data processing system, the client user account provisioning information.
G06Q 20/10 - Payment architectures specially adapted for home banking systems
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
64.
SECURE DATA EXCHANGE USING FORMAT-PRESERVING ENCRYPTION
Methods and systems disclosed herein describe tokenizing data to generate a secure token that is limited in scope (e.g., directed to a specific recipient) and limited in time (e.g., valid for only a specified period of time). A detokenization process may be employed to recover encrypted data of the secure token without the need for any relational database lookup processes, thereby reducing cost while maintaining robust protection against unintended recipients that attempt to recover the encrypted data.
H04L 9/06 - Arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
A computing system may receive a request of the user for a first action of the user with an entity. In connection with granting the request of the user, the computing system may configure a token for use by the user and the entity such that (i) the entity is added as an approved entity, and (ii) the token is configured with a resource amount of the first action as a usage threshold of the token. The computing system may receive a request of the entity to use the token. The computing system may determine whether granting the request of the entity would cumulatively exceed the usage threshold of the token. Based on a determination that granting the request of the entity would not cumulatively exceed the resource usage of the token, the computing system may grant the request of the entity to use the token.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
G06F 21/33 - User authentication using certificates
66.
SYSTEMS AND METHODS FOR CONTEXT-SWITCHING AUTHENTICATION OVER SHORT RANGE WIRELESS COMMUNICATION
Systems and methods is provided for implementing a strong user authentication across a public network. One operational aspect of the disclosed systems and methods involves the integration of a browser functionality to communicate with processes and hardware elements on a device initiating the network connection to implement a context-switching authentication scheme. Disclosed system and process further involves an implementation of a two-factor strong authentication based on a single authentication input from a user involving an NFC read of a contactless card by a mobile device within Bluetooth proximity of the device initiating the network connection.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
G06F 9/48 - Program initiating; Program switching, e.g. by interrupt
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
G06F 21/35 - User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
G06Q 20/10 - Payment architectures specially adapted for home banking systems
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
67.
PRESENTATION AND CONTROL OF USER INTERACTION WITH A USER INTERFACE ELEMENT
In some implementations, a system may receive a user identifier associated with a user account, and may identify account identifiers associated with the user account. The system may obtain account information associated with the account identifiers, and may determine priority levels for the account identifiers based on the account information. A primary account identifier may be associated with a highest priority level. The system may transmit a first set of user interface (UI) data indicating account UI elements, corresponding to the account identifiers, and an order of the account UI elements based on the priority levels. A primary account UI element, corresponding to the primary account identifier, may be arranged first in the order. The first set of UI data may indicate a first set of the account information to be visually presented on the account UI elements and associated with the account identifiers corresponding to the account UI elements.
In some implementations, a device may receive, from a terminal, an indication of a first card credential associated with a card that was provided to the terminal to initiate a first interaction, where the card is associated with the multiple card credentials, including the first card credential. The device may determine that the first card credential is valid based on at least one of: the first card credential having not been previously used for another interaction associated with the card, or a first amount of time, from a first time indicated by a first timestamp associated with the first card credential to a reception time of the first card credential, satisfying a validity threshold. The device may transmit, to the terminal, an indication that the card is approved for the first interaction based on the first card credential being determined to be valid.
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
69.
PRESENTATION AND CONTROL OF USER INTERACTIONS WITH A USER INTERFACE ELEMENT
In some implementations, a system may transmit a first set of user interface (UI) data indicating a UI having a first interaction element. The system may receive interaction data indicating a user interaction with the first interaction element. The system may determine one or more suggestions to provide based on one or more factors related to account information associated with a user account. The system may transmit a second set of UI data associated with a UI element and that may indicate a first portion, extending downward from a top of a display of the user device, that may include one or more second interaction elements corresponding to the suggestions, and a second portion extending upward from a bottom of the display and including a virtual keyboard. An intermediate portion of the UI may be exposed through a gap between the first and second portions of the UI element.
G06F 3/0484 - Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
G06F 3/0488 - Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures
In some embodiments, proximity-based deactivation or activation related to a token (or one or more features related to the token) may be facilitated. As one example, methods and systems are described herein for deactivating use related to a token (e.g., outside a range of a first mobile device communicating with the token via a first link key) based on multiple "outside-of-range" threshold times. As another example, methods and systems are described herein for reactivating (or keeping active) the use related to the token by obtaining a valid link key and communicating with the token via a mobile device (e.g., a second mobile device of another user) within a range of the token.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
71.
PRESENTATION AND CONTROL OF USER INTERACTION WITH A SLIDER-BASED USER INTERFACE ELEMENT
In some implementations, a system may transmit, to a user device associated with a user account, a first set of user interface (UI) data that indicates: a rectangular-shaped element, a track positioned on the rectangular-shaped element and having a first end and a second end, and an interaction element located at the first end of the track and slidable between the first and second ends of the track. The system may receive, from the user device, interaction data indicating an interaction, by a user of the user device, with the interaction element from the first end to the second end of the track. The system may transmit, to the user device, a second set of UI data that indicates: the rectangular-shaped element and an account identifier associated with the user account and positioned on the rectangular-shaped element.
G06F 3/04847 - Interaction techniques to control parameter settings, e.g. interaction with sliders or dials
G06F 3/04883 - Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures for inputting data by handwriting, e.g. gesture or text
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
Disclosed are methods and systems for dispensing a printed document from a printer machine (135) with a dispensing device (136). For instance, a document (150) being printed out from the printer machine may be monitored for, and a determination that a document is being printed out from the printer machine may be made based on the monitoring. The printed document may be engaged with an arm mechanism (210) of the dispensing device, the printed document may be urged towards a slot (209) of the dispensing device with the arm mechanism, and the printed document may be dispensed out of the slot with the arm mechanism.
B65H 5/16 - Feeding articles separated from piles; Feeding articles to machines by pusher, needles, friction, or like devices adapted to feed single articles along a surface or table
Disclosed are methods and systems for validating instruments. For instance, a request to generate a cashier's check may be received from an application executing on a drawer's computing device. Request information may be stored within a data storage entry for the check, and a code to be printed on the check may be generated to include at least a portion of the request information. Instructions may be provided to a printing system to cause the check to be printed with the code, where the printed check is invalid. Instructions may be provided to the application and/or printing system to cause display of a prompt to facilitate a reading of the code to validate the check. When information within the code is read by and received from the printing system, the check may be validated, which triggers a transfer of funds from the drawer's account. Otherwise, the check may remain invalid.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
G06Q 20/42 - Confirmation, e.g. check or permission by the legal debtor of payment
74.
SYSTEMS AND METHODS FOR TOKEN-BASED DEVICE BINDING DURING MERCHANT CHECKOUT
Systems and methods are disclosed herein for real-time digital authentication. According to some embodiments, receiving a hashed user credential from the third party entity, performing a matching operation between the received hashed user credential and a stored hashed credential stored in the non-transitory memory, the received hashed user credential and the stored hashed credential being hashed using the same hashing algorithm, and in response to detecting a match between the received hashed user credential and the stored hashed user credential, performing a user eligibility operation associated with the first transaction. The authentication method may further include in response to determining that the user is eligible for the first transaction, generating an authentication challenge to the user, in response to the user successfully completing the authentication challenge, retrieving payment credentials of the user and authenticating the user, and authorizing a checkout operation associated with the first transaction.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
G06Q 20/42 - Confirmation, e.g. check or permission by the legal debtor of payment
The present disclosure includes systems and methods to receive an event including key -value pairs representing data attributes defining an operation. An instrument configuration is accessed having an object configuration associated with a data object and a rule configuration, where the rule configuration defines at least one action to perform on the data object as a result of an object state of the data object. A change to the object state is determined based on the operation of the event. An inverse dependency graph is generated to map reactive actions in response to the change based on the object configuration. A reactive action to an additional data object is determined based on the inverse dependency graph, and an update to the change as a result of the reactive action is determined. A data record of states is updated with the update to the change and the reactive action.
Disclosed are methods and systems for determining legitimacy of interactions. For instance, a request for an instrument to complete an interaction may be received from an account holder computing device, information associated with the request may be stored within a data storage entry, and a code including a uniform resource locator to a web application may be printed on the instrument. Subsequent to a printing of the instrument that includes the code, an access to the web application by a computing device of a recipient or an entity associated with the recipient of the instrument may be detected in response to the computing device reading the code. A legitimacy of the interaction may be determined by evaluating a plurality of interaction legitimacy factors based, at least in part, on the data storage entry, and an indication of the determined legitimacy may be provided for display via the web application.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
77.
METHODS AND SYSTEMS FOR BINDING ENTITY-RESTRICTED ACCESS TOKENS
In some embodiments, an entity-restricted access token may be bound to an entity set. In some embodiments, use of an entity-restricted access token may be detected for an action related to a first entity. Based on the detected use of the token, a plurality of entity sets associated with the first entity may be determined, and a notification (e.g., requesting selection from among the entity sets) may be presented to a mobile device of a user. Based on the user selection obtained via the notification, the token may be bound to the user-selected entity set such that subsequent use of the entity-restricted access token is restricted to actions related to entities of the user-selected entity set (e.g., the first entity and one or more additional entities related to the first entity).
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
Locks may rely upon identity credentials to act as keys for unlocking and/or locking the locks, such as door locks. The identity credentials may be digital credentials that hold identity information and evidence of knowledge of secret information, such as a password or a private cryptographic key. The door locks in exemplary embodiments may be connected to an access system via wireless network, such as a low power low frequency Wi-Fi network, like a HaLow network. The wireless network enables the door locks to communicate with the access system, such as a server for a lodging establishment. The access system may receive identity credentials and forward the identity credentials to an authentication service for authentication. The access system may also pass the identity of the guest to an authorization service to determine if the guest is authorized to unlock the door lock or not.
Disclosed herein are system, method, and computer readable media embodiments for global identity verification of a user for multiple services. In some embodiments, a centralized authentication platform (CAP) may receive a request from an independent service to generate an authentication token for a client device based on authentication performed by the service. The CAP may generate an authentication token of a particular authorization level, based on the method of authentication used by the service. The CAP may send the token to the client device as well as store the token in a database. The CAP may receive a second request from a second, unrelated service to validate the authentication token on the client device. The CAP may validate the token on the client device against the token in the database based on an authentication level thereof, and send a response to the second service indicating token validity.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
Disclosed herein are system, method, and computer program product embodiments for signing a document by generating a hash value using a smart card. The smart card can receive from a computing device a first hash value generated for the document based on a first hash function, determine a private key based on a private key information stored on the smart card, sign the first hash value by generating a second hash value based on the first hash value using a second hash function and the private key. The second hash value is to authenticate that the second hash value is generated by the smart card based on the first hash value and the private key. The smart card can further assemble a signature package including the second hash value, and transmit the signature package to the computing device.
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
G06Q 50/00 - Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
G06F 1/00 - ELECTRIC DIGITAL DATA PROCESSING - Details not covered by groups and
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
81.
PRESENTATION AND CONTROL OF USER INTERACTION WITH AN ICON-BASED USER INTERFACE ELEMENT
In some implementations, a system may identify one or more account identifiers associated with a user account and corresponding to one or more account types. The system may determine an action to perform if account information associated with the user account or with a particular account identifier satisfies a condition. The system may transmit, to a user device, user interface (UI) data associated with an icon-based UI element. The UI data indicates a rectangular-shaped element, of the icon-based UI element, associated with the particular account identifier, and an interactable icon, of the icon-based UI element, positioned within a bottom portion of the rectangular-shaped element. The interactable icon is representative of the action. The system may include receiving, from the user device, interaction data indicating an interaction, by a user of the user device, with the interactable icon. The system may perform the action based on receiving the interaction data.
In some implementations, a user device may present, on a user interface (UI) associated with a user account, a first UI element. The user device may detect a user interaction, with the user device, indicating the first UI element. The user device may present, on the UI and based on the user interaction, a second UI element, which increases in length in a first direction from a start point, along a closed path around the first UI element and ending at the start point, while the user interaction is being detected. The second UI element completes the closed path when an interaction duration satisfies a duration threshold, which indicates a confirmation of a request for an action associated with the user account. The duration threshold is based on one or more parameters associated with one or more of the action, the user account, or the user interaction.
G06F 3/0481 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
G06F 3/0488 - Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures
G06F 3/04847 - Interaction techniques to control parameter settings, e.g. interaction with sliders or dials
G06Q 20/00 - Payment architectures, schemes or protocols
83.
EXCLUDING FRAUDULENT TRANSACTIONS IN TRANSACTION BASED AUTHENTICATION
Methods, systems, and apparatuses are described herein for improving computer authentication processes through excluding fraudulent transactions in transaction-based authentication. A computing device may receive a request for access to an account from a user. The computing device may provide transaction data to a machine learning model. The computing device may receive data indicating a confidence threshold associated with the user from the machine learning model. The computing device may generate a modified set of merchant choices for the user by excluding merchants related to potentially fraudulent transactions within a predetermined time period. An authentication question may be generated, and access to the account may be provided based on a response to the authentication question.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
84.
PRESENTATION AND CONTROL OF USER INTERACTION WITH A USER INTERFACE ELEMENT
In some implementations, a system may identify first and second user identifiers associated with first and second users, respectively. The system may determine first and second totals corresponding to the first and second user identifiers. The system may determine a ratio of the first total to the second total or a proportion of the first or second total relative to a joint total that is a sum of the first and second totals. The system may transmit user interface (UI) data associated with a UI element. The UI data indicates first and second user portions corresponding to the first and second users, and a connecting portion that connects the first and second user portions. Sizes of the first and second user portions are based on the ratio, of the first to second total, or the proportion of the first or second total relative to the joint total.
Methods and systems describe linking mobile applications to website providers using an intermediary database that is populated based on mobile application metadata in order to provide secure communication of user data encrypted specifically for given website providers. The methods and systems accomplish this by receiving, at an intermediary database, a first communication from a background application implemented on a mobile device, wherein the first communication comprises a first access point address and is generated based on a request, by a first access point, for first user information for use by a first provider, wherein the first provider provides the first access point. However, as opposed to simply generating a random alternative content for the first communication, the system performs an additional step to ensure that the alternative content is specific to the provider and may be used across all access points for the provider.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
G06F 16/90 - Information retrieval; Database structures therefor; File system structures therefor - Details of database functions independent of the retrieved data types
H04W 12/03 - Protecting confidentiality, e.g. by encryption
86.
METHODS AND SYSTEMS FOR SEARCHING DATA EXCHANGES THAT COMPRISE INFORMATION ON ASSETS WITH NON-HOMOGENOUS FUNCTIONALITY AND NON-STANDARDIZED DATA DESCRIPTIONS
Methods and systems searching data exchanges and assets with non-homogenous functionality and non-standardized data descriptions using credentials corresponding to users. The method includes receiving, from a user, a request to access a data exchange, retrieving a user profile for the user, wherein the user profile provides a credential for the user, and receiving a search string. The method includes determining a first search input for searching the data exchange based on the search string and the credential, performing, a first comparison of a first search input portion to respective first set of attributes for the plurality of asset types, and performing a second comparison of a second search input portion to respective second set of attributes for the plurality of asset types. The method includes generating for display a search result for the search string based on the first comparison and the second comparison.
An automated method is provided for mitigating data service system performance degradation due to excess user traffic. A traffic assessment and management server (TAMS) retrieves historical time-varying environment information and transaction data for a data service processing system (DSPS). The TAMS receives a set of expected environment conditions for a future time interval and determines, using the time-varying environment and transaction data, estimated traffic information for the DSPS for the future time interval. The estimated traffic information includes an estimated usage level for at least one system component. The TAMS establishes a simulated system configuration for the DSPS and simulates DSPS operation using the estimated traffic information. The TAMS then determines from the simulation, an estimated likelihood of failure for the at least one system component.
H04L 41/147 - Network analysis or design for predicting network behaviour
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
H04L 41/0686 - Additional information in the notification, e.g. enhancement of specific meta-data
88.
SYSTEMS AND METHODS FOR OPTIMIZING INCIDENT RESOLUTION
An automated system is provided for facilitating improvements to an incident resolution system. The system includes a scenario construction processor configured for establishing a system incident scenario and a machine learning model constructed using incident response information for each of a plurality of incidents. A simulation processor is configured to use the machine learning model to run simulations of the system incident scenario. Each simulation includes at least one variation of a selected critical action characteristic critical actions included in the scenario and each simulation produces a simulated incident resolution parameter. An improvement evaluation processor determines from the simulations, one or more of the at least one variation that results in a simulated incident resolution parameter meeting predetermined improvement criteria.
Systems and methods for secure access are provided. The secure access system includes a contactless card, a user device, a processor, and a storage device. The processor receives a first authentication request from the user device. Then, the processor transmits a first authentication credential associated with user login data to the user device. Next, the processor receives a second authentication request from the user device. Upon receipt of the second authentication request, the processor transmits a second authentication credential associated with a contactless card to the user device. Then, the processor receives a first code from the user device, and the storage device performs one or more access actions based on the first code.
A system for recordation and retrieval of incident resolution action information is provided. A recordation system processor is provided with a recordation application configured to receive a response action initiation instruction identifying an action taken to resolve an incident on a target system, The processor determines one or more responsible responders each having a responder data processor that displays a responder dashboard. The processor transmits a recordation instruction to the responder data processor of each responsible responder. The recordation instruction includes an instruction to begin recording responder dashboard information. The recordation application is also configured to receive a response action termination instruction and to transmit a recordation termination instruction to the responder data processor of each responsible responder. A data storage unit is configured for receiving, from the responder data processors, real-time responder dashboard information recordings.
An automated system is provided for facilitating resolution of an incident on a digital processing system. The automated system has a data storage unit with information on previous incidents, a user interface and a resolution facilitation server. The server receives incident information from a monitoring system, including status information for at least one operating parameter of the digital processing system. The server is configured to apply a machine learning model to determine a first recommended action using the incident information and the previous incident information, present the first recommended action to the user, and receive a recommendation response. The server is also configured to establish a recommendation score based at least in part on the recommendation response and to update the machine learning model using the incident information, the first action recommendation, and/or the first recommendation score.
An automated system is provided for facilitating resolution of an incident. An incident information data processor is configured to receive incident information and an action estimation data processor is configured to receive critical action information that includes a description of an action and an action initiation time. The action information data processor obtains previous action information on actions taken to resolve previous incidents and determines an estimated action outcome and an estimated critical action time interval for resolution of the critical action using the critical action information and the previous action information. An incident estimation data processor is configured to determine an overall estimated time interval for incident resolution and an estimated incident resolution time. An incident display data processor is configured to transmit, to a user data processing system for display to a user, at least the estimated incident resolution time.
An example method includes receiving images that each include an optical code. The method further includes cropping the images to isolate the optical codes and rotating the images to achieve a desired orientation for the optical code of each of the images. The method further includes rectifying, after the cropping and the rotating, a perspective of each of the images to achieve a desired perspective angle for the optical code of each of the images. The method further includes deblurring, after the rectifying, the images to reduce blurring in each of the images. The method further includes binarizing, after the deblurring, the images to correct pixels of the optical code in each of the images. The method further includes performing, after the binarizing, an optical code reading process on the plurality of images to decode optical codes in the images.
In some implementations, a system may receive interaction data indicating an interaction time and amount. The system may categorize the interaction in a category of a plurality of categories. For each category, the system may compare a total category amount with an average category amount. The system may determine, for each category, a proportion of the total category amount relative to a total account amount. The system may transmit, to a user device, user interface data associated with a ring-shaped user interface element that includes a plurality of segments corresponding to the plurality of categories. The user interface data indicates a width of a particular segment that is based on the comparison of the total category amount for a corresponding category with the average category amount, and an arc length that is based on the proportion of the total category amount for the corresponding category to the total account amount.
In some implementations, a system may identify one or more account identifiers associated with a user identifier. Each account identifier may be associated with one or more categories each representing a type of interaction of one or more interactions associated with the account identifier. A respective interaction amount may be associated with each interaction. The system may determine, for each category, a total category amount that is a sum of interaction amounts for interactions in a particular category occurring within a particular time frame. The system may transmit user interface (UI) data associated with a multi-tab UI element including a plurality of tabs corresponding to the plurality of categories. Each tab may be associated with benefits information related to a category corresponding to that tab. A first tab, corresponding to a category having a highest total category amount, may be presented in a particular position in the multi-tab UI element.
Methods, systems, and apparatuses for optimizing the configuration of virtual warehouses for execution of queries on one or more data warehouses are described herein. A plurality of different events associated with a data sharing platform may be logged. The data sharing platform may enable users to access one or more databases managed by the data sharing platform. The data sharing platform may be configured to provide access to the data stored by the data sharing platform via one or more of a plurality of virtual warehouses. A testing database may be generated. An optimized virtual warehouse configuration may be predicted for a first virtual warehouse by selecting a plurality of different warehouse configurations for the first virtual warehouse, measuring performance parameters of each of the plurality of different warehouse configurations by emulating, and selecting the optimized virtual warehouse configuration based on the performance parameters.
A method or system for generating recommendations based on detected correlations of static and dynamic data. For example, the system generates feature inputs for the machine learning model that is based on labeled static data as well as dynamic data indicating current usage. Notably, the dynamic data is not retrieved from a data store of known training data, but instead is streamed in real time from active databases accessible to the network. Furthermore, the system provides a formatting mechanism that translates user selected requirements and parameters from a human-readable format indicating particular attributes of a database to optimize (e.g., database performance, security, compliance, capacity planning, etc.) into data that may be included in a machine learning feature input that specifies which correlations to use (e.g., server operational statistics data, server log data, monitoring metrics, etc.).
Disclosed are systems and methods for leader node election, comprising a cluster system including a plurality of nodes, a node registry, wherein nodes are configured to transmit registration requests to the node registry, receive node data is response, and to determine a leader node based on the earliest registered node, and wherein the leader node is configured to dynamically allocate data slots between the plurality of nodes, and each of the nodes are configured to store data associated with allocated data slots in an in-memory least recently used component and data associated with all of the data slots in a persistent storage component.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
99.
SYSTEM AND METHOD FOR ACHIEVING NEAR ZERO IMPACT DURING NODE FAILURE IN A CLUSTER SYSTEM
Disclosed are systems and methods for node management performed by a client driver of a client device comprising receiving cluster topology data from the cluster system; transmitting, a data request to each of a plurality of nodes in a cluster system; receiving a reply from each of the nodes that are responsive; assigning, by the client driver, based on the received replies, a responsive status for each of the nodes that are responsive or a non-responsive status for each of nodes that are non-responsive; updating a listing of management data, wherein the management data includes: an identification of each of the plurality of nodes, and a current status of each of the plurality of nodes; and routing, by the client driver, a client request to one of the plurality of nodes that are responsive based on the cluster topology data.
The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of keystone activity based suggestions. The innovation detects a keystone activity of a user. The keystone activity is a planned event for the user such as recently purchased tickets to a specific show. Customer data of a financial institution is accessed where the customer data includes data of customers of the financial institution. A set of similar customers to the user is determined. Transaction data of the set of similar customers is determined and analysed for likelihood of the user wanting to attend a secondary activity that is similar the set of similar customers. The secondary activity can be automatically scheduled for the user based on the kestone activity and the transaction data.
G06Q 10/04 - Forecasting or optimisation specially adapted for administrative or management purposes, e.g. linear programming or "cutting stock problem"
patents
