The present invention relates to transfer methods of wireless power to non-self-powered biometric authentication devices through far-field radio waves coming from a nearby self-powered radio frequency device. By default, the non-self-powered biometric authentication device of the invention is made of a far-field radio microwave antenna, an antenna tuner, a RF-to-DC power rectifier and power converter functions. The transfer methods of wireless power to non-self-powered biometric authentication devices of the invention are particularly well-suited for self-enrollment of one user's identity on biometric smart cards but can also be applied for subsequent data exchange such as peer-to-peer money transfer.

The present disclosure generally relates to electronic systems and computerized methods for verification of transacting parties to process transactions. A payment network server receives details of a transaction fulfilled by an agent and generates a transaction identification plaintext. A first party keyset for the first transacting party and an agent keyset for the agent is identified. The server generates cryptograms and ciphertexts encrypted by the first party keyset and agent keyset and sends the cryptograms to the first transacting party and agent. An encrypted cryptogram contains an encrypted ciphertext which contains a plaintext representing the transaction identification plaintext. The ciphertexts are exchanged between the first transacting party and agent by a computer handshake for decryption. The plaintexts are extracted from the ciphertexts and compared against the transaction identification plaintext for verifying the first transacting party and agent.

Provided are arrangements requiring additional multi-factor authentication (MFA) in certain instances of dynamic virtual transaction token (e.g., virtual credit card token) generation via a browser extension. In the arrangements, the browser extension, when executed, may cause a browser to require a user to complete an initial multi-factor authentication (MFA). Once the browser extension has a record indicating a prior valid initial MFA for the user, the user allowed to request a transaction token. The browser extension may allow issuance of the transaction token upon an indication that the value needed does not exceed the predetermined value.

A method for submission of payment transaction requests from a point of sale (POS) terminal to a financial institution includes reading payment information from a payment vehicle, reading financial institution routing information from the payment vehicle, reading a payment vehicle certificate from the payment vehicle, requesting consumer authentication information from a consumer, and submitting a payment transaction request to the financial institution using the financial institution routing information, a POS terminal certificate, and the payment vehicle certificate. An authentication certificate for submission of payment transaction requests from a point of sale (POS) terminal to a financial institution may be generated by receiving a request for an authentication certificate from a requestor, the request comprising a requestor ID and one or more capabilities of the requestor, verifying the requestor ID, generating an authentication certificate for the requestor, and returning the generated authentication certificate to the requestor.

A method for submission of payment transaction requests from a point of sale (POS) terminal to a financial institution includes reading payment information from a payment vehicle, reading financial institution routing information from the payment vehicle, reading a payment vehicle certificate from the payment vehicle, requesting consumer authentication information from a consumer, and submitting a payment transaction request to the financial institution using the financial institution routing information, a POS terminal certificate, and the payment vehicle certificate. An authentication certificate for submission of payment transaction requests from a point of sale (POS) terminal to a financial institution may be generated by receiving a request for an authentication certificate from a requestor, the request comprising a requestor ID and one or more capabilities of the requestor, verifying the requestor ID, generating an authentication certificate for the requestor, and returning the generated authentication certificate to the requestor.

Systems and methods for distributed ledger-based collateral movement are disclosed. According to an embodiment, a method for distributed ledger-based collateral movement may include: (1) receiving, at a first collateral custodian computer system for a collateral custodian and from a client of the first collateral custodian, a collateral asset for a target asset held by a client of a second collateral custodian; and (2) tokenizing the collateral asset and writing a collateral token to a distributed ledger platform. The second collateral custodian receives, from the distributed ledger platform, the collateral token and releases the target asset to the first collateral custodian in response to receiving the collateral token.

Disclosed are methods and apparatuses for creating a verified mutually authenticated transaction between a service provider and an on-line identity for a physical client person. A dynamic optical mark may be displayed on a device screen where the physical client person is using a web service. The dynamic optical mark may be recognized via scanning the dynamic optical mark by a personal mobile device equipped with a camera. The verified mutually authenticated transaction between the service provider and the on-line identity for the physical client person may be used for sharing personal data of the physical client person by using out-of-band optical mark recognition of the dynamic optical mark. The verified mutually authenticated transaction may be initiated with a time-limited one-time password comprising a sequence of numbers encoded in the dynamic optical mark.

Generating self-issued claims anchored by DIDs and using the self-issued claims as self-identification. The computing system generates one or more claims, each of which includes at least information related to (1) a DID, (2) a property of a subject entity who is an owner of the DID, and (3) a value corresponding to the property. For each of the one or more claims, the computing system generates a cryptographic signature by signing the claim with a private key associated with the corresponding DID. The cryptographic signature proves that the claim is a self-issued claim, which is issued by the owner of the corresponding DID and is about the owner of the corresponding DID. A portion of data related to the self-issued claim is then propagated onto a distributed ledger.

A dual-factor PIN based authentication system and method uses a cryptogram provided by a contactless card associated with the client in association with a PIN stored by the contactless card to authenticate the client. In some embodiments, cryptogram authentication may be preconditioned upon a PIN match determination by the contactless card. In other embodiments, the cryptogram may be formed at least in part using the personal identification number (PIN) stored on the contactless card encoded using a dynamic key stored by the contactless card and uniquely associated with the client. Authentication may be achieved by comparing the cryptogram formed using the PIN against an expected cryptogram generated an expected PIN and an expected dynamic key.

Systems described herein may use the issuance and management of digital certificates and a revocation database to limit and monitor participation of parties to conduct transactions in a distributed network system. A compliance server system may validate entities and issue security certificates to entities to conduct transactions on a distributed network system. Once authorized, parties may conduct transactions using digital currencies via a distributed network system. Authorizations from all parties to a transaction may be required prior to executing the transaction. Compliance server systems may add previously issued certificates to a revocation database to prevent associated parties from executing transactions on the distributed network system. Parties may have their authorizations revoked based on regulatory requirements. Additionally, revoked parties may have their assets forfeited.