A payment processing server generates an asymmetric cryptographic key pair, over one secure communications channel providing a mobile device with one cryptographic key of the cryptographic key pair, and saves another cryptographic key of the cryptographic key pair in a pending transaction database in unique association with a single-use payment number and a financial account. The server encrypts the payment number, which does not identify the financial account, with the another cryptographic key and provides the mobile device with the encrypted payment number over another secure communications channel distinct from the one secure communications channel. The server receives from a payment terminal a payment completion request that includes the encrypted payment number decrypted with the one cryptographic key. The payment processing server queries the pending transaction database with the decrypted payment number to identify the associated financial account, and effects completion of the transaction using the identified financial account.

In a general aspect, a transpositive network is configured for converting variable-volume fixed-value units to fixed-volume variable-value units and vice versa. In some aspects, a computer system includes means for transposing between a variable-volume fixed-value (VVFV) item comprising VVFV units and a fixed-volume variable-value (FVVV) item comprising FVVV units. The means for transposition implements one or more transpositive network rules.

A system including a mobile terminal having an authenticator, a TPM with tamper resistance and a voice assistant. The voice assistant makes a process request corresponding to voice input of a user to a server in accordance with the input, receives a biometric authentication request from the server, makes a request for a biometric authentication process to the mobile terminal of the user in accordance with the request for biometric authentication via wireless communication, and transmits an authentication result from the mobile terminal to a server. The mobile terminal executes the biometric authentication process using biometric information stored in the authenticator and the TPM in accordance with the request for the biometric authentication process from the voice assistant, and transmits an authentication result to the voice assistant.

An enhanced authentication system is described. One embodiment of the invention is directed to a method comprising: receiving, by a token service computer and from an initiating computer, a first authentication request message including verification method data and a token; transmitting, by the token service computer, a second authentication request message comprising the token and the verification method data to an access control server; receiving, by the token service computer from the access control server, an authentication response message comprising the token and a user authentication verification value; and transmitting, by the token service computer to the initiating computer, the authentication response message comprising the token, the user authentication verification value, and a token authentication verification value.

A method includes a validation computer receiving an authorization request message comprising a user state and a user proof from a user device. The user state comprises first and second user state elements. The user proof comprises first, second, and third user proof elements. The validation computer computes a first verification value by multiplying the first user proof element raised to the power of the second user state element, and the second user proof element raised to the power of the first user state element. The computer computes a second verification value by raising the second user proof element to the power of the second user state element. The computer compares the first verification value to a first accumulated state element of an accumulated state. The compares the second verification value to a second accumulated state element. The validation computer authorizes the authorization request message based on the comparison steps.

Systems and methods are provided for utilizing natural language process (NLP), namely semantic learning approaches in network security. Techniques include analyzing network transaction records to form a corpus related to a semantics of network activity. The corpus includes formulated network sentences, representing sequences of network entities that are accessed in the network. A corpus of network sentences can include sequences of servers accessed by each user. A network sentence embeddings model can be trained on the corpus. The network sentence embeddings model includes an embedding space of text that captures the semantic meanings of the network sentences. In sentence embeddings, network sentences with equivalent semantic meanings are co-located in the embeddings space. Further, proximity measures in the embedding space can be used to identify whether network sentences (e.g., access sequences), are semantically equivalent. Using network sentence embeddings model, equivalent semantics of access can be established to efficiently detect anomalies.

A method is disclosed. The method includes receiving a broadcast signal from a beacon device, the broadcast signal encoding a first credential associated with a first entity. In response to receipt of the broadcast signal, the mobile communication device transmits the received first credential to an authentication system. The authentication system determines if the first entity associated with the broadcast signal is authentic and generates a confirmation message confirming the authenticity of the first entity. The mobile communication device then receives the confirmation message indicating that the first entity is authentic. The mobile communication thereafter receives and transmits a second credential for the mobile communication device to the beacon device, which transmits the second credential to the authentication system. The authentication system then confirms the authenticity of the mobile communication device. Then, the beacon device can initiate an interaction process with the user of the mobile communication device.

Provided are computer-implemented methods for generating embeddings for objects which may include receiving heterogeneous network data associated with a plurality of objects in a heterogeneous network; selecting at least one pattern of objects; determining instances of each pattern of objects based on the heterogeneous network data; generating a pattern matrix for each pattern of objects based on the instances of the pattern of objects; generating pattern sequence data associated with a portion of each pattern matrix; generating network sequence data associated with a portion of the heterogeneous network data; and combining the pattern sequence data and the network sequence data into combined sequence data. In some non-limiting embodiments or aspects, methods may include generating a vector for each object of the plurality of objects based on the combined sequence data. Systems and computer program products are also provided.

A telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user.

A system, method, and computer program product are provided for card activation. The method includes registering, during an enrollment process, an account for a user by associating the user with a communication channel outside of an electronic payment processing network; associating the user with an inactivated account identifier; receiving, via the electronic payment processing network, a transaction request message corresponding to a transaction initiated at a merchant system by the user with a payment device issued with the inactivated account identifier; in response to receiving the transaction request message, communicating a credential to the user; receiving the credential; authenticating the user based on comparing the credential received via the electronic payment processing network to the credential communicated to the user via the communication channel; in response to authenticating the user, activating the account identifier; and processing the transaction with the activated account identifier after the account identifier has been activated.