A serverless computing framework is secured against malicious payload injection. A series of functions can be strung together to perform a workflow in response to a triggering event. A validator can be included with a function that verifies that an input payload originated from a trusted source. A validation value, such as a hash, can be computed based on the result payload in combination with the source code of the function that produced the result payload. A downstream function can receive the result payload and the hash and utilize the result payload and a copy of the upstream source code to produce another hash. The received and generated hashes can then be compared and utilized to control execution of the downstream function. Execution can be prevented when there is a mismatch between the hashes.

Multifactor authentication systems and methods employ an online payment server processor that authenticates a user in an online session with a merchant website server processor based on data representing one or more predefined authentication factors received from a user device processor over a communication network and sends data representing a secure user login cookie to the user device processor over the communication network based on the authentication of the user in the online session with the merchant website server processor. Thereafter, the online payment server processor authenticates the user in a subsequent online session with the merchant website server processor based in part on identifying the data representing the secure user login cookie on the user device and in part on data representing a second predefined authentication factor received from the user device processor over the communication network.

In a method for providing provisioning information, a central data processing system receives from a transaction data processing system, an encrypted user datum associated with a client user of the transaction data processing system; receives from at least one of a plurality of account administrator data processing systems, a response comprising a notification that a user account administrated by that account administrator data processing system is associated with the client user; receives an account administrator selection message including identification of a user-selected account administrator from an account administrator list; transmits to the account administrator data processing system associated with the user-selected account administrator, a provisioning request for client user account provisioning information; receives from the account administrator data processing system associated with the user-selected account administrator, the client user account provisioning information; and transmits to the transaction data processing system, the client user account provisioning information.

Embodiments may be generally directed to methods, techniques and devices to utilize a contactless card to perform a series of operations.

A computing node in a distributed information security system, wherein the computing node is adapted to communicate with a subset of clients of the distributed information security system, wherein the computing node provides at least one cryptographic service for the clients of the subset, wherein the computing node is provisioned with a plurality of keys for use by said at least one cryptographic service, wherein the computing node is adapted to associate a key from the plurality of keys to a service request for a client according to a deterministic process based on one or more data associated with the client. A distributed information security system comprising a plurality of such nodes is also described, together with a method of providing a cryptographic service at such a computing node.

Systems, methods, articles of manufacture, and computer-readable media for secure authentication based on passport data stored in a contactless card associated with an account. An application may receive an indication to perform an operation. The application may receive encrypted data from the card. The application may receive an indication that the authentication server verified the encrypted data based on a private key. The application may receive encrypted passport data from the contactless card, the encrypted passport data for a passport associated with the account. The application may determine an attribute of the passport based at least in part on image data or text input. The application may decrypt the encrypted passport data based on the attribute of the passport. The application may initiate performance of the operation based on the received indication specifying that the authentication server verified the encrypted data and the decryption of the encrypted passport data.

Systems and methods are provided for managing user identities in networks. One exemplary method includes receiving, at a communication device, an API call request for a credential from a relying party. The communication device includes an application that incorporates an SDK. After receiving the API call request for the credential, the communication device authenticates a user associated with the communication device and identified in the API call request. After authentication of the user the communication device generates, via the SDK, a private-public key pair and stores the private key in memory. The communication device compiles, via the SDK, a credential packet include the public key and identity data associated with the user and transmits the credential packet to the relying party, whereby the relying party is registered to the SDK to request assertions of an identity of the user.

A method, system, and computer program product for identifying a malicious user obtain a plurality of service requests for a service provided by a processing system, each service request of the plurality of service requests being associated with a requesting user and a requesting system, and a plurality of service responses associated with the plurality of service requests, each service response of the plurality of service responses being associated with the processing system; and identify the requesting user as malicious based on the plurality of service requests and the plurality of service responses.

Systems and methods for controlling access to wireless gaming devices and networks are provided. For example, access is controlled through one or more levels of security checks, such as a hard security check instead of or in addition to a soft security check. In a hard security check, the user employs an apparatus such as a card or other physical token that can be used to access the wireless gaming device. Such an apparatus may communicate information that identifies the user to the device or may simply be used to produce a signal without which the device is locked to users. The apparatus may further emit a time varying signal to enhance security.

A disclosed method an analysis computer determining a rolling window associated with interaction data for interactions that occur over time. The analysis computer can retrieve interaction data for interactions occurring in the rolling window. The analysis computer can then generate pseudo interaction data based upon historical interaction data. The analysis computer can optionally embed the interaction data for the interactions occurring within the rolling window and the pseudo interaction data to form interaction data matrices. The analysis computer can then form a neural network model using the interaction data matrices, which is derived from the interaction data in the rolling window and the pseudo interaction data.