System, device, and method of generating and utilizing one-time passwords. A method generates a particular One-Time Password (OTP) string that is based on pre-defined OTP string construction rules. The particular OTP string is not a purely-random string; rather, the particular non-purely-random OTP string provides to a behavioral monitoring unit a capability to extract user-specific behavioral typing patterns from a way in which a user types characters of the particular OTP via a keyboard of an electronic device. The method sends the particular OTP string to the user; monitors the way that the user types the OTP string; extracts from the user interactions, that were performed while the user entered the OTP string, a user-specific behavioral typing characteristic; and based on that user-specific characteristic, determines whether that user is authenticated or non-authenticated, and optionally activates fraud mitigation operations or transaction blocking operations if the user is non-authenticated.

One or more computing devices, systems, and/or methods for securely verifying devices such as protected are provided. A code may be generated for a first device. A short message service (SMS) message comprising the code may be transmitted to the first device at a mobile directory number of the first device. An entry may be created to associate the code with the mobile directory number. A determination may be made as to whether a first code within a message associated with the mobile directory number matches the code within the entry. In response to a match, the message may be processed and a status of the first device may be marked as valid, otherwise, the message may be rejected.

A security authentication system for a website provides a safe login without having to directly enter an ID and a password on a user device requesting login to the website. A first user device receives one-time use authentication information from a second user device after the second user device received the one-time use authentication information from an authentication server without the authentication server receiving user login authentication information from the second user device. A request is transmitted to the authentication server based on the one-time use authentication information and the user login authentication information. In response to the request, one-time password (OTP) information is received from the authentication server. The OTP information is presented by the first user device, such that the OTP information can be entered into the second user device and used in a request to log in to the website.

The present invention relates to a method of purchasing one or more goods from a physical store through a virtual environment. The method includes obtaining one or more physical store details and one or more user details from a user device for authenticating a physical user. Further, a unique avatar indicative of a virtual user corresponding to the physical user is generated. Furthermore, the virtual environment comprising one or more virtual stores is generated from a real-time video. The virtual environment is provided to the user device. Subsequently, an optimal path for traversing the virtual user in the virtual environment is determined in real-time based on one or more shopping details and a time period associated with the one or more shopping details. Finally, the virtual user is navigated in the one or more virtual stores through the optimal path for purchasing the one or more goods.

A device can (i) operate a primary platform (PP) within a tamper resistant element (TRE) and (ii) receive encrypted firmware images for operating within the primary platform. The TRE can store in nonvolatile memory of the TRE (i) a PP static private key (SK-static.PP), (ii) a server public key (PK.IDS1), and (iii) a set of cryptographic parameters. The TRE can generate a one-time PKI key pair of SK-OT1.PP and PK-OT1.PP and send the public key PK-OT1.PP to a server. The TRE can receive a one-time public key from the server comprising PK-OT1.IDS1. The TRE can derive a ciphering key using an elliptic curve Diffie Hellman key exchange and the SK-static.PP, SK-OT1.PP, PK.IDS1, and PK-OT1.IDS1 keys. The TRE can decrypt the encrypted firmware using the derived ciphering key. The primary platform can comprise a smart secure platform (SSP) and the decrypted firmware can comprise a virtualized image for the primary platform.

There is disclosed a method of providing an authentication service, wherein: i) a plurality of authentication virtual appliances is deployed in a distributed network by way of an authentication management platform application; ii) a pool of authentication licences is allocated to the authentication management platform application, each licence comprising computer code permitting an end user to authenticate his/her identity to at least one authentication virtual appliance by way of a predetermined computer-implemented authentication protocol; and iii) the management platform application allocates, revoke and reallocate authentication licences, from the pool of authentication licences, to end users by way of a graphical user interface.

A computer-implemented method of providing payment methods for an online transaction includes: receiving an unencrypted shopper identifier credential that is associated with a specific user and is input via a checkout user interface, wherein the checkout user interface is associated with the online transaction and is displayed at a user device; in response to receiving the unencrypted shopper identifier credential, generating a first encrypted shopper identifier credential based on the unencrypted shopper identifier credential; sending a first query that includes the first encrypted shopper identifier credential to a first payment instrument manager, wherein the first query requests an indication that the first encrypted shopper identifier credential is associated with an account for the first payment instrument manager; receiving a response from the first payment instrument manager that includes the indication; and causing the checkout user interface to be modified with a selection field, wherein the selection field is associated with the first payment instrument manager.

A method for authenticating e-commerce transactions involves receiving, from a payment network computer, a first authentication request message to authenticate a transaction associated with a payment account, the first authentication request message being initiated by an issuer domain computer not implementing a 3-D Secure authorization protocol, determining that the issuer domain computer has configured, at the access control server computer, a decision function of a second portion of the 3-D Secure authorization protocol and in response thereto, transmitting, to the issuer domain computer, a decision request message and information associated with the transaction, the decision request message requesting the issuer domain computer to determine an action for authenticating the transaction based on the information associated with the transaction and one or more programmatic rules of the issuer domain computer, the transmitting occurring in lieu of the access control server computer executing the decision function at the access control server computer.

Disclosed are various embodiments for transfers using credit accounts. A request to send a specified amount of funds from a specified credit account to a recipient is received from a first client device. A transaction identifier for the request to send the specified amount of funds to the recipient is requested from the computing device. A first notification is sent to a second client device, wherein the first notification comprises the transaction identifier and the second client device is associated with the recipient. A second notification is received from the second client device that the recipient has accepted the specified amount of funds. A funds transfer is then initiated to the monetary account for the specified amount of funds.

A computing device may include a memory and a processor configured to cooperate with the memory to receive a connection lease and a token from a client device, with the token being generated responsive to the client device completing multi-factor authentication (MFA) with a provider of MFA. The processor may further verify, responsive to unavailability of the provider of MFA, that the client device has previously performed MFA based upon the token, and connect the client device to a computing session with use of the connection lease and responsive to the verification that the client device has performed MFA.