WO2025071630A1

WO2025071630A1 - Automated privacy preserving dispute resolution for biometric identification

Info

Publication number: WO2025071630A1
Application number: PCT/US2023/075649
Authority: WO
Inventors: Kim Ritter WAGNER; Sunpreet Singh ARORA
Original assignee: Visa International Service Association
Current assignee: Visa International Service Association
Priority date: 2023-09-29
Filing date: 2023-09-29
Publication date: 2025-04-03
Anticipated expiration: 2026-03-29

Abstract

Systems and methods are disclosed herein for privacy preserving e-commerce transaction dispute resolution. One example method can comprise receiving, by a biometric comparison provider (BCP), at least one data package associated with a dispute of an e-commerce transaction, the at least one data package comprising an encrypted enrollment biometric reading (EBR') and an encrypted transaction biometric reading (TBR'); comparing, by a comparison algorithm of a BCP, the TBR' and EBR' in an encrypted domain; generating, by the BCP an encrypted comparison score based on the TBR' and EBR'; and sending the encrypted comparison score to an adjudicator provider system for dispute resolution, wherein the dispute resolution is based on the encrypted comparison score.

Description

TITLE AUTOMATED PRIVACY PRESERVING DISPUTE RESOLUTION FOR BIOMETRIC

IDENTIFICATION

TECHNICAL FIELD

[0001] The present technology is directed to e-commerce transactions, transaction dispute resolution, and the privacy preservation of biometric data within these aforementioned technological contexts. In particular and without limitation this application is directed to automated privacy preserving dispute resolution for biometric identification.

SUMMARY

[0002] In one aspect, the present disclosure provides a method for privacy-preserving dispute resolution, the method comprising receiving, by a biometric comparison provider (BCP), at least one data package associated with a dispute of an e-commerce transaction, the at least one data package comprising an encrypted enrollment biometric reading (EBR’) and an encrypted transaction biometric reading (TBR’); comparing, by a comparison algorithm of a BCP, the TBR’ and EBR’ in an encrypted domain; generating, by the BCP an encrypted comparison score based on the TBR’ and EBR’; and sending the encrypted comparison score to an adjudicator provider system for dispute resolution, wherein the dispute resolution is based on the encrypted comparison score.

[0003] In several aspects, the e-commerce transaction is authorized based on a biometric reading.

[0004] In many aspects, the comparing is a homomorphic comparison.

[0005] In various aspects, the TBR’ and EBR’ are multi-layer encrypted with a BCP public key and an adjudicator public key.

[0006] In many aspects the method further comprises decrypting, by the BCP, using a BCP private key, a layer of a multi-layer encryption of each of the TBR’ and the EBR’.

[0007] In numerous aspects the method further comprises decrypting the encrypted comparison score by the adjudicator provider system using a private key of the adjudicator provider system.

[0008] In many aspects the method further comprises verifying, by the BCP, a digital signature of the BIP on the TBR’ or EBR’.

[0009] In one aspect, the present disclosure provides a privacy-preserving e-commerce dispute resolution system, the system comprising a payment processing network provider server (PPN) coupled to at least one biometric identification provider server (BIP), at least one biometric comparison provider server (BCP), or at least one adjudicator server, or combinations thereof, to receive, by the PPN, from the at least one BIP, at least one data package associated with an e-commerce transaction dispute, the at least one data package comprising an encrypted enrollment biometric reading (EBR’), and an encrypted transaction biometric reading (TBR’); authenticate the EBR’ and the TBR’; upon the authenticating, digitally sign the EBR’ and the TBR’; send, the EBR’ and the TBR’ to the at least one BCP, to generate a comparison score between the EBR’ and the TBR’, for an adjudication provider system to determine an outcome for the e-commerce transaction dispute based on the comparison score; and receive, at least one of the outcome, a directive to implement an action based on the outcome, or an outcome score from the at least one adjudicator server.

[0010] In various aspects, the TBR’ and the EBR’ are encrypted by the BIP.

[0011] In a number of aspects the TBR’ and the EBR’ are multi-layer encrypted with a BCP public key and adjudicator public key.

[0012] In several aspects the system further comprises the at least one BCP to decrypt a layer of a multi-layer encryption of each of the TBR’ and the EBR’ using a BCP private key.

[0013] In numerous aspects the at least one BIP is at least one of an e-commerce merchant, an e-commerce service, or an e-commerce platform.

[0014] In one aspect, the present disclosure provides a non-transitory computer readable medium (CRM) storing instructions that when executed perform a method, the method comprising receiving, a first biometric reading of a user in association with a user enrollment process; generating, an encrypted enrollment biometric reading (EBR’) based on the first biometric reading and an adjudicator public key; receiving, a second biometric reading associated with an e-commerce transaction potentially involving the user; generating, an encrypted transaction biometric reading (TBR’) based on the second biometric reading and the adjudicator public key; receiving, a transaction dispute regarding the e-commerce transaction; and based on receiving the transaction dispute, transmitting, at least one data package comprising at least one of the EBR’ or the TBR’ to a payment processing network provider.

[0015] In many aspects the at least one data package comprises digital signatures associated with the EBR’ and TBR’.

[0016] In numerous aspects the user enrolment process comprises storing of the EBR’ in a database, wherein the EBR’ is associated with a user of an account.

[0017] In several aspects the method further comprises storing of the TBR’ in a database.

[0018] In many aspects the receiving of the transaction dispute is from at least one of an acquirer, a cardholder, or an account associated with the e-commerce transaction.

[0019] In other aspects the method further comprises identifying the TBR’ stored in the database based on the receiving of the transaction dispute; and identifying the EBR’ stored in the database, based on at least one of an association with a user account, an association with a user, or an association with the EBR’.

[0020] In numerous aspects the method further comprises encrypting at least one of the EBR’ and the TBR’ a public key of a biometric comparison provider to generate a multi-layer EBR’ or a multi-layer TBR’.

[0021] In various aspects the method further comprises digitally signing the at least one data package with a BIP private key.

BRIEF DESCRIPTION OF THE DRAWINGS

[0022] In the description, for purposes of explanation and not limitation, specific details are set forth, such as particular aspects, procedures, techniques, etc. to provide a thorough understanding of the present technology. However, it will be apparent to one skilled in the art that the present technology may be practiced in other aspects that depart from these specific details.

[0023] The accompanying drawings, where like reference numerals refer to identical or functionally similar elements throughout the separate views, together with the detailed description below, are incorporated in and form part of the specification, and serve to further illustrate aspects of concepts that include the claimed disclosure and explain various principles and advantages of those aspects. [0024] The systems, and methods disclosed herein have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the various aspects of the present disclosure so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.

[0025] FIG. 1 illustrates a system for privacy preserving e-commerce dispute resolution according to at least one aspect of the present disclosure.

[0026] FIG. 2 illustrates a flow diagram of one aspect of a method for a privacy preserving e-commerce biometric identification dispute resolution system implemented by at least one biometric comparison provider of a dispute resolution system, according to at least one aspect of the present disclosure.

[0027] FIG. 3 illustrates a flow diagram of one aspect of a method for a privacy preserving e-commerce biometric identification dispute resolution system implemented by a payment processing network or provider, according to at least one aspect of the present disclosure.

[0028] FIG. 4 illustrates a flow diagram of one aspect of a method for a privacy preserving e-commerce biometric identification dispute resolution system implemented by at least one component of a dispute resolution system according to at least one aspect of the present disclosure.

[0029] FIG. 5 illustrates the interaction between various components of a privacy preserving e-commerce biometric identification dispute resolution system, according to at least one aspect of the present disclosure.

[0030] FIG. 6 is a block diagram of a computer apparatus with data processing subsystems or components, which a set of instructions to perform any one or more of the methodologies discussed herein may be executed, according to at least one aspect of the present disclosure.

[0031] FIG. 7 is a diagrammatic representation of an example system that includes a host machine within which a set of instructions to perform any one or more of the methodologies discussed herein may be executed, according to at least one aspect of the present disclosure.

DESCRIPTION

[0032] The following disclosure may provide exemplary systems, devices, and methods for conducting a financial transaction and related activities. Although reference may be made to such financial transactions in the examples provided below, aspects are not so limited. That is, the systems, methods, and apparatuses may be utilized for any suitable purpose.

[0033] In traditional credit or debit card-based transactions, payment systems have an advanced infrastructure in place to deal with disputed transactions, for example, when a cardholder claims that they did not authorize or undertake a transaction that appears on their statement. In these scenarios, evidence is requested from both the merchant and the cardholder to support their claims, which from the merchant’s point of view to show data that the cardholder really did perform the transaction, and from the cardholder’s perspective to provide information that they did not. If a chip card or mobile was used, the associated chip data usually plays a crucial role as evidence that the card/mobile was in a specific location or part of a transaction or not.

[0034] However in contactless or card-absent transaction, such as those where payment is authorized and /or triggered solely by biometric authentication or verification conducted on-site or in e-commerce transactions, referred to herein as commonly referred to as “identification” solutions. Such emerging solutions, e.g., as Amazon One where palm pattern and veins are used as the biometric modality, the account holder enrolls in the system by presenting a payment credential and a biometric reference (e.g., a palm print) at the same time. Both are sent to a central database, associated with one another, and stored. Then for a subsequent transaction a biometric reference is captured, a lookup is performed and the closest match among all the stored biometric references is found. If that match has a sufficiently high comparison score, the corresponding payment credential is used for payment. Hence, when paying, the account holder can simply present their biometric reference. That biometric reference is sent to the central database and as described, the corresponding payment credential retrieved and used for payment.

[0035] The issue that arises in this context is when an account holder disputes a transaction attributed to them (that is, a biometric reference was used and when looking up in the database, the closest match was their biometric reference, and hence their payment credential was used, but they contend they did not undertake or authorize the transaction). The normal dispute flow in other kinds of payment transactions is that the account holder (typically cardholder) disputes the transaction as it appears on their issuer’s monthly credit or debit card statement. In this situation, where only biometric verification data is used, as opposed to when a card or mobile was used, no chip data is available.

[0036] For biometric identification solutions the problem is that most often there is no other evidence than the biometric reference that was submitted in the first place. Here it is assumed that there is no other evidence apart from the biometric identification data collected, for example, if it existed, the merchant does not wish to submit CCTV footage of a user (also referred to herein interchangeably as “account holder”, or “card holder”) undertaking a transaction at a store or other location associated with a merchant. With this lack of supplementary evidence, some solution providers choose to store raw biometric references in databases to use for later dispute resolution and I or transaction verification. This stored raw biometric data may include, for example, raw pictures in natural light and in near-infrared light of the customer’s palm or eyes or other biometric data. While storing such data in a raw format may allow for a closer inspection and comparison with the enrolment reference, this approach has both privacy and security issues because storing this information in a database turns the storage database into a trove of valuable data for malicious actors and hackers to attempt to break into and access.

[0037] Generally, the biometric identification solution provider, who in various instances is also the merchant, provides a biometric identification solution with a very low false positive rate (so that a false identification is extremely unlikely), however this may not be sufficient to resolve the dispute on its own as a merchant or solution provider may be induced by self-interest and is not a trustworthy arbiter in the eyes of the customer I user. Given the probabilistic nature of biometric comparison, there are also some uncertainties associated with it - even though the algorithm says it’s a match, there is always a small likelihood that the biometric samples do not belong to the same person. The merchant can run the identification again, but is unlikely to receive a different result, since their algorithm and input data are the same.

[0038] The present disclosure provides systems and methods for an independent adjudication of disputes for transactions where the biometric solution provider (or the entity who controls the database of biometric references) can submit, in a secure and privacy preserving way, the enrolment biometric data and transaction biometric data to a third party, or multiple third parties, who can then, without decrypting the data, perform their own comparison of the two references and communicate the comparison scores in an encrypted form to an independent adjudicator third party (an adjudicator service, system, or server, referred to interchangeably herein as “adjudicator”), which can decrypt the comparison scores and use those scores to adjudicate the dispute.

[0039] FIG. 1 illustrates a system for privacy preserving e-commerce dispute resolution according to at least one aspect of the present disclosure. The system 100 can in several aspects comprise a client device / user device 110 to undertake transactions via a communication channel 115 with a merchant, via a biometric identification provider 120 (referred to herein as “BIP”). The BIP can in numerous aspects also be a merchant that is transacting / communicating with the customer, user, or account of user device 110, for example via a client, application, digital wallet, or browser. A payment processing network (referred to herein as “PPN”) such as Visa™ can be coupled to, in communication, or have a communication channel with the BIP 120, one or more Biometric comparison providers 123 (referred to herein as “BCP”), the client device 110, or an independent adjudicator service/system (referred to herein as “adjudicator”), or any combination thereof, and able to communicate to and between any combination or all of these entities and services. Additionally, in several aspects there are communications or communication channels 115 between the BIP 120 and the one or more BCPs 123, between the BOPs 123 and the adjudicator 130.

[0040] The connections between the various components of system 100 allow transactions and dispute resolution to occur between separate independent systems I providers / parties 110, 120,123, 125, and 130.

[0041] FIG. 2 illustrates a flow diagram of one aspect of a method for a privacy preserving e-commerce biometric identification dispute resolution system implemented by at least one biometric comparison provider of a dispute resolution system, according to at least one aspect of the present disclosure. The proceeding description of FIG. 2 is undertaken with reference to FIG. 1 , in particular using system 100 as a non-limiting example system capable of facilitating or carrying out the processes of the method 200. In several aspects, method 200 comprises receiving 205 at least one data package associated with a dispute of an e-commerce transaction comprising an encrypted enrollment biometric reading (“EBR”’) and an encrypted transaction biometric reading (“TBR”’). The enrollment biometric reading (“EBR”) is generally registered by a user of a client or application and / or with the BI P during an enrollment process. It may be associated to a user, an account, a payment method such as a specific credit card, or combinations thereof. In many aspects, this enrollment biometric reading is then encrypted to generate the EBR’, and then stored in a database, where the database belongs to or associated with the BIP. The TBR’ on the other hand is an encrypted transaction biometric reading, i.e., of a biometric reading or scan generated for or during a transaction or group of transactions, and is encrypted to generate the TBR’ to be stored for later access or retrieval, for example, for instances of disputes of the transaction. This storing of these encrypted biometric readings is an improvement over current technologies than store unencrypted data or readings for later readings.

[0042] In various aspects, receiving 205 is undertaken by a BCP such as any of BCPs 123, FIG. 1, which receives the EBR’ and /or the TBR’ from the BIP 120, FIG. 1 or from the PPN 125, FIG. 1 depending on the embodiment, the receiving may be undertaken via a communication channel 115, FIG. 1. In multiple aspects method 200 also comprises comparing 210, by a comparison algorithm of the BCP, e.g., BCP 123, FIG. 1, the TBR’ and EBR’ in an encrypted domain. This serves the function of allowing the comparing encrypted readings to be compared in their encrypted form without sharing this raw data with the BCP 123.

[0043] For example the encryption could only be decrypted by a private key not accessible to any BCP 123, FIG. 1 , but only the adjudicator 130, FIG. 1 or another party. The comparison may compare these two readings according to a similarity score or threshold and produce 2151 an outcome or generate 215 a score. The generated outcome and score, in various aspects is also encrypted in an encrypted domain because it was generated from encrypted inputs, i.e. , it is an encrypted score. Details of how this is undertaken, i.e., encryption in the encrypted domain is based on the encryption techniques disclosed in referenced U.S. application No. 16/635,909 titled “Use of biometrics and privacy preserving methods to authenticate account holders online” published on July 167, 2020 with Publication No. 2020/0228340 A1, which is hereby incorporated by reference in its entirety. Finally the encrypted comparison score is sent 220 to an adjudicator for dispute resolution.

[0044] In several aspects, the comparing 210 is done in the encrypted domain because the encryption used on the EBR’ and TBR’ is a homomorphic encryption that allows computations to be undertaken on the encrypted data without having to fully decrypt it. In several aspects multiple layers of encryption are undertaken on the data where the EBR’ and the TBR’ are multilayer encrypted, for example by an adjudicator public key for one level of encryption and via one or more BCP public keys for another layer of encryption, where each recipient party only has one private key to undo one level of encryption. In many aspects the transaction that is disputed is authorized solely via a transaction biometric reading generated for the transaction. [0045] FIG. 3 illustrates a flow diagram of one aspect of a method for a privacy preserving e-commerce biometric identification dispute resolution system implemented by a payment processing network or provider, according to at least one aspect of the present disclosure. The proceeding description of FIG. 3 is undertaken with reference to FIG. 1, in particular using system 100 as a non-limiting example system capable of facilitating or carrying out the processes of the method 300. Method 300 can comprise receiving 305, at least one data package associated with an e-commerce transaction dispute, the at least one data package comprising an encrypted enrollment biometric reading (EBR’), and an encrypted transaction biometric reading (TBR’) 305. In various aspects, the receiving could be undertaken by a PPN 125, FIG. 1, for example from a Bl P 120, FIG. 1 , in many aspects via a communication channel 115, FIG. 1. In several aspects the PPN authenticates or verifies 310 the EBR’ and the TBR’, for example as coming from a legitimate source and with the correct signatures of the specific BIP or merchant 120. Upon the authenticating, method 300 can comprise the PPN 125 digitally signing 315 the EBR’ and the TBR’ to ensure that recipients can also verify it, and then the PPN 125 can send 320 the EBR’ and TBR’ to another party, for example a BCP 123, FIG.1 , in many examples via a communication channel 115, FIG. 1.

[0046] In various aspects, after the sending 320 of the EBR’ and the TBR’ to another party, the PNN can receive 325, in several aspects from an adjudicator service or server, at least one of the outcome, a directive to implement an action based on the outcome, or an outcome score. A directive can cause the PNN to automatically undertake an action base on the adjudicator 130, FIG. 1 directive, for example to uphold or cancel the transaction. A directive can be based on an outcome produced by the adjudicator based on a comparison of the EBR’ and TBR’, or a comparison of scores produced by one or more BCPs 123 comparing the EBR’ and TBR’. An outcome score can be a score generated by the adjudicator 130 based on comparison scores from the BCPs 1232, or from comparing the EBR’ and TBR’.

[0047] FIG. 4 illustrates a flow diagram of one aspect of a method for a privacy preserving e-commerce biometric identification dispute resolution system implemented by at least one component of a dispute resolution system according to at least one aspect of the present disclosure. The proceeding description of FIG. 4 is undertaken with reference to FIG. 1, in particular using system 100 as a non-limiting example system capable of facilitating or carrying out the processes of the method 400.

[0048] In various aspects, method 400 can include receiving 405 a first biometric scan of a user in association with a user enrollment process, for example by a merchant or a Bl P 120, FIG. 1. In several aspects a BIP 120 can generate 410 an EBR’ from the biometric scan by encrypting it, for example in non-limiting aspects, by encrypting it with a public key of a third party such as an adjudicator 130, FIG. 1. Method 400 can also optionally include storing the first biometric scan after encrypting it to generate the EBR’, storing it as an EBR’. In several aspects, method 400 also includes receiving 415, by the receiving party, for example the BI P 120 a second biometric scan associated with an e-commerce transaction where the transaction potentially involves the user or an account associated with the user. Instead of storing the second biometric reading into a database as raw data. The second biometric reading is encrypted to generate 420 a TBR’, this could in various aspects be one by using the adjudicator key, a BCP public key, a BIP public key, or any other public key of any party.

[0049] Method 400 can include a receiving 425, for example by a BIP 120, a dispute of a transaction from a user, a client, and a user account or user device 110. The method 400 can also include creating at least one data package containing the EBR’ and TBR’ and transmitting and / or sending 430 the at least one data package comprising at least one of the EBR’ or the TBR’ to another entity, server or a PPN 125. In various aspects, multiple data packages may be used to send 430 the EBR’ and TBR’ individually or in combination.

[0050] FIG. 5 illustrates the interaction between various components of a privacy preserving e-commerce biometric identification dispute resolution system, according to at least one aspect of the present disclosure. The proceeding description of FIG. 5 is undertaken with reference to FIG. 1 , in particular using system 100 as a non-limiting example system capable of facilitating or carrying out the processes of the system 500. In several aspects the system 500 comprises a BIP 501 that can correspond to BIP 120, FIG. 1 , and a PPN 502 that can correspond with PPN 125, FIG. 1 a BCP 503 that can correspond to at least one of the BCPs 123, FIG. 1, and an adjudicator 504 that can correspond to the adjudicator 130, FIG. 1.

[0051] In various aspects, a cardholder or account holder (interchangeably referred to as “user” herein) registers 505 their biometric data, this registration 505 could be as part of an enrollment process, where as part of this process or separately, the BI P 501 can store 506 the enrollment biometric data (“EBR”). In various aspects, the enrollment biometric reading is stored but also encrypted at this stage top generate an EBR’, depending on the aspect the EBR can be stored in its original or raw format or as an encrypted EBR’. In multiple aspects, a transaction occurs, where transaction biometric data / a transaction biometric reading (“TBR”) is generated or received 507 from the user, which can then be stored 508 by the BI P 501 into the same or another database as the EBR. In many aspects this TBR is first encrypted generating a TBR’ and stored 508 in an encrypted form TBR’.

[0052] The Bl P 501 can receive 509 a dispute from a user for a recent transaction undertaken using at least one of their account, account credentials, card, other payment method or a combination thereof. In several aspects, the dispute can be initiated by the card issuer or issuer of the payment method used for the transaction, and this issuer contacts a payment system or network about the transaction on behalf of the user, whereupon the payment system contacts an acquirer about the transaction dispute, and the acquirer contacts the merchant or BIP 501 about the transaction dispute. If the merchant and BI P are separate entities, the merchant contacts the BIP 501 about the transaction dispute.

[0053] In several aspects, the BIP 501 , upon receiving a transaction dispute finds 510 the transaction biometric reading TBR which was created by or at the time of the transaction, and that may be stored in a database, and in many aspects also finds 510 the biometric enrolment reading EBR or their encrypted versions the TBR’ and the EBR’ if they were encrypted prior to storage in a database. In many aspects the TBR/TBR’ and EBR/EBR’ (EBR/EBR7EBR” and TBR/TBR7TBR” are all collectively referred to as “biometric data”) are located based on account credentials and / or transaction information, for example via a look up function. In numerous aspects the BI P 501 can encrypt 511 TBR and EBR individually with the Adjudicator 504 public key Pb_Adj, yielding TBR’ and EBR’. In several aspects this process 509 whether this is after the finding 510 or prior to the storing 506/508 the biometric data. In several aspects the BIP 501 further encrypts 512 both the biometric data with each of the BCPs’ 123/ 503 public keys: Encr{TBR’, Pb_BCP_i}, Enc{EBR’, Pb_BCP_i}, for each BCP (i=1, 2, ...) to generate at least one multi-layer encrypted biometric data or a data package that can comprise EBR’ and TBR’. This multi-layer encrypted data package can be referred to herein as EBR7TBR”.

[0054] In several aspects, while the EBR’ and TBR’ are identical for each BCP, both encrypted by the adjudicator key on a first level, the data package that is eventually sent to each BCP is multilayer encrypted (i.e., is further encrypted with a public key for that particular recipient BCP). So in these aspects, the data package is multi-layer encrypted, this multi-layer encryption comprising the underlying EBR and TBR being encrypted by the adjudicator key to produce EBR’ and TBR’, while the outer layer of EBR’ and TBR’ is encrypted by the BCP public key as described herein to generate a data package EBR7TBR” that includes underlying EBR’ and TBR’.

[0055] In numerous aspects the multi-layered encrypted EBR7TBR” data package that is encrypted with both an adjudicator public key and a public key of a BCP 123, 503 generates at least two layers of encryption that must be decrypted by several private keys to be completely decrypted and accessible. In several aspects, the BIP 501 will use the public key of each BCP 123, 503 that will evaluate the data package I biometric data, and create a set of biometric data multi-layer encrypted with the public key of that specific BCP 123, 503 for each BCP 123, 503. In some aspects the EBR’ and TBR’ are individually encrypted by the public key of a recipient BCP 123, 503.

[0056] In several aspects, the BIP 501 sends 513 the TBR’ and EBR’ or EBR7TBR” to at least one of a PPN 205 or one or more BCPs 503, for example by generating a data package comprising the biometric readings in their encrypted forms and sending 513 them to one or more BCPs 503, with each data package containing EBR’ and TBR’ encrypted with a public key of the receiving BCP 503 in addition to the public key of the adjudicator 504 and / or sending 513 them to a PPN 502. In several aspects, the BIP 501 first digitally signs 513 the EBR’ and TBR’ or a data package containing the EBR’ and TBR’ prior to sending 513 it to prove the origin of the message. In some aspects sending 513 is done without digitally signing the biometric data. In several aspects one layer of encryption is applied to EBR and TBR before storage 506, 508 by the BI P, while in other aspects two layers of encryption are applied prior to storing 506, 508 the EBR7TBR” in the database.

[0057] In many aspects, a PNN 502 receives 514 the data package containing the EBR’ and the TBR’, authenticating or verifying 515 the EBR’ and the TBR’ based on the digital signature, to ensure it comes from a legitimate source or approved BIP 501 , then the PPN 502 can continue by determining 516 which BCP 503, if there are multiple, the data package should be transmitted to, and sending 518 the data package or EBR’ and TBR’ to the intended BCP 503. In various aspects each data package (or EBR’ / TBR’) includes an identifier, metadata or a signature identifying the intended BCP. In many aspects the PPN 502 must first verify 517 that the BCP 503 is approved by the PPN 502 before sending 519 the data package to the BCP 503. The PPN 502 may for example use a whitelist and a blacklist for approved and unapproved/ barred BCPs 503/ BCP providers 503, respectively to verify 517. If the intended BCP 503 is not in the white list for example, or is in the black list, the PPN 502 may reject the request to send the data package or the biometric readings to that BCP 503 and can notify the BI P 501 of its decision.

[0058] In many aspects, a BCP 503 receives 520 the data package EBR’TTBR” containing the EBR’ and the TBR’ from the PNN 502 and / or from the BIP 501. In numerous aspects, each BCP 503 uses their private key Pv_BCP_i to decrypt 521 the outer encryption of EBR7TBR” to yield TBR’ and EBR’, wherein TBR’ and EBR’ are still encrypted, with the public key of the Adjudicator 504. In numerous aspects if the messages / data packages from the BIP 501 were digitally signed 513, 518 by the BIP 501 , or the PPN 502, respectively, the BCPs 503 can use the public key Pb_BIP of the biometric identification provider 501 or PB_PPN of the PPN 502 to verify 521 the signature of the BI P 501 and I or the PPN 502.

[0059] Each BCP 503 that received biometric data from a BIP 501 or PPN 502 regarding the disputed transaction uses their comparison algorithm (which in many aspects is proprietary to each BCP 503) to compare 523 TBR’ and EBR’ in an encrypted domain. The comparison 523 will generate in several aspects, a comparison score C’_i which is encrypted with the adjudicator’s public key. Then the BCP can sign their generated comparison score, for example, with a BCP private key, yielding a signed comparison score Sign{C’_i, Pv_BCP_i} and sends the result to the adjudicator 504.

[0060] The adjudicator 504 receives 526 the signed comparison score from one or more of the BCP 503. The adjudicator validates 527 the signature with the BCP’s 503 public key, Pb_BCP_i and decrypts 528 the comparison score C’J, yielding C_i, a plaintext comparison score. The adjudicator does this for each BCP involved in this dispute resolution. The adjudicator can apply 529 a comparison criteria to a collection of received comparison scores, or to at least one comparison score to settle the dispute. For example, a criterion could be that each of the comparison scores is above a certain threshold. In some aspects the comparison scores sent 525 by the BCP 503 are normalized, to make threshold criteria easier to design.

[0061] Finally, the adjudicator 504 after generating an outcome, result, directive or score by the application 529 of its comparison criteria to the comparison score, sends 530 at least one of an outcome of the comparison criteria, a directive or raw outcome score(s) to the PPN 502 (which in turn can forward it to the BI P 501) and/ or the BI P 501, wherein the PPN 5031 BI P 501 receive 531 the score, outcome, result or directive and can act on it to enforce a resolution of the dispute or notify a merchant and /or user of the dispute outcome, such as by sending a notification to a user device 110. [0062] FIG.6 is a block diagram of a computer apparatus 3000 with data processing subsystems or components, according to at least one aspect of the present disclosure. The subsystems shown in FIG. 6 are interconnected via a system bus 3010. Additional subsystems such as a printer 3018, keyboard 3026, fixed disk 3028 (or other memory comprising computer readable media), monitor 3022, which is coupled to a display adapter 3020, and others are shown. Peripherals and input/output (I/O) devices, which couple to an I/O controller 3012 (which can be a processor or other suitable controller), can be connected to the computer system by any number of means known in the art, such as a serial port 3024. For example, the serial port 3024 or external interface 3030 can be used to connect the computer apparatus to a wide area network such as the Internet, a mouse input device, or a scanner. The interconnection via system bus allows the central processor 3016 to communicate with each subsystem and to control the execution of instructions from system memory 3014 or the fixed disk 3028, as well as the exchange of information between subsystems. The system memory 3014 and/or the fixed disk 3028 may embody a computer readable medium.

[0063] FIG. 7 is a diagrammatic representation of an example system 4000 that includes a host machine 4002 within which a set of instructions to perform any one or more of the methodologies discussed herein may be executed, according to at least one aspect of the present disclosure. In various aspects, the host machine 4002 operates as a standalone device or may be connected (e.g., networked) to other machines. In a networked deployment, the host machine 4002 may operate in the capacity of a server or a client machine in a server-client network environment, or as a peer machine in a peer-to-peer (or distributed) network environment. The host machine 3002 may be a computer or computing device, a personal computer (PC), a tablet PC, a set-top box (STB), a personal digital assistant (PDA), a cellular telephone, a portable music player (e.g., a portable hard drive audio device such as an Moving Picture Experts Group Audio Layer 3 (MP3) player), a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single machine is illustrated, the term “machine” shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.

[0064] The example system 4000 includes the host machine 4002, running a host operating system (OS) 4004 on a processor or multiple processor(s)/processor core(s) 4006 (e.g., a central processing unit (CPU), a graphics processing unit (GPU), or both), and various memory nodes 4008. The host OS 4004 may include a hypervisor 4010 which is able to control the functions and/or communicate with a virtual machine (“VM”) 4012 running on machine readable media. The VM 4012 also may include a virtual CPU or vCPU 4014. The memory nodes 4008 may be linked or pinned to virtual memory nodes or vNodes 4016. When the memory node 4008 is linked or pinned to a corresponding vNode 4016, then data may be mapped directly from the memory nodes 4008 to their corresponding vNodes 4016.

[0065] All the various components shown in host machine 4002 may be connected with and to each other, or communicate to each other via a bus (not shown) or via other coupling or communication channels or mechanisms. The host machine 4002 may further include a video display, audio device or other peripherals 4018 (e.g., a liquid crystal display (LCD), alphanumeric input device(s) including, e.g., a keyboard, a cursor control device, e.g., a mouse, a voice recognition or biometric verification unit, an external drive, a signal generation device, e.g., a speaker,) a persistent storage device 4020 (also referred to as disk drive unit), and a network interface device 4022. The host machine 4002 may further include a data encryption module (not shown) to encrypt data. The components provided in the host machine 4002 are those typically found in computer systems that may be suitable for use with aspects of the present disclosure and are intended to represent a broad category of such computer components that are known in the art. Thus, the system 4000 can be a server, minicomputer, mainframe computer, or any other computer system. The computer may also include different bus configurations, networked platforms, multi-processor platforms, and the like. Various operating systems may be used including UNIX, LINUX, WINDOWS, QNX ANDROID, IOS, CHROME, TIZEN, and other suitable operating systems.

[0066] The disk drive unit 4024 also may be a Solid-state Drive (SSD), a hard disk drive (HDD) or other includes a computer or machine-readable medium on which is stored one or more sets of instructions and data structures (e.g., data/instructions 4026) embodying or utilizing any one or more of the methodologies or functions described herein. The data/instructions 4026 also may reside, completely or at least partially, within the main memory node 4008 and/or within the processor(s) 4006 during execution thereof by the host machine 4002. The data/instructions 4026 may further be transmitted or received over a network 4028 via the network interface device 4022 utilizing any one of several well-known transfer protocols (e.g., Hyper Text Transfer Protocol (HTTP)).

[0067] The processor(s) 4006 and memory nodes 4008 also may comprise machine- readable media. The term "computer-readable medium" or “machine-readable medium” should be taken to include a single medium or multiple medium (e.g., a centralized or distributed database and/or associated caches and servers) that store the one or more sets of instructions. The term "computer-readable medium" shall also be taken to include any medium that is capable of storing, encoding, or carrying a set of instructions for execution by the host machine 4002 and that causes the host machine 4002 to perform any one or more of the methodologies of the present application, or that is capable of storing, encoding, or carrying data structures utilized by or associated with such a set of instructions. The term “computer-readable medium” shall accordingly be taken to include, but not be limited to, solid-state memories, optical and magnetic media, and carrier wave signals. Such media may also include, without limitation, hard disks, floppy disks, flash memory cards, digital video disks, random access memory (RAM), read only memory (ROM), and the like. The example aspects described herein may be implemented in an operating environment comprising software installed on a computer, in hardware, or in a combination of software and hardware.

[0068] One skilled in the art will recognize that Internet service may be configured to provide Internet access to one or more computing devices that are coupled to the Internet service, and that the computing devices may include one or more processors, buses, memory devices, display devices, input/output devices, and the like. Furthermore, those skilled in the art may appreciate that the Internet service may be coupled to one or more databases, repositories, servers, and the like, which may be utilized to implement any of the various aspects of the disclosure as described herein.

[0069] The computer program instructions also may be loaded onto a computer, a server, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.

[0070] Suitable networks may include or interface with any one or more of, for instance, a local intranet, a PAN (Personal Area Network), a LAN (Local Area Network), a WAN (Wide Area Network), a MAN (Metropolitan Area Network), a virtual private network (VPN), a storage area network (SAN), a frame relay connection, an Advanced Intelligent Network (AIN) connection, a synchronous optical network (SONET) connection, a digital T1 , T3, E1 or E3 line, Digital Data Service (DDS) connection, DSL (Digital Subscriber Line) connection, an Ethernet connection, an ISDN (Integrated Services Digital Network) line, a dial-up port such as a V.90, V.34 or V.34bis analog modem connection, a cable modem, an ATM (Asynchronous Transfer Mode) connection, or an FDDI (Fiber Distributed Data Interface) or CDDI (Copper Distributed Data Interface) connection. Furthermore, communications may also include links to any of a variety of wireless networks, including WAP (Wireless Application Protocol), GPRS (General Packet Radio Service), GSM (Global System for Mobile Communication), CDMA (Code Division Multiple Access) or TDMA (Time Division Multiple Access), cellular phone networks, GPS (Global Positioning System), CDPD (cellular digital packet data), RIM (Research in Motion, Limited) duplex paging network, Bluetooth radio, or an IEEE 802.11 -based radio frequency network. The network 4030 can further include or interface with any one or more of an RS-232 serial connection, an IEEE-1394 (Firewire) connection, a Fiber Channel connection, an IrDA (infrared) port, a SCSI (Small Computer Systems Interface) connection, a USB (Universal Serial Bus) connection or other wired or wireless, digital or analog interface or connection, mesh or Digi® networking.

[0071] In general, a cloud-based computing environment is a resource that typically combines the computational power of a large grouping of processors (such as within web servers) and/or that combines the storage capacity of a large grouping of computer memories or storage devices. Systems that provide cloud-based resources may be utilized exclusively by their owners or such systems may be accessible to outside users who deploy applications within the computing infrastructure to obtain the benefit of large computational or storage resources.

[0072] The cloud is formed, for example, by a network of web servers that comprise a plurality of computing devices, such as the host machine 4002, with each server 4030 (or at least a plurality thereof) providing processor and/or storage resources. These servers manage workloads provided by multiple users (e.g., cloud resource customers or other users). Typically, each user places workload demands upon the cloud that vary in real-time, sometimes dramatically. The nature and extent of these variations typically depends on the type of business associated with the user.

[0073] It is noteworthy that any hardware platform suitable for performing the processing described herein is suitable for use with the technology. The terms “computer-readable storage medium” and “computer-readable storage media” as used herein refer to any medium or media that participate in providing instructions to a CPU for execution. Such media can take many forms, including, but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media include, for example, optical or magnetic disks, such as a fixed disk. Volatile media include dynamic memory, such as system RAM. Transmission media include coaxial cables, copper wire and fiber optics, among others, including the wires that comprise one aspect of a bus. Transmission media can also take the form of acoustic or light waves, such as those generated during radio frequency (RF) and infrared (IR) data communications. Common forms of computer-readable media include, for example, a flexible disk, a hard disk, magnetic tape, any other magnetic medium, a CD-ROM disk, digital video disk (DVD), any other optical medium, any other physical medium with patterns of marks or holes, a RAM, a PROM, an EPROM, an EEPROM, a FLASH EPROM, any other memory chip or data exchange adapter, a carrier wave, or any other medium from which a computer can read.

[0074] Various forms of computer-readable media may be involved in carrying one or more sequences of one or more instructions to a CPU for execution. A bus carries the data to system RAM, from which a CPU retrieves and executes the instructions. The instructions received by system RAM can optionally be stored on a fixed disk either before or after execution by a CPU.

[0075] Computer program code for carrying out operations for aspects of the present technology may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++, or the like and conventional procedural programming languages, such as the "C" programming language, Go, Python, or other programming languages, including assembly languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a standalone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).

[0076] Examples of the method according to various aspects of the present disclosure are provided below in the following numbered clauses. An aspect of the method may include any one or more than one, and any combination of, the numbered clauses described below.

[0077] Clause 1. A method for privacy-preserving dispute resolution, the method comprising receiving, by a biometric comparison provider (BCP), at least one data package associated with a dispute of an e-commerce transaction, the at least one data package comprising an encrypted enrollment biometric reading (EBR’) and an encrypted transaction biometric reading (TBR’); comparing, by a comparison algorithm of a BCP, the TBR’ and EBR’ in an encrypted domain; generating, by the BCP an encrypted comparison score based on the TBR’ and EBR’; and sending the encrypted comparison score to an adjudicator provider system for dispute resolution, wherein the dispute resolution is based on the encrypted comparison score.

[0078] Clause 2. The method of Clause 1 , wherein the e-commerce transaction is authorized based on a biometric reading.

[0079] Clause 3. The method of Clause 1 , wherein the comparing is a homomorphic comparison.

[0080] Clause 4. The method of Clause 1 wherein the TBR’ and EBR’ are multi-layer encrypted with a BCP public key and an adjudicator public key.

[0081] Clause 5. The method of Clause 3, further comprising decrypting, by the BCP, using a BCP private key, a layer of a multi-layer encryption of each of the TBR’ and the EBR’.

[0082] Clause 6. The method of Clause 1 further comprising decrypting the encrypted comparison score by the adjudicator provider system using a private key of the adjudicator provider system.

[0083] Clause 7. The method of Clause 1 further comprising verifying, by the BCP, a digital signature of the BIP on the TBR’ or EBR’.

[0084] Clause 8. A privacy-preserving e-commerce dispute resolution system, the system comprising a payment processing network provider server (PPN) coupled to at least one biometric identification provider server (BIP), at least one biometric comparison provider server (BCP), or at least one adjudicator server, or combinations thereof, to receive, by the PPN, from the at least one BIP, at least one data package associated with an e-commerce transaction dispute, the at least one data package comprising an encrypted enrollment biometric reading (EBR’), and an encrypted transaction biometric reading (TBR’); authenticate the EBR’ and the TBR’; upon the authenticating, digitally sign the EBR’ and the TBR’; send, the EBR’ and the TBR’ to the at least one BCP, to generate a comparison score between the EBR’ and the TBR’, for an adjudication provider system to determine an outcome for the e-commerce transaction dispute based on the comparison score; and receive, at least one of the outcome, a directive to implement an action based on the outcome, or an outcome score from the at least one adjudicator server. [0085] Clause 9. The system of Clause 8 wherein the TBR’ and the EBR’ are encrypted by the BI P.

[0086] Clause 10. The system of Clause 8 wherein the TBR’ and the EBR’ are multi-layer encrypted with a BCP public key and adjudicator public key.

[0087]

[0088] Clause 11 . The system of Clause 8, further comprising the at least one BCP to decrypt a layer of a multi-layer encryption of each of the TBR’ and the EBR’ using a BCP private key.

[0089] Clause 12. The system of Clause 8, wherein the at least one BIP is at least one of an e-commerce merchant, an e-commerce service, or an e-commerce platform.

[0090] Clause 13. A non-transitory computer readable medium (CRM) storing instructions that when executed perform a method, the method comprising receiving, a first biometric reading of a user in association with a user enrollment process; generating, an encrypted enrollment biometric reading (EBR’) based on the first biometric reading and an adjudicator public key; receiving, a second biometric reading associated with an e-commerce transaction potentially involving the user; generating, an encrypted transaction biometric reading (TBR’) based on the second biometric reading and the adjudicator public key; receiving, a transaction dispute regarding the e-commerce transaction; and based on receiving the transaction dispute, transmitting, at least one data package comprising at least one of the EBR’ or the TBR’ to a payment processing network provider.

[0091] Clause 14. The CRM of Clause 13, wherein the at least one data package comprises digital signatures associated with the EBR’ and TBR’.

[0092] Clause 15. The CRM of Clause 13, wherein the user enrolment process comprises storing of the EBR’ in a database, wherein the EBR’ is associated with a user of an account.

[0093] Clause 16. The CRM of Clause 13, wherein the method further comprises storing of the TBR’ in a database.

[0094] Clause 17. The CRM of Clause 13, wherein receiving of the transaction dispute is from at least one of an acquirer, a cardholder, or an account associated with the e-commerce transaction.

[0095] Clause 18. The CRM of Clause 16, wherein the method further comprises identifying the TBR’ stored in the database based on the receiving of the transaction dispute; and identifying the EBR’ stored in the database, based on at least one of an association with a user account, an association with a user, or an association with the EBR’.

[0096] Clause 19. The CRM of Clause 13, wherein the method further comprises encrypting at least one of the EBR’ and the TBR’ a public key of a biometric comparison provider to generate a multi-layer EBR’ or a multi-layer TBR’.

[0097] Clause 20. The CRM of Clause 13, wherein the method further comprises digitally signing the at least one data package with a BIP private key.

[0098] “Account credentials” may include any information that identifies an account and allows a payment processor to verify that a device, person, or entity has permission to access the account. For example, account credentials may include an account identifier (e.g., a PAN), a token (e.g., account identifier substitute), an expiration date, a cryptogram, a verification value (e.g., card verification value (CVV)), personal information associated with an account (e.g., address, etc.), an account alias, or any combination thereof. Account credentials may be static or dynamic such that they change over time. Further, in some embodiments or aspects, the account credentials may include information that is both static and dynamic. For example, an account identifier and expiration date may be static but a cryptogram may be dynamic and change for each transaction. Further, in some embodiments or aspects, some or all of the account credentials may be stored in a secure memory of a user device. The secure memory of the user device may be configured such that the data stored in the secure memory may not be directly accessible by outside applications and a payment application associated with the secure memory may be accessed to obtain the credentials stored on the secure memory. Accordingly, a mobile application may interface with a payment application in order to gain access to payment credentials stored on the secure memory.

[0099] The term “account data,” as used herein, refers to any data concerning one or more accounts for one or more users. Account data may include, for example, one or more account identifiers, user identifiers, transaction histories, balances, credit limits, issuer institution identifiers, and/or the like. [0100] The term “acquirer” typically is a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant or other entity. Some entities can perform both issuer and acquirer functions. Some embodiments or aspects may encompass such single entity issuer-acquirers. An acquirer may operate an acquirer computer, which can also be generically referred to as a “transport computer”.

[0101] As used herein, the term “acquirer system” may also refer to one or more computer systems, computer devices, and/or the like operated by or on behalf of an acquirer. The transactions the acquirer may originate may include payment transactions (e.g., purchases, original credit transactions (OCTs), account funding transactions (AFTs), and/or the like). In some non-limiting embodiments or aspects, the acquirer may be authorized by the transaction service provider to assign merchant or service providers to originate transactions using a portable financial device of the transaction service provider. The acquirer may contract with payment facilitators to enable the payment facilitators to sponsor merchants. The acquirer may monitor compliance of the payment facilitators in accordance with regulations of the transaction service provider. The acquirer may conduct due diligence of the payment facilitators and ensure proper due diligence occurs before signing a sponsored merchant. The acquirer may be liable for all transaction service provider programs that the acquirer operates or sponsors. The acquirer may be responsible for the acts of the acquirer's payment facilitators, merchants that are sponsored by an acquirer's payment facilitator, and/or the like. In some non-limiting embodiments or aspects, an acquirer may be a financial institution, such as a bank.

[0102] An “application” may include any software module configured to perform a specific function or functions when executed by a processor of a computer. For example, a “mobile application” may include a software module that is configured to be operated by a mobile device. Applications may be configured to perform many different functions. For instance, a “payment application” may include a software module that is configured to store and provide account credentials for a transaction. A “wallet application” may include a software module with similar functionality to a payment application that has multiple accounts provisioned or enrolled such that they are usable through the wallet application. Further, an “application” or “application program interface” (API) refers to computer code or other data sorted on a computer-readable medium that may be executed by a processor to facilitate the interaction between software components, such as a client-side front-end and/or server-side back-end for receiving data from the client. An “interface” refers to a generated display, such as one or more graphical user interfaces (GUIs) with which a user may interact, either directly or indirectly (e.g., through a keyboard, mouse, touchscreen, etc.).

[0103] “Authentication” is a process by which the credential of an endpoint (including but not limited to applications, people, devices, process, and systems) can be verified to ensure that the endpoint is who they are declared to be.

[0104] The terms “client device” and “user device” refer to any electronic device that is configured to communicate with one or more servers or remote devices and/or systems. A client device or a user device may include a mobile device, a network-enabled appliance (e.g., a network-enabled television, refrigerator, thermostat, and/or the like), a computer, a POS system, and/or any other device or system capable of communicating with a network. A client device may further include a desktop computer, laptop computer, mobile computer (e.g., smartphone), a wearable computer (e.g., a watch, pair of glasses, lens, clothing, and/or the like), a cellular phone, a network-enabled appliance (e.g., a network-enabled television, refrigerator, thermostat, and/or the like), a point of sale (POS) system, and/or any other device, system, and/or software application configured to communicate with a remote device or system.

[0105] As used herein, the term “communication” and “communicate” may refer to the reception, receipt, transmission, transfer, provision, and/or the like of information (e.g., data, signals, messages, instructions, calls, commands, and/or the like). A communication may use a direct or indirect connection and may be wired and/or wireless in nature. As an example, for one unit (e.g., a device, a system, a component of a device or system, combinations thereof, and/or the like) to communicate with another unit means that the one unit is able to directly or indirectly receive information from and/or transmit information to the other unit. The one unit may communicate with the other unit even though the information may be modified, processed, relayed, and/or routed between the one unit and the other unit. In one example, a first unit may communicate with a second unit even though the first unit receives information and does not communicate information to the second unit. For example, a first unit may be in communication with a second unit even though the first unit passively receives data and does not actively transmit data to the second unit. As another example, a first unit may communicate with a second unit if an intermediary unit (e.g., a third unit located between the first unit and the second unit) receives information from the first unit, processes the information received from the first unit to produce processed information, and communicates the processed information to the second unit. In some non-limiting embodiments or aspects, a message may refer to a packet (e.g., a data packet, a network packet, and/or the like) that includes data. It will be appreciated that numerous other arrangements are possible.

[0106] A “communication channel” may refer to any suitable path for communication between two or more entities. Suitable communications channels may be present directly between two entities such as a payment processing network and a merchant or issuer computer, or may include a number of different entities. Any suitable communications protocols may be used for generating a communications channel. A communication channel may in some instances comprise a “secure communication channel” or a “tunnel,” either of which may be established in any known manner, including the use of mutual authentication and a session key and establishment of a secure communications session. However, any method of creating a secure communication channel may be used, and communication channels may be wired or wireless, as well as long-range, short-range, or medium-range. By establishing a secure channel, sensitive information related to a payment device (such as account number, CW values, expiration dates, etc.) may be securely transmitted between the two entities to facilitate a transaction

[0107] As used herein, the term “comprising” is not intended to be limiting, but may be a transitional term synonymous with “including,” “containing,” or “characterized by.” The term “comprising” may thereby be inclusive or open-ended and does not exclude additional, unrecited elements or method steps when used in a claim. For instance, in describing a method, “comprising” indicates that the claim is open-ended and allows for additional steps. In describing a device, “comprising” may mean that a named element(s) may be essential for an embodiment or aspect, but other elements may be added and still form a construct within the scope of a claim. In contrast, the transitional phrase “consisting of” excludes any element, step, or ingredient not specified in a claim. This is consistent with the use of the term throughout the specification.

[0108] As used herein, the term “computing device” or “computer device” may refer to one or more electronic devices that are configured to directly or indirectly communicate with or over one or more networks. A computing device may be a mobile device, a desktop computer, and/or the like. As an example, a mobile device may include a cellular phone (e.g., a smartphone or standard cellular phone), a portable computer, a wearable device (e.g., watches, glasses, lenses, clothing, and/or the like), a personal digital assistant (PDA), and/or other like devices. The computing device may not be a mobile device, such as a desktop computer. Furthermore, the term “computer” may refer to any computing device that includes the necessary components to send, receive, process, and/or output data, and normally includes a display device, a processor, a memory, an input device, a network interface, and/or the like.

[0109] Reference to “a device,” “a server,” “a processor,” and/or the like, as used herein, may refer to a previously-recited device, server, or processor that is recited as performing a previous step or function, a different server or processor, and/or a combination of servers and/or processors. For example, as used in the specification and the claims, a first server or a first processor that is recited as performing a first step or a first function may refer to the same or different server or the same or different processor recited as performing a second step or a second function.

[0110] As used herein, an “electronic wallet,” “digital wallet” or “mobile wallet” can store user profile information, payment information (including tokens), bank account information, and/or the like and can be used in a variety of transactions, such as but not limited to eCommerce, social networks, money transfer/personal payments, mobile commerce, proximity payments, gaming, and/or the like for retail purchases, digital goods purchases, utility payments, purchasing games or gaming credits from gaming websites, transferring funds between users, and/or the like. As used herein, the terms “electronic wallet,” “digital wallet” or “mobile wallet” may include an entity that provides and/or maintains an electronic wallet and/or an electronic wallet mobile application for a user (e.g., a customer). Examples of an electronic wallet provider include, but are not limited to, Google Wallet™, Android Pay®, Apple Pay®, and Samsung Pay®, and/or other like electronic payment systems. In some non-limiting examples, a financial institution (e.g., an issuer institution) may be an electronic wallet provider. As used herein, the term “electronic wallet provider system” may refer to one or more computer systems, computer devices, servers, groups of servers, and/or the like operated by or on behalf of an electronic wallet provider.

[0111] A “key” may refer to a piece of information that is used in a cryptographic algorithm to transform input data into another representation. An exemplary encryption key may include a master derivation key (MDK) which may be used to generate a limited use key (LUK) that is provided to a computer device of a user. An LUK can be an encryption key that is intended for limited use (e.g., a limited number of transactions or a limited time period) and is not intended to be used for the lifetime of an account. Further details regarding LUKs can be found in U.S. Published Patent Application No. 2015/0180836, which is herein incorporated by reference in its entirety and is assigned to the same assignee as the present application. The MDK may be used to generate and provision the token, as well as, authenticate the token when used in authorization processing by validating static and variable transaction data.

[0112] As used herein, the term “merchant” may refer to one or more individuals or entities (e.g., operators of retail businesses that provide goods and/or services, and/or access to goods and/or services, to a user (e.g., a customer, a consumer, a customer of the merchant, and/or the like) based on a transaction (e.g., a payment transaction)). As used herein “merchant system” may refer to one or more computer systems operated by or on behalf of a merchant, such as a server computer executing one or more software applications.

[0113] A “merchant application” may include any application associated with a relying party to a transaction. For example, a merchant mobile application may be associated with a particular merchant or may be associated with a number of different merchants. In some embodiments or aspects, the merchant mobile application may store information identifying a particular merchant server computer that is configured to provide a sales environment in which the merchant server computer is capable of processing remote transactions initiated by the merchant application. Further, the merchant mobile application may also include a general purpose browser or other software designed to interact with one or more merchant server computers. In some cases, the merchant mobile application may be installed in the general purpose memory of a user device and thus, may be susceptible to malicious attacks.

[0114] As used herein, an “e-commerce transaction” can include an online sale, trade or purchase, or combinations thereof, and can be the purchase of a digital or physical item or service from an online marketplace, merchant or service, and can be undertaken via a network, such as the Internet.

[0115] As used herein, a “payment account” (which may be associated with one or more payment devices) may refer to any suitable payment account including a credit card account, a checking account, or a prepaid account.

[0116] A “payment processing network” may refer to a system that receives accumulated transaction information from the gateway processing service, typically at a fixed time each day, and performs a settlement process. Settlement may involve posting the transactions to the accounts associated with the payment devices used for the transactions and calculating the net debit or credit position of each user of the payment devices. An exemplary payment processing network is Interlink®. [0117] As used herein, the term “server” may include one or more computing devices which can be individual, stand-alone machines located at the same or different locations, may be owned or operated by the same or different entities, and may further be one or more clusters of distributed computers or “virtual” machines housed within a datacenter. It should be understood and appreciated by a person of skill in the art that functions performed by one “server” can be spread across multiple disparate computing devices for various reasons. As used herein, a “server” is intended to refer to all such scenarios and should not be construed or limited to one specific configuration. Further, a server as described herein may, but need not, reside at (or be operated by) a merchant, a payment network, a financial institution, a healthcare provider, a social media provider, a government agency, or agents of any of the aforementioned entities. The term “server” may also refer to or include one or more processors or computers, storage devices, or similar computer arrangements that are operated by or facilitate communication and processing for multiple parties in a network environment, such as the Internet, although it will be appreciated that communication may be facilitated over one or more public or private network environments and that various other arrangements are possible. Further, multiple computers, e.g., servers, or other computerized devices, e.g., point-of-sale devices, directly or indirectly communicating in the network environment may constitute a “system,” such as a merchant's point-of-sale system. Reference to “a server” or “a processor,” as used herein, may refer to a previously-recited server and/or processor that are recited as performing a previous step or function, a different server and/or processor, and/or a combination of servers and/or processors. For example, as used in the specification and the claims, a first server and/or a first processor that is recited as performing a first step or function may refer to the same or different server and/or a processor recited as performing a second step or function.

[0118] A “server computer” may typically be a powerful computer or cluster of computers. For example, the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. The server computer may be associated with an entity such as a payment processing network, a wallet provider, a merchant, an authentication cloud, an acquirer or an issuer. In one example, the server computer may be a database server coupled to a Web server. The server computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers. The server computer may comprise one or more computational apparatuses and may use any of a variety of computing structures, arrangements, and compilations for servicing the requests from one or more client computers. In some embodiments or aspects, the server computer may provide and/or support payment network cloud service.

[0119] As used herein, the term “system” may refer to one or more computing devices or combinations of computing devices (e.g., processors, servers, client devices, software applications, components of such, and/or the like).

[0120] A “transaction amount” may be the price assessed to the consumer for the transaction. The transaction amount condition may be a threshold value (e.g., all transactions for an amount exceeding $100) or a range (e.g., all transactions in the range of $25-$50). For example, a user may wish to use a first routing priority list for a transaction for an amount in the range of $0.01 -$100 and a second routing priority list for a transaction for an amount exceeding $100.

[0121] The term “transaction data” may include any data associated with one or more transactions. In some embodiments or aspects, the transaction data may merely include an account identifier (e.g., a PAN) or payment token. Alternatively, in other embodiments or aspects, the transaction data may include any information generated, stored, or associated with a merchant, consumer, account, or any other related information to a transaction. For example, transaction data may include data in an authorization request message that is generated in response to a payment transaction being initiated by a consumer with a merchant. Alternatively, transaction data may include information associated with one or more transactions that have been previously processed and the transaction information has been stored on a merchant database or other merchant computer. The transaction data may include an account identifier associated with the payment instrument used to initiate the transaction, consumer personal information, products or services purchased, or any other information that may be relevant or suitable for transaction processing. Additionally, the transaction information may include a payment token or other tokenized or masked account identifier substitute that may be used to complete a transaction and protect the underlying account information of the consumer.

[0122] A “user” may include an individual. In some embodiments or aspects, a user may be associated with one or more personal accounts and/or mobile devices. The user may also be referred to as a cardholder, account holder, or consumer.

[0123] The foregoing detailed description has set forth various forms of the systems and/or processes via the use of block diagrams, flowcharts, and/or examples. Insofar as such block diagrams, flowcharts, and/or examples contain one or more functions and/or operations, it will be understood by those within the art that each function and/or operation within such block diagrams, flowcharts, and/or examples can be implemented, individually and/or collectively, by a wide range of hardware, software, firmware, or virtually any combination thereof. Those skilled in the art will recognize that some aspects of the forms disclosed herein, in whole or in part, can be equivalently implemented in integrated circuits, as one or more computer programs running on one or more computers (e.g., as one or more programs running on one or more computer systems), as one or more programs running on one or more processors (e.g., as one or more programs running on one or more microprocessors), as firmware, or as virtually any combination thereof, and that designing the circuitry and/or writing the code for the software and or firmware would be well within the skill of one of skill in the art in light of this disclosure. In addition, those skilled in the art will appreciate that the mechanisms of the subject matter described herein are capable of being distributed as one or more program products in a variety of forms, and that an illustrative form of the subject matter described herein applies regardless of the particular type of signal bearing medium used to actually carry out the distribution.

[0124] Instructions used to program logic to perform various disclosed aspects can be stored within a memory in the system, such as dynamic random access memory (DRAM), cache, flash memory, or other storage. Furthermore, the instructions can be distributed via a network or by way of other computer readable media. Thus a machine-readable medium may include any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computer), but is not limited to, floppy diskettes, optical disks, compact disc, read-only memory (CD-ROMs), and magneto-optical disks, read-only memory (ROMs), random access memory (RAM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic or optical cards, flash memory, or a tangible, machine-readable storage used in the transmission of information over the Internet via electrical, optical, acoustical or other forms of propagated signals (e.g., carrier waves, infrared signals, digital signals, etc.). Accordingly, the non-transitory computer-readable medium includes any type of tangible machine-readable medium suitable for storing or transmitting electronic instructions or information in a form readable by a machine (e.g., a computer).

[0125] Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Python, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer readable medium, such as RAM, ROM, a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.

[0126] As used in any aspect herein, the term “logic” may refer to an app, software, firmware and/or circuitry configured to perform any of the aforementioned operations. Software may be embodied as a software package, code, instructions, instruction sets and/or data recorded on non-transitory computer readable storage medium. Firmware may be embodied as code, instructions or instruction sets and/or data that are hard-coded (e.g., nonvolatile) in memory devices.

[0127] As used in any aspect herein, the terms “component,” “system,” “module” and the like can refer to a computer-related entity, either hardware, a combination of hardware and software, software, or software in execution.

[0128] As used in any aspect herein, an “algorithm” refers to a self-consistent sequence of steps leading to a desired result, where a “step” refers to a manipulation of physical quantities and/or logic states which may, though need not necessarily, take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It is common usage to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like. These and similar terms may be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities and/or states.

[0129] A network may include a packet switched network. The communication devices may be capable of communicating with each other using a selected packet switched network communications protocol. One example communications protocol may include an Ethernet communications protocol which may be capable of permitting communication using a Transmission Control Protocol/lnternet Protocol (TCP/IP). The Ethernet protocol may comply or be compatible with the Ethernet standard published by the Institute of Electrical and Electronics Engineers (IEEE) titled “IEEE 802.3 Standard”, published in December, 2008 and/or later versions of this standard. Alternatively or additionally, the communication devices may be capable of communicating with each other using an X.25 communications protocol. The X.25 communications protocol may comply or be compatible with a standard promulgated by the International Telecommunication Union-Telecommunication Standardization Sector (ITU-T). Alternatively or additionally, the communication devices may be capable of communicating with each other using a frame relay communications protocol. The frame relay communications protocol may comply or be compatible with a standard promulgated by Consultative Committee for International Telegraph and Telephone (CCITT) and/or the American National Standards Institute (ANSI). Alternatively or additionally, the transceivers may be capable of communicating with each other using an Asynchronous Transfer Mode (ATM) communications protocol. The ATM communications protocol may comply or be compatible with an ATM standard published by the ATM Forum titled “ATM-MPLS Network Interworking 2.0” published August 2001 , and/or later versions of this standard. Of course, different and/or after-developed connection-oriented network communication protocols are equally contemplated herein.

[0130] Unless specifically stated otherwise as apparent from the foregoing disclosure, it is appreciated that, throughout the present disclosure, discussions using terms such as “processing,” “computing,” “calculating,” “determining,” “displaying,” or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.

[0131] One or more components may be referred to herein as “configured to,” “configurable to,” “operable/operative to,” “adapted/adaptable,” “able to,” “conformable/conformed to,” etc. Those skilled in the art will recognize that “configured to” can generally encompass active-state components and/or inactive-state components and/or standby-state components, unless context requires otherwise.

[0132] Those skilled in the art will recognize that, in general, terms used herein, and especially in the appended claims (e.g., bodies of the appended claims) are generally intended as “open” terms (e.g., the term “including” should be interpreted as “including but not limited to,” the term “having” should be interpreted as “having at least,” the term “includes” should be interpreted as “includes but is not limited to,” etc.). It will be further understood by those within the art that if a specific number of an introduced claim recitation is intended, such an intent will be explicitly recited in the claim, and in the absence of such recitation no such intent is present. For example, as an aid to understanding, the following appended claims may contain usage of the introductory phrases “at least one” and “one or more” to introduce claim recitations. However, the use of such phrases should not be construed to imply that the introduction of a claim recitation by the indefinite articles “a” or “an” limits any particular claim containing such introduced claim recitation to claims containing only one such recitation, even when the same claim includes the introductory phrases “one or more” or “at least one” and indefinite articles such as “a” or “an” (e.g., “a” and/or “an” should typically be interpreted to mean “at least one” or “one or more”); the same holds true for the use of definite articles used to introduce claim recitations.

[0133] In addition, even if a specific number of an introduced claim recitation is explicitly recited, those skilled in the art will recognize that such recitation should typically be interpreted to mean at least the recited number (e.g., the bare recitation of “two recitations,” without other modifiers, typically means at least two recitations, or two or more recitations). Furthermore, in those instances where a convention analogous to “at least one of A, B, and C, etc.” is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., “a system having at least one of A, B, and C” would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.). In those instances where a convention analogous to “at least one of A, B, or C, etc.” is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., “a system having at least one of A, B, or C” would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.). It will be further understood by those within the art that typically a disjunctive word and/or phrase presenting two or more alternative terms, whether in the description, claims, or drawings, should be understood to contemplate the possibilities of including one of the terms, either of the terms, or both terms unless context dictates otherwise. For example, the phrase “A or B” will be typically understood to include the possibilities of “A” or “B” or “A and B.”

[0134] With respect to the appended claims, those skilled in the art will appreciate that recited operations therein may generally be performed in any order. Also, although various operational flow diagrams are presented in a sequence(s), it should be understood that the various operations may be performed in other orders than those which are illustrated, or may be performed concurrently. Examples of such alternate orderings may include overlapping, interleaved, interrupted, reordered, incremental, preparatory, supplemental, simultaneous, reverse, or other variant orderings, unless context dictates otherwise. Furthermore, terms like “responsive to,” “related to,” or other past-tense adjectives are generally not intended to exclude such variants, unless context dictates otherwise.

[0135] It is worthy to note that any reference to “one aspect,” “an aspect,” “an exemplification,” “one exemplification,” and the like means that a particular feature, structure, or characteristic described in connection with the aspect is included in at least one aspect Thus, appearances of the phrases “in one aspect,” “in an aspect,” “in an exemplification,” and “in one exemplification” in various places throughout the specification are not necessarily all referring to the same aspect. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner in one or more aspects.

[0136] As used herein, the singular form of “a”, “an”, and “the” include the plural references unless the context clearly dictates otherwise.

[0137] Any patent application, patent, non-patent publication, or other disclosure material referred to in this specification and/or listed in any Application Data Sheet is incorporated by reference herein, to the extent that the incorporated materials is not inconsistent herewith. As such, and to the extent necessary, the disclosure as explicitly set forth herein supersedes any conflicting material incorporated herein by reference. Any material, or portion thereof, that is said to be incorporated by reference herein, but which conflicts with existing definitions, statements, or other disclosure material set forth herein will only be incorporated to the extent that no conflict arises between that incorporated material and the existing disclosure material. None is admitted to be prior art.

[0138] In summary, numerous benefits have been described which result from employing the concepts described herein. The foregoing description of the one or more forms has been presented for purposes of illustration and description. It is not intended to be exhaustive or limiting to the precise form disclosed. Modifications or variations are possible in light of the above teachings. The one or more forms were chosen and described in order to illustrate principles and practical application to thereby enable one of ordinary skill in the art to utilize the various forms and with various modifications as are suited to the particular use contemplated. It is intended that the claims submitted herewith define the overall scope.

Claims

CLAIMS What is claimed is:

1 . A method for privacy- preserving dispute resolution, the method comprising: receiving, by a biometric comparison provider (BCP), at least one data package associated with a dispute of an e-commerce transaction, the at least one data package comprising an encrypted enrollment biometric reading (EBR’) and an encrypted transaction biometric reading (TBR’); comparing, by a comparison algorithm of a BCP, the TBR’ and EBR’ in an encrypted domain; generating, by the BCP an encrypted comparison score based on the TBR’ and EBR’; and sending the encrypted comparison score to an adjudicator provider system for dispute resolution, wherein the dispute resolution is based on the encrypted comparison score.

2. The method of claim 1 , wherein the e-commerce transaction is authorized based on a biometric reading.

3. The method of claim 1 , wherein the comparing is a homomorphic comparison.

4. The method of claim 1 wherein the TBR’ and EBR’ are multi-layer encrypted with a BCP public key and an adjudicator public key.

5. The method of claim 3, further comprising: decrypting, by the BCP, using a BCP private key, a layer of a multi-layer encryption of each of the TBR’ and the EBR’.

6. The method of claim 1 further comprising: decrypting the encrypted comparison score by the adjudicator provider system using a private key of the adjudicator provider system.

7. The method of claim 1 further comprising: verifying, by the BCP, a digital signature of the BIP on the TBR’ or EBR’.

8. A privacy-preserving e-commerce dispute resolution system, the system comprising: a payment processing network provider server (PPN) coupled to at least one biometric identification provider server (BIP), at least one biometric comparison provider server (BCP), or at least one adjudicator server, or combinations thereof, to: receive, by the PPN, from the at least one BIP, at least one data package associated with an e-commerce transaction dispute, the at least one data package comprising an encrypted enrollment biometric reading (EBR’), and an encrypted transaction biometric reading (TBR’); authenticate the EBR’ and the TBR’; upon the authenticating, digitally sign the EBR’ and the TBR’; send, the EBR’ and the TBR’ to the at least one BCP, to generate a comparison score between the EBR’ and the TBR’, for an adjudication provider system to determine an outcome for the e-commerce transaction dispute based on the comparison score; and receive, at least one of the outcome, a directive to implement an action based on the outcome, or an outcome score from the at least one adjudicator server.

9. The system of claim 8 wherein the TBR’ and the EBR’ are encrypted by the BI P.

10. The system of claim 8 wherein the TBR’ and the EBR’ are multi-layer encrypted with a BCP public key and adjudicator public key.

11. The system of claim 8, further comprising the at least one BCP to: decrypt a layer of a multi-layer encryption of each of the TBR’ and the EBR’ using a BCP private key.

12. The system of Claim 8, wherein the at least one BIP is at least one of an e-commerce merchant, an e-commerce service, or an e-commerce platform.

13. A non-transitory computer readable medium (CRM) storing instructions that when executed perform a method, the method comprising: receiving, a first biometric reading of a user in association with a user enrollment process; generating, an encrypted enrollment biometric reading (EBR’) based on the first biometric reading and an adjudicator public key; receiving, a second biometric reading associated with an e-commerce transaction potentially involving the user; generating, an encrypted transaction biometric reading (TBR’) based on the second biometric reading and the adjudicator public key; receiving, a transaction dispute regarding the e-commerce transaction; and based on receiving the transaction dispute, transmitting, at least one data package comprising at least one of the EBR’ or the TBR’ to a payment processing network provider.

14. The CRM of Claim 13, wherein the at least one data package comprises digital signatures associated with the EBR’ and TBR’.

15. The CRM of claim 13, wherein the user enrolment process comprises: storing of the EBR’ in a database, wherein the EBR’ is associated with a user of an account.

16. The CRM of claim 13, wherein the method further comprises: storing of the TBR’ in a database.

17. The CRM of claim 13, wherein receiving of the transaction dispute is from at least one of an acquirer, a cardholder, or an account associated with the e-commerce transaction.

18. The CRM of claim 16, wherein the method further comprises: identifying the TBR’ stored in the database based on the receiving of the transaction dispute; and identifying the EBR’ stored in the database, based on at least one of an association with a user account, an association with a user, or an association with the EBR’.

19. The CRM of claim 13, wherein the method further comprises encrypting at least one of the EBR’ and the TBR’ a public key of a biometric comparison provider to generate a multi-layer EBR’ or a multi-layer TBR’.

20. The CRM of claim 13, wherein the method further comprises: digitally signing the at least one data package with a BIP private key.