Abstract: Aggregated transaction data from a transaction data provider may be encrypted and exchanged with a content item selection system using commutative encryption algorithms. The transaction data provider and content item selection system may utilize a set of common identifiers that are each encrypted using a respective commutative encryption algorithm of the transaction data provider or content item selection system. The other of the transaction data provider or content item selection system encrypts the single-encrypted common identifier using a respective commutative encryption algorithm to generate double encrypted common identifiers. The double encrypted common identifiers may be used to match a set of common identifiers with transaction data. The transaction data may be encrypted and/or may include random offset values.

Abstract: Implementations are directed to cross-asset trading in blockchain networks, and include a first node providing transaction information based on a first value, a second value, and an exchange rate of a second node, receiving, from the second node, a first evidence set, a first range proof, and a digital signature of the second node, and submitting the transaction for verification based on the first range proof, a second range proof, the first evidence set, a second evidence set, a digital signature of the first node, and the digital signature of the second node, the transaction being executed to decrease a balance of the first node by the first value, increase a first balance of the second node by the first value, decrease a second balance of the second node by the second value, and increase a balance of the third node by the second value.

Abstract: Implementations are directed to cross-asset trading in blockchain networks, and include a first node providing transaction information based on a first value, a second value, and an exchange rate of a second node, receiving, from the second node, a first evidence set, a first range proof, and a digital signature of the second node, and submitting the transaction for verification based on the first range proof, a second range proof, the first evidence set, a second evidence set, a digital signature of the first node, and the digital signature of the second node, the transaction being executed to decrease a balance of the first node by the first value, increase a first balance of the second node by the first value, decrease a second balance of the second node by the second value, and increase a balance of the third node by the second value.

Abstract: Systems and methods for handling tokens. In one aspect, a token is intercepted by a data processor and a contact is made with a detokenization provider by the data processor. In another aspect, token service is aggregated. In another aspect, tokenization is extended to physical cards, to deter certain kinds of fraud.

Abstract: Distributed crypto currency chargeback systems and methods include at least one system provider device receiving, through a network from a payer device associated with a payer, a chargeback report associated with a first transaction of a plurality of transactions performed using a distributed crypto currency, where the first transaction involves the payer and a payee. The at least one system provider device publishes the chargeback report in a chargeback ledger. The at least one system provider device receives, through the network from a payee device associated with the payee subsequent to publishing the chargeback ledger including the chargeback report, a chargeback response associated with the first transaction. The at least one system provider device then publishes the chargeback response in the chargeback ledger.

Abstract: The objective of the present invention is, with respect to a portable terminal which is provided with an electronic money function, to facilitate restoration of an original state if a terminal has been discovered, while preventing unauthorized usage of electronic money at a time of loss for a terminal which is provided with an electronic money function. If a terminal is lost, an electronic money server is accessed from a second terminal in order to perform a loss lock request. The electronic money server turns ON a loss lock flag corresponding to an electronic money ID in order to output a negative flag ON instruction for an electronic money function section at a point at which access has been made from the terminal. For the electronic money function section, by turning ON a negative flag, the electronic money function section is locked so that settlements and charges are disabled.

Abstract: A payment system implemented on a mobile device authenticates transactions made via the mobile device. The mobile device generates a public-private key pair and receives an authenticating input from a user of the device. The public key is sent to a secure payment system, and the authenticating input is used to generate a symmetric key that encrypts the private key. After a transaction is initiated, the mobile device receives an authenticating input from the user. The symmetric key is generated from the authenticating input and the mobile device attempts to decrypt the private key from the encrypted private key using the symmetric key generated by the user's input. The decrypted key is used to sign a transaction authorization message which is sent to the secure payment system, along with payment information, which can verify the signed message via the public key. Additional techniques related to secure payments are also disclosed.

Abstract: The present invention comprises a system and method for managing an inventory of PINs in a PIN distribution network. The distribution network includes a hub coupled to a one or more servers and each of the servers is coupled to at least one client terminal. The system includes a hub for dynamically allocating PINs of the inventory among the servers so as to substantially maintain a quantity of PINs at each server at a desired level for each server. Additionally, the hub acquires additional PINs in response to at least one PIN in the inventory being distributed to at least one user from at least one of the client terminals. In variations, the hub maintains centralized databases and synchronizes the centralized databases with corresponding databases at each server.

Abstract: A person's smartphone serves as a security token—used variously to establish the user's authorization, and to test the bona fides of the counter-party system. In one illustrative ATM arrangement, a bank's computer system and the user's smartphone share secret information across a network. The smartphone employs this shared secret to generate a corresponding image, which is displayed on its screen. The displayed image is sensed by a camera in the ATM, which sends corresponding data back to the bank computer system. The bank computer system analyzes the received data and responds by sending information to the ATM authorizing a transaction. By such arrangement, authentication of the transaction involves one-way optical communication of visual information between the ATM and the smartphone, and two-way network communication of information between the ATM and the bank computer system. A great number of other features and arrangements are also detailed.

Abstract: Embodiments of the present invention provide a system for executing, securing, and non-repudiation of pooled conditional smart contracts over a distributed blockchain network. In particular, the system may receive an instrument request from a beneficiary entity, where the instrument request includes an instrument amount. The system can then identify a lead contribution amount that a lead entity is willing to provide to meet a portion of the instrument amount. A set of supporting entities can be identified as willing to provide supporting contribution amounts to meet the remainder of the instrument amount. A conditional contract can be sent to each supporting entity that, when signed, authorizes the system to transfer contribution amounts, which may be in the form of cryptocurrency, from blockchain addresses of the lead and supporting entities to a blockchain address of the beneficiary entity. Once the instrument amount has been secured, the system executes the transactions.

Abstract: Systems and methods are described for transferring an asset from a parent chain to a sidechain. A simplified payment verification (SPV) proof associated with the parent chain asset may be generated. The SPV proof may include a threshold level of work. The SPV proof associated with the parent chain asset may be validated, and a sidechain asset corresponding to the parent chain asset may be generated. If no reorganization proof is detected, the sidechain asset is released. To redeem the sidechain asset in the parent chain, a SPV proof associated with the sidechain asset may be generated. The parent chain may validate the SPV proof associated with the sidechain asset. The parent chain asset associated with the sidechain asset may be held for a second predetermined contest period. The parent chain asset may then be released if no reorganization proof associated with the sidechain asset is detected.

Abstract: A method operative at an identity provider enforces a digital rights management (DRM) scheme associated with a piece of content. The identity provider is an entity that participates in a “federation” with one or more other entities including, for example, an service provider (e.g., a content provider), a DRM privileges provider, and a DRM policy provider. In one embodiment, the method begins by having the identity provider obtain and evaluate against a DRM policy a set of DRM privileges associated with the end user requesting access to the piece of content. Based on the evaluation, the identity provider generates a single sign on (SSO) message that includes a reference to the set of DRM privileges. The message is then forward to the service provider entity, which provides the end user a response.

Abstract: An electronic payment transaction involves operating a gateway device in an electronic payment system to receive first encrypted transaction data from a merchant device, wherein the first encrypted transaction data is encrypted by means of a merchant device-specific encrypting key. Decrypted transaction data is produced by using a merchant device-specific decrypting key to decrypt the first encrypted transaction data. Second encrypted transaction data is derived from the decrypted transaction data, wherein the second encrypted transaction data is encrypted by means of a gateway device-specific encrypting key. The gateway device communicates the second encrypted transaction data to another electronic payment system server. A key transmission block received from the merchant device includes information that enables the gateway device to derive the merchant device-specific decryption key.

Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile device that includes a contactless element, such as an integrated circuit chip. The invention enables the updating, correction or synchronization of transaction data maintained by an Issuer with that stored on the device. This is accomplished by using a wireless (cellular) network as a data communication channel for data provided by an Issuer to the mobile device, and is particularly advantageous in circumstances in which the contactless element is not presently capable of communication with a device reader or point of sale terminal that uses a near field communications mechanism. Data transferred between the mobile device and Issuer may be encrypted and decrypted to provide additional security and protect the data from being accessed by other users or applications.

Abstract: The back-end data storage system of an e-commerce system receives a replicated transaction from the data storage system of another e-commerce system and makes a determination or decision whether to commit the replicated transaction based upon a comparison of information parsed from the transaction with predetermined commit criteria.

Abstract: A method, system and computer program of managing an access right to at least one asset associated with at least one digital work order, or to at least one element associated with the asset, and provides a system and a computer program for the same. The method includes the steps of: loading a security policy associated with the work order, the asset, or the element; starting to monitor location information of the asset or the element and a moving object, or a elapsed time of the moving object at the location; and issuing an event for managing the asset, the element or the moving object in response to the start of the work order or in response to the fact that the loaded security policy is violated by any of the locations, a change in the location, or the elapsed time at the location obtained by the monitoring.

Abstract: A computerized method of verifying the identity of an attendant operating a money transfer transaction device includes receiving at the money transfer transaction device a user identification and password from the attendant and receiving at the money transfer transaction device additional information from the attendant. The additional information relates to a security feature that limits access to the transaction device. The method also includes using the additional information, the user identification, and the password to evaluate whether to allow the attendant to operate the transaction device to process a transaction.

Abstract: A method for linking payment accounts includes: storing a plurality of account profiles, each profile including data related to a payment account including an account number and account data; encrypting the account number included in each account profile using a method of encryption to obtain an encrypted account number; receiving account linkage data, the data including a plurality of encrypted account identifiers, each identifier being indicated as being linked to another identifier, and each identifier being encrypted using the method of encryption; matching each of the encrypted account identifiers to an encrypted account number; and updating one or more account profiles to indicate a link to another account profile where the encrypted account number included in the profile being updated matches an encrypted account identifier that is indicated as being linked to an encrypted account identifier that matches the encrypted account number included in the other profile.

Abstract: The present invention comprises a system and method for managing an inventory of PINs in a PIN distribution network. The distribution network includes a hub coupled to a one or more servers and each of the servers is coupled to at least one client terminal. The system includes a hub for dynamically allocating PINs of the inventory among the servers so as to substantially maintain a quantity of PINs at each server at a desired level for each server. Additionally, the hub acquires additional PINs in response to at least one PIN in the inventory being distributed to at least one user from at least one of the client terminals. In variations, the hub maintains centralized databases and synchronizes the centralized databases with corresponding databases at each server.

Abstract: A method for transferring digital multimedia rights, the method including but not limited to requesting permission from the destination end user to transfer the digital multimedia rights to the destination end user device; and if the permission is received from the destination end user, canceling the source set of digital multimedia rights associated with the source end user and transferring the source set of digital multimedia rights associated with the source end user to the destination end user device. A system and computer program product are disclosed for performing the method.