Abstract: An online transaction is effected between a user system, a merchant system and an issuer system. The user system generates a one-time number (OTN) to use as a card number for a transaction with the merchant. The user system generates the OTN as a function of various parameters and sends the OTN to the issuer and to the merchant. With the issuer communication, the user is first authenticated, so the issuer can associate the received OTN with the user even if the user's identity cannot be fully discerned from the OTN alone. In authenticating the user with the issuer, and possibly other authentications, the user sends the issuer a signed challenge where the challenge is a sequential challenge or a function of a prior challenge provided by the issuer. The issuer responds with an approval/denial message and, in the latter case, includes the next challenge to be used.

Abstract: Techniques are disclosed to increase the efficiency of multi-party authentication communications protocols. One technique includes a four party authentication method utilizing a general authenticator to store and provide a credit card authentication password and other payment information to an issuing bank and/or other parties involved in the transaction. Other techniques include the use of skeleton messages to minimize the forwarding of information through a forwarding party, the elimination of redundant communications exchanges, the use of a merchant appliance hardware solution to minimize system integration difficulties, and/or the imposition of credit card constraints. The techniques may be used singly or in combination.

Abstract: Techniques for efficiently searching encrypted searchable spaces. For example, embodiments of the present invention provide techniques for searching a plurality of files that are stored in encrypted (or ciphertext) form. According to embodiments of the present invention, the search can usually be performed by decrypting only a portion of the encrypted searchable space. According to an embodiment of the present invention, the search techniques determine a set of files comprising one or more files from the plurality of encrypted files that contain a user-specified query element. The set of files is usually determined by decrypting only a subset of the plurality of encrypted files.

Abstract: A roaming user needing an his authentication credential (e.g., private key) to access a computer server to perform an electronic transaction may obtain the authentication credential in an on-demand fashion from a credential server accessible to the user over a computer network. In this way, the user is free to roam on the network without having to physically carry his authentication credential. Access to the credential may be protected by one or more challenge- response protocols involving simple shared secrets, shared secrets with one-to-one hashing, or biometric methods such as fingerprint recognition. If camouflaging is used to protect the authentication credential, decamouflaging may be performed either at the credential server or at the user's computer.

Abstract: A roaming user needing an his authentication credential (e.g., private key) to access a computer server to perform an electronic transaction may obtain the authentication credential in an on-demand fashion from a credential server accessible to the user over a computer network. In this way, the user is free to roam on the network without having to physically carry his authentication credential. Access to the credential may be protected by one or more challenge-response protocols involving simple shared secrets, shared secrets with one-to-one hashing, or biometric methods such as fingerprint recognition. If camouflaging is used to protect the authentication credential, decamouflaging may be performed either at the credential server or at the user's computer.