Abstract: An invention is provided for controlling access to computer readable media is disclosed. The method includes receiving a digital authentication ticket, which includes a digital code, from a client device using a computer system that includes particular computer readable content. A determination is made as to whether the digital authentication ticket corresponds to the particular computer readable content. Access is provided to the particular computer readable content when the digital authentication ticket corresponds to the particular computer readable content. Conversely, access to the particular computer readable content is prevented when the digital authentication ticket does not correspond to the particular computer readable content.

Abstract: Embodiments of the invention are directed to programming a payment device that can be in the same form factor as a typical credit or debit card and which can be programmed and reprogrammed with various payment profiles. The payment device is interfaced with a mobile device, such as through insertion into a module capable of holding the payment device within proximity to a main housing of the mobile device. The payment device can include both a magnetic stripe and an IC chip which is capable of near field communication. In embodiments of the invention, the mobile device, such as a cellular phone, includes a memory element. The memory element securely stores payment profiles of financial accounts which are commonly found on credit, debit, gift, transit and loyalty cards. When a payment profile stored in the memory element of the mobile phone is selected, the mobile phone writes the profile onto the payment device.

Abstract: A cost-effective system that provides for the efficient protection of transmitted non-public attribute information may be used, for example, to control access to a secure area. Encryption of the attribute information may be performed using symmetric encryption techniques, such as XOR and/or stream cipher encryption. A centralized database that stores and transmits the encrypted attribute information may generate the encryption/decryption key based on selected information bytes, for example, as taken from a card inserted into a handheld device used at the secure area. The selected information to generate the encryption key stream may be varied on a periodic basis by the centralized database. Information as to which selected bytes are to be used for a particular access authorization request may be transmitted to the handheld unit or may be input through action of a user of the handheld unit, for example by entry of a PIN code.

Abstract: Apparatus and article of manufacture for disabling on-demand access to computerized resources on a computerized apparatus are disclosed. The method comprises receiving a disablement code; validating the disablement code; and disabling an on-demand resource if the validating is successful, thereby rendering the disabled on-demand resource unavailable for use by users of the computerized apparatus, wherein the disabled on-demand resource is a hardware resource of the computerized apparatus. Another embodiment includes receiving a disablement code comprising encrypted data, validating the disablement code, disabling at least one on-demand resource if the validating is successful.

Abstract: A data storage device includes a plurality of data storage units, a physical random number generator with a noise source based on a physical noise process, for generating a random number, and a replacer for selecting a data storage unit wherein data is to be stored, depending on the random number. Selecting, on the basis of genuine random numbers, data storage units and/or lines to be replaced in the cache.

Abstract: This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.

Abstract: A virtual token represents an item, and includes embedded data defining rules and/or capabilities which apply to the use of the item. A virtual token may include graphical image data which is used to generate a display on a computer, whereby selection of the display allows the item represented by the virtual token to be used. A virtual token may contain instructions for sending access requests to a location on a communications network. A system for handling virtual tokens includes a clearing and routing house for routing token access requests, authenticating and generating tokens, and maintaining container structures for tokens. The system also includes connectors installed in a communications network for creating, controlling and managing items represented by tokens, and device clients for executing token components that issue access requests to the clearing and routing house.

Abstract: A system for monitoring an item including a plurality of item identification devices, each item identification device including unique information indicative of the item and being disposed during use on the item, a plurality of supplier identification devices, each supplier identification device including stored supplier biometric data indicative of the identity of a representative of a supplier of the item.

Abstract: In some embodiments, a method comprises: sensing at least one of movement and position of an identification token; determining if a criteria is satisfied; and enabling operation of the identification token if the criteria is satisfied; wherein determining if the criteria is satisfied comprises determining if the at least one of movement and position satisfies a reference criteria; and wherein the sensor comprises a sensor to provide a signal indicative of at least one of movement and position of the identification token prior to presentation to a proximity coupling device.

Abstract: The claimed subject matter relates to an architecture or arrangement that can limit access to sensitive information by means of encryption. In particular, data obtained from a payment instrument at, e.g., a Point-Of-Sale (POS) location can be encrypted at an early stage such that a POS (or another) application does not have access to the data in an unencrypted form and/or does not have access to a means for decrypting the data. For example, a Public Key Infrastructure (PKI) arrangement can be employed such that a back-end payment processor can define encryption algorithms, associate itself with a public key, and maintain a private key for decryption. The public key can be delivered to the POS location and employed for data encryption, and, moreover, the PKI can be regulated by the more trusted parties.

Abstract: In some embodiments, a method includes adding at least one virtual token to an account associated with a user of a token server, upon initial association of the user with the token server. The token server can be configured to transfer virtual tokens to and from accounts associated with a plurality of users. The token server can be accessible by one or more electronic devices in communication with the token server via a network. At least one virtual token can be transferred from an account associated with a first user of the token server to an account associated with a second user of the token server based upon a request received from the first user of the token server via an electronic device. The transferred virtual token can be associated, for example, with a popularity rating of the user receiving the virtual token.

Abstract: A hand-held token can be operated to generate an acoustic or other wireless signal representing a digital signature produced from the private key of a public key/private key pair, with the public key being confidential in that it is known only to authorized entities, such as bank computers. The signal from the token can be received by, e.g., a receiver at a bank ATM that also requires a PIN for account access. The user enters the PIN into the ATM, and the ATM encrypts the signal from the token with the PIN and sends it on to the bank computer over a link that need not be secure, since even if the PIN is guessed there is no way to verify that it is the correct PIN without also knowing the confidential public key held by the bank computer.

Abstract: Systems and methods for monetary cards are described. The cards are free from personally identifiable data, e.g., no name or embossment. In an example, the card includes a first number that activates the card and a second number written to the card at activation away from the card manufacturer. This helps prevent theft at the manufacturer. This second account is a bearer account where anyone who knows the account number can withdraw the funds from the account. The account may be funded with either the account number or the authentication number.

Abstract: Techniques are described for facilitating interactions between computing systems, such as by performing transactions between parties that are automatically authorized via a third-party transaction authorization system. In some situations, the transactions are programmatic transactions involving the use of fee-based Web services by executing application programs, with the transaction authorization system authorizing and/or providing payments in accordance with private authorization instructions previously specified by the parties. The authorization instructions may include predefined instruction rule sets that regulate conditions under which a potential transaction can be authorized, with the instruction rule sets each referenced by an associated reference token.

Abstract: A method for crediting a customer account maintained by a vendor of services in response to payment received from a customer is disclosed herein. The method includes issuing, to the customer, a membership account number associated with at least the customer account. A membership account number and a payment corresponding to a requested amount of a service offered by the vendor are received from the customer at a point-of-sale. The method further includes generating, at the point-of-sale, an authorization message including at least the membership account number and embedded transaction information identifying the service offered by the vendor and the requested amount. The embedded transaction information is then communicated from the point-of-sale to a database server. The customer account is credited, in response to the embedded transaction information, based upon an amount of the payment.

Abstract: An adaptive multi-tier authentication system provides secondary tiers of authentication which are used only when the user attempts a connection from a new environment. The invention accepts user input such as login attempts and responses to the system's questions. User login information such as IP address, originating phone number, or cookies on the user's machine are obtained for evaluation. User/usage profiles are kept for each user and the user login information is compared to the information from the user/usage profile for the specific user which contains all of the user information that the user used to establish the account and also the usage profile detailing the user's access patterns. The trust level of the current user login location is calculated and the invention determines if any additional questions to the user are required. If the trust level is high, then the user is granted access to the system.

Abstract: A method and system automatically harmonizes access to a given software application program via different access devices. Through use of the method and system, a financial institution can provide access to a given application (such as, for example, automatic bill payment services) to customers using different access devices such web browsers, screen phones and personal computers. A single application program is all that needs to be written and maintained by the financial institution. Also, the method and system enables financial institutions to “leverage” existing programs because now the institution can automatically “project” its existing stock of program services unto new access devices—devices which may not have even existed at the time the program was created. By receiving information from the user via the user's access device, including information identifying the type of device being used and the application program the user wishes to access, the present invention solves these problems.

Abstract: Each IC card 1 notifies a server 3 of the ID of the IC card and the connection information of a terminal device to which the IC card is connected. The server 3 stores the ID and the connection information in a database 4 while associating the ID and the connection information with each other. When an IC card 1 communicates with another IC card, the IC card 1 requests the connection information concerning the destination IC card from the server 3 while specifying the ID of this IC card. The server 3 searches the database 4 for the connection information corresponding to the ID specified by the request, and notifies the requesting IC card 1 of the acquired connection information. This enables communications between IC cards even if the terminal device to which a destination IC card is connected has been changed in the past.

Abstract: A method wherein, by using a storage medium arranged on goods, it is possible to distinctly register a conveyance of ownership or title on this storage medium, and wherein only the current owner or proprietor and possibly also an independent verifying agency has access to the storage medium.

Abstract: A personal communication apparatus is presented for generating a verifiable recording of a transaction, the transaction comprising an exchange of information. The apparatus includes a receiving component, a protection component, a memory and a recording component. The receiving component receives a transaction between a user of the apparatus and a remote person, and of receiving biometric data (BIOKY) of the remote person. The protection component protects the voice conversation with the biometric data (BIOKY). The recording component records the transaction protected with the biometric data on the memory. A communication apparatus is also presented that includes a memory and an authentication component. The authentication component provides access to a protected transaction stored on the memory.

Abstract: The present invention provides a method and a system for establishing a communications path (the “pipe” 75) over a communications network (45) between a Personal Security Device (PSD 40) and a Remote Computer System (50) without requiring means for converting high-level messages such as API-level messages to PSD-formatted messages such as APDU-formatted messages (and inversely) to be installed on a local Client (10) in which a PSD (40) is connected.

Abstract: Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords.

Abstract: A system, method, apparatus, means, and computer program code for conducting a transaction include identifying information defining a transaction including at least a transaction amount, identifying an account identifier to associate with the transaction, and establishing a pre-authorization record associated with the account identifier, the pre-authorization record including an authorization restriction based on the transaction amount.

Abstract: Techniques are described for facilitating interactions between computing systems, such as in accordance with usage models that are configured for available services by the providers of the services. In some situations, the services are Web services, and an electronic Web service (“WS”) marketplace is provided via which third-party WS providers make their WSes available to third-party WS consumers who purchase access to those WSes via the electronic marketplace based on configured usage models selected by the consumers. Some or all of the one or more usage models configured for an available WS may each have associated use prices and/or non-price use conditions, and if so access to those WSes using those usage models may be provided only if a consumer requesting access provides appropriate payment and otherwise satisfies the specified use conditions for a selected usage model.

Abstract: An electronic transit fare payment system is disclosed. The system comprises a plurality of mobile devices adapted to store a transit fare payment application and a server in wireless communication with the mobile devices. The transit fare payment application decrements a transit fare funds balance by a fare amount after completing a transit ride, wirelessly requests a top-up of the transit funds balance when the transit funds balance drops below a threshold, wirelessly receives a top-up instruction, increments the transit fare funds balance in response to executing the top-up instruction, and wirelessly transmits a top-up confirmation. The server receives the request for the top-up, charges the top-up to a credit card associated with the mobile device requesting the top-up, transmits the top-up instruction to the mobile device requesting the top-up, receives the top-up confirmation. When the top-up confirmation is not received, the server requests top-up confirmation from the mobile device.

Abstract: The method and system of the invention provide a variety of techniques for using a selected alias and a selected personal identification entry (PIE) in conjunction with use of a transaction card, such as a credit card, debit card or stored value card, for example. A suitable number or other identification parameter is selected by the account-holder as an alias. The account-holder is then required to choose a PIE for security purposes. The alias is linked to the account-holder's credit card number via a database. When the account-holder enters into a transaction with a merchant, the physical card need not be present. The account-holder simply provides his or her alias and then the PIE. This can be done at any point of sale such as a store, catalog telephone order, or over the Internet. The alias and PIE are entered and authorization is returned from the credit card company.

Abstract: A portable, biometrically-secured device for facilitating various different types of in-person and online transactions. For example, the portable, biometrically-secured device can be used to safely perform in-person financial transactions, such as credit card transactions, in which the user's identity is biometrically authenticated. The portable, biometrically-secured device can also be used for performing biometrically-secured online transactions. For example, the portable, biometrically-secured device can be used to create a secure platform from which to make the online transactions by loading a secure operating system from the device to a host computer's volatile memory. Biometrically-secured online transactions can then be performed using the host computer. In one embodiment, the portable, biometrically-secured device facilitates online financial transactions that can be performed without transmitting a user's financial information to the online merchant.

Abstract: A method for increasing the demand deposit asset base of a bank for fractional-reserve banking within the Federal Reserve System, with first and second demand deposit accounts captive at that bank, comprising: (a) receiving physical fractional currency at the bank and increasing the first account balance in an amount corresponding to the value of currency received; (b) encrypting in a “cre-bit” device the balance of the first account including the numeric value of currency received; (c) reflecting in a node device currency amounts concomitantly linked to the second account; (d) performing a commercial transaction without the use of physical functional currency for a specific amount such that the first account is simultaneously debited and the second account is credited the specific amount; (e) repeating step (a) then step (b) and/or repeating step (c); and (f) displaying the first account balance and “cre-bit” data on the “cre-bit” device.

Abstract: A system and method for conducting a financial transaction using an integrated circuit device issued by a card issuer and capable of conducting off-line and on-line transactions with a payment card network. The method includes utilizing the card for conducting a transaction and reading from the card a pre-authorized balance, a pre-authorized limit, and an account number. The method also includes requesting on-line authorization in the event the value of the transaction is greater than the difference between the pre-authorized limit and the pre-authorized balance. Finally, the method includes receiving authorization to conduct the transaction and updating by the card the pre-authorized balance and the pre-authorized limit, wherein the card issuer, through the integrated circuit device, is able to continually update the pre-authorized limit based on various factors including the transaction and account activity.

Abstract: A purchase card system configured in accordance with the invention offers purchase card products that facilitate online purchases of life sciences research products and/or services via an e-commerce application. The acquisition and use of such purchase card products complies with mandated procurement, spending, and appropriations rules, regulations, and laws, such as the Federal Acquisition Regulation, the Anti-Deficiency Act, and the Department of Defense “bona fide needs” rule.

Abstract: Techniques are described related to validating financial accounts, such as before allowing the use of the financial accounts in making payments or otherwise being used as part of transactions. In some situations, the validating of a financial account includes corroborating that a user who desires to use the financial account is the account holder for the account or is otherwise authorized to use the account, such as by confirming that the user has access to information about transactions involving the account and that the user has access to at least one physical item that is delivered to an address or other location associated with the user. This abstract is provided to comply with rules requiring an abstract, and it is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims.

Abstract: A managed service for a near field transaction that may include a server to register a wireless device with the managed service, provide authentication information to the wireless device for use in establishing an identity of the wireless device. The server may provide authorization information to a register on behalf of the wireless device to establish the identity to the register, where the identity, when valid, allows the wireless device to participate in the near field transaction via a secure near field communication session with the register, receive transaction information from the register or the wireless device, and store the transaction information with a transaction identifier, where the transaction identifier is used to recall the transaction information on behalf of the register or the wireless device.

Abstract: Techniques are described for facilitating interactions between computing systems, such as by using an authorization system to automatically authorize financial payments between parties in accordance with previously specified private authorization instructions of at least one of the parties. In some situations, some or all of the payments are associated with commerce-related or other transactions, such as transactions initiated by a consumer via the Web to acquire items from a retailer. The authorization instructions may include predefined instruction sets that regulate conditions under which a potential payment can be authorized, with the instruction sets each associated in some situations with a reference. After one or more parties each supply one or more such references or otherwise indicate one or more such instruction sets for use with a potential payment, the authorization system can determine whether to authorize the payment based on whether the instruction sets are compatible or otherwise satisfied.

Abstract: Embodiments allow loading and reloading contactless payment devices using only a contactless terminal interface, while providing user authentication. The contactless terminal interface could be at a merchant POS location, kiosk, or embedded or attached to a personal computing device with contactless read/write capability such as a personal computer or mobile phone or Internet device.

Abstract: A method of confirming the identity of a user includes processing biometric credentials, generating a user configurable policy including identities of a plurality of authenticating entities, storing the user configurable policy in a device, presenting the device to an authenticating entity at an authentication station, and requesting biometric and personal data of the user from the device data. The biometric data corresponds to at least one biometric feature desired for authenticating the user and the requesting operation is performed by a workstation of the authenticating entity.

Abstract: Promoting efficient communication among users. Uses having a symbol of the same network resource are led to the same virtual space. Specifically, intermediary server 2 converting ID of merchandise icon and ID of virtual space for chat is provided. When user terminal 1 obtained a merchandise icon reports merchandise icon ID to the intermediary server 2, ID of a virtual space corresponding to the merchandise icon is returned to the user terminal 1. A user can share information on each merchandise by participating in this virtual space. Namely, users having a common purpose can chat with each other.

Abstract: The present intention permits a user to conduct remote transactions without a network while using an untrusted computing device, such as a hand held personal digital assistant or a laptop computer. The computing device is augmented with a smartcard reader, and the user obtains a smartcard and connects it to the device. This design can be used by an untrusted user to perform financial transactions, such as placing bets on the outcome of a probabilistic computation. Protocols are presented for adding (purchasing) or removing (selling) value on the smartcard, again without requiring a network connection. Using the instant protocols, neither the user nor the entity issuing the smartcards can benefit from cheating.

Abstract: The present invention discloses systems and methods for controlled dissemination of information in mobile networks using encrypted broadcasts that are decrypted at the device. An encryption key is generated corresponding to a particular category or granularity of information. The information is encrypted before it is broadcast to the sector. A user within the sector sends a key request across the network, in response to which the encryption key is sent to the user. The user can decrypt the encrypted information received in the broadcast. Additionally, a credit-checking mechanism may be employed to ensure that the user has sufficient credit to purchase the key. In one embodiment, the information to be disseminated is divided into a plurality of categories, wherein each category corresponds to a granularity of information.

Abstract: In one embodiment, a user device is configured to allow a user to select any one of a plurality of accounts associated with the user to employ in a financial transaction. In one embodiment, the user device includes a biometric sensor configured to receive a biometric input provided by the user, a user interface configured to receive a user input including secret information known to the user and identifying information concerning an account selected by the user from the plurality of accounts. In a further embodiment, the user device includes a communication link configured to communicate with a secure registry, and a processor coupled to the biometric sensor to receive information concerning the biometric input, the user interface, and the communication link.

Abstract: A system and method for performing an on-line transaction, such as making a payment, with a single-use payment instrument makes use of computer hardware and software, such as the computing device of a customer, the customer's bank's home banking server, the bank's card authorization server, a vendor's website server, and the vendor's credit card acquirer, coupled to one another over a network. The customer is issued a single use payment instrument through the bank, the bank debits an account nominated by the customer for the requested value of the payment instrument and may also specify an expiry for the payment instrument. The customer is able to nominate a particular source of funds for each transaction from among various accounts of the customer. The payment instrument settles and clears through existing credit card payment mechanisms without a need for special accommodation with the Internet vendor.

Abstract: Electronic currency consists of data in a form suitable to be stored in a user's data storage medium, comprising information on the data value, identification of each specific set of data or data point, and authentication information suitable to verify that said data has been generated by a specific Currency Issuing Authority (CIA). A method and a system for effecting currency transactions between two users over the Internet or other communication network are also described.

Abstract: An offline code-based reload device and method for adding value to a reconfigurable memory storage means in a portable storage medium. Reload is effected using a reload device not directly connected by telephone or any other communication network to a value supplier. The system uses a “one time use number” (“OTN”) generated by a computer program containing an algorithm containing information on the value to be added and a transaction sequence number (“TSN”). Upon presentation of the portable storage medium to the reload device and entry of the OTN into a numeric keypad, the reload device decodes or disassembles the OTN to verify its authenticity, validate that it was created for the specific portable storage medium presented to the reload device and to verify through the TSN that the OTN has not been previously used to add value from the receiving reload device or any other reload device.

Abstract: Device, system, and method for loading, managing and using smartcard authentication token and digital certificates in e-commerce. System for making and accepting payments in on-line transaction between parties including transaction server coupled with storage device in which subscriber data structure is defined and stores transaction subscriber information and configured to communicate via network with certificate issuer and with card issuer. Computer implemented method for making and accepting payments in online transaction. Computer implemented method of issuing authentication certificate. Authentication token (smart card or SIM card) apparatus. Device for performing reading and/or writing operation to dual media smart card and SIM cards. Device, system, and method for using unique digital values to prevent fraudulent access or use of authentication token embedded with security digital certificate.

Abstract: A secure financial transaction network works with payment cards that includes a magnetic device readable by a legacy card reader that presents dynamic magnetic data such that each use of an individual card produces a cryptographic series of variations of a respective user access code according to an encryption program seeded with secret encryption keys or initialization vectors. Data processing generates a cryptographic series of variations of respective user access codes for each and all of the plurality of payment cards, to transmit to third parties for payment card manufacturing only tables of said cryptographic series of variations of respective user access code and not said secret encryption keys or initialization vectors, and to authorize financial transaction requests from a payments processor if a user access code it receives in a transaction request is a member of said cryptographic series of variations of respective user access codes for the particular one of the plurality of payment cards.

Abstract: Techniques for conducting secure online transactions using captcha images as watermarks are provided. Some techniques combine a trusted, secure device that utilizes a key to generate identifiers with a watermarked transaction verification request page to provide secure online transactions. The trusted, secure devices are provided to users for use in transacting with a transaction provider. In processing a transaction requested by a user, the transaction provider determines an identifier that should be being currently generated by the user's trusted, secure device, creates a captcha image of the identifier, and watermarks a transaction verification request page using the captcha image. The transaction provider then requests that the user verify the transaction described in the transaction verification request page by providing the next identifier that is generated by the user's trusted, secure device to the transaction provider.

Abstract: Digital cash token protocols use a combination of blind digital signatures and pseudonym authentication with at least two pairs of public and private keys. A user is provided with one master pair of private and public keys and as many pseudonym pairs of private and public keys as desired. The resulting digital cash token based hybrid protocols combine the advantages of blind digital signature and pseudonym authentication. Blind digital signatures based on the master pair of keys are used to withdraw digital cash from the user's bank account under the user's real identity. A pseudonym pair of keys is used for converting digital cash into digital cash tokens by a digital cash issuer. All pseudonyms can be used for spending the digital cash tokens. These protocols ensure anonymity when withdrawing digital cash from the user's account under the user's real identity in addition to providing pseudonym authentication when spending digital cash tokens under a pseudonym.

Abstract: A digital card 1 equipped with a CD or DVD bearing a contactless microcomputer chip 2 for the transmission of data relating to the use of transport systems, such as Calypso, Icare and other new-generation systems, between a specific terminal and the microcomputer chip 2. Other security devices have been added to the digital card 1 such that it can be used as a personal identification means. The CD or DVD 3 of the card can contain data relating to transport systems and/or personal identification and/or act as a support for other types of advertising or informative data, etc. The components of the digital card 1 are mounted to a credit card—or similar—type support 4.

Abstract: A user inputs information, such as a mathematical function, composed of variable strings, functions, characters, expressions, etc., into an information input field connected to a function variable processing system. In one embodiment, the function variable processing system breaks down the information into tokens. The tokens are then processed to detect any undefined user definable tokens, e.g., tokens that the user may add and/or change the definitions associated therewith. The function variable processing system generates a display of the undefined user definable tokens along with any associated token definition input fields and/or menus of token definitions. The user may input token definitions using the token definition input fields and/or may select the token definitions from the menus. The function variable processing system associates the undefined user definable tokens with the definitions inputted by the user to convert the undefined user definable tokens to defined user definable tokens.

Abstract: An optical payment transceiver and an optical settlement system using the same uses a personal portable terminal incorporated with an optical transceiver as a card substitute payment unit for settlement. Here, card information is incorporated in a personal portable terminal incorporated with an optical transceiver such as a portable phone or a PDA and the optical transceiver is connected to a card inquiry machine to thereby optically transmit and receive card information. The card inquiry machine recognizes the received card information in the same manner as that of the card reader reading a magnetic card, and transmits the card information to a VAN company server or a card company server, to then request for an approval and settle transactions.

Abstract: A system for sale of consumer goods, the system including means for issuing to a customer from a printer a non-validated token representing an article of merchandise following election by the customer from a selection panel. The article is to be paid for by the customer at a check-out unit when checking the token at said unit. Said check-out unit has means for providing a validated token from a token printer or dispenser as a replacement token or by validating a reusable token. The validated token carries a transaction code elected from the group of: a serially generated transaction code or a randomly generated transaction code. Said checkout unit has means for communicating with an article dispenser means and providing the article dispenser means with said transaction code following payment of the article.