Abstract: A system for open electronic commerce having a customer trusted agent securely communicating with a first money module, and a merchant trusted agent securely communicating with a second money module. Both trusted agents are capable of establishing a first cryptographically secure session, and both money modules are capable of establishing a second cryptographically secure session. The merchant trusted agent transfers electronic merchandise to the customer trusted agent, and the first money module transfers electronic money to the second money module. The money modules inform their trusted agents of the successful completion of payment, and the customer may use the purchased electronic merchandise.

Abstract: There is provided a method for a client to authorize an automated clearance house (ACH) transaction comprising the steps of providing an online web interface on a financial services provider network, allowing a client to securely access the online web interface via a client computer having a web browser application, permitting the client to input set-up and authorization information and criteria via the client computer, accepting and acknowledging the client set-up and authorization information and criteria, and executing an authorized ACH transaction based on the client inputted set-up and authorization information and criteria to electronically transfer client funds between one or more client accounts at a third party financial institution and financial service provider. The authorized ACH transactions can be a recurring, non-recurring or one-time ACH transactions, and in particular ACH-in transaction.

Abstract: Method, parser, messaging system, computer program and computer program product for handling context information associated with a message flow in a messaging system, the message flow having processing nodes for processing the message. A request is received at the parser to perform a first operation associated with the message. An indication of the context information to retrieve from a context store is obtained. This context information is for use by at least one of the processing nodes in the message flow for determining how to process the message. The context information is retrieved from the context store and a logical representation of the context information is then created in a format accessible by at least one processing node in the message flow.

Abstract: A first account profile is on a first mobile communications device and a second account profile is on a second mobile communications device. User input of transactional information is accepted on the first mobile communications device. The first account profile on the first mobile communications device is modified based on the transactional information. A message is transmitted including the transactional information to the second mobile communications device.

Abstract: A method that provides access to Privileged Accounts to users with Privileged Account access permission. A message is sent to a Privileged Accounts manager when a user logs into a Privileged Account. The user must enter a reason for access. All keystrokes are logged. At the conclusion of the user session, the log file is closed and another message is sent to the Privileged Accounts manager. The log file may be sent to the manager at this time or saved for a batch transfer periodically.

Abstract: A method of connecting a card to a terminal including the following steps: a) on receiving corresponding respective commands from the terminal, it modifies the contents of the card memory by provisionally recording in the card memory each of said interdependent items of information without losing prior values corresponding to said items; and then b) the modifications are finalized either by all of them being confirmed or by all of them being discarded.

Abstract: A method is provided for handling a service of a predetermined type within a charging system comprising a server and a client. The method includes receiving, at the client, a request for the service of the predetermined type from a terminal, transmitting said request from the client to the server in a charging control request in which the service of the predetermined type is indicated, checking, at said server, whether the requested service of the predetermined type can be granted, and if granted, responding, by said server, with a control message to the client, and measuring, by the client, the usage of resources consumed by the granted service in response to said control message, and reporting the measured used resources for the service at a predetermined condition from the client to the server in a report message. The present invention relates also to a corresponding system and network entities.

Abstract: This is a method for limiting access to selected features of a freely distributed multimedia file, by disabling selected features of the file (using encryption, compression, or other access denial), distributing the file with some enabled features as an inducement to new users, and offering to enable more features when a new user attempts to use a disabled feature. A licensing system then receives a request from the user's system, identifying a specific operating context and one or more features desired by the corresponding user. Accounting is done and an authorization is sent to the user or the user's system to enable the features. However, the authorization is uniquely associated with the measured operating context of the user and the features remain enabled only for said operating context, thus limiting full operation to authorized users, while permitting new users access to limited operations.

Abstract: A family stored value card program is provided. One embodiment is a method for implementing a stored value card program. One such method comprises: identifying an existing stored value card account; and enabling a first customer associated with the existing stored value card account to establish a new stored value card account associated with a second customer, the new stored value card account linked to the first stored value card account.

Abstract: A point of sale transaction terminal that has a signature capture pad mounted within a platen that is recessed within the top surface of the terminal housing. A screen protector is mounted over the signature pad and is registered thereon so that the protector covers the signature pad. A bezel is mounted upon said platen within the recess of the housing so that the bezel surrounds the periphery of the protector and the capture pad. A latching mechanism is located beneath the bezel which serves to removably secure the bezel to the platen. An access port is provided in said housing that allows restricted access to the latching mechanism for unlatching the bezel.

Abstract: The invention provides systems and methods providing independent determinations of services provided to be utilized in detection of fraud. According to a preferred embodiment, a call data record server is provided in communication with a prepaid calling system such that account refill/credit information is provided to the call data record server. The call data record server is also preferably in communication with systems providing subscriber services, such as a cellular service network, such that data regarding services utilized are provided to the call data record server. Using the refill/credit data and raw subscriber service data preferred embodiments of the present invention may independently determine prepaid services utilized by subscribers. Fraud may be detected from these independent determinations of the preferred embodiment by comparing a determined account balance to a selected threshold value and/or by comparing the determined account balance to that of the prepaid calling system.

Abstract: Detection of frauds and circulation of money can be managed while no special apparatus is required, electronic cash can be securely utilized, and personal information and information on individual's purchase are not unnecessarily known. An account management unit 45 stores an amount of money utilized by a user based on information for identifying the user and previously deposited funds. A clearing unit 55 instructs a payment institution to make a settlement. The user management unit 35 manages the information for identifying the user, and an account number of the user in the payment institution encrypted with a public key of a settlement processing apparatus. A communication unit 37 instructs an account management apparatus to change the balance of the previously deposited funds of the user stored therein based on the information for identifying the user, and instructs the settlement apparatus to execute a settlement based on the account number in the payment institution.

Abstract: A system and method for permitting gold or other commodities to circulate as currency requires a network of system users that participate in financial transactions where payment is made in units of gold. The gold is kept in secure storage at a deposit site for the benefit of the users. The payments in gold are effected through a computer system having data storage and transaction processing programs that credit or debit the units of account of gold for the account of each system user. The system and method allows gold to circulate as an electronic payment through the global computer network (Internet) and/or private communication networks. The sum total of all circulating electronic gold (denominated in physical measures such as weights such as grams and/or ounces and fractions thereof) will equal the weight of all the gold held for safekeeping at the storage site(s) for the users of the system.

Abstract: Systems and methods for effecting online financial transactions between individuals or between individuals and entities such as banks, merchants and other companies. Each user accesses a fund exchange server to establish an online account, which is used to transfer funds to and from other entities' online accounts. To fund an online account, funds can be transferred to the online account from a funding account, e.g., credit card account, checking or savings account, or other account, or from another online account. To withdraw funds, money can be transferred to a funding account. A verification procedure requires that a user enter information sufficient to effect financial transfers to and from a funding account. The system deposits one or more small amounts into the funding account, and queries the user to enter the amount of each deposit. If the amount(s) match, the account is considered verified.

Abstract: A method for enhancing data security when chip cards are used for payment transactions and input data are loaded into an algorithm when performing an authentication. The security of the debit and credit data is enhanced by subdividing the data blocks and by switching an additional feedback on and off following the downstream counters at preselected clock pulse times. The method is applicable to all authentication processes in conjunction with chip cards.

Abstract: Techniques for providing secure processing and data storage for a wireless communication device. In one specific design, a remote terminal includes a data processing unit, a main processor, and a secure unit. The data processing unit processes data for a communication over a wireless link. The main processor provides control for the remote terminal. The secure unit includes a secure processor that performs the secure processing for the remote terminal (e.g., using public-key cryptography) and a memory that provides secure storage of data (e.g., electronics funds, personal data, certificates, and so on). The secure processor may include an embedded ROM that stores program instructions and parameters used for the secure processing. For enhanced security, the secure processor and memory may be implemented within a single integrated circuit. Messaging and data may be exchanged with the secure unit via a single entry point provided by a bus.

Abstract: A user anonymously acquires a first sequence of encryption key material. An encryption server, having a second sequence complementary to the first sequence, receives and forwards encrypted messages and monitors utilization of encryption key material by the user. As the key material is used, the server adjusts user accounts to exhaust the first sequence. Thus, the first sequence provides for secure, anonymous communication and, correspondingly, can serve as a payment media for conducting electronic transactions.

Abstract: Managing a database for identification of security features of a device that generates digital signatures includes (a) recording in the database for each of a plurality of devices, (i) a public key of a pair of public-private keys of the device, and (ii) information including security features of the device, the security features being associated with the public key in the database, and (b) identifying security features from the database to a recipient of an electronic message for which a digital signature was originated utilizing a private key of the public-private key pair of a particular one of the devices, the security features being for the particular device.

Abstract: In one embodiment an apparatus includes a housing; a user authenticator, supported by the housing, that authenticates an identity of a user; at least one memory, supported by the housing, that stores transaction information for at least first and second media; and at least one output, supported by the housing, that releases at least a portion of the transaction information to a point-of-sale (POS) terminal after the user authenticator has authenticated the identity of the user. In another embodiment, a method involves steps of: storing transaction information for at least first and second media in a memory of a device; receiving as input a user's selection of one of the at least first and second media; displaying a visual indication to the user regarding which of the at least first and second media has been selected; and transferring at least a portion of the transaction information from the device to a point-of-sale (POS) terminal.

Abstract: A system for managing credit card accounts or the like, having a database for storing a permanent customer ID associated with each cardholder, an account ID for each account accessible by the cardholder, a presentation ID (card number) appearing on each card, and a role identifier. When a transaction is conducted at a terminal, the presentation ID is provided to a database management system, which then can retrieve the customer ID and the account ID (for the account being accessed). If a card is lost, stolen or otherwise rendered unusable, a security suspense record is inserted into the database in an account ID filed associated with the affected presentation ID. When the presentation ID associated with the lost or stolen card is provided to the system, the security suspense record is retrieved and causes the transaction to be invalidated. All other presentation IDs (and associated cards) for the affected account can continue to be used, thus eliminating the need to close the account.

Abstract: The invention relates to a process for making a secure remote payment for goods and/or a service purchased by the buyer (2) from a supplier (7) using a mobile radiotelephone (1) used by the buyer. The mobile radiotelephone provides access to a radio communications network (5) managed through a management center (6). A payment server (4) is connected to the radio communications network (5). The process according to this invention comprises a step in which the said management center (6) and/or the said payment server (4) and/or a control center identifies the said buyer (2), identification of the buyer consisting of ensuring that the buyer is a bonafide subscriber registered on a list of subscribers to the said radio communications network (5). The process may also include a step to authenticate the said buyer (2).

Abstract: In accordance with the present invention, consumers and merchants use computing devices connected to a network, such as the Internet, through wired and wireless means, wherein the consumer connects to a clearing server device to purchase or retrieve previously purchased token, the consumer then connects to the merchant's computer or website to attain price quotes of goods and services, selects the goods and/or services to be purchased, and then communicates a request for purchase to the merchant. The merchant then communicates a request for an update key to the clearing server. The update key is used as an authorization to modify the value of the token. To debit the customer the decrement key is requested and to credit the customer an increment key is asked for. An overwrite key is another type of update key. Together with the overwrite key a replacement token is provided to the merchant who in turn forwards the new token to the customer.

Abstract: Systems and methods for producing a digitally-computed acknowledgment of a delegated download event are disclosed. An information owner, such as the issuer of a smart card, delegates an information download to a third party. The information is downloaded from the third party to an information device, such as a smart card. The computed acknowledgment is a digital “seal” or signature (depending upon the type of cryptographic algorithm used). The seal or signature is preferably a cryptogram generated by the information device using cryptographic keys resident on the information device itself. This acknowledgment is then made available to the information owner, who may then test the cryptogram to determine whether the third party successfully completed the software download.

Abstract: A method and system for converting a first transaction account device to a second transaction account device wherein a card number associated with, or defined as, a first transaction account (e.g., stored value account) is re-associated with, or re-defined as, a second transaction account (e.g., credit card account).

Abstract: A cardless system for dispensing prepaid products, replenishing balances or settling an account which avoids the expenses of producing tangible prepaid cards every time the balance on the prepaid card is consumed. The system also provides the ability to replenish balances on existing prepaid cards thereby avoiding the expense of producing additional cards, and reduce equipment and labor costs. This system helps the environment by saving these resources involved in the production of the present disposable tangible prepaid cards. Additionally, the system offers monitoring of store inventory and recording of sales transaction. The system can manage several prepaid products on a single customer prepaid product account and provide introduction of new products or deletion of old products without the need of reprogramming, reinitialization, collecting, upgrading and redistribution of the user terminals.

Abstract: A system for managing credit card accounts or the like, having a database for storing a permanent customer ID associated with each cardholder, an account ID for each account accessible by the cardholder, a presentation ID (card number) appearing on each card, and a role identifier. When a transaction is conducted at a terminal, the presentation ID is provided to a database management system, which then can retrieve the customer ID and the account ID (for the account being accessed). If a card is lost, stolen or otherwise rendered unusable, a security suspense record is inserted into the database in an account ID filed associated with the affected presentation ID. When the presentation ID associated with the lost or stolen card is provided to the system, the security suspense record is retrieved and causes the transaction to be invalidated. All other presentation IDs (and associated cards) for the affected account can continue to be used, thus eliminating the need to close the account.

Abstract: An IC card incorporates a processor, a memory, etc. The memory stores therein a general electronic money balance having an unlimited use range, a specific electronic money balance having a limited use range, and available genre information defining a use range of the specific electronic money balance. A transfer processing unit serves to transfer a specified amount of money from the general electronic money balance to the specific electronic money balance between two IC cards. A settlement processing unit compares genre information acquired from a purchased commodity or a provided service with the available genre information of the IC card and, only when a coincidence has occurred, deducts the purchased amount of money from the specific electronic money balance of the IC card.

Abstract: A user registers a user public key PKU as a pseudonym at a trustee or issuer and obtains an signature for the pseudonym as a license. The sends the pseudonym, PKU identification information IdU and the amount of withdrawal x to the issuer institution. The issuer increments a balance counter of the pseudonym by x, then generates an issuer signature SKI(PKU, x) with a secret key SKI, and sends the issuer signature as an electronic cash to the user. The user verifies the validity of the issuer signature with a public key SKI, and if valid, increments an electronic cash balance counter Balance by x. At the time of payment, user sends the public key PKU and the license to a shop, and the shop verifies the validity of the license, and if valid, sends a challenge to the user. The user attaches a signature to the challenge with user secret key SKU, then sends it to the shop together with the amount due y, and decrements the electronic cash balance counter by y.

Abstract: A system and method to allow gold to circulate as digital cash through the global computer network (Internet) and/or private communication networks, in both hardwired and wireless systems, much like cash currently circulates in the physical world. A computer system is structured to allow the system user who is attached to the network to transfer digital data values based on gold units of account to or from a portable electronic device, such as a smartcard, and to or from other system users having compatible electronic devices. The sum total of all circulating digital data values will equal the weight of all the gold held for safekeeping at the storage site(s) for the users of the bank. The ownership of the electronic gold values is not transferred by a computer system executing debits and credits between individual accounts, but instead by individuals directly transferring the digital data values amongst themselves (as is done in cash transactions, i.e., without double-entry bookkeeping).

Abstract: A security module (95) for a transaction processing system is disclosed. The transaction processing system includes a transaction manager (20) which runs in a first process and is responsive to transaction requests from one or more applications (10, Page_1.htm) and a service provider layer (30, 36, 37) adapted to relay transaction requests passed from said transaction manager to associated hardware (14) for execution. The security module is adapted to communicate with a supervisor application to receive and store application rights to execute transaction requests and is responsive to requests from the service provider layer to determine an application's right to execute a transaction request.

Abstract: A system and method for identifying each of a plurality of service providers cooperating to provide a service to a customer wherein a fee debited from a stored value account associated with the customer is apportioned among the cooperating service providers according to a measurement of the provided service portions.

Abstract: A computer-based method for allocating funds in pre-established accounts for use by customers, by creating for each customer a customer account file containing a record of funds deposited for the customer, and limiting how the funds in each customer account file may be spent on audio and video entertainment in the form of goods and services in response to command instructions from the fund depositor, wherein the limit on the funds is a limit on transaction amount or a limit according to content on the audio or video entertainment on which the funds may be spent. Computer-based systems implementing the inventive method are also disclosed.

Abstract: A system for performing a transaction which comprises a communications device, a first party and a second party. The communications device is arranged to communicate with the first party and the second party, said second party storing information relating to a user of the communication device, said communication device being arranged to forward at least some of the information from the second party to the first party to permit a transaction to occur.

Abstract: An improved monetary system using electronic media to exchange economic value securely and reliably.

Abstract: A number of fault-tolerant methods for purchasing digital goods with a digital token over a network in which the token's value resides either with a customer or a merchant are disclosed. One version of the method comprises the steps of establishing a price with a merchant for a digital good. A merchant-signed invoice and the digital good in encrypted form are then sent from the merchant to the customer. The invoice is signed with the customer's signature to produce a countersigned invoice. The countersigned invoice, a token (which can be an anonymous token), and identifying information for the token are sent from the customer to the merchant. The countersigned invoice, the token, and the identifying information are sent from the merchant for verification. The token is verified with the identifying information and the other information in the countersigned purchase order is checked.