Abstract: Digital cash token protocols use a combination of blind digital signatures and pseudonym authentication with at least two pairs of public and private keys. A user is provided with one master pair of private and public keys and as many pseudonym pairs of private and public keys as desired. The resulting digital cash token based hybrid protocols combine the advantages of blind digital signature and pseudonym authentication. Blind digital signatures based on the master pair of keys are used to withdraw digital cash from the user's bank account under the user's real identity. A pseudonym pair of keys is used for converting digital cash into digital cash tokens by a digital cash issuer. All pseudonyms can be used for spending the digital cash tokens. These protocols ensure anonymity when withdrawing digital cash from the user's account under the user's real identity in addition to providing pseudonym authentication when spending digital cash tokens under a pseudonym.

Abstract: This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.

Abstract: A method, system and program product for authenticating a user seeking to perform an electronic service request is provided. The method includes verifying user identity data received from a user requesting an electronic service, detecting whether or not any variances are found based on the set of user profile data associated with the user seeking to perform the electronic service requested, identifying the risk level for the electronic service based on whether or not any variances are found and any characteristics thereof, if any variances are found, applying one or more business policies or rules for handling any variances that are found. The method further includes issuing to the user, using a customer relationship management system, a challenge corresponding to the risk level identified for the electronic service requested, and authorizing the user to perform the electronic service requested only if a correct response is received to the challenge issued.

Abstract: Embodiments of methods and apparatus for tag-based personalization of kiosk computing devices are disclosed. In embodiments, an authentication server/system may receive, from a mobile device, a plurality data packets having data associated with a display tag of a kiosk computing device. The authentication system/server may, in response, instruct the kiosk to activate an account-specific mode based on an account associated with the mobile device. Other embodiments may be described and/or claimed.

Abstract: According to the invention, a process for transferring funds in an online transaction between a first party and a second party is disclosed. In one step, a first account associated with the first party and a second account associated with the second party are determined. At least one of the first account and the second account is a bank account. A first transfer is initiated between the first account and a third account. The third account is not associated with either the first party or the second party. Notification is received that the first transfer has cleared. A second transfer between the third account and the second account is initiated before notification that the first transfer has cleared is received.

Abstract: Systems and methods are provided for utilizing a digital coin. A bit string is received. The number of bits in the bit string represents a coin value of the digital coin. The individual bit values of the bits of the bit string are used to determine an identity of the digital coin. The identity of the digital coin is validated by a node of an authentication hierarchy. The validation includes comparing bit values of at least a portion of the bits of the bit string to bit values of corresponding bits of known bit strings that represent known issued digital coins. The validation also includes checking that a matching known issued digital coin was not previously redeemed. A digital coin can also be split into multiple digital coins that are each a continuous sequence of bits of the bit string of the original digital coin.

Abstract: Virtual account based digital cash protocols use a combination of blind digital signatures and pseudonym authentication with at least two pairs of public and private keys. A user is provided with one master pair of private and public keys and as many pseudonym pairs of private and public keys as desired. The resulting virtual account based hybrid protocols combine the advantages of blind digital signature and pseudonym authentication. Blind digital signatures based on the master pair of keys are used to withdraw digital cash from the user's bank account under the user's real identity. A pseudonym pair of keys is used for converting digital cash into virtual account based digital cash by a digital cash issuer. All pseudonyms can be used for spending the virtual account based digital cash.

Abstract: A security token includes (a) a personal data memory configured to store digital identity credentials related to personal data of a user; (b) an input appliance configured to check said personal data; (c) a key record data memory configured to store at least one identity credential of an authentication server or of an application operator; (d) a transmitter and receiver unit configured to create a secure channel directly or indirectly to said authentication server or application operator to handle said key record relating to said authentication server or application operator, respectively; (e) a control unit configured to control the transmitter and receiver unit and the key record data memory in view of said handling, wherein the control unit is configured to perform one of: interpreting, deciphering, creating, checking, renewing, withdrawing and further key record handling actions. A method for authentication of a user using the security token is also disclosed.

Abstract: Tokens containing a unique identification code that allow admission or access to entertainment or personal services are sold and distributed. A seller-distributor node on a global computer network affects transactions that exchange tokens for payment. The tokens represent remittance for services provided by a plurality of service providers. For each token obtained through the seller-distributor node, the system allows a variable rate of redemption at the plurality of service providers upon use by the token (ticket) holder. The token (ticket) holder/user selects which one of the plurality of service providers to request remittance for services at the respective service provider's rates. Different rates exist for a same or equivalent service across at least some of the service providers. Rendering of the token enables remittance for service by the ticket holder/user selected service provider at the selected service provider rate.

Abstract: A computer-implemented method for facilitating electronic funds transactions is disclosed. According to one embodiment, the method may comprise the steps of: issuing a transaction card to a cardholder by associating the transaction card with a demand deposit account from which the cardholder is authorized to electronically disburse funds; receiving an authorization request for an attempted transaction between a merchant and the cardholder, the authorization request containing information associated with the transaction card and the attempted transaction; processing the authorization request based on one or more predetermined business rules; authorizing the transaction without immediately settling the transaction against the demand deposit account of the cardholder; and settling the transaction, at a time subsequent to the execution of the transaction, through automated clearing house (ACH) from funds retained within the demand deposit account of the cardholder.

Abstract: The present invention relates electronic receipts. There is provided a method for generating an electronic receipt in a communication system providing a public key infrastructure, the method comprising the steps of receiving by a second party a request message from a first party, the request message comprising a transaction request and a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party, electronically signing at least part of the request message with a second public key assigned to the second party to issue the electronic receipt, and providing the electronic receipt to the first party.

Abstract: The invention relates to an authentication and/or rights containing retrievable token such as an IC card comprising at least one physical channel of communication to at least one apparatus and at least two logical channels of communication with said at least one apparatus wherein each logical channel of communication is associated with a different execution environment.

Abstract: A method and system of providing an electronic receipt, such as a SMS text message, to a consumer responsive to a purchase of long distance calling minutes, real-time replenishment of the customer's account, and seamless, pin-less use of the purchased long-distance from the user's chosen phone(s).

Abstract: A digital broadcasting system and a data processing method are disclosed. A data processing method of a digital broadcasting receiver comprises receiving a mobile/handheld (MH) broadcasting signal including mobile service data and main service data; generating a RS (Reed-Solomon) frame from the received MH broadcasting signal; extracting control data from the RS frame, the control data including charge adjustment information required to use a service provided by at least one service provider, the service being encrypted; determining whether the service is available, by comparing the extracted charge adjustment information with balance information written in the smart card; controlling the second RS frame using the control data so that an encrypted service of the second RS frame is decrypted, if the service is available; and mapping the extracted charge adjustment information with a corresponding service provider and storing the information.

Abstract: To secure communications in an untrusted environment for a commercial transaction on an account between the account's holder and a merchant, an identifier and a signature can be derived from a token. The identifier is associated by use of a directory with an application context that identifies the account's issuer. The merchant will provide the signature to the account's issuer, or agent thereof, to be verified. In practice, a merchant to the identified issuer of an account an authorization request message for a transaction that includes a signature and an identifier for the account upon which the transaction is to be conducted. The account's issuer responds with an authorization response message that includes an indicator that the signature has been verified. After notice of the signature's verification, the transaction on the account is deemed authorized and the merchant can proceed.

Abstract: The object of the present invention is to improve quality of service for customers by sharing and utilizing personal information on customers among variety of industries. In order to achieve the objective, the present invention comprises a personal information storage means (12), a communication means (8) to an external device and an information processing means (14) for controlling operation of each means thereof; wherein said personal information storage means (12) stores not only personal information on an information disclosing person, but also commodity provision information, etc. on commodity service which is provided for the information disclosing person for each information disclosing person of the personal information.

Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.

Abstract: The present invention extends to methods, systems, and computer program products for investing funds from pre-paid payment accounts. Funds from accounts within a payment system are invested on behalf of account holders of the accounts. Funds are invested in accordance with a risk strategy defined for the payment system (e.g. defining investment amounts and financial assets for investment). Payments and/or gains from invested funds are disbursed to the accounts of the account holders. Payments and/or gains are disbursed in accordance with disbursement rules for the payment system (e.g., based on percentages).

Abstract: Systems and methods are provided for utilizing a digital coin. A bit string is received. The number of bits in the bit string represents a coin value of the digital coin. The individual bit values of the bits of the bit string are used to determine an identity of the digital coin. The identity of the digital coin is validated by a node of an authentication hierarchy. The validation includes comparing bit values of at least a portion of the bits of the bit string to bit values of corresponding bits of known bit strings that represent known issued digital coins. The validation also includes checking that a matching known issued digital coin was not previously redeemed. A digital coin can also be split into multiple digital coins that are each a continuous sequence of bits of the bit string of the original digital coin.

Abstract: Methods, systems, and apparatus for generation, distribution and verification of tokens are described. In an implementation, a method is described in which a value of an offer is determined and a token for representing the offer is generated. The token has a number of characters based on the determination of the value of the offer.

Abstract: Electronic currency consists of data in a form suitable to be stored in a user's data storage medium, comprising information on the data value, identification of each specific set of data or data point, and authentication information suitable to verify that said data has been generated by a specific Currency Issuing Authority (CIA). A method and a system for effecting currency transactions between two users over the Internet or other communication network are also described.

Abstract: A cryptographically signed filesystem provides a central database resident on a server that contains database objects. The server creates startup software to be installed in a client system's read only memory. The startup software contains a hash value for a second stage loader. The server also creates software for a bootstrap loader object which typically contains the operating system for a client system and also the bootstrap loader's hash value and a digital signature that is unique to the server. The startup software and objects created by the server are initially installed on a client device at the time of manufacture. The server can update a client's bootstrap loader and root filesystem at any time through the transmission of slices.

Abstract: An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user's personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption.

Abstract: Embodiments of the present invention relate to systems and methods for automating the assignment of digital help-desk requests. An embodiment of the invention includes a request analyzer module which analyzes the content of the digital help-desk request, a task load monitor module which analyzes the help-desk resource availability and suitability, and a help-ticket assignment module with generates a help ticket based on the digital help-desk request and assigns the help ticket to a resource based upon the analysis of the request and the analysis of resource availability and suitability. The system may also estimate a time to respond to the request based upon an analysis of the assigned resources capabilities and status.

Abstract: An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user's personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption.

Abstract: The present invention extends to methods, systems, and computer program products for payments using pre-paid accounts. Embodiments of the invention provide a single, universal payment method that cannot be physically stolen, that minimizes the risk of information theft, and which can be used to make both small and large payments. The universal payment method is more convenient, more efficient, and less expensive to use because it requires no exchange mechanism from one payment form to another. In addition, to the extent that prior-to-payment funds are controlled by the businesses to whom payment is to be made, the buying power is increased.

Abstract: The object of the present invention is to carry out commodity quality control among a plurality of enterprises, and control a proper commodity manufacturing process and distribution process. In order to achieve the objective, the present invention comprises information storage means (12), communication means (8) for communicating with an external device, and information processing means (14) for controlling the operation of each of the means. The storage means (12) stores for each of commodities identification information for identifying the commodity as well as client information of a client who has acquired the commodity.

Abstract: The present invention relates to card payment systems. In particular, the present invention relates to systems and methods for processing payment card transactions in a dynamic currency conversion and/or multi-currency scheme. To operate correctly, ghost transactions are used. However to prevent duplication of debits against the Card Holder, these “ghost copy” transactions must not be processed into the card schemes with the normal transactions. Thus the Acquirer's and/or third parties host systems have to be amended, in addition to modifications to the related accounting thereof.

Abstract: It is an object of the present invention to enhance the security and reduce the data amount of data to be handled in a group signing system, in which when the group public key which includes: a description for four groups: group 1, group 2, group T, and group E of the same order number; a description of bilinear mapping from group 1 and group 2 to group T; each generator of group 1, group 2, group T, and group E; and a signature public key of a signature scheme using group 1, group 2, and group T, is input, the member secret key including an integer not larger than the order number, member evidence which is a value given by multiplying the generator of group E by the member secret key, and an element of group 1 or group 2 which is a value given by multiplying the generator of the group 1 or the group 2 by the member secret key are sent to the member-certificate issuing device, and thereafter upon receipt of a signature for the member secret key, which is verifiable by the signature public key, from the member

Abstract: A method for converting coined money to another type of value proceeds by receiving a plurality of coins into a coin processing machine. The coins are processed with the coin processing machine to determine a value of the coins. An electronic record of the determined value is produced using the coin processing machine. Further, the record of the determined value is electronically transmitted from the coin processing machine to a remote storage location.

Abstract: This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.

Abstract: A method, system and computer program product relating to automatically validating a transaction between an issuer having a signing key, an emitter having an emitter key, an acceptor having a unique identity and a limit on transactions and a validator.

Abstract: Electronic currency consists of data in a form suitable to be stored in a user's data storage medium, comprising information on the data value, identification of each specific set of data or data point, and authentication information suitable to verify that said data has been generated by a specific Currency Issuing Authority (CIA). A method and a system for effecting currency transactions between two users over the Internet or other communication network are also described.

Abstract: Digital cash token protocols use a combination of blind digital signatures and pseudonym authentication with at least two pairs of public and private keys. A user is provided with one master pair of private and public keys and as many pseudonym pairs of private and public keys as desired. The resulting digital cash token based hybrid protocols combine the advantages of blind digital signature and pseudonym authentication. Blind digital signatures based on the master pair of keys are used to withdraw digital cash from the user's bank account under the user's real identity. A pseudonym pair of keys is used for converting digital cash into digital cash tokens by a digital cash issuer. All pseudonyms can be used for spending the digital cash tokens. These protocols ensure anonymity when withdrawing digital cash from the user's account under the user's real identity in addition to providing pseudonym authentication when spending digital cash tokens under a pseudonym.

Abstract: Disclosed herein is a hierarchical data storage and retrieval system implemented using a computed statistically unique signature for the content of given computer data as its basis. The data storage and retrieval system can be used to catalog computer information for easy indexing and retrieval. The signature is computed by any number of techniques so long as it is able to produce a statistically unique signature, one example being the SHA-1 algorithm. The system is able to reduce the amount of data that is stored and the time required for retrieving the data. Provide a way to move electronic data in an encrypted secure manner that requires the complete data set being moved for decryption of the data. Even if a portion of the data is compromised that portion would still remain secure. The data is encrypted and separated into two or more portions all of which would be needed to decrypt the data.

Abstract: Virtual account based digital cash protocols use a combination of blind digital signatures and pseudonym authentication with at least two pairs of public and private keys. A user is provided with one master pair of private and public keys and as many pseudonym pairs of private and public keys as desired. The resulting virtual account based hybrid protocols combine the advantages of blind digital signature and pseudonym authentication. Blind digital signatures based on the master pair of keys are used to withdraw digital cash from the user's bank account under the user's real identity. A pseudonym pair of keys is used for converting digital cash into virtual account based digital cash by a digital cash issuer. All pseudonyms can be used for spending the virtual account based digital cash.

Abstract: Virtual account based digital cash protocols use a combination of blind digital signatures and pseudonym authentication with at least two pairs of public and private keys. A user is provided with one master pair of private and public keys and as many pseudonym pairs of private and public keys as desired. The resulting virtual account based hybrid protocols combine the advantages of blind digital signature and pseudonym authentication. Blind digital signatures based on the master pair of keys are used to withdraw digital cash from the user's bank account under the user's real identity. A pseudonym pair of keys is used for converting digital cash into virtual account based digital cash by a digital cash issuer. All pseudonyms can be used for spending the virtual account based digital cash.

Abstract: Systems and methods provide access to services. A base ticket value is determined based on a price range for a subject service. A ticket manager engine translates the price range into a ticket level. End users/ticket holders present the leveled ticket for redemption of the particular service from a participant's service provider. Tickets are redeemable for a particular service or experience such as concerts, sports events, theatrical shows, broadway shows, family events, golf courses, movie theaters, spas, etc., each at different levels. Tickets are thus redeemed at variable rates for equivalent services. An online distributor or portal in the primary and/or secondary market may employ the ticket manager engine and ticket leveling. As a result, the distributor offers/sells leveled tickets.

Abstract: A system and method includes an automation system and a scheduling system generating a schedule having a countdown time for a countdown clock assembly and communicating the schedule to an automation system. The system also includes a content repository storing promotional content and a clock background in the content repository. The automation system retrieves the promotional content and the clock background from the content repository, stores the promotional content and the clock background, forms a countdown clock assembly from the promotional content and the clock background and inserts the countdown clock assembly into a channel signal.

Abstract: Metering is enabled through an arrangement in which a metering certificate is communicated to a mobile device using an over-the-air protocol. A metering trigger provides the metering certificate that includes a location to which metering data is posted by the mobile device and a public key of a public-private key pair, or alternatively provides a link to such metering certificate. A metering helper passes the metering certificate to a DRM system on the mobile device which collects metering data associated with the metering ID and uses the public key to encrypt the metering data into a metering challenge. The metering helper posts the metering challenge to the location. The metering service extracts the metering data from the metering challenge using a private key and generates a metering response that is received by the metering helper which prompts the DRM system to reset at least a portion of a data store in which the metering data is stored.

Abstract: An embodiment of a method for use in performing interoperability testing between two network architectures includes forming multiple transaction signatures that each characterizes a communication transaction conducted over the two networks and analyzing each of the transaction signatures to determine if the transaction signature matches a previously classified pattern. The method may further include generating a report identifying each of the communication transactions and indicating that each of the communication transactions is classified with a classification associated with a previously classified pattern or are of unknown classification. Another method includes receiving a transaction signature composed of multiple transaction elements, and determining whether the received transaction signature corresponds to a previously identified transaction signature pattern.

Abstract: Systems and methods are disclosed for providing a provision of access to services. A time delimited, multiple use ticket/admissions card is provided that controls admission to services offered by participating service providers. The ticket/admissions card is issued to a ticket holder, and the card is valid for a certain amount of uses, where each use should be completed during a certain period of time. The first use of the card, for example, should be completed within a first time period, and if the first use is not completed during this first time period, then the first use expires; the second use of the card should be completed within a second time period, and if the second use is not completed during this second time period, then the second use expires. In this way, the ticket/admissions card provides a time delimited, multiple use scheme to control allowed admittance to authorized services.

Abstract: A personal communication apparatus is presented for generating a verifiable recording of a transaction, the transaction comprising an exchange of information. The apparatus includes a receiving component, a protection component, a memory and a recording component. The receiving component receives a transaction between a user of the apparatus and a remote person, and of receiving biometric data (BIOKY) of the remote person. The protection component protects the voice conversation with the biometric data (BIOKY). The recording component records the transaction protected with the biometric data on the memory. A communication apparatus is also presented that includes a memory and an authentication component. The authentication component provides access to a protected transaction stored on the memory.

Abstract: A method, system, and program for user controlled anonymity when evaluating into a role are provided. An anonymous authentication controller enables a user to control anonymity of the user's identity for role based network accesses to resources, without requiring reliance on any single third party to maintain user anonymity. First, a role authentication certificate is received from a role authenticator, wherein the role authentication certificate certifies that the holder of the role authentication certificate is a member of a particular role without allowing the role authenticator issuing the role authentication certificate the ability to track an identity of a user holding the role authentication certificate.

Abstract: In accordance with a broad aspect, a method is provided to securely configure a computing device. A configuration indication is received into the computing device, including receiving a digital signature generated based on the configuration indication. Generation of the digital signature accounts for a unique identifier nominally associated with the computing device. The received configuration indication is verified to be authentic including processing the unique identifier, the received configuration indication and the received digital signature. The computing device is operated or interoperated with in accordance with the received configuration indication. In one example, a service interoperates with the computing device. For example, the computing device may be a portable media player, and the service may provide media to the computing device based on a capacity indication of the configuration indication.

Abstract: A method and apparatus for obtaining access to services of service providers. In one embodiment, the method comprises requesting a desired service through a foreign service provider, generating a hash tree and generating a digital signature on a root value of the hash tree, sending the digital signature and the root value to the foreign service provider, providing one or more tokens to the foreign service provider with the next packet if the foreign service provider accepts the signature and continuing to use the service while the foreign service provider accepts tokens.

Abstract: An embodiment of a method for use in performing interoperability testing between two network architectures includes forming multiple transaction signatures that each characterizes a communication transaction conducted over the two networks and analyzing each of the transaction signatures to determine if the transaction signature matches a previously classified pattern. The method may further include generating a report identifying each of the communication transactions and indicating that each of the communication transactions is classified with a classification associated with a previously classified pattern or are of unknown classification. Another method includes receiving a transaction signature composed of multiple transaction elements, and determining whether the received transaction signature corresponds to a previously identified transaction signature pattern.

Abstract: A method (and structure) of exchange between two parties interconnected by a device or network. A recipient party (verifier) chooses a secret value x for computing a value X=F1(x), where F1 comprises a first predetermined function having at least one argument, the value x being one of the at least one argument of F1. A signing party (signer) chooses a secret value y for computing a value Y=F2(y), where F2 comprises a second predetermined function having at least one argument, the value y being one of the at least one argument of F2. The signer obtains the value X, and the signer has a private key b and a public key B. The signer computes a value s=F3(y,b,X), where F3 comprises a third predetermined function having at least three arguments: the value y, the private key b, and the value X being three arguments of the at least three arguments of F3.

Abstract: A method of confirming the identity of a user includes processing biometric credentials, generating a user configurable policy including identities of a plurality of authenticating entities, storing the user configurable policy in a device, presenting the device to an authenticating entity at an authentication station, and requesting biometric and personal data of the user from the device data. The biometric data corresponds to at least one biometric feature desired for authenticating the user and the requesting operation is performed by a workstation of the authenticating entity.

Abstract: A method includes inputting into the computer a digital content file of the merchant, the digital content file including a header with information related to purchasing a digital content product and the digital content product in encoded form. The computer reads the downloaded header and displays at least some of the information related to purchasing the digital content product while concurrently downloading the encoded digital content product into the computer.