Abstract: As described herein, a machine learning system, method, and computer program are provided for making payment related customer predictions using remotely sourced data. A system of a communication service provider (CSP) identifies a customer of the CSP. Additionally, the system collects data from a plurality of data sources independent from the CSP, the data including telephone numbers and/or webpage URLs of other services providers that are associated with making payments. Further, the system processes the collected data to form input data indicating which of the telephone numbers were contacted by the customer and/or webpage URLs were accessed by the customer. Still yet, the system processes the input data using at least one machine learning algorithm to make at least one payment related prediction for the customer. Moreover, the system outputs the at least one payment related prediction made for the customer.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving requirements data for a first enterprise resource planning (ERP) project and accessing a data repository that includes multiple templates. A subset of the templates include activity templates and each template is associated with at least one other ERP project. A system identifies activity templates based on the requirements data. Each identified activity template defines deliverables for performing the first ERP project. The system receives user input for validating an identified activity template by referencing the requirements data. The system selects an activity template in response to receiving the user input that validates the activity template. The system uses the selected activity template to generate a first deliverable for executing the first ERP project.

Abstract: Techniques for providing data retention services based on a geographic region are disclosed. In one aspect, a location of a computing device is determined. A geographic entity corresponding to the location of the computing device is then determined. A data retention policy is applied to data of the computing device based on regulations of the geographic entity. Other aspects are also disclosed.

Abstract: Embodiments are described that are directed to optimizing the provisioning of payment account credentials to mobile devices utilizing mobile wallets. In some embodiments, one of multiple provisioning schemes may be selectively chosen for payment account credential provisioning based upon a determined risk involved with a particular provisioning request. A low risk provisioning request leads to an immediate provisioning of a payment credential, whereas a provisioning request of high risk results in the provisioning request being denied. In some embodiments, medium risk provisioning requests will cause an additional user authentication to be performed before the payment account provisioning is finalized. The additional user authentication may occur using a separate communication channel than the channel in which the provisioning request was received.

Abstract: The present invention pertains to a method and system for preventing unauthorized access via signal interception and hacking to a user's secure mobile device. One embodiment of the system further comprises an encryption server in communication with the secure mobile device, a clear server in communication with a clear mobile device, and a termination gateway in connection with secure and clear POTS phones on the PSTN. The termination gateway communicates with the clear and encryption servers by IP tunneling. The system enables universal access between secure and non-secure packet-switched phone lines, operating via the Internet, and clear and secure circuit-switched phone lines operating on the PSTN.

Abstract: Techniques are disclosed for generating media delivery packages from a source package. The techniques include receiving, by a computer system, a source package associated with a content item. Upon receiving the source package, the computer system determines a plurality of workflows, whereby each workflow is operable for generating a delivery package of a plurality delivery packages. A workflow defines parameters for execution of one or more transformation modules of a set of transformation modules of a media transformation service (MTS). The MTS generates the plurality of delivery packages based at least in part on the source package and an execution of respective workflows. The computer system then provides the plurality of delivery packages to respective target entities for distribution.

Abstract: A computer-implemented method and system for automatically authenticating ownership of uploaded content to a server by cellular messaging is described. Content is uploaded to a server by cellular messaging. If the user has a user account, the user account is retrieved. If not, a user account is created. A URL is created and mapped to the content and the user account and sent as a hyperlink by cellular messaging to the user. Upon a first activation of the hyperlink, the user is authenticated as an owner of the content. A cookie is embedded in the owner's device. Upon a subsequent activation of the hyperlink, if the cookie is detected in the user's device, the owner is allowed to access, edit, download, or share the content. If the cookie is not detected, the user is not an owner, so the user is only allowed to access and not edit the content.

Abstract: A method and system for authenticating ownership of uploaded content to a server by cellular messaging is described. Content is uploaded to a server by cellular messaging. If the user has a user account, the user account is retrieved. If not, a user account is created. A URL is created and mapped to the content and the user account and sent as a hyperlink by cellular messaging to the user. Upon a first activation of the hyperlink, the user is authenticated as an owner of the content. A cookie is embedded in the owner's device. Upon a subsequent activation of the hyperlink, if the cookie is detected in the user's device, the owner is allowed to access, edit, download, or share the content. If the cookie is not detected, the user is not an owner, so the user is only allowed to access and not edit the content.

Abstract: A method, system, and computer-program product for in-memory policy analytics are disclosed. The method includes creating a policy model and determining an effect of a change to one of a value of one of one or more parameters. The policy model is configured to represent one or more policy scenarios by virtue of comprising one or more parameters, and each of the one or more scenarios is defined, at least in part, by each of the one or more parameters comprising a value or a plurality of values. Further, the effect is on at least one of the one or more scenarios.

Abstract: Embodiments are described that are directed to optimizing the provisioning of payment account credentials to mobile devices utilizing mobile wallets. In some embodiments, one of multiple provisioning schemes may be selectively chosen for payment account credential provisioning based upon a determined risk involved with a particular provisioning request. A low risk provisioning request leads to an immediate provisioning of a payment credential, whereas a provisioning request of high risk results in the provisioning request being denied. In some embodiments, medium risk provisioning requests will cause an additional user authentication to be performed before the payment account provisioning is finalized. The additional user authentication may occur using a separate communication channel than the channel in which the provisioning request was received.

Abstract: The disclosed embodiments illustrate methods and systems for generating recommendations for client process execution of one or more client processes corresponding to a plurality of clients of an organization. The method comprises retrieving an event log including event data captured during execution of one or more processes in the organization to service a plurality of clients of a predefined type. The event log is analyzed across the plurality of clients to determine cross-clientele information including a process compliance deviation between an observed and an expected client process execution of the one or more processes. Thereafter, a set of root-causes of the process compliance deviation is determined based on process models of the one or more processes and/or decision rules of the organization. Further, one or more recommendations for the client process execution of the one or more processes of the organization are generated, based on the set of root-causes.

Abstract: A communication system may include a server, and first and second communications devices. The server may be configured to maintain a database having first and second communication profiles respectively associated with first and second users, and maintain first and second value accounts respectively associated with the first and second communication profiles. The server may be configured to process the message from the first user, debit the transaction value from the first value account, convert the message to be from the masked email address of the first user and send the converted message to the actual email address of the second user, and when receiving an acceptance message from the second user in reply to the converted message, then facilitate a communication between the first and second users, and transfer the debited transaction value to the second value account of the second user.

Abstract: A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder's authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.

Abstract: A system and method for remediation, curing concerns, and transferring information associated with declined transactions is disclosed. The present disclosure generally relates to electronic commerce, and more particularly, to a system and method of validation and efficiency associated with electronic commerce.

Abstract: A transaction system for coordinating processing of a transaction payment request associated with a transaction between a consumer and a merchant, comprising: a computer processor programmed for: receiving the transaction payment request including consumer code data and identification information, the consumer code data representative of a subaccount registered with a transaction interface; accessing the subaccount to obtain payment information related to the transaction payment request; creating a payment confirmation request using said identification information; sending said payment confirmation request over the network to a mobile device; obtaining authorization information from the mobile device; sending a funds transfer request to a payment platform based on the authorization information matching the required authorization information; receiving approval of the funds transfer request from the payment platform; and sending a confirmation of the approval of the funds transfer request to a computer device

Abstract: A computer-based method includes receiving, at a computer-based authorization system, a request to authorize payment to a first party at an electronic payment device from an account with funds that have been paid by a second party. The request includes an encrypted indication of an account number that corresponds to the account and a cash card number entered by the first party at the electronic payment device. The method further includes deriving an unencrypted version of the account number from the encrypted indication; comparing the unencrypted version of the account number to one or more identification codes in an electronic database, where one of the identification codes corresponds to the account; and authorizing payment from the account at the payment device based, at least in part, on whether the comparing yields a match between the unencrypted version of the account number and the identification code that corresponds to the account.

Abstract: A method is proposed for exchanging a data set between a transmitting module, associated with a first domain, and a destination module associated with a second domain. The transmitting module and the destination module are adapted to be loaded into a browser module having access to a local database for recording data and accessing the data recorded by one or more modules belonging to a single browsing domain and to any module loaded in the browser module that is also associated with said single browsing domain. The method comprises the following steps: storage, by a storage module associated with a third domain, of the data set in the local database; requesting a receiving module, associated with the third browsing domain, to read the data set; reading, by the receiving module, of the data set in the local database.

Abstract: Methods for controlling online session inactivity timeouts between a user terminal and a server involves the server polling the user's local terminal to determine whether the user presence at the terminal can be confirmed if there is a period of inactivity within the session. If so, or if the server can otherwise confirm that the terminal is secured from use by other users, then the user session is maintained. Otherwise, the user session is allowed to timeout due to inactivity. The server may issue an alert to the user whenever a timeout is imminent, and may restore any information entered by the user prior to the timeout, if the user later returns and validates his identification.

Abstract: A method and apparatus for storing financial data utilizing a communications network is described. In one embodiment, provisioning access is provided to a plurality of unrelated financial entities. The financial data received from the plurality of unrelated financial entities are stored in a secure data store, e.g., a secure network based mailbox.

Abstract: Aspects of the present invention are directed to a method and system for distributing information from an information distributor in a banking environment. The method may include composing an electronic notification instrument by providing a notification component and providing a payload component, the payload component including a selectable link. The method may additionally include pushing the electronic notification instrument to an information client and allowing a pull from the information distributor through the electronic notification instrument such that the payload component including the selectable link is activated by an authorized information recipient, the authorized information recipient determined by the information client. The method may additionally include determining through a tracer whether the electronic notification instrument has an acceptable disposition and rendering the electronic notification instrument inaccessible if the disposition is not acceptable.

Abstract: An authentication method and system provides for a user requesting authentication where the authentication request includes Personally Identifiable Information (PPI) such as geolocation data. The user's device requesting authentication alters or encrypts the PII in order to prevent the PII's unintentional discovery by third parties or to comply with jurisdictional requirements for the safeguarding of PII. The receiving party saves the altered or encrypted PII for later use. In order to use the PII and perform calculations for authentication, the receiving party requests a trusted third party with knowledge of the methodology or key used to alter or encrypt the PII to perform calculations on the original values of the PII without saving the PII. The trusted third party returns a computed value to the receiving party where it is used to determine whether the user will be authenticated.

Abstract: A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity.

Abstract: A cryptographic expansion device that can be attached to a communication component of a communication device to enable the communication device to perform cryptographic operations on communications sent to and from the communication device is described. When used with a communication device, the cryptographic expansion device enables the communication device to send and received end-to-end secure encrypted communications. The cryptographic expansion device can be used with a communication device without requiring any changes to the internal software or hardware of the communication device and without requiring any modification to the communication protocols of the communication device. In some embodiments, the end-to-end secure communications enabled by the cryptographic expansion device can be utilized by a user of the communication device to perform financial and/or banking transactions.

Abstract: A method for generating e-mail messages with increased security includes receiving an e-mail message at a control system. The e-mail message has recipients, a security level, control attributes, and e-mail message contents. Moreover, the method includes verifying the recipients at the control system, and storing the recipients, security level, control attributes, and e-mail message contents in the control system when each of the recipients is verified. Furthermore, the method includes generating modified e-mail messages from the e-mail message, transmitting each of the modified e-mail messages to a respective recipient, and capturing authentication data from one of the recipients when the one recipient indicates a desire to view the e-mail message contents with a communications device operated by the one recipient. When the one recipient is successfully authenticated, the method includes permitting the one recipient to view the e-mail message contents in accordance with the control attributes.

Abstract: A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity.

Abstract: Augmenting service oriented architecture (‘SOA’) governance maturity including receiving an evaluation of the maturity of the governance of the SOA; identifying, for each governance capability in dependence upon the evaluation of the maturity of the governance capability, one or more predefined risks to the SOA; establishing, for each governance capability in dependence upon the predefined risks to the SOA, a risk value representing the severity of the predefined risks; selecting, for each governance capability in dependence upon the evaluation of the maturity of the governance of the SOA and the predefined risk value, one or more governance work products; and communicating to predetermined stakeholders in the SOA the one or more predefined risks to the SOA identified for each governance capability, the risk value established for each governance capability, and the governance work products selected for each governance capability.

Abstract: Particular embodiments provide a method for orchestrating an order fulfillment business process that includes a sub-process. In one embodiment, abstraction of business processes from an underlying information technology (IT) infrastructure is provided. An orchestration process can be designed using sub-processes such that the sub-process is assembled at run-time into an executable process. The sub-process may be defined in an interface as a single step. A plurality of services as then assembled as steps in the executable process at run-time.

Abstract: One embodiment provides a system that facilitates an electronic transaction between a set of entities. During operation, the system discovers a potential interaction between the entities and verifies a set of shared electronic transfer capabilities between the entities. Next, the system facilitates the electronic transaction between the entities by notifying one or more of the entities of the shared electronic transfer capabilities.

Abstract: An embodiment defines access control allowing the expression of access control rules using ontology based semantics and references an ontology subset using XPath as the ontological expression. The access control rules or access criteria are defined by an access control statement and may be expressed using classification criteria and ontology classes. The access control statement comprises a structural description that is used to define an asset and a logical expression that may be used to express the classification criteria. The access control statement defines access policy for various assets.

Abstract: In one exemplary embodiment, a method provides a cash ledger. The cash ledger may contain at least one line item and a clearing account. The method may post a payment, which contains at least one line item, to a bank account and clear a business partner account by posting the payment against the business partner account.

Abstract: A method for providing internet security via multiple user authorization in virtual software. Each of two users are provided with a non-transitory tangible storage medium. The first user inputs the storage medium into a local computer. If the first user is granted authorization by a second user, the first user can download at least one additional non-browser based application module into virtual memory of his local computer.

Abstract: Digital cash token protocols use a combination of blind digital signatures and pseudonym authentication with at least two pairs of public and private keys. A user is provided with one master pair of private and public keys and as many pseudonym pairs of private and public keys as desired. The resulting digital cash token based hybrid protocols combine the advantages of blind digital signature and pseudonym authentication. Blind digital signatures based on the master pair of keys are used to withdraw digital cash from the user's bank account under the user's real identity. A pseudonym pair of keys is used for converting digital cash into digital cash tokens by a digital cash issuer. All pseudonyms can be used for spending the digital cash tokens. These protocols ensure anonymity when withdrawing digital cash from the user's account under the user's real identity in addition to providing pseudonym authentication when spending digital cash tokens under a pseudonym.

Abstract: Embodiments of methods and apparatus for tag-based personalization of kiosk computing devices are disclosed. In embodiments, an authentication server/system may receive, from a mobile device, a plurality data packets having data associated with a display tag of a kiosk computing device. The authentication system/server may, in response, instruct the kiosk to activate an account-specific mode based on an account associated with the mobile device. Other embodiments may be described and/or claimed.

Abstract: A method and system for providing remote user access to secure financial applications by deployment of SSO software (126) to client workstations (120), including receiving a password for collaborating access to a secure server (110); navigating to the secure server (110) using a web browser (124) on a remote workstation (120); providing user authorization details and the received password to the secure server (120); generating a subsequent password at the secure server (110) upon validation of the user authorization details and received password; downloading an SSO deployment file (122) to the remote workstation (120), said deployment file (122) including the subsequent password; executing the SSO deployment file (122) to install an SSO client application (126) on the remote workstation; reading workstation settings and user credentials from a secure file or data store; and running the SSO client application (126) on the workstation to employ the user credentials and subsequent password to logon to the secure

Abstract: Methods for controlling online session inactivity timeouts between a user terminal and a server involves the server polling the user's local terminal to determine whether the user presence at the terminal can be confirmed if there is a period of inactivity within the session. If so, or if the server can otherwise confirm that the terminal is secured from use by other users, then the user session is maintained. Otherwise, the user session is allowed to timeout due to inactivity. The server may issue an alert to the user whenever a timeout is imminent, and may restore any information entered by the user prior to the timeout, if the user later returns and validates his identification.

Abstract: Systems and methods for filtering fraudulent email messages are described. In one embodiment, a method includes receiving an email message, determining whether the email message is indicative of fraud, and creating a fraud filter based on the email message if the email message is fraudulent.

Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.

Abstract: Augmenting service oriented architecture (‘SOA’) governance maturity including receiving an evaluation of the maturity of the governance of the SOA; identifying, for each governance capability in dependence upon the evaluation of the maturity of the governance capability, one or more predefined risks to the SOA; establishing, for each governance capability in dependence upon the predefined risks to the SOA, a risk value representing the severity of the predefined risks; selecting, for each governance capability in dependence upon the evaluation of the maturity of the governance of the SOA and the predefined risk value, one or more governance work products; and communicating to predetermined stakeholders in the SOA the one or more predefined risks to the SOA identified for each governance capability, the risk value established for each governance capability, and the governance work products selected for each governance capability.

Abstract: A system of security for global computer transactions that provides a reverse-authentication authority system that enables a client to authenticate the server to the client first before the user of a client proceed to enter their user id and password or other personal data in the web page to assure them that the web page did indeed originate from the secure web server and not from an imposter. The system uses an authentication code that is given to the client user when they call a reverse-authentication server by an out-of-band method such as a telephone network, different than the global network and which then appears in the part of the web page for them to visually see and compare the one they have received in the telephone call to the server.

Abstract: A method for transferring funds, comprising defining a savings parameter associated with a first financial account and a second financial account, wherein the savings parameter adjusts over time based on the funds available in the first financial account and the second financial account, performing a transfer of funds from the first financial account to the second financial account for a transfer amount determined by the savings parameter, and displaying a progress report based on the transfer of funds.

Abstract: Embodiments of the invention are generally directed to a system and method for enrolling a user into an authentication system. In some embodiments of the invention, a user completes a first portion of the enrollment or setup process using a first computer environment, but is not permitted to complete the enrollment or setup process from the first computer environment. The system permits the user to complete the enrollment or setup process only from a second computer environment different from the first computer environment. In one embodiment, the second computer environment is any computer environment outside of the first computer environment.

Abstract: A system and method are disclosed. The method includes receiving, at a server computer, a transaction clearing request for a transaction, and then determining, using the server computer, if the transaction satisfies a stored blocking parameter. The method further includes allowing, using the server computer, the transaction clearing request if the transaction does not satisfy the stored blocking parameter, and denying, using the server computer, the transaction clearing request if the transaction satisfies the stored blocking parameter.

Abstract: An automated banking machine (12, 200, 302) is provided. The machine may be operative to install a terminal master key (TK) therein in response to at least one input from a single operator. The machine may include an EPP (204) that is operative to remotely receive an encrypted terminal master key from a host system (210, 304). The machine may authenticate and decrypt the terminal master key prior to accepting the terminal master key. The machine may further output through a display device (30) of the machine a one-way hash of at least one public key associated with the host system. The machine may continue with the installation of the terminal master key in response to an operator confirming that the one-way hash of the public key corresponds to a value independently known by the operator to correspond to the host system.

Abstract: A method for providing internet security includes providing a storage medium including a first executable application module. In response to inputting the storage medium onto a local computer the first executable application module is loaded into virtual memory in the local computer. The first executable application module is executed, the first executable application module providing information identifying at least one remote server. Communication is performed between the local computer and the remote server using the information provided by the first executable application module. The remote server is instructed to send a second application module to the local computer. Upon receipt of the second application module, the second application module is loaded into virtual memory on the local computer. The second application module is executed from virtual memory and a prompt is displayed to the user.

Abstract: When the deposit of a negotiable instrument, such as a check, is done electronically by using a digital image of the negotiable instrument rather than the negotiable instrument itself, during the process, at least two negotiable instruments may exist: the physical negotiable instrument and the digital image of the negotiable instrument. To change the physical negotiable instrument to a non-negotiable instrument, a bank or other financial institution may send a transmission to modify the appearance of the negotiable instrument, thus effectively “voiding” the physical negotiable instrument. The negotiable instrument may have various inks or mechanisms that facilitate the modification of the appearance through the application of a stimulus, such as heat or light. The financial institution may cause the application of the stimulus to modify the appearance of the negotiable instrument.

Abstract: The claimed subject matter provides a system and/or a method that facilitates securing a wireless digital transaction. A terminal component can receive a portion of data related to a payment for at least one of a good or a service. A mobile device can include at least one mobile payment card (m-card), wherein the m-card is created by establishing a link to an account associated with a form of currency. The mobile device can employ public-key cryptography (PKC) to securely and wirelessly transmit a payment to the terminal component utilizing the m-card and linked account.

Abstract: A system and method are disclosed. The method includes receiving, at a server computer, a transaction clearing request for a transaction, and then determining, using the server computer, if the transaction satisfies a stored blocking parameter. The method further includes allowing, using the server computer, the transaction clearing request if the transaction does not satisfy the stored blocking parameter, and denying, using the server computer, the transaction clearing request if the transaction satisfies the stored blocking parameter.

Abstract: When the deposit of a negotiable instrument, such as a check, is done electronically by using a digital image of the negotiable instrument rather than the negotiable instrument itself, during the process, at least two negotiable instruments may exist: the physical negotiable instrument and the digital image of the negotiable instrument. To change the physical negotiable instrument to a non-negotiable instrument, a bank or other financial institution may send a transmission to modify the appearance of the negotiable instrument, thus effectively “voiding” the physical negotiable instrument. The negotiable instrument may have various inks or mechanisms that facilitate the modification of the appearance through the application of a stimulus, such as heat or light. The financial institution may cause the application of the stimulus to modify the appearance of the negotiable instrument.

Abstract: When the deposit of a negotiable instrument, such as a check, is done electronically by using a digital image of the negotiable instrument rather than the negotiable instrument itself, during the process, at least two negotiable instruments may exist: the physical negotiable instrument and the digital image of the negotiable instrument. To change the physical negotiable instrument to a non-negotiable instrument, a bank or other financial institution may send a transmission to modify the appearance of the negotiable instrument, thus effectively “voiding” the physical negotiable instrument. The negotiable instrument may have various inks or mechanisms that facilitate the modification of the appearance through the application of a stimulus, such as heat or light. The financial institution may cause the application of the stimulus to modify the appearance of the negotiable instrument.

Abstract: An Internet-based check ordering system includes an Internet-based server having a check order entry user interface, a bank transit number computer system in operable communication with the Internet-based server computer system, a client computer system in operable communication with the Internet-based server computer system and a printing system in operable communication with the Internet-based server computer system to print the ordered checks.