Abstract: In one example, a proxy server acts as a gateway to a website and modifies the traffic between a web browser on a user device and the website server, as necessary to request protection by providing step-up authentication and/or transaction verification. The proxy server blocks transactions when protection is required but has not occurred (either because the authentication was not proper or due to the detection of another problem). Associated methods and systems are also provided.

Abstract: A method and apparatus for protecting communication of information through a graphical user interface displays a graphical user interface that includes a trusted interaction window. In one example, the method includes continuously determining whether information has been overlayed on top of at least a portion of the displayed trusted interaction window and then disabling an operation being requested when an overlay condition has been determined. In one example, the trusted interaction window is maintained to be the top most window when it is called by an application, for example, during an online transaction, or any other suitable action. The trusted interaction window may be generated via a browser, or operating system, or any other suitable application. As such, the trusted interaction window detects when another window is overlayed on top of it, such as a chromeless window, thereby preventing an unscrupulous party from tricking the user or obtaining sensitive information.

Abstract: A secure identification information member, such as a transaction card, includes a translucent area having an information pattern representing one or more identifiers configured to overlay a portion of a display screen. In one example, a transaction card includes a first portion that contains transaction card account information and a second portion that contains a translucent identification member having a translucent area that includes one or more obscured identifiers.

Abstract: An apparatus and method for securely providing identification information generates one or more obscured identifiers for a recipient, such as one or more identifiers that are generated based on data unique to a recipient or other information as may be appropriate. In one embodiment, the method and apparatus generates a translucent identification member, such as a plastic card, sheet, film or other suitable member that has a translucent area that includes one or more obscured identifiers. When the translucent identification member is overlayed on a screen displaying a visual filtering pattern, one of one or more obscured identifiers is visually revealed for use during the particular transaction. The revealed identifier is entered into a recipient device and sent to an authenticator to be verified as an appropriate identifier for the transaction.

Abstract: An electronic transaction evidence archive apparatus and method archives electronic transaction evidence, such as public key based electronic transaction evidence on behalf of a first party. The apparatus and method determines redundant electronic transaction evidence and removes the redundant electronic transaction evidence prior to archival. In one embodiment, the electronic transaction evidence archive apparatus and method indexes received electronic transaction evidence and archives the indexed data elements thereof. When a subsequent archival request is made, the apparatus and method evaluates the index data to determine redundant electronic transaction evidence and discards redundant information to save memory resources. The first party provides the electronic transaction evidence in, for example, an archive evidence bundle, which includes data elements related to a single transaction.

Abstract: A method and apparatus provides for user authentication. In an example, the method and apparatus includes receiving a selected signal strength for smart card emulation authentication. The method and apparatus also includes receiving a signal from a portable wireless device radio transceiver. The method also includes measuring the signal strength of the signal. The method and apparatus also includes, if the signal is at or above the selected signal strength, transmitting one or more signals to the portable radio device radio transceiver requesting user authentication, and if the signal is not at or above a selected signal strength, refusing a request to authenticate by the portable radio device radio transceiver. The method and apparatus also includes receiving one or more authentication response signals from the portable radio device in response to the request for user authentication, the one or more response signals including at least authentication information unique to a user.

Abstract: A method and apparatus provides for user authentication. In an example, the method and apparatus includes receiving a selected signal strength for smart card emulation authentication. The method and apparatus also includes receiving a signal from a portable wireless device radio transceiver. The method also includes measuring the signal strength of the signal. The method and apparatus also includes, if the signal is at or above the selected signal strength, transmitting one or more signals to the portable radio device radio transceiver requesting user authentication, and if the signal is not at or above a selected signal strength, refusing a request to authenticate by the portable radio device radio transceiver. The method and apparatus also includes receiving one or more authentication response signals from the portable radio device in response to the request for user authentication, the one or more response signals including at least authentication information unique to a user.

Abstract: A method, apparatus and/or system generates a challenge for user authentication, having a challenge data element from a stored pool of challenge data elements. The challenge is based on rule data and stored usage data associated with at least some of the challenge data elements in the stored pool of challenge data elements. The generated challenge is sent for use in an authentication of a user to a sender. A method, apparatus and/or system also generates sender authentication and corresponding location information, having a data element from a stored pool of challenge data elements. Selection of the data elements is based on rule data and stored usage data associated with at least some of the data elements in the stored pool of data elements.

Abstract: A method and apparatus for providing mutual authentication between a user and a sending unit, (i.e. target resource) in one embodiment, includes determining, for a user that has been assigned an article, such as a card or other suitable article that has indicia thereon, desired sender authentication information that corresponds to actual sender authentication information that is embodied on the article. The sender authentication information can be located on the article by using the location information provided by the sending unit in a challenge. The method includes determining for the user, corresponding article identification information, such as a serial number that has been assigned to the article, or a shared secret, and sending a challenge for the user wherein the challenge includes at least location information, to allow the user to identify desired sender authentication information located on the article, and sending the article identification information.

Abstract: Systems, methods, components are provided all for the purpose of controlling access to decryption keys needed to decrypt ciphertext. A key release agent is provided which controls decryption key distribution. The key release method starts with receiving an encrypted key, key related information and decryptor information from a decryptor and determining a whether a private key corresponding to the key ciphertext is available. Upon determining the private key corresponding to the key ciphertext is available, a decision is made based on decryptor information of the decryptor and the key related information whether decryption of the key ciphertext is to be permitted. Decryptors adapted to participate with the KRA in the above described key distribution methods are also provided.

Abstract: A transaction card comprising, such as a credit card or debit card, includes transaction card serial number information that identifies the transaction card, sender authentication information identifiable by location information and location information is on the transaction card. In addition, account information is also on the transaction card.

Abstract: Online fraud is reduced by identifying suspicious activities in real time and providing alerting so that interdiction may be performed. Historical customer behavior is used to identify and flag deviations in activity patterns. An HTTP data stream is parsed, intelligently filtered, and key data is extracted in real time. The key data is periodically extracted from network traffic and used to update corresponding summaries stored in a fraud data mart. The data mart is constantly incrementally updated so that the most current historical information is available to a rules engine for real time comparison with new customer data and patterns occurring on the network. Fraud-related business signatures are applied to this data stream and/or a data mart to identify suspicious online transactions. By understanding the customer session, the customer's intended use of the online application is derived and possible fraudulent activities identified.

Abstract: A method for providing electronic message authentication employs an article, such as a card, sticker, or any other suitable article, that includes sender authentication information and location information such as row and column headings. In one example, each recipient of interest is issued an article that embodies unique sender authentication information that is identifiable by corresponding location information such as column and row identifiers. In both an apparatus and method, when the sender of an electronic message wants to send a message to a recipient of interest, the sender sends the electronic message and both location information and corresponding desired sender authentication information located at the coordinate identified by the location coordinate information. If the sent desired sender authentication information matches authentication information found on the article, the sender of the message is trusted.

Abstract: A system and method provides electronic transaction verification using multiple different units. A first unit initiates an electronic transaction in response to user authentication affirmation by, for example, a server (such as a web server). After the user has been authenticated, another unit, such as a mobile device, receives a transaction confirmation request for the electronic transaction that is ongoing via the first unit. In addition, the second unit also receives from, for example, the server, transaction information based on the electronic transaction. The second device through a user interface and without requiring a user to enter transaction information, provides the received transaction information from the server for evaluation by a user of the second unit. The second unit requests from the user, in response to the transaction confirmation request, confirmation of the transaction.

Abstract: Monitoring the operational performance of a network-based business service involves defining and detecting significant variances in activities associated with performance of the service. A business service is characterized by corresponding business rhythms, which are derived from patterns of metric values for business activities that are part of business processes corresponding to the business service. Each business rhythm is characterized as a set of statistics about the corresponding metric(s) classified for a period of time or over a group of multiple periods of time, statistically compressed, and persistently stored. For purposes of real-time monitoring of the operational performance of the business service, significant variances in the normal behavior of the business service are automatically detected by comparing real-time metric data with corresponding historical metric data, in view of associated threshold values.

Abstract: A method and apparatus provides user authentication by communicating primary authentication information, such as user identification data and/or password data to an authentication unit via a primary channel such as over the Internet. An authentication code is generated by the authentication unit on a per session basis and is sent to a destination unit via a first secondary channel during the session. The destination unit then retransmits the authentication code, on a second secondary channel, to the first unit in a way that is transparent to a user of the first unit. The first device then send the received re-transmitted authentication code back to the authentication unit via the primary channel during the session.

Abstract: A method and apparatus, such as a secure distribution server, receives encrypted information from a sender, wherein the encrypted information is for transmission to a plurality of intended recipients. In addition to the encrypted information, the method includes receiving an encrypted secret key that is encrypted using a public key associated with the secure distribution server. The method and apparatus decrypts the encrypted secret key to produce a decrypted secret key. The method and apparatus then encrypts the decrypted secret key with the corresponding public key of at least one (or each of a plurality of) intended recipient(s) to produce at least one (or plurality of) recipient-specific secure secret keys. The method and apparatus then forwards the received encrypted information sent by the sender and also sends at least one recipient-specific secure secret key to a corresponding intended recipient.

Abstract: Network applications are monitored by defining and detecting activities associated with the applications. Such activities are referred to as “business activities” in the sense that the activities are performed in the process of conducting business using applications. Each business activity of interest is associated with a unique “business signature” which can be used to identify the activity from streams or collections of information. In one embodiment, each business signature of interest to a business is defined as a set of one or more parameter name-value pairs. Once defined, network traffic to and from an application is monitored to detect business signatures, to detect that a corresponding business activity was started. Detecting an activity is based on real-time matching of business signature character patterns within a stream of characters with a repository of character patterns that each represents a business signature defined for the application.

Abstract: A method and system for updating data, such as web certificates, software applications, or other data, detects a need to update data based on a communication between a first processing entity, such as a computer with a web browser, and another processing entity, such as a web server. The web server detects the need to update data and automatically redirects communication from the first processing entity and the second processing entity, so that the first processing entity communicates with a third processing entity. The third processing entity provides updated data, such as a new version of a web browser or other software application, and also provides update complete data indicating that the software, web browser or other data has been updated. The update complete data is provided for the second processing entity so that the second processing entity will suitably perform the process requested by the first processing entity.

Abstract: A method is provided for monitoring, predicting performance of, and managing Business Operations by the simultaneous, real-time Integration, Normalization and Correlation of direct measurements at the Business Layer and other Layers of Business Operations. The other Layers considered, may include, for example, Application and Infrastructure Layers. The system enables the user to automate sophisticated management tasks by Correlating measurements of activity, performance and availability at all Layers of Business Operations. Significantly, the techniques described herein extend the domain of the Correlations across real-time measurements from all Layers of Business Operations, giving central importance to the measurements in the Business Layer within the Correlations.