Abstract: Devices and methods for securely upgrading devices, such as field upgradeable units, are disclosed. In response to receiving an update object, a device may determine whether a predefined location of memory includes a predetermined value. Based on the value in the predefined location, the device may store the received update object in a verification portion of the memory. After verifying the authenticity of the update object, the device may copy the update object from the verification portion of the memory to an inactive portion. The inactive portion of the memory can be swapped with an active portion of the memory, such that the inactive portion becomes active.

Abstract: A PIN server system interacts with one or more financial institutions to authenticate a mobile phone and-or a user thereof. The PIN server provides to the mobile phone one or more PIN numbers to use in financial transactions involving the one or more financial institutions, and also provides the one or more PIN numbers to the financial institutions in a manner that results in the one or more PIN numbers being associated with one or more accounts of the mobile phone user with the one or more financial institutions.

Abstract: A road toll system comprises a vehicle-mounted unit having a satellite navigation receiver. A first data processing means determines a route taken 5 based on satellite navigation data provided from the receiver, and the satellite navigation data is associated with a variable identity. A road toll level is derived. A second data processing means receives the road toll level provided by the first data processing means, and the satellite navigation obtains the determined road toll level from the second data processing means using the 10 variable identity. This provides a thin client scenario (the receiver does not implement the map calculations), but with data security corresponding to a thick client solution. Thus, the map matching and trip cost computation steps are delegated by the on-board unit to an external unit, but this delegation is performed anonymously, so that no data sent for external processing 15 compromises the privacy of the data.

Abstract: A system and method for registering a mobile computing device for a data service on a wireless network is described. The method comprises receiving a request from a user to initiate a program on the mobile computing device which requires a network connection for a data service. The method comprises checking if a wireless account for the data service has been activated for the mobile computing device, and, if a wireless account for the data service has not been activated, transmitting to a network node a serial number of the mobile computing device and a key which is based on an encryption of the serial number. The method further comprises receiving a message indicating a wireless network connection is granted.

Abstract: A forward proxy can perform identity substitutions and related services. The user provides the forward proxy with identity information, and the forward proxy presents itself to remote Internet sites on behalf of the user in the guize of the specified identity. From the remote site's point of view, the forward proxy is the machine being used by the user; the identity of the actual user machine can be hidden. Cookies are thus stored and updated at the forward proxy instead of being stored and updated at the user computer as they would be if a conventional forward proxy had been used. This helps preserve user privacy. The use of group identities, which are shared by multiple users, are also facilitated.

Abstract: A content providing apparatus previously receives customer identification information and content identification information as customer reservation information via a terminal device, and sends customer desired content data corresponding to the content identification information to a content obtaining apparatus, to provide a customer with the customer desired content data via the content obtaining apparatus more easily, thus making it possible to significantly improve the usability of a content obtaining/providing system.

Abstract: Upon a user switching-on an appliance with an appliance SIM card of a home telecommunication network, the appliance attaches to the home telecommunication network. The user sets the appliance for association of the user with the appliance. The appliance requests a token to the home telecommunication network. The request includes an appliance identifier of the card. An Identity Linking Function server of the home telecommunication network generates the token, associates the token and the appliance identifier of the card, and provides the token. The user registers a user name and password. The appliance media site server creates a user account for the user with the user name and password. The user submits an identifier of the home telecommunication network, and the appliance media site server redirects the user towards the home telecommunication network with information for further return.

Abstract: A method is disclosed. It includes presenting a payment card to an access device, obtaining additional data, encrypting the additional data, and passing the encrypted additional data to the access device.

Abstract: Security and convenience are provided by a system, apparatus, method, and computer program product that stores two or more encryption keys that correspond to two or more levels of authentication. The encryption keys may be encrypted and decrypted utilizing an endorsement key and trusted computing techniques. Or the encryption keys may be stored in a secure manner utilizing key protection techniques, such as cryptographic camouflaging. A first encryption key is recovered automatically for the first level of authentication. And input is requested to recover the second encryption key for the second level of authentication.

Abstract: Method and server in a business intelligence analysis system for building a response to a client request. The response includes information regarding the response in an updated server context. The updated server context is round tripped to the client and included in a subsequent request. After being received from the client, the subsequent request is optimized based on the included updated server context.

Abstract: There is provided a card or token for use in financial transactions. The financial transaction token or card has an onboard energy storage device that enables onboard electronics to operate when the card is not in the proximity of a merchant Point-Of-Service (POS) terminal. In one implementation, the onboard energy storage device includes a capacitor such as a thin-film capacitor that stores sufficient energy to power onboard electronics without the need for an onboard battery. The card may be incorporated within various conventional apparatus such as a see-through and/or protective substrate, an item of clothing, an item of jewelry, a cell phone, a Personal Digital Assistant (PDA), a credit card, an identification card, a money holder, a wallet, a personal organizer, a keychain payment tag, and like personality.

Abstract: A user may select or create a PIN at a non-secure input device, such as a web-enabled personal computer. PINs are stored at a financial host in encrypted form, as PIN offsets. The user selected PIN and a corresponding account number are sent in clear text form to the host, which selects a base PIN offset corresponding to the PIN. A host security module within the host converts the base PIN offset to an actual PIN offset using the actual account number. The actual PIN offset (corresponding to the new PIN and the account number) is then stored at the financial host.

Abstract: Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL.

Abstract: In one embodiment, a method for transferring digital files is provided. The method includes: downloading an application for facilitating the transfer of used digital files; storing the application at the client; receiving an indication of a used digital file that a user desires to sell; searching, using the application, storage on the client to determine any instances of the digital file; deleting any instances of the digital file if they are determined; transferring a forwarded file of the used digital file to a second entity; and deleting, using the application, the used digital file from the client upon transfer of the forwarded file.

Abstract: A method and apparatus for third party control of a device have been disclosed. By utilizing a third party to control a device, view and control of a device may be separated.

Abstract: A method of conducting secure electronic payments to a payment acquirer using a credit card payment unit, comprising of a smart card, a portable card reader device, a mobile phone, a stand-alone PIN entry device and a payment server. The method is based on eliminating the unsecure keyboard in a mobile phone used for entering personal identification information, and instead use a separate secure PIN entry device which fulfills the EMV Level specification. Since all sensitive payment information, communicated to the payment server from the card reader and the PIN entry device, is encrypted using unique encryption keys an unsecure mobile phone may be used for relaying the communication between the card reader device and the PIN entry device to and from the payment server.

Abstract: A computer implemented method includes receiving a request for payment-related information at a wireless device. The method also includes communicating between the wireless device and a paired vehicle computing system (VCS) to verify the presence of a known vehicle. Further, the method includes transmitting requested payment-related information, responsive to the verification of the presence of the known vehicle.

Abstract: A set of methods, and systems, for enabling the audit tracking of user agreement with policies, such as privacy policies in an authenticated fashion is disclosed herein. The method and system make use of third party signatures of privacy policies to show user approval of the policy as it pertains to released data.

Abstract: Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL.

Abstract: A flow control apparatus for controlling fluid flow in a petroleum reservoir. The flow control apparatus has a flow control mechanism, a controller operable to control the flow control mechanism to adjust fluid flow through the flow control mechanism, the controller comprising a processor operable to execute according to a control algorithm, and a non-volatile memory connected to the controller. The non-volatile memory includes instructions to cause the controller to execute an authentication mechanism operable to authenticate a control computer and to prevent operation of the controller until the authentication mechanism authenticates the control computer.