Abstract: A computer-implemented system and method for providing private stable matchings through a re-encryption mix network is presented. Preferences are encrypted. Bids are created. An initial mixing is performed. A set of unmatched bids and a set of matched bids are externally mixed independently. A union of the set of unmatched bids and the set of matched bids are internally mixed. For the number of participants in a set of active participants, a stable match for one of passive participants is determined, while the set of unmatched bids remains non-empty. The set of matched bids for the last stable match is externally mixed. The preferences in the set of matched bids are decrypted to identify the passive participants stably matched to the active participants.

Abstract: A social networking site host includes, in a user's profile, information that has been attested to and verified by both the user and an independent verifier. The independent verifier is an accepted authority with direct knowledge of the information. Both the user and verifier attest to the information by digitally signing the information and including the digital signature with the information. The host or visitors to the social networking site can authenticate the information by using both digital signatures. By authenticating the information, visitors and users viewing information on the social networking site can assume that the information is trusted and accurate.

Abstract: The back-end data storage system of an e-commerce system receives a replicated transaction from the data storage system of another e-commerce system and makes a determination or decision whether to commit the replicated transaction based upon a comparison of information parsed from the transaction with predetermined commit criteria.

Abstract: Conducting hands-free transactions comprises a server at a payment processing system, a user computing device, and a merchant computing device. The payment processing system registers a merchant system as a hands-free payment participant and provides a beacon identifier. The payment processing system receives a communication from a hands-free payment application on a user computing device, the communication comprising a transaction token, an identification of a user account, and the beacon identifier received by the user computing device via a wireless communication from a device associated with the merchant system and transmits the transaction token to the merchant system computing device.

Abstract: Concepts and technologies are disclosed herein for controlling data access and rate in a network. An enforcement application can detect a request for a data session and determine how and when the requested data session is to be established. The enforcement application can consider various data, input obtained at the user device, and/or other considerations including subscriber data and network data. Based upon these data, the enforcement application can determine network congestion, available resources, available bandwidth, an allocation rate of congestion credits (“credits”) for the user, a flow rate of the credits from an account to a credit pool, and a usage rate of the credits from the credit pool. The enforcement application can be configured to enforce the usage rate against a data session and to issue one or more commands to control the data session.

Abstract: In accordance with at least some embodiments, a system includes a plurality of partitions, each partition having its own operating system (OS) and workload. The system also includes a plurality of resources assignable to the plurality of partitions. The system also includes management logic coupled to the plurality of partitions and the plurality of resources. The management logic is configured to set priority rules for each of the plurality of partitions based on user input. The management logic performs automated resource fault management for the resources assigned to the plurality of partitions based on the priority rules.

Abstract: A method of measuring a campaign performance includes transforming identifiers into non-identifiers, and providing the non-identifiers to an external processing party; receiving encrypted non-identifiers comprising the non-identifiers after encryption by the external processing party, other non-identifiers, spending values, and a public cryptographic key, each member of the other non-identifiers being associated with a corresponding member of the spending values; encrypting the non-identifiers to generate other encrypted non-identifiers, and determining an intersection of the encrypted non-identifiers and the other encrypted non-identifiers to generate common encrypted non-identifiers; identifying a subset of the spending values associated with members of the encrypted non-identifiers in the common encrypted non-identifiers; and deriving a total spending value based on the subset of the spending values.

Abstract: Methods and devices are provided for central management of licenses, particularly those relating to wagering games. A license proxy deployed in and/or dedicated to a gaming establishment may operate under the control of a central licensing manager controlled by another entity, e.g., by a game provider. The license proxy may receive requests to enable features of an electronic gaming machine of the gaming establishment (e.g., game themes, player tracking features and/or peripheral device features) and determine, based on information provided by the central licensing manager, whether to grant such requests. The license proxy may also process requests to enable features of other devices in a gaming establishment, such as server-based features.

Abstract: A computing platform 20 runs a compartmented operating system 22 and includes a trusted device 23 for forming an integrity metric which a user can interrogate to confirm integrity of the operating system. Also, the integrity of an individual compartment 24 is verified by examining status information for that compartment including, for example, the identity of any open network connections, the identity of any running processes, and the status of a section of file space allocated to that compartment 24. Hence, the integrity of an individual compartment 24 of the compartmented operating system 22 can be demonstrated.

Abstract: Apparatus for integrating a new subsystem with an existing computing architecture, the apparatus includes a first physical interface for receiving data from the existing computing apparatus, a second physical interface for outputting data to the new subsystem; a processing means, and memory having stored thereon a first software module, a plurality of other software modules, and a first stored configuration, wherein the first software module, when executed by the processing means, is configured to read the first stored configuration and to cause the processing means to load a combination of ones of the plurality of other software modules, the combination of ones of the plurality of other software modules and a first subset of the combination of ones of the plurality of other software modules being defined by the first stored configuration, the first subset of the combination being operable, when executed by the processing means, to transform data received at the first physical interface into a form that is co

Abstract: Methods and apparatus for the deployment of financial instruments and other assets are disclosed. In one embodiment, a security software protocol is disclosed that guarantees that the asset is always securely encrypted, that one and only one copy of an asset exists, and the asset is delivered to an authenticated and/or authorized customer. Additionally, exemplary embodiments of provisioning systems are disclosed that are capable of, among other things, handling large bursts of traffic (such as can occur on a so-called “launch day” of a device).

Abstract: Various methods and devices that involve biometrically secured networked devices with enhanced privacy protection are disclosed. For example, a computer-implemented method for onboarding a first biometrically secured device to a network is disclosed. The method comprises generating an asymmetric key pair, transmitting the public key to a second device, and receiving an encrypted master encryption key from the second device. The master key is encrypted with the public key. The method also comprises decrypting the encrypted master encryption key using the private key and receiving an encrypted set of biometric data. The encrypted set of biometric data is a set of biometric data that is encrypted with the master encryption key. The method also comprises storing the set of biometric data on a memory of the first device. The set of biometric data uniquely identifies at least two users that are registered to use both the first and second devices.

Abstract: The present disclosure relates to the authenticating a client against a pool of servers utilizing a secure authentication protocol, and, more specifically, to the authenticating a client against a pool of servers providing a common service, utilizing the Kerberos secure authentication protocol.

Abstract: A system and method for monitoring third party access to a restricted item is provided. Key data is embedded in the restricted item, the key data being associated with a store of value and usable to conduct a transaction against the store of value. A record of the transaction becomes visible in a transaction ledger. The transaction ledger is monitored to determine whether a transaction against the store of value has occurred, and the restricted item is designated as accessed by a third party in the event that a transaction against the store of value has occurred.

Abstract: A method, system, and computer-readable storage media for licensing an application for a device are provided herein. The method includes providing a license for an application from a licensing service to a number of computing devices associated with a user, wherein the license includes credentials. The method also includes associating the credentials with each computing device and periodically determining a state of a subscription corresponding to the license on each computing device. Each computing device is configured to call the licensing service at configurable time periods in order to determine the state of the subscription.

Abstract: A portable device receives an encrypted message from an electronic health record database server including a request to perform a biometric authentication to approve a transaction. The device prompts a user to speak a pass phrase. The device creates a set of variables including the pass phrase and at least one more variable characterizing the spoken voice. The authentication module transmits an encrypted message to the health record database server including a session identification information and the set of variables. In response, the device receives an encrypted message from the health record database server determining whether the biometric authentication is successful and the transaction is approved, wherein determination is made by the health record database server and is based on verifying the session identification information, the pass phrase, and the user identity.

Abstract: The present invention provides a method performed on a computer of preventing re-use of compromised keys in a broadcast encryption system. In an exemplary embodiment, the method includes (1) incorporating a particular set of Sequence Keys assigned by a license agency into individual receivers, (2) assigning a Sequence Key Block (SKB) by the license agency to at least one distributed protected file, (3) performing incremental cryptographic testing by the individual receivers to determine if a selected Sequence Key from the set of Sequence Keys is compromised, (4) if the selected Sequence Key is not compromised, decrypting the file, and (5) if the selected Sequence Key is compromised and if a subsequent Sequence Key from the set of Sequence Keys is available, selecting the subsequent Sequence Key.

Abstract: Methods and apparatus for delivering digital goods using an electronic distribution system. Meta-information is generated for a digital product and stored at a fulfillment server. Upon completion of a transaction between a customer and the supplier of a digital product, a download manager installed at the customer's computer communicates with the fulfillment server using a protocol that ensures secure and reliable delivery of the digital product to the customer. In alternative implementations, the customer can be billed before or after successful delivery of the digital product to the customer.

Abstract: A Chip Authentication Program based on 3-D Secure protocols is provided for authenticating customers' on-line transactions. An issuer, who may be a payment card issuer, operates Access Control and Authentication Request Servers for authenticating transactions by individual customers who are identified by their personal EMV-complaint smart cards. An authentication token is generated at the point of interaction (POI) for each transaction based on information from the customer's smart card and transaction specific information sent directly by the issuer to populate a web page at the POI. Authentication tokens generated at the POI are evaluated by the Authentication Request Server to authenticate individual customer and/or card presence at the transaction POI. Authentication values are transported on-line in designated Universal Cardholder Authentication Fields consistent with 3-D Secure protocols.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for performing preliminary steps of a transaction on a mobile device. In some embodiments, a system is configured to: determine a user has entered a facility, wherein the user has a mobile device, and wherein the user is waiting to interact with at least one of an agent at or away from the facility or a computing device at the facility; communicate with the mobile device to determine a reason for the user's visit to the facility, the reason comprising a transaction intended to be executed by the user at the facility; transmit a form to the user's mobile device, the form being based on the intended transaction, and the form prompting the user to input information associated with the intended transaction; receive the user-filled form from the user's mobile device.