Abstract: Apparatus for integrating a new subsystem with an existing computing architecture, the apparatus includes a first physical interface for receiving data from the existing computing apparatus, a second physical interface for outputting data to the new subsystem; a processing means, and memory having stored thereon a first software module, a plurality of other software modules, and a first stored configuration, wherein the first software module, when executed by the processing means, is configured to read the first stored configuration and to cause the processing means to load a combination of ones of the plurality of other software modules, the combination of ones of the plurality of other software modules and a first subset of the combination of ones of the plurality of other software modules being defined by the first stored configuration, the first subset of the combination being operable, when executed by the processing means, to transform data received at the first physical interface into a form that is co

Abstract: Various methods and devices that involve biometrically secured networked devices with enhanced privacy protection are disclosed. For example, a computer-implemented method for onboarding a first biometrically secured device to a network is disclosed. The method comprises generating an asymmetric key pair, transmitting the public key to a second device, and receiving an encrypted master encryption key from the second device. The master key is encrypted with the public key. The method also comprises decrypting the encrypted master encryption key using the private key and receiving an encrypted set of biometric data. The encrypted set of biometric data is a set of biometric data that is encrypted with the master encryption key. The method also comprises storing the set of biometric data on a memory of the first device. The set of biometric data uniquely identifies at least two users that are registered to use both the first and second devices.

Abstract: The present disclosure relates to the authenticating a client against a pool of servers utilizing a secure authentication protocol, and, more specifically, to the authenticating a client against a pool of servers providing a common service, utilizing the Kerberos secure authentication protocol.

Abstract: The present invention provides a method performed on a computer of preventing re-use of compromised keys in a broadcast encryption system. In an exemplary embodiment, the method includes (1) incorporating a particular set of Sequence Keys assigned by a license agency into individual receivers, (2) assigning a Sequence Key Block (SKB) by the license agency to at least one distributed protected file, (3) performing incremental cryptographic testing by the individual receivers to determine if a selected Sequence Key from the set of Sequence Keys is compromised, (4) if the selected Sequence Key is not compromised, decrypting the file, and (5) if the selected Sequence Key is compromised and if a subsequent Sequence Key from the set of Sequence Keys is available, selecting the subsequent Sequence Key.

Abstract: Methods and apparatus for delivering digital goods using an electronic distribution system. Meta-information is generated for a digital product and stored at a fulfillment server. Upon completion of a transaction between a customer and the supplier of a digital product, a download manager installed at the customer's computer communicates with the fulfillment server using a protocol that ensures secure and reliable delivery of the digital product to the customer. In alternative implementations, the customer can be billed before or after successful delivery of the digital product to the customer.

Abstract: A Chip Authentication Program based on 3-D Secure protocols is provided for authenticating customers' on-line transactions. An issuer, who may be a payment card issuer, operates Access Control and Authentication Request Servers for authenticating transactions by individual customers who are identified by their personal EMV-complaint smart cards. An authentication token is generated at the point of interaction (POI) for each transaction based on information from the customer's smart card and transaction specific information sent directly by the issuer to populate a web page at the POI. Authentication tokens generated at the POI are evaluated by the Authentication Request Server to authenticate individual customer and/or card presence at the transaction POI. Authentication values are transported on-line in designated Universal Cardholder Authentication Fields consistent with 3-D Secure protocols.

Abstract: A presentation instrument is described which includes an input sensor, a memory unit, and an antenna configured to wirelessly transmit and receive data. The antenna is configured to receive a request for data stored on the memory unit, and may also be configured to induce a voltage from a magnetic field to power the presentation instrument. The input sensor may control whether the presentation instrument can be so powered from the magnetic field. Alternatively, input from the input sensor may otherwise control the functionality of the presentation instrument. By way of example, an input received by the input sensor may be transmitted in addition to the requested data. Additionally, a system is described to process the requested data and additional input data, in accordance with a rules data store.

Abstract: A transponder-reader payment system includes a fob including a transponder, and a RFID reader for interrogating the transponder. In exemplary operation, the fob identifying information may be presented to the RFID reader for completion of a transaction request. The transaction request may be provided to a fob issuer system which retrieves a value for satisfying the transaction request from a fob associated transaction data file. The issuer system may deplete the transaction data file in accordance with the transaction request and replenish the data file in accordance with fob user or fob issuer defined reload protocol.

Abstract: The present invention consists of a computer security method that enables all users of a computer application to enjoy superior security levels when sensitive information is being exchanged with transaction applications. The method of the present invention consists of developing a virtual desktop or isolated execution environment that restricts the user to working in a specific zone. Said virtual desktop or isolated environment is programmed in such a way that message listening techniques such as hooking or quartz techniques are implanted for intercepting messages between the transaction application, such as the electronic bank, and the user's Operating System (OS). The method that is used in the present invention also blocks special key combinations in order to prevent malicious code execution in OS support devices, like Apple® IOS and Google™ Android, where special key combinations are not evident, but combinations such as “*#06#? exist.

Abstract: The disclosed system and method provides a software package header that includes a copy of a firmware file header for a firmware file constituent of the software package. The package header is provided to a network service device such as a gateway as an initial portion of a software package to perform a firmware installation. The package header content is used to validate firmware files expected to be received and installed by the network service device. The package header structure permits all firmware files to be validated prior to the installation of any of the firmware files, while avoiding the use of additional network service device resources.

Abstract: A server transmits an encryption key or encryption key information for specifying the encryption key to a mobile terminal. The mobile terminal acquires play money at the game machine, generates encrypted information by encrypting an ID token with the received encryption key or an encryption key corresponding to the received encryption key information, and transmits the ID token and the encrypted information to the server through the game machine. The server decodes the encrypted information, transacts a payment based on a user ID identifying a user of the mobile terminal and the amount of play money when the ID token received by the server matches the ID token acquired by the decoding, and authorizes the game machine to let the user play up to the amount of play money. Therefore, the game can be started by exchanging electronic data between the mobile terminal and the game machine with high security.

Abstract: Provided is a method, system, and program for enabling access to data in a storage medium within one of a plurality of storage cartridges capable of being mounted into a interface device. An association is provided of at least one coding key to a plurality of storage cartridges. A determination is made of one coding key associated with one target storage cartridge, wherein the coding key is capable of being used to access data in the storage medium within the target storage cartridge. The determined coding key is encrypted. The coding key is subsequently decrypted to use to decode and code data stored in the storage medium.

Abstract: A method and apparatus for filtering a peer-to-peer (P2P) search query in a P2P network (100) is provided. A P2P-enabled device (102) generates a P2P search query (404) and appends device capability information to the P2P search query to generate a device-specific P2P search query (412). The device-specific P2P search query is provided (414) to the P2P network (100) and search query results are remotely filtered in response to the device-specific P2P search query to generate filtered search query results for providing to the P2P-enabled device (416).

Abstract: A method and apparatus for protecting access to sensitive information stored in vulnerable storage areas (e.g., public memory, registers, cache) of a microprocessor. A microprocessor having a reset port to receive external reset commands may have a reset diversion circuit that may be selectively enabled. The microprocessor may operate in an open mode or a secure mode, indicating the absence or the potential presence, respectively, of sensitive information in the vulnerable storage areas. In open mode, the reset diversion circuit may be disabled such that external reset requests triggers a hardware reset. In secure mode, sensitive information may be recorded on vulnerable storage areas. The reset diversion circuit may be enabled to divert external reset requests to an interrupt which may trigger execution of a software code. The software code, when executed, may perform a secured system clean-up routine to erase the vulnerable storage areas prior to reset.

Abstract: Methods for purchasing of goods or services over the internet. A customer has a customer account set up at a bank with associated account information. The account information includes verification information for verification parameters, such as authorized computer identification, authorized delivery addresses, authorized global positioning satellite or other secure location information, authorized user identification, authorized telephone caller identification, and/or other account information. An order is placed by a user via an ordering computer which provides order information. Such order information includes verification variables used by the bank. Verification and/or authentication using one or more variables of the customer account information is used by the bank to validate the order before assuring payment to the merchant.

Abstract: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. Some embodiments function to access and/or obtain information from (and/or receive data from) a data source; the data might, for example, indicate a possible instance of online fraud. Certain embodiments, therefore, can be configured to analyze the data, e.g., to determine whether the data indicate a likely instance of online fraud. Such instances may be further investigated, and/or a response may be initiated. Data sources can include, without limitation, web pages, email messages, online chat sessions, domain zone files, newsgroups (and/or postings thereto), etc. Data obtained from the data sources can include, without limitation, suspect domain registrations, uniform resource locators, references to trademarks, advertisements, etc.

Abstract: Among other things, we describe a reality alternative to our physical reality, named the Expandaverse, that includes multiple digital realities that may be continuously created, broadcast, accessed, and used interactively.

Abstract: A method and system for managing accounts that control access to resources of different providers. The account management system allows providers to use a common logon procedure through an account management server. The account management system dynamically creates accounts when users request to access resources. To access to a resource, a user provides their credentials (e.g., user identifier and password) through a certain location (e.g., client computer) and identifies the resource (e.g., application). The account management system determines whether an account has already been created for those credentials. If not, the account management system authenticates the user, creates a new account for those credentials (i.e., registration), and associates the identified resource with the account.

Abstract: A building controller unit having a building controller adapted to control one or more building components of a building, and a license file stored within the building controller unit for storing software license information. In some cases, the building controller unit may include a license server for granting and/or denying software access requests from one or more software applications running external to the building controller unit based on the software license information stored in the building controller unit.

Abstract: Embodiments provide a method that causes a plurality of virtual machine instructions to be interpreted for indications of a mobile device's hardware identification information, thus forming a plurality of hardware instruction interpretations. The embodiment also combines each of the plurality of hardware instruction interpretations and hashes the combination to form a quasi-hardware device identifier. An encryption process is based on the quasi-hardware encryption device identifier and the media is then encrypted using the encryption process. The encrypted media is transferred to the mobile device wherein the mobile device decrypts the media based at least in part on the mobile device's internal knowledge of the quasi-hardware device identification.