Abstract: This disclosure is directed to, in part, providing a third party with access to at least some information in a user's account maintained by a host. The agent may assist a user in selecting an item, purchasing the item, customizing the item, and/or performing other actions. The agent may interact with the user during the assistance. In various embodiments, the user may provide the agent with a token that allows the agent to gain at least temporary access to at least a portion of the user's account. In some instances, the agent may purchase the item for the user using information in the user's account, such as payment information, shipping address information, and/or other information. The agent may place an item, such as a special order item in a virtual shopping cart or other location, which may be stored with the user's account.

Abstract: Systems, methods, and program products for providing secure authentication for electronic messages are disclosed. A method may comprise generating an asymmetric private key based at least in part upon an invariant biometric feature vector derived from an input biometric reading. The private key may be further based at least in part upon a user password. The resulting private key may not be stored but rather may be generated when required to authenticate an electronic message, at which time it may be used to provide a digital signature for the electronic message. The private key may be deleted after use. The private key may be regenerated by inputting both a new instance of the biometric reading as well as a new instance of the password.

Abstract: A method of providing a mobile application service on a user equipment based on composing a plurality of services supported by service platforms executing in a backend of a communication network. The method comprises receiving a request for a content service from a mobile application executing on a user equipment (UE) by a mobile application framework (MAF) and verifying the request for the content service by the MAF through a communication service provider platform, wherein the communication service provider platform completes verification in part by invoking a service of the MAF. The method further comprises completing a payment transaction for the content service by the MAF through messaging a payment platform, wherein the payment platform iteratively invokes services of the MAF and ordering the content service delivery by the MAF through messaging a content provider platform, wherein the content provider platform iteratively invokes services of the MAF.

Abstract: The systems, methods and apparatuses described herein provide a computing environment for completing a secure transaction. An apparatus according to the present disclosure may comprise a screen, a first switching device coupled to the screen, an input device, a second switching device coupled to the input device, a non-secure processor, a secure processor and a credit card reader operatively coupled to the secure processor. The non-secure processor may generate a message containing a purchase transaction request. The secure processor may receive the message, assume control of the screen and input device while the apparatus is operating in a secure mode, establish a secure connection with a server, receive payment information to be submitted to the server, digitally sign certain transaction information and submit the digitally signed certain transaction information to the server to complete the secure transaction.

Abstract: Methods and systems for conducting a secure online transaction with a payment card are described. In an embodiment, a user selects a secure payment option during an online transaction which is transmitted to a merchant computer. A notification is received from the merchant computer of initiation of a secure transaction process, and then the user computer enters a secure transaction mode of operation and establishes a communication session with a payment provider device. The user computer prompts the user to present a payment card to a card reader device, reads payment card data, creates a request message, transmits the request message to a payment provider computer causing the payment provider computer to provide substitute payment card details to the merchant computer to complete the online payment transaction, and then exits the secure transaction mode.

Abstract: A system providing enhanced security for device based transactions, constituted of: a server associated with a network address; a first device associated with a user, the first device in communication with the server over a first communication channel responsive to an obtained server network address; a second device associated with the user arranged to obtain the server network address from the first device; and a mobile device server in communication with the second device over a second communication channel, the mobile device server in communication with the server via a third communication channel, the mobile device server arranged to: obtain the server network address from the second device over the second communication channel; obtain the server network address from a trusted source; and authorize to the server over third communication channel a transaction only in the event that the server network addresses are consonant.

Abstract: A method of performing a fund transfer at an ATM includes receiving an active authentication transaction key at an ATM from a mobile financial transaction instrument via a wireless communication protocol, generating a PIN at the ATM, and storing the PIN in a machine readable storage medium. An authorization request message is transmitted to a financial institution identified by the active authentication transaction key. The authorization request message includes the PIN and at least a portion of the active authentication transaction key. The PIN is received from a user of the mobile financial transaction instrument, and the funds are dispensed in response to receiving the PIN.

Abstract: A content reproducing device decrypts and outputs an encrypted content encrypted by a content key received from a content transmitting device. The content reproducing device includes a content key obtaining unit for obtaining the content key, and a storage unit for storing the key unique to the content transmitting device, usage restriction information to restrict the usage of the key unique to the content transmitting device, and link information indicating linking of the content transmitting device and the content reproducing device. The content reproducing device also includes a key decryption unit for decrypting the content key with the key unique to the content transmitting device in the event that the content reproducing device is included in the stored link information unit, and a usage control unit for restricting usage of the key unique to the content transmitting device, based on the stored usage restriction information.

Abstract: The DYNAMIC WIDGET GENERATOR APPARATUSES, METHODS AND SYSTEMS (“DWG”) transforms developer credentials, codes and parameter inputs via DWG components into buy widgets, payment acceptance and purchase transaction outputs. In one embodiment, the DWG may facilitate obtaining a plurality of authentication parameters and widget customization parameters. The DWG may authenticate a user using a parameter derived from the plurality of authentication parameters and may dynamically generating a purchase widget for the authenticated user using the plurality of widget customization parameters.

Abstract: A method and apparatus for sharing a service in a wireless network are disclosed. For example, the method receives a request for sharing a service from a first user endpoint device associated with a first customer, wherein the request is directed to a second user endpoint device associated with a second customer, performs an authentication of the first user endpoint device, determines whether the first user endpoint device has a subscription to a sharing service, determines whether the second user endpoint device has a subscription to the sharing service, attempts to obtain an authorization to enable the first user endpoint device to access the service that is associated with the second user endpoint device, wherein the service is related to a financial transaction privilege and provides a response granting the request for the sharing of the service, if the authorization is received.

Abstract: A method and system for provisioning access data in a second application on a mobile device using a first application on the mobile device. Authentication data may be input into the first application, and an authentication code may be requested from a remote server. After the authentication code is received by the first application in the mobile device, it can pass the authentication code to a second application that initiates an access data provisioning process.

Abstract: Security in a geogame is maintained by implementing various security techniques. The various techniques provide specific advantages for different threat modes and attack styles against a geogame implemented via a mobile ad hoc network utilizing a geocast protocol. Jamming is detected by each player device listening for expected retransmissions of its own originated geocasts. If it fails to hear a retransmission, it concludes jamming. Network interdiction is detected by monitoring for received transmissions and/or periodically sending dummy transmissions to support other devices' detections. Location determination attacks are detected by recognizing “impossible” movements. Geogame interruption attacks are detected by detecting unauthorized requests to restart a geogame. Other security measures include utilizing cryptographic keys and/or pass phrases when geocasting. Various penalties within the context of a geogame are levied against a player if a security breach is detected.

Abstract: A software license management system may include an activation server that provides permission to activate a software product. The activation server may receive receiving a request to validate activation of the software and refreshing license information for the software in response to the request to validate. The server may additionally receive a request to re-designate the license information for the software product and may update license information for the software in response to the request to re-designate the software product.

Abstract: In various embodiments, transactions initiated by or on behalf of users between client systems and transaction systems are sent to authorization systems for approval. An authorization system contacts one or more registered devices for approval from a user of the registered devices for the transactions initiated by or on behalf of the users that are being handled by the transaction systems. A registered device sends an approval or denial based on user input. The authorization server then sends the approval or denial to a transaction system to complete a transaction.

Abstract: Logic on a first remote device causes the capture of personal data identifying a user from an identification card. The logic generates a hash value from the personal data using a hashing algorithm and signs the hash value with a digital signature created using a private key paired with a public key. The logic transmits, over a network, the signed hash value and the public key from the remote device to a distributed public database for storage. The logic receives, over the network, a transaction number from the distributed public database. The logic then transmits the transaction number and the personal data to a second remote device. Logic on the second remote device verifies that the hash value in the signed hash value is the same as a generated hash value and verifies that the signed hash value was signed with the private key.

Abstract: Systems and methods for interoperable network token processing are provided. A network token system provides a platform that can be leveraged by external entities (e.g., third party wallets, e-commerce merchants, payment enablers/payment service providers, etc.) or internal payment processing network systems that have the need to use the tokens to facilitate payment transactions. A token registry vault can provide interfaces for various token requestors (e.g., mobile device, issuers, merchants, mobile wallet providers, etc.), merchants, acquirers, issuers, and payment processing network systems to request generation, use and management of tokens. The network token system further provides services such as card registration, token generation, token issuance, token authentication and activation, token exchange, and token life-cycle management.

Abstract: Securely sharing content between a first system and a second system is provided. A hardware-based root of trust is established between the first system and a server. Content requested by a user and an encrypted license blob associated with the content is received by the first system from the server. A first agent on the first system connects with a second agent on the second system. The encrypted license blob and a sub-license request are sent from the first agent to a security processor on the first system. The first security processor decrypts the encrypted license blob, validates the sub-license request, and if allowed, creates a sub-license to allow the second system to play the content. The first security processor sends the sub-license to a security processor on the second system. The first system provides access to the content to the second system for future playback according to the sub-license.

Abstract: A method that comprises obtaining a currently received signature from a device; obtaining a candidate identifier associated with the device; consulting a database to obtain a set of previously received signatures associated with the candidate identifier; and validating the currently received signature based on a comparison of the currently received signature to the set of previously received signatures associated with the candidate identifier. Also, a method that comprises obtaining a currently received signature from a device; decrypting the currently received signature to obtain a candidate identifier; and a candidate scrambling code; consulting a database to obtain a set of previously received scrambling codes associated with the candidate identifier; and validating the currently received signature based on a comparison of the candidate scrambling code to the set of previously received scrambling codes associated with the candidate identifier.

Abstract: An online marketplace of digital goods is provided. A digital good proposed to be listed in the marketplace is received, where the source code for the received digital good includes scripting language code. The source code of the received digital good is rewritten to include tracking code to track behavior of the received digital good during execution of the re-written digital good, and the rewritten digital good is executed in a browser run by one or more processors of a computer system. One or more processors of the computer system automatically determine, based on evaluation of results of executing the re-written digital good, whether the digital good violates one or more predetermined conditions. Based on the determination of whether the digital good violates one or more of the predetermined conditions, an automatic determination is made whether to list the received digital good in the marketplace.

Abstract: Systems, methods, and other embodiments associated with software identifier based correlation are described. One example system includes an identifier data store to store a first identifier that uniquely identifies a discovered instance of a software title installed in an enterprise. The first identifier is discoverable from the discovered instance and may be provided by a discovery logic. The second identifier identifies a known instance of a software title associated with the enterprise and is provided from an enterprise resource planning (ERP) data store by an ERP logic. The example system may also include a correlation logic to identify a correlation between the discovered instance and the known instance based on a relationship between the identifiers. The example system may also include an update logic to selectively update a value in the ERP data store based on the correlation.