Abstract: A method of securely conducting a financial transaction includes receiving, at a card reader, a first plurality of messages from a smart card; identifying, using the reader, one or more sensitive messages in the first plurality of messages, where the first plurality of messages conforms to a protocol of the financial transaction; encrypting, using the reader, the one or more sensitive messages using a cryptographic key of the reader to generate encrypted messages; formatting, using the reader, a second plurality of messages according to the protocol to send to a mobile device, where the second plurality of messages includes the encrypted messages and messages in the first plurality of messages that are not sensitive; determining, using a mobile device, action steps according to the protocol, where the action steps are determined from the second plurality of messages; and executing the action steps.

Abstract: A first application may output a form comprising payment fields. An operating system (OS) may receive, from a contactless card, a uniform resource locator (URL) comprising encrypted data. A second application received from the URL by the OS may be executed. The second application may transmit the encrypted data to an authentication server, the authentication server to verify the encrypted data. The second application may receive, from a virtual account number server, a virtual account number, an expiration date associated with the virtual account number, and a CVV associated with the virtual account number. The second application may provide the virtual account number, expiration date, and CVV to an autofill service of the OS. The autofill service of the OS may autofill the virtual account number the payment fields of the first application.

Abstract: A method is provided. The method includes receiving a request message, the request message relating to a transaction between a first client and a second client, the request message including first client data and second client data, the first client data identifying an account to be used by the first client in the transaction, the second client data indicating if the second client is subscribed to a service. The method further includes determining if the second client is subscribed to the service, and generating an authentication request message if the second client is not subscribed to the service, the authentication request message requesting confirmation that a holder of the account is the first client. The method further includes sending the authentication request message, and receiving an authentication response message from the external server in response, the authentication response message including an indication whether the holder is the first client.

Abstract: A method of conducting secure electronic credit payments to a payment acquirer using a credit payment unit, including a smart card, a portable card reader device and a mobile phone, and a payment server. The method is based on using a unique reader key in the card reader device to encrypt all the sensitive smart card information communicated to the payment server, and thus being able to use an unsecure mobile phone to communicate with the payment server. The payment server then completes the transaction with the payment acquirer over a secure line.

Abstract: Approaches for augmenting a BIOS with a new program. A BIOS provides an interface through which a user may select one or more programs from a plurality of offered programs. When the BIOS receives input from the user that selects a particular program, the BIOS retrieves, over a network, the particular program. Received applications may be stored in the BIOS or in a hidden file that the BIOS can also access without booting the operating system. An online application store can offer applications that are signed by the BIOS issuer as being approved for plug-in applications for use in a pre-boot or post-boot environment.

Abstract: A method and a server computer are provided for authenticating a cardholder account. The server computer implements the method, which includes obtaining a first identifier and a cryptogram from a first entity, identifying an issuer associated with the cardholder account, forwarding the first account identifier and the cryptogram to a second entity for validation, receiving a second identifier from the second entity, and sending the second identifier to the first entity. The first identifier can be associated with the cardholder account. The second identifier can be generated by the second entity and associated with a validated form of the first identifier.

Abstract: It is presented a security server arranged to set up communication between a merchant device and a customer payment application. The security server comprises: a receiver arranged to receive a first message comprising a customer identifier, an application identifier and a security token; a determiner arranged to determine whether the merchant device is authorized; a transmitter arranged to send a second message to the merchant device, the second message indicating that the merchant device is authorized to effect payment; and a channel establisher arranged to set up a secure channel between the merchant device and the customer payment application in a secure element being adapted to be comprised in a mobile communication terminal, wherein all communication between the merchant device and the customer payment application is controlled by the security server. Corresponding methods, merchant device, computer programs and computer program products are also presented.

Abstract: A method includes receiving purchase data at one or more computing devices associated with a media service provider. The purchase data includes information descriptive of a particular purchase made by a subscriber of the media service provider from a seller, where the seller is independent from the media service provider. The method also includes selecting media content available from the media service provider based on the purchase data. At least a portion of the selected media content is sent to a device associated with the subscriber.

Abstract: In various embodiments, a system, method, and computer readable medium (collectively, the “System”) for authenticating a mobile device configured to initiate payments is provided. The System may be configured to perform operations and/or steps comprising receiving, by the processor and in a secure environment, a secret element. The secret element may be transmitted to the processor (e.g., the issuer system) via a payment terminal. The System may further comprise comparing, by the processor and in the secured environment, the secret element to an issuer element. The issuer element may be linked with a flag that is associated with the transaction account. Moreover, the issuer element may be a data module that corresponds to be is not equal to the secret element. The System may also comprise authorizing, by the processor, a transaction initiated by the mobile device in response to the comparing being a satisfactory comparison.

Abstract: A mobile device includes a wireless transceiver, a host processor, a secure element (SE), and a near field communication (NFC) system having an NFC transceiver and an NFC controller implementing a contactless front end. The contactless front end routes a near field communication related to a payment transaction between the NFC system and the SE without going to or from the host processor. The contactless front end routes a near field communication not related to a payment transaction, but requiring a security function, between the NFC system and the SE without going to or from the host processor. The contactless front end routes a near field communication not related to a payment transaction, and not requiring a security function, between the NFC system and host processor without going to or from the SE.

Abstract: Systems and methods for providing a payment authorization system include a payment authorization device that receives, through communication over a network with at least one of a user device and a payment provider device, a request to authenticate a merchant virtual storefront. The request may be received in association with a merchant virtual storefront transaction request. The payment authorization device also retrieves identifying information associated with the merchant virtual storefront. Additionally, the payment authorization device may retrieve, from a database located in a non-transitory memory, baseline identifying information for comparison to the retrieved identifying information. The payment authorization device determines an authenticity of the merchant virtual storefront based on the retrieved identifying information and subsequently authorizes the merchant virtual storefront transaction request.

Abstract: A method of authorizing a debit transaction involves a server receiving from a debit terminal a message requesting authorization for a debit transaction. The message includes a credential provided by a payment token interfaced with the debit terminal. The credential is uniquely associated with the token. The server is in communication with a payment definition database that associates a plurality of payment credentials each with a respective financial account and a default payment amount. The server determines the financial account and the default amount by querying the database with the received credential. Particulars of the determined financial account and default amount are indeterminable from only the credential. The server authenticates the message and facilitates a debit in the default amount from the financial account. The server performs the receiving, determining, authenticating and facilitating all without confirmation of authentication of a bearer of the token.

Abstract: It is presented a security server arranged to set up communication between a merchant device and a customer payment application. The security server comprises: a receiver arranged to receive a first message comprising a customer identifier, an application identifier and a security token; a determiner arranged to determine whether the merchant device is authorized; a transmitter arranged to send a second message to the merchant device, the second message indicating that the merchant device is authorized to effect payment; and a channel establisher arranged to set up a secure channel between the merchant device and the customer payment application in a secure element being adapted to be comprised in a mobile communication terminal, wherein all communication between the merchant device and the customer payment application is controlled by the security server. Corresponding methods, merchant device, computer programs and computer program products are also presented.

Abstract: An illustrative method, system, and device for communicating a message over a network between a trusted service manager and a mobile device having a security element includes the steps of: providing a message having a header field and a message field; providing a number in the header field that is unique to the mobile device; providing a message in the message field, the message coming from the mobile device if communicated from the mobile device to a trusted service manager and coming from the trusted service manager if communicated from the trusted service manager to the mobile device; and providing a messaging protocol that enables the network to distinguish between a message having the unique mobile device number in the header field and a message that is without the unique mobile device number in the header field.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer-readable storage medium, and including a method for conversion tracking. The method comprises anonymously linking plural identifiers, each identifier associated with a user and specific requesting source. Anonymously linking includes linking different identifiers associated with different requesting sources used by the user to access content. Anonymously linking includes linking the different identifiers using an identifier that does not include any personally identifiable information, and storing impression, click and interaction data for the user in association with respective identifiers.

Abstract: Disclosed is a method performed in a system comprising a first Body Area Network (BAN) enabled device and a second BAN enabled device, for performing secure payment at a payment counter by a user of the first and the second BAN enabled devices, the user wearing or carrying the first and the second BAN enabled devices; where the first and the second BAN enabled devices are paired for authorizing the user by the second BAN enabled device; the method comprises: establishing a connection between the payment counter and the first BAN enabled device; sending a BAN signal via BAN from the first BAN enabled device to the second BAN enabled device requiring confirmation from the second BAN enabled device that the second BAN enabled device is in contact with the user's body; receiving a confirmation BAN signal via BAN from the second BAN enabled device to the first BAN enabled device confirming that the second BAN enabled device is in contact with the user's body; receiving a request for payment from the payment counte

Abstract: The systems and methods described herein are directed toward launching a third party application in a media center module using a conditional link. The media center module is configured to enable the third party application to register with the module and to associate a primary link that serves as the entry point for the application. The media center module also enables the third party application to provide a conditional link that serves as the entry point when a certain condition is met. Under normal circumstances, the media center module provides the primary link as the entry point for a user to launch the third party application. When the media center module receives a notification from the third party application to use the conditional link, the media center application causes the conditional link to be the entry point for the application. Thus, the use of conditional link enables a third party application to specify how the application is launched from the media center module under different conditions.

Abstract: Disclosed are systems and methods for model based provisioning of applications and servers (both physical and virtual) to execute provisioned applications in a reliable and repeatable manner. Several aspects of a complex application management including compliance, change tracking, monitoring, discovery, processing steps, CMDB integration are disclosed within a comprehensive hierarchy of definition templates forming a model. This model can then be used at provisioning time to instantiate a compliant instance of the provisioned application. This model can also be used at run-time for managing run-time aspects of the provisioned application. Additionally, the model based approach can help track applications even when or if applications drift from their intended design and policies for use.

Abstract: A method and a system are provided for delivering on-demand software packages. In one aspect, the method may include subscribing services of a service provider operating a server, the server including an operating system and several application packages installed therein, initiating a client terminal by performing a network booting process using the operating system installed in the server, and executing in the client terminal a subscribed application package installed in the server using resources of the operating system resident in the client terminal. The method may further include charging the user a fee according to the application packages and the operating system subscribed by the user.

Abstract: A data management method and system. The method includes retrieving by a computing system, first identification data associated with a buyer of a product. The computing system retrieves product data associated with the product. The product data is compared to campaign data associated with a campaign. The campaign is associated with an entity associated with the product. The computing system determines that the product is associated with the campaign. The computing system generates second identification data comprising the first identification data, an identification code for the product, a campaign code indicating that the product is associated with the campaign, and a date of purchase for the product. The computing system generates encrypted data comprising the second identification data in an encrypted format. The encrypted data is transmitted to a secure database system.