Abstract: In various embodiments, a system, method, and computer readable medium (collectively, the “System”) for authenticating a mobile device configured to initiate payments is provided. The System may be configured to perform operations and/or steps comprising receiving, by the processor and in a secure environment, a secret element. The secret element may be transmitted to the processor (e.g., the issuer system) via a payment terminal. The System may further comprise comparing, by the processor and in the secured environment, the secret element to an issuer element. The issuer element may be linked with a flag that is associated with the transaction account. Moreover, the issuer element may be a data module that corresponds to be is not equal to the secret element. The System may also comprise authorizing, by the processor, a transaction initiated by the mobile device in response to the comparing being a satisfactory comparison.

Abstract: A mobile device includes a wireless transceiver, a host processor, a secure element (SE), and a near field communication (NFC) system having an NFC transceiver and an NFC controller implementing a contactless front end. The contactless front end routes a near field communication related to a payment transaction between the NFC system and the SE without going to or from the host processor. The contactless front end routes a near field communication not related to a payment transaction, but requiring a security function, between the NFC system and the SE without going to or from the host processor. The contactless front end routes a near field communication not related to a payment transaction, and not requiring a security function, between the NFC system and host processor without going to or from the SE.

Abstract: Systems and methods for providing a payment authorization system include a payment authorization device that receives, through communication over a network with at least one of a user device and a payment provider device, a request to authenticate a merchant virtual storefront. The request may be received in association with a merchant virtual storefront transaction request. The payment authorization device also retrieves identifying information associated with the merchant virtual storefront. Additionally, the payment authorization device may retrieve, from a database located in a non-transitory memory, baseline identifying information for comparison to the retrieved identifying information. The payment authorization device determines an authenticity of the merchant virtual storefront based on the retrieved identifying information and subsequently authorizes the merchant virtual storefront transaction request.

Abstract: A method of authorizing a debit transaction involves a server receiving from a debit terminal a message requesting authorization for a debit transaction. The message includes a credential provided by a payment token interfaced with the debit terminal. The credential is uniquely associated with the token. The server is in communication with a payment definition database that associates a plurality of payment credentials each with a respective financial account and a default payment amount. The server determines the financial account and the default amount by querying the database with the received credential. Particulars of the determined financial account and default amount are indeterminable from only the credential. The server authenticates the message and facilitates a debit in the default amount from the financial account. The server performs the receiving, determining, authenticating and facilitating all without confirmation of authentication of a bearer of the token.

Abstract: It is presented a security server arranged to set up communication between a merchant device and a customer payment application. The security server comprises: a receiver arranged to receive a first message comprising a customer identifier, an application identifier and a security token; a determiner arranged to determine whether the merchant device is authorized; a transmitter arranged to send a second message to the merchant device, the second message indicating that the merchant device is authorized to effect payment; and a channel establisher arranged to set up a secure channel between the merchant device and the customer payment application in a secure element being adapted to be comprised in a mobile communication terminal, wherein all communication between the merchant device and the customer payment application is controlled by the security server. Corresponding methods, merchant device, computer programs and computer program products are also presented.

Abstract: An illustrative method, system, and device for communicating a message over a network between a trusted service manager and a mobile device having a security element includes the steps of: providing a message having a header field and a message field; providing a number in the header field that is unique to the mobile device; providing a message in the message field, the message coming from the mobile device if communicated from the mobile device to a trusted service manager and coming from the trusted service manager if communicated from the trusted service manager to the mobile device; and providing a messaging protocol that enables the network to distinguish between a message having the unique mobile device number in the header field and a message that is without the unique mobile device number in the header field.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer-readable storage medium, and including a method for conversion tracking. The method comprises anonymously linking plural identifiers, each identifier associated with a user and specific requesting source. Anonymously linking includes linking different identifiers associated with different requesting sources used by the user to access content. Anonymously linking includes linking the different identifiers using an identifier that does not include any personally identifiable information, and storing impression, click and interaction data for the user in association with respective identifiers.

Abstract: Disclosed is a method performed in a system comprising a first Body Area Network (BAN) enabled device and a second BAN enabled device, for performing secure payment at a payment counter by a user of the first and the second BAN enabled devices, the user wearing or carrying the first and the second BAN enabled devices; where the first and the second BAN enabled devices are paired for authorizing the user by the second BAN enabled device; the method comprises: establishing a connection between the payment counter and the first BAN enabled device; sending a BAN signal via BAN from the first BAN enabled device to the second BAN enabled device requiring confirmation from the second BAN enabled device that the second BAN enabled device is in contact with the user's body; receiving a confirmation BAN signal via BAN from the second BAN enabled device to the first BAN enabled device confirming that the second BAN enabled device is in contact with the user's body; receiving a request for payment from the payment counte

Abstract: The systems and methods described herein are directed toward launching a third party application in a media center module using a conditional link. The media center module is configured to enable the third party application to register with the module and to associate a primary link that serves as the entry point for the application. The media center module also enables the third party application to provide a conditional link that serves as the entry point when a certain condition is met. Under normal circumstances, the media center module provides the primary link as the entry point for a user to launch the third party application. When the media center module receives a notification from the third party application to use the conditional link, the media center application causes the conditional link to be the entry point for the application. Thus, the use of conditional link enables a third party application to specify how the application is launched from the media center module under different conditions.

Abstract: A method and a system are provided for delivering on-demand software packages. In one aspect, the method may include subscribing services of a service provider operating a server, the server including an operating system and several application packages installed therein, initiating a client terminal by performing a network booting process using the operating system installed in the server, and executing in the client terminal a subscribed application package installed in the server using resources of the operating system resident in the client terminal. The method may further include charging the user a fee according to the application packages and the operating system subscribed by the user.

Abstract: Disclosed are systems and methods for model based provisioning of applications and servers (both physical and virtual) to execute provisioned applications in a reliable and repeatable manner. Several aspects of a complex application management including compliance, change tracking, monitoring, discovery, processing steps, CMDB integration are disclosed within a comprehensive hierarchy of definition templates forming a model. This model can then be used at provisioning time to instantiate a compliant instance of the provisioned application. This model can also be used at run-time for managing run-time aspects of the provisioned application. Additionally, the model based approach can help track applications even when or if applications drift from their intended design and policies for use.

Abstract: A data management method and system. The method includes retrieving by a computing system, first identification data associated with a buyer of a product. The computing system retrieves product data associated with the product. The product data is compared to campaign data associated with a campaign. The campaign is associated with an entity associated with the product. The computing system determines that the product is associated with the campaign. The computing system generates second identification data comprising the first identification data, an identification code for the product, a campaign code indicating that the product is associated with the campaign, and a date of purchase for the product. The computing system generates encrypted data comprising the second identification data in an encrypted format. The encrypted data is transmitted to a secure database system.

Abstract: Systems and methods are provided for securing payment card information. A user may present a payment card such as a credit card to point-of-sale equipment. The point-of-sale equipment may use a symmetric key to encrypt payment card information associated with the payment card. The symmetric key may be encrypted at the point-of-sale equipment using the identity-based-encryption (IBE) public key of a purchase transaction processor to produce a key transfer block. The key transfer block and the encrypted payment card information may be conveyed from the point-of-sale equipment to the purchase transaction processor over a communications network. At the purchase transaction processor, an IBE private key may be used to recover the symmetric key from the key transfer block. The symmetric key can be used to decrypt the encrypted payment card information for processing and re-encryption using a key associated with the purchase transaction processor.

Abstract: A method and system for processing feedback entries received from software provided by a vendor to an end user machine. The end user machine includes the software, a feedback module, and a database. The feedback module: generates an encryption Ek0 of an identification tag FE(0) using a secret key k(0) where Ek0=E(k(0),FE(0)); generates a parameter Hn0 using a secret key n(0) where Hn0=Hash(n(0)?Ek0); generates a parameter Hs0 using a secret key s(0) where Hs0=Hash(s(0)?Ek0); and sends Ek0, Hn0, and Hs0 to the database.

Abstract: A system for processing feedback entries received from software provided by a vendor to an end user machine. The end user machine includes the software, a feedback module, and a database. The feedback module: establishes a secret key k(0) and a secret key n(0; generates an identification tag FE(0); generates a secret key s(0); generates an encryption Ek0 of the identification tag FE(0) using the secret key k(0) where Ek0=E(k(0),FE(0)); generates a parameter Hn0 using the secret key n(0) where Hn0=Hash(n(0)?Ek0); generates a parameter Hs0 using the secret key s(0) where Hs0=Hash(s(0)?Ek0); sends Ek0, Hn0, and Hs0 to the database; and sends Ek0 and Hn0 to the vendor.

Abstract: A road toll system comprises a vehicle-mounted unit having a satellite navigation receiver. A first data processing means determines a route taken 5 based on satellite navigation data provided from the receiver, and the satellite navigation data is associated with a variable identity. A road toll level is derived. A second data processing means receives the road toll level provided by the first data processing means, and the satellite navigation obtains the determined road toll level from the second data processing means using the 10 variable identity. This provides a thin client scenario (the receiver does not implement the map calculations), but with data security corresponding to a thick client solution. Thus, the map matching and trip cost computation steps are delegated by the on-board unit to an external unit, but this delegation is performed anonymously, so that no data sent for external processing 15 compromises the privacy of the data.

Abstract: An information processing apparatus and method composites and displays a map image at a designated scale and an object associated with the map image at the designated scale. The apparatus and method count the number of times of designation with respect to a position on a map, and manage the number of times of designation in association with the position and the map. If the number of times of designation with respect to a position of interest on the map exceeds a threshold value, a position that is managed in association with a large-area map including an area shown by the map is specified, and an object in the specified position on the large-area map is highlighted on the large-area map.

Abstract: Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL.

Abstract: A central processing unit measurement facility is virtualized in order to support concurrent use of the facility by multiple guests executing within a virtual environment. Each guest of the environment has independent control over disablement/enablement of the facility for that guest.

Abstract: Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL.