Abstract: A system and method for pseudonymizing digital data records sent from a source system to a destination system, using an identity protector client system and an identity protector master system, includes the steps of receiving, at the identity protector client, person-specific data from a source system provided with a source identifier. The digital data records are pre-pseudonymized by the identity protector client, and the processed digital data records are marked with a source identifier which references the source file in the source system. The pre-pseudonymized digital data records are transmitted to the identity protector master. For every data record, a pseudonym is created by the identity protector master from the pre-pseudonym, the source identifier, and at least one other value generated from an erratic value and a time value. The pseudonym is transmitted to the destination system.

Abstract: A system for securing a mobile financial transaction using an adaptive security policy is provided by presenting, via an external terminal, an input request associated with a vertex of the security policy. User input is received via the external terminal in response to the input request. A rule associated with the vertex is retrieved from a database. An edge is selected from a plurality of edges associated with the vertex according to the retrieved rule. A communication session of the external terminal is routed to a subsequent vertex via the selected edge.

Abstract: At least a first cryptogram and a second cryptogram are transmitted from a payment device reader component to a terminal component. A message including at least the first cryptogram and the second cryptogram is transmitted from the terminal component to an issuer of a payment device presented to the reader component, through a payment network. A message is obtained from the issuer, corresponding to authentication, by the issuer, of the payment device (and optionally the owner of the payment device) presented to the reader component, based at least on the first cryptogram and the second cryptogram. The payment network is configured in accordance with at least one of (i) a standard, and (ii) a specification, which normally employs only a single cryptogram for the message and the authentication. Apparatuses and computer program products are also disclosed.

Abstract: In order to make it more difficult to obtain numbers that can be used to conduct fraudulent transactions, a portion of a real account number is encrypted. The encrypted portion of the account number is used to generate a new account number, a new expiration date, and a new verification value. This information can be determined using processor that may reside in a point of sale terminal, a smart card, or a computer operated by a user. The new account number, the new expiration date, and the new verification value can be used in a payment transaction. A server computer in a central payment processing network may determine that the new account information is not the real account information, and may subsequently generate a modified authorization request message using the real account information and may send it to an issuer for approval. The transmission of data is more secure, since real account information is not sent from the merchant to the payment processing network.

Abstract: Chip cards are used to secure credit and debit payment transactions. To prevent fraudulent transactions, the card must protect cryptographic keys used to authenticate transactions. In particular, cards should resist differential power analysis and/or other attacks. To address security risks posed by leakage of partial information about keys during cryptographic transactions, cards may be configured to perform periodic cryptographic key update operations. The key update transformation prevents adversaries from exploiting partial information that may have been leaked about the card's keys. Update operations based on a hierarchical structure can enable efficient transaction verification by allowing a verifying party (e.g., an issuer) to derive a card's current state from a transaction counter and its initial state by performing one operation per level in the hierarchy, instead of progressing through all update operations performed by the card.

Abstract: Digital media products and methods for making them are disclosed. A digital media product can effectively not have any value until purchased and activated at a point-of-sale. In one embodiment, the digital media product is content specific and provided to allow acquisition of a particular collection of digital media assets upon activation. As one example, the collection can pertain to a playlist, album or set of content.

Abstract: Methods and apparatuses for increasing the leak-resistance of cryptographic systems are disclosed. A cryptographic token maintains secret key data based on a top-level key. The token can produce updated secret key data using an update process that makes partial information that might have previously leaked to attackers about the secret key data no longer usefully describe the new updated secret key data. By repeatedly applying the update process, information leaking during cryptographic operations that is collected by attackers rapidly becomes obsolete. Thus, such a system can remain secure against attacks involving analysis of measurements of the device's power consumption, electromagnetic characteristics, or other information leaked during transactions. Transactions with a server can be secured with the token.

Abstract: An apparatus for facilitating payment using a payment card includes a computerized sales transaction device structured to determine a monetary amount for a sale, and a secure card activated terminal (CAT) device in electronic communication with the computerized sales transaction device. The computerized sales transaction device sends the monetary amount to the secure CAT device. The secure CAT device is structured to: (i) obtain sensitive payment card information from the card, (ii) automatically request in a secure, encrypted manner authorization for the sale using the monetary amount and the sensitive payment card information, (iii) receive in a secure, encrypted manner authorization approval for the sale, and (iv) in response to receiving the authorization approval, send purchase authorization approval information to the computerized sales transaction device. The computerized sales transaction device never receives the sensitive payment card information.

Abstract: Systems and methods for automatically converting digital content from an incompatible to a compatible target DRM scheme are disclosed. In one embodiment, a user device transmits a request to a content server for digital content, the request including a target DRM scheme compatible with the user device. The content server determines that the requested target DRM scheme is incompatible with the native DRM scheme of the content server. A DRM matching server obtains the requested content from the content server and converts the content from the native DRM scheme to the target DRM scheme. The DRM matching server transmits the reformatted content to the user's device. Alternatively, the DRM matching server transmits the reformatted content to the content server, which transmits it to the user device. A user device includes any device capable of utilizing digital content, including cellular telephones, PDAs, audio file players, and video content display devices.

Abstract: Content protection arrangements govern use of particular electronic content in a consumer electronic device. An exemplary arrangement authorizes use based not just on usage control data corresponding to the content, but also based on an attribute of the consumer electronic device. Thus, for example, playback of a song (or video) with particular usage control data may be authorized on a device that includes only analog output, but not be authorized on a device that is capable of outputting the content in an unencrypted digital format. A variety of other technologies and arrangements are also detailed.

Abstract: A system and method are disclosed relating to authenticating software licenses associated with a software product. During an installation process, a purchaser of a software product may contact a vendor representative via a telephone connection and verbally relay a data packet, which may be an installation ID. The vendor server creates a reversible hash from the data packet, a known seed value and additional information relating to the software product or license. The server encrypts the hash to generate a confirmation ID, and sends the confirmation ID to the software product purchaser.

Abstract: Electronic currency consists of data in a form suitable to be stored in a user's data storage medium, comprising information on the data value, identification of each specific set of data or data point, and authentication information suitable to verify that said data has been generated by a specific Currency Issuing Authority (CIA). A method and a system for effecting currency transactions between two users over the Internet or other communication network are also described.

Abstract: In a method for managing a time-limited license on a computer application that can be run on a network component, a license data record is created that contains at least information concerning the computer application to be licensed, a license period and a signing time. The license data record is read from a license server, and based on the information concerning the signing time a reference date for this computer application is created. The reference date is compared with a system time, which is defined for the network component in order to determine a binding current time base for the license server. Based on this comparison, it is determined whether the computer application is run on the basis of at least one of the current time base and the granted license period. The reference date is continuously updated and stored on the license server.

Abstract: A license is issued to a user as decryption and authorization portions. The decryption portion is accessible only by such user and has a decryption key (KD) for decrypting corresponding encrypted digital content and validating information including an identification of a root trust authority. The authorization portion sets forth rights granted in connection with the digital content and conditions that must be satisfied to exercise the rights granted, and has a digital signature that is validated according to the identified root trust authority in the decryption portion. The user issued accesses the decryption portion and employs the validation information therein to validate the digital signature of the authorization portion. If the conditions in the authorization portion so allow, the rights in the authorization portion are exercised by decrypting the encrypted content with the decryption key (KD) from the decryption portion and rendering the decrypted content.

Abstract: In one embodiment of the present invention a method to allow a consumer to direct payments to be made via one or more payment vehicles of choice is provided. In another embodiment of the present invention a system to allow a consumer to direct payments to be made via one or more payment vehicles of choice is provided.

Abstract: A system and method for providing a flexible licensing system for digital content is described. In some cases, the system utilizes tokens or other valuations to facilitate the purchase or exchange of content.

Abstract: A method and system for content-based billing in IP-networks, carry out and transmit to a control gateway module the authentication and/or service authorization of an IP-node based on the IMSI of the SIM card of the node for HLR and/or VLR of a GSM network and guide the access of the IP node to the content of a network content provider through said control gateway module, control involved costs by means of the nodule on the base of the access target address, detect call detail records according to the IP-node services by a core engine module, detect at least the identity of the IP-node and/or the time and/or a provider of the required services by means of the call detail records during access to the control gateway module, transmit the data to the billing module and compute call detail records and/or clearing data based thereon and/or TAP files through the billing system of a service provider or a financial institution. The disclosure relates, in particular to the mobile IP nodes in heterogeneous networks.

Abstract: A method and apparatus effectuates bilateral commerce in ideas. An originator and user-driven on-line commercial network system is designed to facilitate idea submission, purchase, and licensing, and is easily adapted to business-to-business transfers of innovation as well as consumer-to-business transfers of innovation. The invention allows originators of ideas to communicate nondisclosing synopses of ideas globally to potential users, for users conveniently to search for relevant ideas and for users potentially to bind an originator to a limited duration license granting user the exclusive right to access and consider confidentially the originator's fully disclosed idea. The invention also allows users to communicate confidentially or nonconfidentially unsolved problems or needs globally to potential originators, for originators conveniently to search for relevant unsolved problems or needs, and for originators to submit and communicate confidentially proposed solutions to the soliciting user.