Abstract: Described herein are various technologies related to secure generation of tokens and secure inversion of tokens. A tokenization system executes in a secure execution environment, and is configured to receive a string and an encrypted tokenization function. The tokenization system decrypts the encrypted tokenization function, and executes the tokenization function over the string to generate a token. The token is transmitted to a logically separate computing environment, and the tokenization system deletes the tokenization function and the string.

Abstract: A system and method for network file filtering to prevent identity theft or misuse by restricting access to files likely to contain sensitive data is disclosed. The file filtering process includes scanning at least one data file for density of a selected pattern. Files identified as containing the selected pattern may be further analyzed to determine the likelihood of the presence of sensitive information. The process may also include restricting access to files that are identified as likely to contain sensitive information.

Abstract: A method for the use of electronic transactional tokens includes: generating a plurality of transactional tokens including a first token; associating each of the transactional tokens with a plurality of users, the first token associated with a first user; monitoring usage of the transactional tokens in a plurality of transactions in a local region or network; and in response to receiving transactional data for the first transaction, updating the first token from a first state to a second state (e.g., to provide a benefit when the token is applied in the local region or network). The tokens may be generated and monitored using a token processing system, which uses transaction data received by a transaction handler that is handling transaction processing for the transactions.

Abstract: A method for linking payment accounts includes: storing a plurality of account profiles, each profile including data related to a payment account including an account number and account data; encrypting the account number included in each account profile using a method of encryption to obtain an encrypted account number; receiving account linkage data, the data including a plurality of encrypted account identifiers, each identifier being indicated as being linked to another identifier, and each identifier being encrypted using the method of encryption; matching each of the encrypted account identifiers to an encrypted account number; and updating one or more account profiles to indicate a link to another account profile where the encrypted account number included in the profile being updated matches an encrypted account identifier that is indicated as being linked to an encrypted account identifier that matches the encrypted account number included in the other profile.

Abstract: The present invention generally relates to a method, system and program product for modifying a supply of stable value digital asset tokens tied to a blockchain.

Abstract: A card reader comprising a display configured to optionally graphically display a character; one or more sensors configured to receive user input, wherein the one or more sensors are configured to send one or more signals that modify and select the character; a microcontroller configured to process the user input, wherein the processing comprises modifying or selecting the character based on user input at the one or more sensors; and memory configured to store selected characters based on processing the user input.

Abstract: Embodiments of the present invention are directed to a centralized trusted service manager system in the form of a trusted service manager interconnectivity service hub, which facilitates and provides communications between entities involved I mobile contactless payment systems. One embodiment is directed to a method for processing a message related to a mobile payment application on a secure element of a mobile communication device through an interconnectivity services hub including receiving the message from a first entity in a first protocol and determining a trusted service manager associated with the secure element from among a plurality of trusted service managers using a routing table comprising routing information.

Abstract: Efficient methods and systems for verifying personal identifiers in transactions such as financial transactions are disclosed. In an exemplary method, an authentication server computer may provide an account number and a personal identifier such as a PIN to a payment processing network server computer. The payment processing network server computer may then determine which of a plurality of authentication processes to initiate.

Abstract: A system effectively performs content information acquisition processing and content purchase processing in which it is necessary to access different servers. If a user views information provided by an information providing server, for example, television program table information, and acquires content related to information selected from among pieces of information included in the television program table information, the user can transmit a content acquisition request including content specification information to a content providing server simply by dragging and dropping the selected information displayed on a display screen onto a toolbar included in a display unit or onto another server information display area. As a result, the user can effectively perform the selection and acquisition of content without switching between connections to various servers.

Abstract: A network communication device, such as an electricity meter, is configured to communicate with devices on a circuit internal to a site via power line communication (PLC), even when electricity service to the site is disconnected. The network communication device is configured to monitor one or more circuits internal to the site and to receive power line communications from the device(s) coupled to the circuit internal to the site when the site is disconnected from electricity service. A PLC module of the network communication device may include a switch-based or capacitor-based monitor that maintains a PLC coupler electrically connected with the circuit internal to the site even when electricity service to the site is disconnected.

Abstract: Systems and methods for instantly quoting a two-sided market. Using these systems and methods, a trader can use various trading interfaces to initiate two-sided market orders based on a value submitted and a pre-set spread amount as configured by the trader.

Abstract: A system for implementing at least one cryptocurrency transaction at a point-of-sale by using a mobile terminal is provided. The system is operable to provide authentication for implementing the one or more cryptocurrency transactions, wherein the system is operable to send at least one authentication request for the at least one cryptocurrency transaction from a payment terminal to a payment service hosted via one or more virtual computing machines, wherein the payment service is operable to provide a request for a PIN code at the mobile terminal; to send the PIN code from the mobile terminal via a secure channel to open a vault in the one or more virtual machines, wherein the vault contains one or more private keys which are useable for authenticating the at least one cryptocurrency transaction; and to confirm execution of the at least one cryptocurrency transaction to at least the payment terminal.

Abstract: A smart card transaction allows a consumer to load value onto a smart card and to make purchases using a smart card with a mobile telephone handset over the telecommunications network. For loading, the system includes: a mobile telephone handset including a card reader; a gateway computer; a funds issuer computer; and an authentication computer. The mobile telephone handset receives a request from a user to load a value onto the smart card. The handset generates a funds request message which includes the value and sends the funds request message to a funds issuer computer. The funds issuer computer debits an account associated with the user. Next, the handset generates a load request message with a cryptographic signature and sends the load request message to an authentication computer which authenticates the smart card. The handset receives a response message which includes a cryptographic signature and an approval to load.

Abstract: Healthcare transaction validation systems and methods are presented. Healthcare transactions associated with a stakeholder are compiled into a chain of healthcare transaction blocks. The chain can be considered a chronicle of person's healthcare path through life. When a transaction is conducted, the corresponding healthcare parameters (e.g., inputs, outputs, clinical evidence, outcomes, etc.) are sent to one or more validation devices. The devices establish a validity of the transaction and generate a new block via a proof-of-work principle. Once the new block has been calculated it can be appended to the stakeholder's health care blockchain.

Abstract: A client computing system inserts selected advertising into digital content. Ads may be inserted into content based on a dynamic advertising matching process that is securely implemented within a hardware-based root of trust. User profiles used in ad matching may be privacy protected and maintained with confidentiality protection in the client computing system and/or a service provider server, respectively. When a client computing system makes a request to the service provider server for content with specified ad slots, the request may be made with the client's EPID signature, which is inherently privacy protected. The hardware-based root of trust protects insertion of selected ads into the linear rendering flow of the content.

Abstract: Embodiments of the invention disclose a remote control device for operating a media device that can be used to conduct financial transactions. The remote control device includes a user interface to accept user input, and a communication interface to communicate with the media device. The remote control device also includes a hardware security module that is coupled to the user interface and the communication interface. The hardware security module includes a secure processing unit, and a public processing unit that is configured to selectively request the secure processing unit to encrypt user input based on a function that is being performed on the media device.

Abstract: Systems and methods for securely storing digital assets using a secure portal are disclosed. Using an isolated computer within an electronic isolation chamber, a plurality of digital asset accounts may be generated, and one or more private keys and a digital asset account identifier corresponding to each of the digital asset accounts may be obtained. A respective reference identifier may be associated with each digital asset account. At least one of the one or more private keys corresponding to each digital asset account may be divided into a plurality of private key segments and written to a card along with the respective reference identifier to create sets of collated cards, wherein each set comprises cards corresponding to different private keys.

Abstract: A customer may provide a merchant with primary account number information in connection with a purchase transaction. The merchant may send an associated authorization request to a payment card processor. A tokenization server at the payment card processor may generate a token corresponding to the primary account number. To secure the token, the token may be encrypted at the payment card processor using a cryptographic key shared with the merchant. A structure preserving encryption algorithm may be used in encrypting the token. A processor identifier may be embedded in the encrypted version of the token during the structure preserving encryption operation. The merchant can use the shared key to decrypt the token and extract the processor identifier. A settlement request may be directed to the processor from the merchant to settle the transaction using the processor identifier.

Abstract: A system (211) and method (300) for reliable monitoring of secure application execution events is provided. The system can include a Near Field Communication (NFC) modem (140) for communicating transaction events of a secure contactless transaction (358) with a NFC reader (170), a secure controller (200) for monitoring state transitions caused by the transaction events, and a mobile host communicatively coupled to the secure controller for receiving hardware event notifications of the state transitions. The secure controller can generate message using a hardware interrupt to a mobile host based on secure applet state transition monitoring by setting up the events flag such as a Transaction Completion Flag (TCF) (372) into an Events Status Register (232) to identify a status of a secure contactless transactions.

Abstract: Systems and methods are presented for accessing an application available from a data center of a program execution service. The metadata associated with a user computing device may be used to determine whether the user computing device is authorized to access the application through a virtual desktop instance. At least a portion of the application may be executed by the virtual desktop instance and provided to the user. Applications may be purchased, licensed, or rented by a user.