Abstract: Systems and methods for monitoring the viewing of supplemental information associated with an electronic billing transaction where both bill information associated with a bill and forced-to-view information is transmitted ultimately to a payor. The forced-to-view information is associated with supplemental information that must be viewed by the payor before a payor can pay the bill through a service provider. When the forced to view information is selected, a request for the supplemental information is received, and the supplemental information is transmitted in response to the request. An indicator is stored in association with the payor that the payor has viewed the supplemental information. A message is created that the supplemental information has been accessed by the payor, and the message is transmitted to the service provider enabling acceptance of payment of the bill.

Abstract: Systems and methods are provided for determining hold periods based upon risk analysis. The systems and methods may include receiving, via a network, a payment request to make a payment on behalf of a payor to a payee and directing a debit in an amount associated with the payment request from an account associated with the payor at a first time. The systems and methods may further include determining a hold period based upon a risk analysis of the payor, and directing a credit in the amount of the payment to the payee a second time, where the hold period determines a time period between the first time and the second time.

Abstract: To authenticate a user of a communications network, credentials from the user are centrally receiving. An authentication sequence is retrieved from a plurality of retrievable authentication sequences, and the retrieved authentication sequence is performed to authenticate the user based on the received credentials.

Abstract: A user network station transmits a cookie that includes a user identifier and an augmenting factor transformed with one key of a first asymmetric crypto-key or with a symmetric crypto-key. An authenticating entity network station recovers the augmenting factor from the transformed augmenting factor included in the transmitted cookie, with the other key of the first asymmetric crypto-key or with the symmetric crypto-key, and transmits a customized login page corresponding to the user identifier. The user network station transmits a factor responsive to the transmitted customized login page. The authenticating entity network station generates a first key portion based on the transmitted factor and the recovered augmenting factor, and validates the generated first key portion based on a second key portion of one key of a second asymmetric crypto-key associated with the user and on the other key of the second asymmetric crypto-key, to thereby authenticate the user.

Abstract: A method and system for storing a notice of the receipt of a payment in a distributed data network is disclosed. A bill payment request is received at a first network station from a second network station. A payment associated with the received bill payment request is then remitted. Then, a notification is received at the first network station from a third network station indicating that the payment has been received.

Abstract: A system for securing information, includes a processor and storage device. The storage device stores information encrypted with one of a first private rolling key and a first public rolling key of an a first asymmetric rolling crypto-key, along with the one first rolling key. The processor has the logic to direct transmission, via a network, of proof of knowledge of the stored one first rolling key to authenticate a user, and of a request for the other of the first private rolling key and the first public rolling key. The processor receives the other first rolling key via the network, responsive to the directed transmission. The processor then decrypts the stored encrypted information with the received other first rolling key, and generates a second asymmetric rolling crypto-key having a second private rolling key and a second public rolling key. The processor encrypts the information with one of the second private rolling key and the second public rolling key.

Abstract: Techniques for authentication are provided. A first authentication request transformed with a private portion of a first type split private key is received. A first user is authenticated for a first level of network access based upon the first request being transformed with the first type of split private key. A second authentication request that is transformed with a private portion of a second type private key is also received. A second user is authenticated for a second level of network access based upon the second request being transformed with the second type of split private key.

Abstract: A user network station transmits a cookie including a user identifier and an augmenting factor transformed with one key of a first asymmetric crypto-key or with a symmetric crypto-key. A authenticating entity network station recovers the augmenting factor from the transformed augmenting factor with the other key of the first asymmetric crypto-key or with the symmetric crypto-key, and transmits a customized login page corresponding to the user identifier included in the received cookie. The user network station transmits a factor responsive to the transmitted customized login page. The authenticating entity network station generates a first key portion based on the transmitted factor, and validates the generated first key portion based on a second key portion of one key of a second asymmetric crypto-key associated with the user and on the other key of the second asymmetric crypto-key, and the recovered augmenting factor, to thereby authenticate the user.

Abstract: To authenticate a user having an associated asymmetric crypto-key having a private/public key pair (D,E) based on a one-time-password, the user partially signs a symmetric session key with the first portion D1 of the private key D. The authenticating entity receives the partially signed symmetric session key via the network and completes the signature with the second private key portion D2 to recover the symmetric session key. The user also encrypts a one-time-password with the symmetric session key. The authenticating entity also receives the encrypted one-time-password via the network, and decrypts the received encrypted one-time-password with the recovered symmetric session key to authenticate the user.

Abstract: To establish credentials, a user network station transmits a first value. An authenticating entity network station generates a first key portion based on the transmitted first value and a second value unknown to the user, splits one of a private key and a public key of a user asymmetric crypto-key into the first key portion and a second key portion, stores the second key portion of the one key so as to be accessible only to the authenticating entity network device, generates a cookie including the second value, transmits the generated cookie to the user network station, and destroys the transmitted first value, the second value, the one key, and the first key portion of the one key. The first value represents a first and the second value included in the transmitted cookie represents a second user credential useable to authenticate the user.

Abstract: Systems and methods for controlling access to information on a network where a first network entity receives a message requesting access to stored information via a network communication. The received message includes a first component encrypted with a first crypto-key associated with the first network entity and a second component encrypted with a second crypto-key associated with a second network entity such that both can be decrypted by the first network entity. The second network entity controls access to the network by the user. After receiving the message, the first network entity decrypts the first component and the second component and then transmits the stored information to the user based on the content of the first component and the second component.

Abstract: Systems and methods for facilitating access to stored information associated with a user, where a service provider receives, from a network entity controlling access to the stored information, a first message component encrypted with a first crypto-key associated with the network entity that can be decrypted by the network entity and a network address associated with the stored information. The service provider then receives a request for information enabling access to the stored information from an access portal associated with the user. Next, the service provider generates a response that includes the network address and the first message component and transmits the response to the access portal. The generated response is extensible by the access portal to include a second message component. The second message component is encrypted with a second crypto-key associated with the access portal. The extended response is usable to obtain access to the stored information.

Abstract: The present invention provides a method and system for making inter-network payments. A payment request to make a payment on behalf of a payer to a payee is received. A first payment service provider receives this request. The payment is directed to a payee that is associated with a second payment service provider. The first payment service provider determines the identity of the second payment service provider and transmits a payment instruction to the second payment service provider to complete the payment.

Abstract: To facilitate electronic presentment of a bill of a biller for a customer and payment of the presented bill on behalf of the customer via a communications network, a first network site associated with a bill payment entity receives a request for billing information from a second network site associated with a customer via a first communications link over a communications network. In response, a bill availability indicator indicative of an availability of a bill of the biller for the customer and having a first linking function, is presented to the second network site via the first communications link.

Abstract: Customer care is provided via a wide area communications network to a user who has previously requested payment of a bill of a biller on the user's behalf by a bill payment service provider. The communications network has multiple different network sites including a first network site associated with a customer care entity, and at least two of (i) a second network site associated with the biller, (ii) a third network site associated with a financial institution which maintains a payment account of the user and (iii) a fourth network site associated with the bill payment service provider. A request of the user for assistance regarding the payment of the bill is received.

Abstract: To make bill information available for presentation to a user entity, a first network site receives a request of the user entity for bill information, from a third network site associated with the user entity. In response, bill information representing a bill of a biller entity for the user entity is retrieved from storage at a second network site associated with a bill information provider entity, such as a biller. The retrieved bill information is transmitted, from the first network site to the third network site, for presentation to the user entity at the third network site. The first, the second, and the third network sites are different network sites.

Abstract: Techniques for user authentication based upon an asymmetric key pair having a public key and a split private key are provided. A first portion of the split private key is generated based upon multiple factors under control of the user. The factors include a password. A challenge is cryptographically combined with a first one of the multiple factors, but not the user password, to form a first message. The first message is transformed with the generated first portion to form a second message, which is then sent to an authentication entity. The sent second message is transformed to authenticate the user by proving direct verification of user control of the first factor.

Abstract: Techniques for generating a portion of a split private key are provided. A first symmetric key and a second symmetric key different than the first symmetric key are generated at a first location. The generated second symmetric key and a first one of multiple factors for generating the private key portion encrypted with the generated first symmetric key are transmitted. Then, at a second network location, the symmetric keys are again generated. The encrypted first factor is received at the second network location subsequent to a user authentication based upon the second symmetric key generated at the second network location. The received encrypted first factor is then decrypted with the first symmetric key generated at the second network location, the decrypted first factor usable to generate the portion of the split private key of the asymmetric key pair.

Abstract: Techniques for generating a private portion of a split private key of an asymmetric key pair are provided. Multiple factors upon which the private portion of the split private key is based are received. Each of these multiple factors is under control of a user associated with the asymmetric key pair. Multiple cryptographic operations are then performed using the received multiple factors to generate the private portion.

Abstract: Techniques for generating a multi-factor asymmetric key pair having a public key and split private key with multiple private portions, at least one of the multiple portions being a multiple factor private key portion, are provided. First and second asymmetric key pairs are generated, each having a private key and a public key. A text string and the first private key are cryptographically combined to make a first private key portion of the split private key. This first private key portion is a multiple factor private key portion. A second private key portion of the split private key is generated based upon the generated first private key portion and the second private key.