Abstract: Embodiments of the invention are directed to methods, systems and devices for providing sensitive user data to a mobile device using an encryption key. For example, a mobile application on a mobile device may receive encrypted sensitive user data from a mobile application server, where the user sensitive data is encrypted with a key from a token server computer. The mobile application may then request that the encrypted payment information be sent to the token server. The mobile device may then receive a payment token associated with the payment information from the token server.

Abstract: Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data.

Abstract: Methods and systems are provided for making secure financial transactions, such as purchase payments, using rich Internet applications (RIA) running an RIA runtime (also referred to as a platform or framework) on the user's smart phone or other mobile device. Embodiments differ from the usual way of re-directing a user from a third-party application and authenticating the user by providing secure in-line payments from a rich Internet application running on an RIA runtime. A system includes: a mobile device executing a rich Internet application running on an RIA runtime; a payment library communicating with the RIA runtime and a service provider, for which the payment library communicates with the service provider to authenticate the rich Internet application; and in response to authentication by the service provider, facilitates secure financial transactions via the rich Internet application.

Abstract: Embodiments of systems and methods for client and/or server authentication are provided. In one embodiment, a method includes sending information from a mobile network device to a server, wherein the information comprises a seed that is used by both the mobile network device and the server to compute a series of one time passwords. The method also includes receiving, by the mobile network device, a succession of one time passwords generated by the server throughout a session. And the method further includes comparing the received one time passwords generated by the server throughout the session to corresponding one time passwords generated at the mobile network device. In this manner, the server can be authenticated. In various embodiments, the process may be reversed to facilitate client, e.g., mobile network device, authentication.

Abstract: Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate an ephemeral key pair comprising an ephemeral public key and an ephemeral private key. The first computing device can generate a first shared secret using the ephemeral private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the ephemeral public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the ephemeral private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.

Abstract: Methods and systems are provided for making secure financial transactions, such as purchase payments, using rich Internet applications (RIA) running an RIA runtime (also referred to as a platform or framework) on the user's smart phone or other mobile device. Embodiments differ from the usual way of re-directing a user from a third-party application and authenticating the user by providing secure in-line payments from a rich Internet application running on an RIA runtime. A system includes: a mobile device executing a rich Internet application running on an RIA runtime; a payment library communicating with the RIA runtime and a service provider, for which the payment library communicates with the service provider to authenticate the rich Internet application; and in response to authentication by the service provider, facilitates secure financial transactions via the rich Internet application.

Abstract: Embodiments of systems and methods for client and/or server authentication are provided. In one embodiment, a method includes sending information from a mobile network device to a server, wherein the information comprises a seed that is used by both the mobile network device and the server to compute a series of one time passwords. The method also includes receiving, by the mobile network device, a succession of one time passwords generated by the server throughout a session. And the method further includes comparing the received one time passwords generated by the server throughout the session to corresponding one time passwords generated at the mobile network device. In this manner, the server can be authenticated. In various embodiments, the process may be reversed to facilitate client authentication, e.g., mobile network device authentication.

Abstract: Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data.

Abstract: Embodiments provide secure messaging communications. In an embodiment, a method comprises receiving, by a service provider processor, an encrypted message and a key from a sender associated with a first client device that is remote from the service provider, wherein the first client device internally encrypts the message. The message also comprises verifying the received key based on at least a comparison with a pre-determined key. Once the received key is verified, the method also comprises processing one or more unique factors associated with the sender or the first client device, wherein the one or more unique factors are known by the service provider. The method further comprises decrypting the message and re-encrypting the message using a key of a receiver associated with a second client device; and sending the re-encrypted message to the receiver associated with the second client device, wherein the second client device decrypts the message.

Abstract: A system and method for facilitating electronic commerce over a network, according to one or more embodiments, includes communicating with a user via a user device and a business entity via a business entity device over the network, monitoring user navigation events over the network, determining a mood of the user based on user navigation behavior, marketing to the user based on the mood of the user, and storing user information related to the user navigation events and the mood of the user.

Abstract: Embodiments of the present disclosure provide systems and methods for secure Short Message Service (SMS) communications. According to an embodiment, a method of providing secure Short Message Service (SMS) communications comprises requesting that SMS data to be sent from a client device to a remote location be encrypted. The method also comprises encrypting the SMS data by processing the SMS data with a Message Authentication Code (MAC) and a timestamp and/or counter along with second factor authentication information. The method further comprises sending the encrypted SMS data to the remote location by a secure SMS application via a regular SMS channel of the client device.

Abstract: Systems and methods for facilitating financial transactions over a network include a merchant device, a client device and a payment processing device. The merchant device is adapted to allow a merchant to provide items for purchase via the network. The client device is adapted to allow a user to access the merchant device via the network and view the items for purchase. The client device is adapted to provide a payment mechanism to the user. The user generates a purchase request for an item by selecting the one item, dragging the item to the payment mechanism, and dropping the item over the payment mechanism. The payment processing device is adapted to receive the purchase request from the client device via the network and authorize the user to purchase the item from the merchant based on information passed with the purchase request.

Abstract: Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data.

Abstract: A user who is authorizing a delegate to make a purchase using funds from an account of the user sends information to a payment provider. The information includes a picture of the delegate, along with information such as a merchant name, a maximum amount, a type of purchase, item information, and/or any other transaction limitations/restrictions. The payment provider then transmits this information to the merchant. A one-time code or number may be communicated to the delegate. When the delegate is ready to make a payment with the user account, the delegate gives the delegate's name and/or other identifying information to the merchant, along with the payment code. The merchant enters the information and is shown a picture of the delegate. If there is a match, the payment may be submitted for processing. In one embodiment, a photo of the delegate may be taken by the merchant and the image transmitted to the user. The user may then be requested to confirm the delegate as an authorized delegate.

Abstract: Systems and methods for facilitating financial transactions over a network include a merchant device, a client device and a payment processing device. The merchant device is adapted to allow a merchant to provide items for purchase via the network. The client device is adapted to allow a user to access the merchant device via the network and view the items for purchase. The client device is adapted to provide a payment mechanism to the user. The user generates a purchase request for an item by selecting the one item, dragging the item to the payment mechanism, and dropping the item over the payment mechanism. The payment processing device is adapted to receive the purchase request from the client device via the network and authorize the user to purchase the item from the merchant based on information passed with the purchase request.

Abstract: Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data.

Abstract: Embodiments of the present disclosure provide systems and methods for secure Short Message Service (SMS) communications. According to an embodiment, a method of providing secure Short Message Service (SMS) communications comprises requesting that SMS data to be sent from a client device to a remote location be encrypted. The method also comprises encrypting the SMS data by processing the SMS data with a Message Authentication Code (MAC) and a timestamp and/or counter along with second factor authentication information. The method further comprises sending the encrypted SMS data to the remote location by a secure SMS application via a regular SMS channel of the client device.

Abstract: Embodiments of systems and methods for client and/or server authentication are provided. In one embodiment, a method includes sending information from a mobile network device to a server, wherein the information comprises a seed that is used by both the mobile network device and the server to compute a series of one time passwords. The method also includes receiving, by the mobile network device, a succession of one time passwords generated by the server throughout a session. And the method further includes comparing the received one time passwords generated by the server throughout the session to corresponding one time passwords generated at the mobile network device. In this manner, the server can be authenticated. In various embodiments, the process may be reversed to facilitate client, e.g.

Abstract: Systems and methods are provided for secure transactions according to one or more embodiments. According to an embodiment, a method for providing secure transactions comprises initiating a transaction via a point of sale device having a one time password generator. The method also comprises generating at least one password by the point of sale device. The method further comprises associating the at least one password with account information. The method further comprises transmitting the password associated with the account information to a remote location. If the transmitted password matches predetermined associated information at the remote location, the method further comprises confirming the transaction.

Abstract: A method for inhibiting phishing can include sending information from a mobile network device to a website server, generating a one time password at the mobile network device from the information, generating a one time password at the website server from the information, sending the one time password generated at the website server to the mobile network device when the mobile network device subsequently accesses the website, and comparing the one time password generated at the website server to the one time password generated at the mobile network device. In this manner, the website can be authenticated such that the occurrence of phishing is substantially mitigated.