Abstract: Systems for decoupling and updating pinned certificates on a user device are disclosed. A mobile application having a hardcoded pinned certificate may be installed on a user device. The pinned certificate may be decoupled from the mobile application and stored on the user device. In response to the mobile application attempting to establish a secure connection with a server, the system may check whether the decoupled pinned certificate is current by querying a certificate repository. In response to determining that the pinned certificate is out of date, the system may transmit the current certificate to the user device to update the decoupled pinned certificate.

Abstract: A system receives a source and a metadata layer that describes the source. The source may comprise source records with fields containing source data, and the metadata layer may include metadata comprising at least one of a field data type, a field data length, a field description, or a record length. The processor may further validate the metadata layer against the source and write results to a log. The processor may further be configured for transforming the source records into transformed records for a load ready file. The processor may further balance a number of records in the source against a number of transformed records in the load ready file to generate a transformation failure rate.

Abstract: A system receives a source and a metadata layer that describes the source. The source may comprise source records with fields containing source data, and the metadata layer may include metadata comprising at least one of a field data type, a field data length, a field description, or a record length. The processor may further validate the metadata layer against the source and write results to a log. The processor may further be configured for transforming the source records into transformed records for a load ready file. The processor may further balance a number of records in the source against a number of transformed records in the load ready file to generate a transformation failure rate.

Abstract: A system for conducting transactions without a debit card or credit card may receive a request to complete a transaction including authentication data associated with a transaction account and a captured biometric template. The transaction request may lack information contained on a typical debit card or credit card. The system may identify the transaction account using the authentication data associated with the transaction account. The transaction account may be associated with a stored biometric template stored in a biometric data store. The system may also compare the stored biometric template with the captured biometric template. In response to the stored biometric template conflicting with the captured biometric template, the system may decline the transaction.

Abstract: A system for conducting transactions without a debit card or credit card may receive a request to complete a transaction including authentication data associated with a transaction account and a captured biometric template. The transaction request may lack information contained on a typical debit card or credit card. The system may identify the transaction account using the authentication data associated with the transaction account. The transaction account may be associated with a stored biometric template stored in a biometric data store. The system may also compare the stored biometric template with the captured biometric template. In response to the stored biometric template conflicting with the captured biometric template, the system may decline the transaction.

Abstract: A system may generate a seed one-time password (OTP). The system may also perform steps including transmitting the seed OTP to a user device, receiving a response OTP from the user device, and calculating an expected response OTP by applying a function to the seed OTP. The system may then compare the response OTP to the expected response OTP and send a result in response to comparing the response OTP to the expected response OTP.

Abstract: A system may generate a seed one-time password (OTP). The system may also perform steps including transmitting the seed OTP to a user device, receiving a response OTP from the user device, and calculating an expected response OTP by applying a function to the seed OTP. The system may then compare the response OTP to the expected response OTP and send a result in response to comparing the response OTP to the expected response OTP.

Abstract: A system may generate a seed one-time password (OTP). The system may also perform steps including transmitting the seed OTP to a user device, receiving a response OTP from the user device, and calculating an expected response OTP by applying a function to the seed OTP. The system may then compare the response OTP to the expected response OTP and send a result in response to comparing the response OTP to the expected response OTP.

Abstract: A system receives a source and a metadata layer that describes the source. The source may comprise source records with fields containing source data, and the metadata layer may include metadata comprising at least one of a field data type, a field data length, a field description, or a record length. The processor may further validate the metadata layer against the source and write results to a log. The processor may further be configured for transforming the source records into transformed records for a load ready file. The processor may further balance a number of records in the source against a number of transformed records in the load ready file to generate a transformation failure rate.

Abstract: In one embodiment a computer system, comprises a processor, a trusted platform module comprising at least one platform configuration register, a basic input/output system, and logic to unseal at least one current key in the trusted platform module, initiate an update to the basic input/output system, obtain, with the update, at least a component of one expected value for a platform configuration register in the trusted platform module, seal at least one key using the at least one expected value for a platform configuration register, and install the basic input/output system update.

Abstract: One or more embodiments of a method and apparatus taught herein facilitate communication between a finder of a misplaced wireless terminal and an authorized user of the wireless terminal. At least one menu option is presented to the finder for contacting the authorized user via a wireless communication network with which the wireless terminal is associated. The at least one menu option is accessible from a lock screen of the wireless terminal without entry of the passcode. Responsive to the finder selecting one of the at least one menu options, a communication is initiated between the finder and the authorized user via the wireless communication network. According to another method, responsive to receiving a message indicating that a wireless terminal has been misplaced, communication functionality of the terminal is disabled and a message is presented on the wireless terminal that provides information for returning the terminal to an authorized user.

Abstract: In one embodiment a computer system comprises a processor and a memory module coupled to the processor and comprising logic instructions stored in a computer readable medium. The logic instructions, when executed, configure the processor to initiate, in a client computing device, a service request, in response to the service request, initiate a request for a location attestation certificate, and complete the client service request when the location attestation certificate is granted.

Abstract: A secure content receiver includes a processing unit operable to request a data file from a remote device, to provide a first encryption key to the remote device, and to receive the requested data file and a key object from the remote device. The received data file is encrypted using the first encryption key. The key object imposes restrictions on the decryption of the data file. The receiver further includes a first security module that is coupled to the processing unit and that is operable to decrypt the data file according to the restrictions imposed by the key object.

Abstract: In one embodiment an authentication server comprises one or more processors, and a memory module communicatively connected to the one or more processors. The memory module and comprises logic instructions which, when executed on the one or more processors configure the one or more processors to regulate access to a service in a communication network by performing operations, comprising receiving, in the authentication server, a first authentication token request for an authentication token, wherein the first authentication token request uniquely identifies a client computing device and a unique service, processing, in the authentication server, the first authentication token request, and transmitting an authentication token from the authentication token server to the client computing device when the first authentication token request is approved by the authentication server.

Abstract: In one embodiment a computer system, comprises a processor, a trusted platform module comprising at least one platform configuration register, a basic input/output system, and logic to unseal at least one current key in the trusted platform module, initiate an update to the basic input/output system, obtain, with the update, at least a component of one expected value for a platform configuration register in the trusted platform module, seal at least one key using the at least one expected value for a platform configuration register, and install the basic input/output system update.

Abstract: A method and apparatus is provided of protecting sensitive data input via an input device of a processing platform from a data logger, the sensitive data being user account data intended for a remote application. To protect the sensitive data, the data is used as a password in a secure, password-authenticated key agreement protocol executed between a security entity and the remote application, the security entity being installed in the input device or in secure communication therewith. In one preferred embodiment the input device is a keyboard and the security entity is a unit installed in the keyboard and selectively operable in a pass-through mode and a security mode.

Abstract: In one embodiment a computer system comprises a processor and a memory module coupled to the processor and comprising logic instructions stored in a computer readable medium. The logic instructions, when executed, configure the processor to initiate, in a client computing device, a service request, in response to the service request, initiate a request for a location attestation certificate, and complete the client service request when the location attestation certificate is granted.

Abstract: A system and methods provides secure end-to-end printing in networked computing environments, such as a corporate office environment employing a number of shared printers. The described system and methods are applicable in various scenarios to provide an enhanced solution for secure printing.

Abstract: Method for identifying information for a fixed location. An initial signal is wirelessly transmitted from a mobile unit locally to a receiver at the fixed location. The receiver receives the initial signal and automatically wirelessly transmits a return signal locally to the mobile unit indicating the information for the fixed location. The return signal is received by the mobile unit and processed to extract the identifying information.

Abstract: A computer device driver comprises a computer operating system including a structure configured to communicate with a device driver interface using a predefined protocol, and a device including a memory storing an embedded driver with device information. In one aspect, the memory is configured to store physical information and functional information regarding the device. In another aspect, the operating system is configured to import at least a portion of the device information and build a device driver. In another aspect, the memory is configured to store a driver for each of a plurality of operating systems. Advantages of the invention include flexible device driver implementation and deployment across a wide range of computing operating systems and environments.