Abstract: A method for providing naming and access control of data items in a data repository, the method comprising having a first client program deposit a data item in the data repository, the depositing including determining a digital fingerprint from the data item, and storing the data item in the data repository at a location or locations associated with the fingerprint, having the first client program specify an object name for an object that comprises a set of data items, storing in the repository an association between the name and the set of data items, and allowing the client program to retrieve a data item from the set of data items by specifying the object name and without providing the digital fingerprint of any data item or composite of data items.

Abstract: A flow control apparatus for controlling fluid flow in a petroleum reservoir. The flow control apparatus has a flow control mechanism, a controller operable to control the flow control mechanism to adjust fluid flow through the flow control mechanism, the controller comprising a processor operable to execute according to a control algorithm, and a non-volatile memory connected to the controller. The non-volatile memory includes instructions to cause the controller to execute an authentication mechanism operable to authenticate a control computer and to prevent operation of the controller until the authentication mechanism authenticates the control computer.

Abstract: A method, system and article of manufacture for providing a spy-resistant keyboard. The spy-resistant keyboard provides a user with additional protection against unauthorized observers while the user is interfacing with a system implementing the spy-resistant keyboard. The keyboard may include a number of tiles with a number of user-selectable characters randomly associated with each tile. A spy-resistant keyboard may also include a number of movable tiles with user-selectable characters. Before a user selects a user-selectable associated with one of the tiles, all the user-selectable characters in the tiles are at least blanked to avoid unauthorized viewing of a chosen tile.

Abstract: The system includes receiving, from a delegator, a designation of a role and a delegate to assume the role, receiving, from a credential service provider, an indication that the designation is valid, issuing a delegation credential in response to receiving the indication, and issuing a confirmation to the delegator, which indicates that the delegation credential was issued.

Abstract: Methods and systems for preventing fraud by a customer at a fuel dispenser within a retail fueling environment are disclosed. According to one method, an authorization to access programming mode (AAPM) signal is received at the fuel dispenser from an authorization terminal coupled to the fuel dispenser. A request is received at the fuel dispenser to enter a programming mode of operation (PMO). The PMO is entered at the fuel dispenser to allow fuel dispenser settings of the fuel dispenser to be changed after receiving the AAPM signal and the request to enter the PMO.

Abstract: The present invention provides a method for managing a digital content stored in an electronic device (102). The electronic device is capable of storing and retrieving the digital content. The method includes storing (304) a plurality of user profiles at the electronic device. Each user profile of the plurality of user profiles includes pre-defined digital content preferences. Further, the method includes accessing (306) at least one user profile of the plurality of user profiles in response to a user identification parameter. Further, the method includes managing (308) the stored digital content for the at least one accessed user profile.

Abstract: A method is provided for personalizing security conditions for each customer using a self-service checkout terminal to conduct a transaction on the terminal. A trust level is assigned to each customer based on a selection of factors, which may include personal information provided by the customer, factors independent of the customer, such as information specific to the particular merchant, and the customer's history in using the checkout terminal or other facilities of the merchant. The manner in which the transaction progresses for the customer is determined as a function of the customer's trust level. In one example, the weight tolerance applied to products weighed by the customer may be widened or narrowed in relation to the customer's trust level.

Abstract: A method and apparatus for the digital signing of a message to be signed, the message to be signed is transmitted via a communication network to a mobile radio telephone to be used as a signing unit. A message to be signed is transmitted from a transmitter to a receiver and then from the receiver to the mobile radio telephone via a telephone network. The mobile radio telephone user indicates that the message to be signed should be signed, and the mobile radio telephone generates a signed message. The signed message is then transmitted from the mobile radio telephone to the receiver and from the receiver to an addressee.

Abstract: The present invention comprises a program product, system and method for deposit processing using check images. In one embodiment of the present invention, the program product comprises machine-readable program code for causing, when executed, a machine to perform the following steps: at least one check processor receiving deposit information for a plurality of different deposit transactions, with the deposit information including original check image data and endorsed and voided check image data for at least one check to be deposited; selecting a print processor that has access to at least one printer based on at least one criterion; sending the electronic check data and check image data to the selected print processor; identifying a clearing end point; generating cash letter data for a maker bank; the print processor or the check processor transmitting the check image data and the cash letter data directly or indirectly to the selected end point and/or to at least one printer.

Abstract: A method (400) of selecting a financial account to be used to make a payment and a mobile station (105) that may implement the method. The method can include identifying at least one of a plurality of user profiles during a payment transaction at a point-of-sale terminal (110). The method also can include selecting from a plurality of available financial accounts at least one financial account that is associated with the identified user profile and making the payment using the selected financial account.

Abstract: The present invention discloses systems and methods for enabling cashless fueling transactions through the use of vehicle-based decal sticker RFID tags. The tags store a unique customer identification number as well as other frequent purchase information. When read by a reader installed at the fuel dispenser, the tag information is sent to the network host via the Point of Sale (“POS”) system, where it is linked to a customer's account for transaction processing and subsequent activation of the fuel dispenser. Several tags may be read by a single interface unit, avoiding the need to connect a tag reader to each fuel dispenser.

Abstract: Methods and systems for detecting tampering of a remote display. According to one method, a first data integrity result is generated by performing a first data integrity operation on display data to be displayed on the remote display at a secure module. The display data is transmitted from the secure module to the remote display security module. The remote display security module receives the display data. A second data integrity result is generated by performing the first data integrity operation on the display data received at the remote display security module. A determination is made as to whether the remote display has been tampered with at the secure module if the first data integrity result does not match the second data integrity result.

Abstract: The present invention provides a system, hardware and method for mobile payment via a low-cost simple POS station and a mobile device. A general objective of the invention is to process payment authorization via the mobile consumer's own mobile device and mobile network, instead of the POS network's backbone.

Abstract: A portable telephone including a transmission and reception unit, a control unit, a speaker, a display unit, a code reader unit, an operation input section, a microphone and a storage unit. The storage unit includes a telephone number memory, a password-data memory, and a personal-attribute memory. A buyer scans a code, in which product information is encoded, using the code reader unit, and enters password data via the operation input section. The control unit performs a comparison of the entered password data and password data previously stored in the password-data memory. After the comparison, the transmission and reception unit transmits via an antenna the product information, the telephone number stored in the telephone number memory, and personal-attribute data stored in the personal-attribute memory to a mobile telephone company. The transmitted information is used in settlement of the sales amount.

Abstract: This invention concerns a validation protocol for determining whether an untrusted authentication chip is valid, or not. The protocol may be used to determine the physical presence of a valid authentication chip and from that determine whether a consumable containing the chip is valid. In another aspect the invention also concerns a system for validating the chip. A random number is generated and encrypted with an asymmetric encryption function. It is then passed to an untrusted authentication chip where it is decrypted. The decrypted random number is then compared with the original random number, and in the event of a match the untrusted chip is considered to be valid.

Abstract: A sales processing method for storing an order received from a customer in a storage as a pending order, recalling the pending order from the storage to display the pending order when payment is made, and executing checkout processing to book the pending order as sales data, includes: when the pending order is stored, storing information identifying a person-in-charge associated with the pending order in the storage in association with the pending order; and, when an instruction to execute processing of the pending order stored in the pending data storage is issued, determining whether or not an operator who has issued the instruction to execute the processing matches the person-in-charge associated with the pending order and, if the operator matches the person-in-charge, enabling execution of the processing.

Abstract: A customer self-checkout system includes one or more checkout stations and multiple supervisor terminals. The supervisor terminals provide support to, and control over, the self-checkout system and checkout stations. The supervisory terminals may be wireless terminals that can capture self-checkout customer identification information including signatures, fingerprints, images, and other forms of identification.

Abstract: A method is provided for reducing a number of keys that a user is required to depress on a device having a keyboard with a limited number of keys when the user enters a password. The method comprising the following steps. A subset of characters used to define the password is determined. A filter to apply to the keyboard is determined in accordance with the determined subset of characters. The filter is applied when the user depresses the keys. Devices and computer readable medium for implementing the method are also provided.

Abstract: A method is provided for authenticating an action between a control point and a user. A token which performs authentication is presented to the control point. The control point may be authenticated by using the token. The token may include a communication portion that obtains information regarding the control point and that communicates with a token issuer to authenticate the control point based on the information. A user interface portion may be coupled to the communication portion to indicate a result of the authentication to a user.

Abstract: A system and method for securing a Radio Frequency (RF) transaction using a Radio Frequency Identification (RFID) transaction device are provided. A random number is transmitted from an RFID reader to an RFID transaction device, an RFID transaction device authentication tag is created in the RFID transaction device, using at least the random number, a routing number associated with a transaction account, and a stored counter value. The RFID transaction device authentication tag is transmitted to the RFID reader, the stored counter value in the RFID transaction device is incremented, and a transaction request for verification, which comprises the RFID transaction device authentication tag and the stored counter value, is transmitted and processed. Either the RFID transaction device authentication tag or the stored counter value, or both, are verified.

Abstract: A message, including ordering data regarding a price of a product that a purchaser wants to purchase and personal information including a credit card number of the purchaser, is given to a settlement agency computer from a purchaser computer used by the purchaser. The settlement agency computer determines whether to pay for the product for the purchaser, based on the ordering data and the personal information. In a case where it is determined to pay for the product for the purchaser, the settlement agency computer sends settlement permission information representing that payment can be made for the purchaser, to a seller computer used by a seller, while keeping the credit card number to be confidential. Hence, before delivering the product to the purchaser, the settlement is completed, and the credit card number of the purchaser is kept secret from the seller.

Abstract: An optical disc has a security feature in the form of an RFID tag that communicates with a voltage controlled optical modifier layer in the optical disc. In the presence of an interrogation signal, the RFID tag allows the optical disc to be used normally by outputting a voltage to the optical modifier layer. In the absence of an interrogation signal, the optical modifier layer prevents a laser from reading from or writing on the optical disc. Other embodiments are also disclosed.

Abstract: Demographic and transaction data are presented in a report usable for marketing-related purposes and other applications using a camera apparatus to capture customer image data at a point-of-sale location and sends the image data to a customer image database where the image data is stored. Demographic data (such as gender, age group, height) are extracted from the customer image data and sent to the customer image database. Point-of-sale transaction data is collected and sent to a transaction database where the transaction data is stored. A computer processes customer image data, transaction data, and attributes relating to the customer image data and transaction data, to correlate extracted demographic data to transaction data. The correlated data is preferably sent to a target marketing database and used to generate a market research report.

Abstract: The present invention provides a new and useful system and method for processing on-line degree and current enrollment verification inquiries. The system includes a requestor computer and an institutional computer each connected to a server computer via the Internet. The server computer is capable of processing and storing educational information/education records provided by the institutional computer, and receiving at least one inquiry from the requestor computer and providing educational information/education records in response to the inquiry. The system also includes a database for storing educational information/education records and a search engine module that searches for and retrieves educational information/education records from the database. Communication means are also included which allow the system to transfer data between the requestor computer and the institutional computer.

Abstract: A method for hardening an extensible firmware framework and system in which the framework is implemented. In accordance with the method, a resource access policy that defines rules to allow or disallow access to designated system resources, such as memory and I/O, is defined. During execution of firmware-based event handlers, event handler code may seek to access a designated system resource. In response thereto, access to the system resource may be determined based on a security status of a firmware-based event handler in consideration of any applicable rules defined by the resource access policy. For example, a resource access policy may allow only secure event handlers to access selected portions of memory, while preventing non-secure event handlers from accessing the same. In this manner, errant and malicious event handlers are prevented from damaging critical resources.

Abstract: A service managing system comprises: order terminals for enabling customers to view contents of service items and to order desired items, and being portable and driven by a battery; order-receiving terminals for receiving and indicating orders from the order terminals; an accounting unit for casting accounts in response to a customer's request and indicating a calculated result; and a control unit for processing data between the order terminals, order-receiving terminals and an accounting unit. In the system, data are transmitted and received using radio communications between the order terminals, order-receiving terminals, accounting unit and control unit. When an ordered item or service is ready, it is indicated on the order terminal via the order receiving terminal.

Abstract: A credit facility for controlling financial transactions is arranged with the ability of users to establish self-imposed limits on a category by category basis. The processing system provides messages and other information to the user, both on-demand and at the point of sale, based upon the category of the transaction and the limit set for that category. In one embodiment, both the user and, if desired, third parties, can obtain or be notified, of account balances on a category by category basis. Also, the main user can assign category limits, or prohibitions, on subusers of the same account. In one embodiment, information pertaining to a specific transaction is communicated to a third party.

Abstract: This invention concerns a validation protocol for determining whether an untrusted authentication chip is valid, or not. The protocol may be used to determine the physical presence of a valid authentication chip and from that determine whether a consumable containing the chip is valid. In another aspect the invention also concerns a system for validating the chip. The invention involves generating a random number in a trusted authentication chip, then applying a keyed one way function to the random number in both the trusted authentication chip and an untrusted authentication chip and comparing the outcomes. A match indicates that the untrusted chip is valid.

Abstract: This invention concerns a consumable authentication protocol for validating the existence of an untrusted authentication chip, as well as ensuring that the Authentication Chip lasts only as long as the consumable. In a further aspect it concerns a consumable authentication system for the protocol. In this invention we are concerned not only with validating that an authentication chip is present, but writes and reads of the authentication chip's memory space must be authenticated as well. A random number is encrypted using a first key and sent to an untrusted chip. In the untrusted chip it is decrypted using a secret key and re-encrytped together with a data message read from the untrusted chip. This is decrypted so that a comparison can be with the generated random number and the read data message.

Abstract: An integrated risk management tool includes a persistent object database to store information about actors (individuals and/or groups), physical surroundings, historical events and other information. The risk management tool also includes a decision support system that uses data objects from the database and advanced decision theory techniques, such as Bayesian Networks, to infer the relative risk of an undesirable event. As part of the relative risk calculation, the tool uses a simulation and gaming environment in which artificially intelligent actors interact with the environment to determine susceptibility to the undesired event. Preferred embodiments of the tool also include an open “plug-in” architecture that allows the tool to interface with existing consequence calculators. The tool also provides facilities for presenting data in a user-friendly manner as well as report generation facilities.

Abstract: A system that includes computer hardware, computer software, apparatus, and methodology that enables individuals, businesses, and all types of organizations (both for profit and non-profit) to capture and securely transmit check images (including, but not limited to, personal checks, business checks, travelers checks, money orders, merchant coupons, food coupons, line of credit checks, etc.), deposit information, and other information from capture sites that preprocess financial instruments and generate data from the original instruments, for the purpose of having those checks credited to the depositing individual's or organization's bank account(s) and having the check images (and/or physical checks) entered into the bank check clearing channels for ultimate delivery to the maker bank for payment out of the maker's account.

Abstract: A method is disclosed of transferring data to a first communications device having a first transceiver for communication at a first data rate over a long range, and a second transceiver for communication at a second, higher data rate over a short range. The method includes forming a co-ordinated short-range wireless network using the first communications device and at least one second communications device of a similar type. Communication is then initiated between the first communications device and said at least one second communications device to establish whether that second communications device has data required by the first communications device. The first communications device then communicates, upon the first communications device receiving confirmation that a second communications device has the required data, with a service provider using its first transceiver to request permission for the transfer of the required data from said communications device to the first communications device.

Abstract: A system and method for replenishing a wireless terminal account of a customer of a telecommunication service provider. In one embodiment the method includes transmitting through a point-of-sale device a merchant identification, a customer mobile identification number and an amount to the telecommunication service provider. The method also includes validating the merchant identification and crediting the customer account. The method may include delivering a merchant confirmation to the point-of-sale device and delivering a customer confirmation to the customer's wireless terminal.

Abstract: A transaction network contains a networked certificate authority, by which one or more virtual certificates may be remotely defined and stored, such as by an issuer user through a issuer web portal interface. An acquirer user, through an acquirer web portal interface, may acquire one or more virtual certificates, which contain a public key portion, as well as a corresponding private key, which is established at the time of acquisition, and is stored at the certificate authority. At a redemption location associated with an acquired certificate, the acquirer (or an alternate recipient of an acquired certificate to whom the acquirer has communicated the established private key), submits the certificate information, along with the established private key, to redeem the certificate.

Abstract: A method for providing a security code comprises providing an access location identification and security device information. A user provides access location information and access duration information to a code generator system. The access location information and access duration information is encrypted to provide an access code. The user provides a user token data to the code generator system, such that the access code is encrypted using the user token data to provide a security code. The security code is dispatched to the user.

Abstract: A system and method is described for controlling the password(s) of one or more programs through a universal program. The universal control program allows access to one or more other programs and allows editing of the passwords of the other programs directly through the universal access program.

Abstract: A system that includes computer hardware, computer software, apparatus, and methodology that enables individuals, businesses, and all types of organizations (both for profit and non-profit) to capture and securely transmit check images (including, but not limited to, personal checks, business checks, travelers checks, money orders, merchant coupons, food coupons, line of credit checks, etc.), deposit information, and other information from remote locations (i.e., locations that could include the financial institution's remote locations, other financial institution's locations, businesses, private residences, etc.), for the purpose of having those checks credited to the depositing individual's or organization's bank account(s) and having the check images (and/or physical checks) entered into the bank check clearing channels for ultimate delivery to the maker bank for payment out of the maker's account.

Abstract: A system for preventative maintenance of a ride or an attraction component at a venue. A validator establishes the identity of the ride or attraction component and a controller monitors the use of the ride or attraction component. The controller also manages the ride or attraction component's availability for patron usage and transmits this information to a system control panel. A blocking device controlled by the panel prevents patron usage of a ride or attraction component that is in non-compliance with pre-established operating standards.

Abstract: A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.

Abstract: A two-part payment token is used during a transaction whereby a buyer obtains goods/services from a seller. The token, which does not identify the buyer, is given to a trusted third party (TTP) by the buyer. The TTP releases a first part of the token to the seller who then releases the goods/services to the buyer. Upon confirming receipt of the goods/services by the buyer, the TTP releases the second part of the payment token to the seller, who may then present both parts of the token to the buyer's bank to obtain payment.

Abstract: Parking meters detect presence of vehicles in monitored parking spaces and obtain images of license plates. A parking enforcement system communicates with the parking meters and manages use of parking spaces.

Abstract: A service station for the sale and dispensing of fuel into customers' vehicles and a method of optionally delivering a transaction accounting thereof to the customer, wherein the receipt station is located separately from the fuel dispensers. Costs to manufacture and maintain a plurality of fuel dispensers are reduced by migrating this function to a single station. Upon fueling, an indicia is associated with each transaction, and this indicia is input at the receipt station to retrieve the associated transaction data. In the preferred embodiment, the indicia is sensed automatically by the receipt station via a transponder mounted on the customer's vehicle or carried by the customer.

Abstract: A scanner section of a reader/scanner device that scans and stores biometric data of an individual with a biometric scanner section. A reader section reads and stores machine readable code data with a code reading section. The machine readable code can be associated with a handheld device held by the individual having their biometric data scanned. The reader/scanner device then decodes the code data and stores decoded data. The biometric data is extracted, either within the reader/scanner device or remotely after being transmitted to a remote device. The extracted biometric data is compared to the decoded data, either within the reader/scanner device or remotely after the decoded data is transmitted to a remote device, to determine if the individual is the person listed on the handheld device. If not, the biometric data can be used to determine their identity if they are in a main database.

Abstract: A method for protecting digital images distributed over a network, including the steps of receiving a request from a client computer running a network browser, for an original layout page containing references to digital images therein, parsing the original layout page for the references to digital images, generating a modified layout page from the original layout page by replacing at least one of the references to digital images in the original layout page with references to substitute data, and sending the modified layout page to the client computer. A system is also described and claimed.

Abstract: A transportable recording medium includes an area for storing encrypted cookie information. The same cookie information is thus easy to use in different terminals and the cookie information becomes unique to respective users instead of respective terminals. A Web site reads the encrypted cookie information, decrypts the encrypted cookie information using a secret key stored in the Web site, customizes a requested service according to the decrypted cookie information, and provides the customized service to a terminal. If the Web site stores non-encrypted user information, the recording medium stores a media identification. The Web site stores the user information so that the user information of the user assigned to the recording medium is searched for according to the media identification. The Web site reads the media identification from the recording medium, searches for user information corresponding to the media identification, and customizes a requested service according to the user information.

Abstract: A method and system provide for the control of resource allocation within a build-to-order manufacturing environment. One example embodiment of a method according to the present disclosure includes an operation for monitoring a work-in-process (WIP) profile that represents dynamic attributes of an area in a manufacturing facility. A user interface in a control center for the manufacturing facility may be automatically updated to depict one or more of the dynamic attributes in substantially real time, based on one or more of the WIP profiles. After the user interface is updated, user input that specifies a desired reallocation of resources for the manufacturing facility may be received. The user input may trigger communications with one or more areas in the manufacturing facility to implement the desired reallocation of resources. Alternative embodiments may include additional or alternative features, such as features for error detection and recovery.

Abstract: A system including at least one theft security system having at least one transceiver device, set up adjacent at least one passage, for detecting antitheft labels that pass the passage, characterized in that each theft security system and/or each transceiver device is preferably provided with an identification code with which each theft security system and/or each transceiver device is identifiable within the system, the system further having at least one control device, and the system further having a communication device, the communication device being adapted for real-time transmission of real-time information about detected antitheft labels from each theft security system and/or each transceiver device to the control device, the control device being adapted for real-time processing of the real-time received real-time information.

Abstract: A data security system comprises a host processor, and a plurality of remote computers. Each remote computer provides biometric authentication of a user prior to responding to the user request for data access. The remote computers are handheld when in operational mode. A sensor in the handheld computer captures a biometric image while the remote computer is being used. The biometric sensor is positioned in such a way that the sensor enables the capture of the biometric image continually during computer usage with each request for access to secure data. The biometric authentication occurs in a seamless manner and is incidental to the data request enabling user identity authentication with each request to access secure data.

Abstract: The present invention relates to determining the validity of a transaction of a data processing system such as the validity of a financial transaction carried out at an automatic teller machine (10) which has a magnetic card reader. In addition to the entry of a PIN, a user of the system is requested to enter personal information that has been nominated by the user and may consist of a date of birth and a telephone number. A keypad (16) allows the user to enter the PIN. The user is also requested to enter digits from the personal information to be checked against stored security data so that the level of security can be enhanced. A data processing unit of the system is programmed to cause further requests for digits from the personal information in the event that errors are made in the data entry.

Abstract: A dual-sided smart card reader, and method for operating the same, is disclosed. The dual-sided smart card reader permits the simultaneous insertion of at least two different smart cards from opposing sides. The dual-sided smart card reader may additionally include a biometric verification device, such as a fingerprint scanner, for comparing biometric information from an operator of the reader to biometric information stored on a smart card.