Abstract: A transaction terminal is configured with an application that is configured to present a user interface for out-of-band communication with a transaction handler during the processing of a payment transaction. The transaction handler is configured invoke the application in the transaction terminal via transmitting a predetermined code in an authorization response message.

Abstract: The present invention relates to a system and method for enabling customer self-checkout using a portable device. The system allows the customer to walk in to a retail store, check out items at the store, pay for the goods and present a proof of payment at the store exit. Thus the invention asserts the possibility of having unmanned stores and benefits the stores and the customers alike. The store benefits by not having to invest in separate space, terminal and employees for check out process, while the customers benefits by not having to wait in queue to check out their goods and pay for the same.

Abstract: A method for configuring a mobile communication device to perform transactions using a second communication channel that is different from a first communication channel through which the mobile communication device sends voice data. The method includes attaching a secure element to the mobile communication device. The secure element includes a memory storing an application, a processor configured to execute the application stored in the memory; and a wireless transceiver configured to send transaction data associated with the executed application through the second communication channel to a terminal that is remote from the mobile communication device.

Abstract: Techniques for authorizing fuel purchases based on vehicle available fuel tank capacity. The authorization may be performed on a transaction basis, such that each fueling event may be independently authorized. A current fuel tank capacity for the vehicle is obtained, and transmitted to an authorization entity. An authorization is obtained for dispensing a quantity of fuel that does not exceed the current fuel tank capacity.

Abstract: A method for transmitting data between a mobile communication device and a server. The method includes running a mobile application on the mobile communication device. The mobile application is hosted on the mobile communication device through the server as a Software as a Service (SaaS). The method further includes transmitting data associated with the mobile application between the mobile communication device and the server, in which transmission of the data between the mobile communication device and the server is monitored through the server.

Abstract: A method for transmitting data between a mobile communication device and a server. The method includes running a mobile application on the mobile communication device. The mobile application is hosted on the mobile communication device through the server as a Software as a Service (SaaS). The method further includes transmitting data associated with the mobile application between the mobile communication device and the server, in which transmission of the data between the mobile communication device and the server is monitored through the server.

Abstract: A method for configuring a mobile communication device to perform transactions using a second communication channel that is different from a first communication channel through which the mobile communication device sends voice data. The method includes attaching a secure element to the mobile communication device. The secure element includes a memory storing an application, a processor configured to execute the application stored in the memory; and a wireless transceiver configured to send transaction data associated with the executed application through the second communication channel to a terminal that is remote from the mobile communication device.

Abstract: The mobile commerce authentication and authorization system allows a user of a currently existing mobile wireless communications instrument to conduct financial transactions, including purchases, across a wireless communications system using location data to authorize and authenticate the user and the transaction. The location of the mobile wireless communications instrument and the location of a vendor point-of-sale device are matched with a payment sum. Authentication of the mobile wireless communications instrument user is achieved at least by application of the position and/or location determinable features of the mobile wireless communications instrument, the position and/or location of a point-of-sale device of a vendor or merchant where the instrument user seeks to purchase goods or services, and the payment sum entered on the point-of-sale device.

Abstract: Virtual account based digital cash protocols use a combination of blind digital signatures and pseudonym authentication with at least two pairs of public and private keys. A user is provided with one master pair of private and public keys and as many pseudonym pairs of private and public keys as desired. The resulting virtual account based hybrid protocols combine the advantages of blind digital signature and pseudonym authentication. Blind digital signatures based on the master pair of keys are used to withdraw digital cash from the user's bank account under the user's real identity. A pseudonym pair of keys is used for converting digital cash into virtual account based digital cash by a digital cash issuer. All pseudonyms can be used for spending the virtual account based digital cash.

Abstract: A method and system of authenticating a person is disclosed. The authentication may include verifying authenticity of the person when interacting with a point of sale system or other authenticating requesting device according to whether biometric information collected proximate in time to the authentication request sufficiently correlates with biometric information previously collected from trust sources.

Abstract: Disclosed herein are systems and method for facilitating transactions between a merchant-partner and an end-user (e.g., a customer of the merchant-partner). More specifically, presented herein are systems and methods for settling a transaction between a point-of-sale terminal and a merchant-partner, wherein the point-of-sale terminal receives presentment of a payment for the merchant-partner from an end-user.

Abstract: The system employs the use of biometric authentication, a fraud control gateway and widget, and a point of sale sensor to restrict the use of credit cards or other financial tokens to authenticated actual owners of the card or token. The card or token holder will have biometric information entered into a database during an initiation or enrollment process, and subsequent uses of the card may be authenticated by comparing the biometric information of the attempted user to biometric information stored in the system. The biometric component is used for voice authentication. As part of a multi-factor security schema, the biometric authentication is combined with a series of point of sale and fraud control methods to ensure a comprehensive security umbrella for financial transactions. Both financial institution limits to transactions and consumer-preferred limits to transactions are employed.

Abstract: Disclosed are methods, systems, and computer program products for identifying sensitive data from a user-entered input sequence based on user-defined criteria. According to one method, user-defined criteria for identifying sensitive data within user-entered input sequences that include sensitive data and padding data are received. A request for sensitive data from a requesting agent is presented. A user-entered input sequence that includes sensitive data and padding data is received in response to the request for sensitive data. Sensitive data is identified within the user-entered input sequence using the user-defined criteria. The identified sensitive data is provided to the requesting agent in response to the request for sensitive data.

Abstract: Methods, systems, and machine-readable media are disclosed for handling information related to a transaction conducted with a presentation instrument at a POS device. Extended application IDs and dynamic cryptograms are use for the transaction. According to one embodiment, a method of processing a financial transaction for an account having a primary account number (PAN) can comprise detecting initiation of the transaction with the presentation instrument, and providing from the presentation instrument to the POS device a list of one or more applications IDs. Each application ID identifies an application that can be used to communicate data concerning the transaction between the presentation instrument and the POS device. The POS device selects one of the application IDs and returns it to the presentation instrument. Under the control of the selected application, the presentation instrument generates a Dynamic Transaction Cryptogram (DTC) and a dynamic PAN that are each valid for only a single transaction.

Abstract: A method and system for managing and controlling a store are disclosed. In a store controlling system comprising a digital signage display configured to communicate with a user or a user terminal and to provide a user interface, and a managing system configured to communicate with the digital signage display, so as to manage and control the store, the method for controlling a store includes the steps of authenticating the user or the user terminal, receiving information on a purchase list, outputting product information based upon the received purchase list information, receiving a selection input for purchasing at least one product, generating payment information based upon a basic unit price and a quantity of the at least one product being selected for purchase, and outputting the generated payment information, and processing payment, and controlling a release of the at least one purchased product, when the payment process is completed.

Abstract: Payment systems are provided that utilize a portable device, and in particular, payment systems that utilize a first portable device that belongs to a seller and a second portable device that belongs to a buyer, but do not utilize a point of sale (POS) device.

Abstract: A system is provided for managing asset access. The system includes a processor, a user manager interface, an asset manager interface, and an access tool. The access tool, when executed by the processor, compiles a user list of user access to restricted assets, provides the user list to the user manager interface, and receives a modified user list of user access to the restricted assets from the user manager interface. The access tool also compiles an asset list of user access to the restricted assets, provides the asset list to the asset manager interface, and receives a modified asset list of user access to the restricted assets from the asset manager interface. Additionally, the access tool modifies the user access to at least one of the restricted assets based on at least one of the modified user list and the modified asset list.

Abstract: In one aspect, a method to integrate different profiles to form a process includes providing to a user a list of actors by profile using a graphical user interface (GUI) of a computer system. An actor includes one of a system or an application stored on a machine-readable medium. The method also includes providing to a user through the GUI a list of transactions by profile performed by the actors, receiving from a user a selection of actors from different profiles to group made by the user using the GUI, receiving from a user definitions of the transactions provided by the user using the GUI, grouping the selection of actors based on at least precedence rules and rendering to the user an integrated profiles graph representing the grouping of the actors from different profiles.

Abstract: An access control device can be communicationally coupled to a storage device and can control access thereto. The access control device can comprise information, such as identities of authorized entities, to enable the access control device to independently determine whether to provide access to an associated storage device. Alternatively, the access control device can comprise information to establish a secure connection to an authorization computing device and the access control device can implement the decisions of the authorization computing device. The access control device can control access by instructing a storage device to execute specific firmware instructions to prevent meaningful responses to data storage related requests. The access control device can also comprise storage-related cryptographic information utilized by the storage device to encrypt and decrypt data.

Abstract: Online fraud prevention including receiving a rules set to detect fraud, mapping the rules set to a data set, mapping success data to members of the rules set, filtering the members of the rules set, and ordering members of the data set by giving priority to those members of the data set with a greater probability for being fraudulent based upon the success data of each member of the rule set in detecting fraud. Further, a receiver coupled to an application server to receive a rules set to detect fraud, and a server coupled to the application server, to map the rules set to a data set, and to map the success data to each members of the rules set. The server is used to order the various members of the data set by giving priority to those members of the data set with a greatest probability for being fraudulent.

Abstract: A software-based security agent that hooks into the operating system of a computer device in order to continuously audit the behavior and conduct of the end user of the computer device. The detected actions of the end user can be stored in a queue or log file that can be continuously monitored to detect patterns of behavior that may constitute a policy violation and/or security risk. When a pattern of behavior that may constitute a policy violation and/or security risk is detected, an event may be triggered. A frequency vector string matching algorithm also is disclosed. The frequency vector string matching algorithm may be used to detect the presence or partial presence of subject strings within a target string of alphanumeric characters. The frequency vector string matching algorithm could be used to detect typos in stored computer records or to search for records based on partial information.

Abstract: Exemplary embodiments include a payment terminal, with corresponding methods, and computer-readable media, which includes a first interface and a second interface. The first interface receives transaction information from an existing interface of a sales device without modification to the sales device. The first interface also transmits first authorization information to the existing interface without requiring modification to the sales device, thereby enabling the sales device to monitor and authorize a transaction associated with the sales device. The second interface transmits authorization request information associated with the transaction to a payment authorization system. The authorization request information represents the payment information. The second interface receives authorization response information associated with the transaction from the payment authorization system.

Abstract: The location of a mobile subscriber roaming outside a home network may be used to authorize a transaction initiated by the mobile subscriber or to authenticate the mobile subscriber when signing into secure accounts. The location of the mobile subscriber is determined by providing a unique mobile subscriber identifier, such as the MSISDN, to an application that communicates with the home network and the roaming network. By communicating with the roaming network, the application can determine the current location of the roaming mobile subscriber terminal with location resolution down to the specific cell in which the mobile subscriber terminal is located. The location of the mobile subscriber terminal may be saved locally in a database associated with an authorization entity, thereby advantageously reducing the number of location look-ups requested by the authorization entity.

Abstract: The present invention generally relates to cashless transactions. In particular, the present invention relates to methods (100) for conducting cashless transactions and systems (400, 500) for implementing said methods. In a first aspect there is provided a method (100) of processing a cashless transaction. The method includes, determining (102) a first identification from a first identification device (426); pre-authorising (104) the cashless transaction on the basis of first identification; determining (106) a second identification from a second identification device (420A); and in the event that the first identification and the second identification are associated, authorising (110) the cashless transaction.

Abstract: Systems, methods, and devices are disclosed which allow a mobile device user to complete financial transactions even when the mobile device is not connected to a wireless network. The systems, methods, and devices of the present disclosure may utilizing a combination of an encrypted lockbox containing out of network payment codes on the mobile device and a matching set of out of network payment codes stored on a server of a payment authority.

Abstract: Cash drawers that are operated by wireless devices are disclosed. In one embodiment, a cash drawer includes a network interface and a controller. The network interface enables the cash drawer to communicate with one or more wireless devices. The controller optionally controls access of the one or more wireless devices to the cash drawer based on a collection of biometric information. The collection of biometric information may be collected by the cash drawer, by the one or more wireless devices, or by an input device that is communicatively coupled to the one or more wireless devices. The collection of biometric information is illustratively used to verify an identity of a user.

Abstract: Aspects of the invention relate to a customer authentication system for authenticating a customer making a request related to a customer account. The customer authentication system may include multiple application level data receiving and processing mechanisms for receiving customer requests and collecting customer data. The customer authentication system may additionally include a central authentication system for receiving the customer requests and customer data from the multiple application level data receiving and processing mechanisms, the central authentication system determining, based on authentication policy, whether the collected customer data is sufficient to authenticate each customer in order to fulfill the customer request. The central authentication system may return its conclusions and instructions to the multiple application level data receiving and processing mechanisms.

Abstract: Disclosed are systems and methods for establishing a personal identification number (PIN). The systems and methods provide techniques to begin a remote session with a customer, prompt the customer to select a PIN to associate with a financial account card during the remote session, and receive the PIN from the customer during the remote session.

Abstract: Upon applying a DRM protection process to an image which is generated by an image processing apparatus, which doesn't have any communication means that allows direct communications with a PC, without any alteration, encryption of the image in the apparatus and that of the image in the PC as an internal process of the DRM are required, resulting in poor efficiency. The apparatus executes a part of the DRM protection process for the image, and outputs the encrypted image. The PC receives the image which has undergone the part of the DRM protection process, executes the remaining part of the DRM protection process, and outputs the image which has undergone the DRM protection process. In this case, the PC transmits use condition of the input image to a license server, receives signed use condition from the server, and combines the signed use condition with the input encrypted image.

Abstract: A method for product life cycle maintenance involves receiving warranty information associated with a first product from a first vendor of a multitude of vendors and receiving warranty information associated with a second product purchased by the customer from a second vendor of the multitude of vendors. The method also involves storing, by a computer processor, the warranty information associated with the first product to a customer account associated with the customer and a first vendor account associated with the first vendor, storing, by a computer processor, the warranty information associated with the second product to the customer account and a second vendor account associated with the second vendor, receiving a request to access warranty information, and providing warranty information pursuant to the request.

Abstract: An authorization system and computer program for provision and process of a personal identification number (PIN) via a short-message-service (SMS) text message to a mobile communication device. The authorization system and computer program receive a communication from the user indicating a one-time-authorization mode. The authorization system and computer program retrieve information from a point-of-sales location and process a unique identifier for the mobile communication device. A text message is sent to the identified mobile device. The message communicates a one-time-use PIN with required PIN return via the point-of-sales system. The confirmation is processed, which authorization only occurring after confirmation. The PIN response period is voided after a short time, further improving security of the transaction.

Abstract: A method of effecting a sale over a computer network in which it is determined whether a user passes fraud control before effecting a sale over a computer network. Information associated with a method of payment, such as credit card information, debit card information, checking account information, a telephone service account, a cable television account, a utility service account, or an Internet service provider account, is requested from the user after the user passes the fraud control. Information associated with the method of payment is received from the user in real time. Method-of-payment information is communicated to a payment authorization database, which can be located locally or remotely. The method-of-payment information includes the received information associated with the method of payment. Payment authorization information associated with the method of payment is received from the payment authorization database.

Abstract: An intermediate network device includes a local caching module that caches user information from a remote server before a local user requests the information. In particular, the local caching module securely obtains and caches one-time passwords for a local user. The local caching device maintains separate sets of one-time passwords for each user. The local caching module may access the locally cached one-time passwords to authenticate a local user to a resource protected by a one-time password.

Abstract: A method of authorizing a commercial transaction between a customer and a provider of goods or services over a network, wherein the provider of goods or services requests that the customer provide authentication by activating a fingerprint identification device, and the provider of goods or services receives at least an authentication code of the customer over the network from the fingerprint identification device, the method comprising the steps of: providing the customer with the fingerprint identification device which produces the authentication code when a fingerprint of the customer matches a stored fingerprint within the fingerprint identification device; receiving at least the authentication code from the provider of goods or services over the network; and authorizing the transaction if at least the authentication code is valid.

Abstract: Payment systems currently in vogue (credit/debit cards) use a form of identity applicable only to a specific payment network (card number). This prevents the aggregation of one's payment options, and exposes the sensitive account information to the relatively insecure parts (merchant locations) of the transaction chain. This invention introduces an alternative platform for payments by aggregating the different identities under one. It proposes to use one's cellphone number as that identity. A set of configurable rules defined by the user let him/her choose the appropriate method of payment at the point of sale. The invention is a set of software and hardware components that work together to create a secure, robust and easy-to-use payment system. It also allows for fraud detection at the time it is being committed. The advantage of this system is that it lets the users pay for their purchases only using their mobile phone.

Abstract: Currency handling apparatus comprising: accommodating unit for accommodating various kinds of currencies; a currency discharge opening; a transfer unit for transferring the currencies from the accommodating units to the currency discharge opening; a control unit for controlling the transfer unit to transfer the currencies from the accommodating units to the currency discharge opening thereby to discharge the currencies; and a storage unit for storing various kinds of discharge patterns indicating the numbers of currencies of individual kinds. The control unit is constituted to specify at least one of the discharge patterns in response to the instruction of a user and to discharge the currencies in accordance with the specified discharge pattern. As a result, the user can discharge the desired numbers of currencies of individual kinds merely by performing the simple designating operations.

Abstract: A restaurant information system includes a point-of-sale (POS) device constructed and arranged for identifying a customer at a restaurant, an amount owed for food or other items purchased at the restaurant, a financial services provider, and a restaurant customer service of which the customer is a member. A network server is associated with the restaurant customer service, and is configured to access a personal customer file created by the customer. The POS device is configured to prompt and receive a customer entry including a review or other comments concerning the restaurant, and to address the customer entry to the network server for writing in the customer's personal file. The network server may also be configured to compile a searchable database reflecting customer entries made in a number of different customer files.

Abstract: A system and method for the secure storage of data in a network. Data stored on a primary server connected to the network is initially encrypted. The IP address of the primary server is sent to a second server, via the network, and a communication is received from the second server indicating pending instructions. If the instructions indicate that theft of the primary server has occurred, then the data stored on the primary server is re-encrypted and the IP address of the primary server is sent to the second server. If attempted unauthorized access of the primary server is determined, and a predetermined number of consecutive unauthorized attempts to access the primary server are made, then the data stored on the primary server is erased.

Abstract: In some implementations, a cradle for a mobile device includes an electrical interface, an antenna, and a reader module. The electrical interface is configured to connect to a port of mobile devices. The mobile device is configured to wireless communicate with a cellular network. The antenna is configured to wirelessly communicate signals with customer devices. The reader module is connected to the antenna and configured to operate as a wireless reader, using the antenna, to the customer devices and authorize transactions using the mobile device to connect to the cellular network.

Abstract: A mobile payment method and system are described that facilitate efficient and secured payment transactions from an electronic wallet on a user mobile electronic device with a merchant point of sale terminal over a contactless communications link. In one aspect, the system provides for a plurality of passcode entry related states on the mobile electronic device. The mobile device transmits a transaction request message including a multi-faceted value identifying a passcode entry related state to a payment processing server. The payment processing server processes the transaction request and when the transaction request is declined for a passcode related reason, a transaction decline response is provided identifying the passcode related reason for decline.

Abstract: Instead of a PIN which is associated with an account and provides access to an account, a dynamically generated card identifier (dynamic CID) is used to verify that the consumer currently possesses the transaction card at the time of purchase and/or is the true card owner. At the time of purchase, a token generates a dynamic CID, which changes with each transaction. A consumer enters the dynamic CID into a pre-existing CID field in an electronic order form. The merchant then sends the dynamic CID to a card authorization system within an authorization request. The card authorization system issues a response to a merchant system via a pre-existing authorization message indicating that the transaction card and dynamic CID have been validated, thereby adjusting the fraud risk associated with the transaction.

Abstract: A system and method for providing roaming access on a network are disclosed. The network includes a plurality of wireless and/or wired access points. A user may access the network by using client software on a client computer (e.g., a portable computing device) to initiate an access procedure. In response, a network management device operated by a network provider may return an activation response message to the client. The client may send the user's username and password to the network provider. The network provider may rely on a roaming partner, another network provider with whom the user subscribes for internet access, for authentication of the user. Industry-standard methods such as RADIUS, CHAP, or EAP may be used for authentication. The providers may exchange pricing and service information and account information for the authentication session. A customer may select a pricing and service option from a list of available options.

Abstract: A method is disclosed. The method includes generating a verification value in response to a transaction involving a portable consumer device, where the verification value is generated using a first dynamic data element and a second dynamic data element. The verification value is sent to a service provider associated with the portable consumer device so that the service provider can verify the transaction.

Abstract: A method of effecting a sale over a computer network in which it is determined whether a user passes fraud control before effecting a sale over a computer network. Information associated with a method of payment, such as credit card information, debit card information, checking account information, a telephone service account, a cable television account, a utility service account, or an Internet service provider account, is requested from the user after the user passes the fraud control. Information associated with the method of payment is received from the user in real time. Method-of-payment information is communicated to a payment authorization database, which can be located locally or remotely. The method-of-payment information includes the received information associated with the method of payment. Payment authorization information associated with the method of payment is received from the payment authorization database.

Abstract: A message, including ordering-data receiving process of receiving ordering data including price information representing a price of a target product to be purchased and personal information including ID information which has previously been given to at least one purchaser for sales, via a network a payment determination process of determining whether to pay the price of the target product to a seller, based on the price information included in the received ordering data and purchaser ID Information included in the received personal information a settlement-permission information sending process of sending, in a case where it is determined at said determining step to pay the price of the target product for the at least one purchaser, settlement permission information representing that it is determined to pay the price for the purchaser to the seller through a network, while the ID information is secret from the seller.

Abstract: A system and a method of electronic transactions are disclosed. The system and method allow a consumer mobile device to capture the identification of a point-of-sale device and to initialize a transaction from the consumer mobile device to a master host platform. The point-of-sale device captures purchase items following a typical tender process and provides the master host platform with detailed purchase information. The master host platform instantiates a transaction merger to combine the identification information and the detailed purchase information. The transaction merger links the specific consumer to the specific transaction at the specific point-of-sale device. Then, the master host platform sends an authorization request to a payment processing host. The master host platform provides a connection between clients: the consumer mobile device and the point-of-sale device, and establishes a common interface between the clients and the payment processing host.

Abstract: Upon applying a DRM protection process to an image which is generated by an image processing apparatus, which doesn't have any communication means that allows direct communications with a PC, without any alteration, encryption of the image in the apparatus and that of the image in the PC as an internal process of the DRM are required, resulting in poor efficiency. The apparatus executes a part of the DRM protection process for the image, and outputs the encrypted image. The PC receives the image which has undergone the part of the DRM protection process, executes the remaining part of the DRM protection process, and outputs the image which has undergone the DRM protection process. In this case, the PC transmits use condition of the input image to a license server, receives signed use condition from the server, and combines the signed use condition with the input encrypted image.

Abstract: The present invention provides a method for customizing customer identifier. To resolve the problems in customizing the identifier in the electronic device by the manufacturer for its customers, such as high management cost, stock, and possibility of error, as well as the security problem in customizing the identifier by the customer itself, and the problem of counterfeiting by others, the method provided comprises generating an irreversible identifier from a seed data input by the customer using some one-way algorithm(s) and storing that identifier in the electronic device. For the manufacturer, both the management cost and the stock are reduced, and the error possibility of the product after leaving the factory as well. For the customer, the security of customizing the identifier is ensured, and its identifier cannot be counterfeited by other peers any more.

Abstract: Systems and methods are disclosed for verifying customer identifications. In one embodiment, the method comprises receiving, at a transaction gateway, a communication associated with a transaction initiated by a customer; determining the communication includes an identity verification request to verify encoded data obtained from an identification presented by the customer; routing the identity verification request to an identity verification service; receiving, from the identity verification service, a result including one or more identification values obtained from the encoded data; and transmitting the result to a requester associated with the communication.

Abstract: A prepayment system for supplying water or gas by means of a wireless intelligent card is described. The present invention also relates to a bidirectional meter specially designed to electronically record the consumption of water or gas.