Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.

Abstract: According to an embodiment of the present invention, an automated computer implemented system and method for building system hierarchies comprising: an input configured to receive monitoring data from a plurality of devices associated with an entity, wherein the monitoring data for each device of the plurality of devices comprises a unique addressing scheme, the unique addressing scheme comprising a location identifier, a relationship identifier and an object identifier for each device; a processor configured to dynamically build a system hierarchy based on the addressing scheme for each device responsive to the monitoring data and a calculated data determined for each device; and an output configured to generate the system hierarchy on an user interface.

Abstract: Methods, apparatuses, and embodiments related to improving security of data that is stored at a data store distributed over a computer network. In an example, source data to be protected is partitioned into multiple files, and each file is obfuscated, such as by being encrypted, to created multiple obfuscated data files. Information as to how each obfuscated data file was obfuscated is stored in an associated trace file. The multiple obfuscated data files are moved around a computer network via a data movement process that includes sending each of the multiple obfuscated data files to a different randomly selected computer, where the computer further obfuscates the obfuscated data the trace file, and sends the further obfuscated data and trace file to a next randomly selected computer.

Abstract: Methods and systems may provide for generating a virtual transaction card based on a card value and one or more mobile usage constraints including a time bounded policy, wherein the virtual transaction card is invalid if the time bounded policy is not satisfied. Additionally, the virtual transaction card may be transmitted to a delegate mobile device. Other mobile usage constraints, such as location bounded policies and type of transaction policies may also be used.

Abstract: A user-interface for a game is separately serviced to game clients based on an identifier of a site providing a selection interface for the game. Multiple user interfaces for a game are stored. A resource server receives a request for a game that includes an identification of a web site issuing the request. The resource servers uses the identification to select a user interface module from the multiple user interface modules associated with the game. The selected user interface is assembled into the game and provided to a source of the request.

Abstract: A system and a method for processing value documents comprises a multiplicity of bank-note processing machines connected and arranged to communicate with each other via a communication network, and which respectively have stored therein configuration data defining the operating configuration of a respective bank-note processing machine. At least a first bank-note processing machine is logically associated with a first local access service module, and at least a second bank-note processing machine is logically associated with a second local access service module. The system comprises a central master access service module having configuration data stored therein and in communication via the communication network with the first local access service module and the second local access service module. A change of the configuration data stored in the central master access service module leads to the configuration of the first bank-note processing machine and of the second bank-note processing machine being changed.

Abstract: A caller identification apparatus, in order to make, with higher precision, a sharp distinction between a call from a fraud and a call from a person who is not a fraud, comprises a storage means and a voice characteristic analysis means. The storage means stores both a white list with which first voice characteristic information, which is the voice characteristic information of closely related persons of a call recipient, is registered and a black list with which second voice characteristic information, which is the voice characteristic information of frauds, is registered. The voice characteristic analysis means acquires the voice data of a call, obtains third voice characteristic information, which is the voice characteristic information of the voice data, and determines whether the third voice characteristic information matches the first voice characteristic information or the second voice characteristic information.

Abstract: A location verification provision is implemented to determine the location of a device associated with a user at the time of an attempted transaction. The attempted transaction includes receiving user identification and/or payment information, which is associated with the device in an entry stored in a database. Location information of the device, as well as a time at each location, may also be stored in the database. To verify that the device is located at the location of the transaction, a comparison operation may be performed. If the device is located where the transaction is being processed, the transaction may be completed. Predetermined criteria may be defined to account for possible inaccuracies in location and time calculations.

Abstract: A sharing user of a content management system can request to share a content item in his namespace. When such a request is made, the sharing user's client device broadcasts a notification that can be received by devices that are within a limited broadcast range of the sharing client device. A receiving user's client device that is within the limited broadcast range of the sharing client device receives the broadcasted notification. Based on the notification, the receiving client device obtains a token from the sharing client device that identifies the content item being shared by the sharing user. At the request of the receiving user, the receiving client device transmits the token to the content management system and requests that the content management system add the shared content item to the receiving user's namespace with the system. The receiving user can then access the item from his namespace.

Abstract: A method to learn and then pair with a pre-installed access control system of a vehicle is discussed. Communication is exchanged between the access control system and a backend cloud-based system. Required data of the access control system including its particular authentication code is extracted by a learning device. A vehicle matching data is sent to the backend cloud-based system and the vehicle is registered with the backend cloud-based system. The learning device is registered to the access control system in accordance with learning procedures implemented in the vehicle as remote entry key. The learning device is coupled to a Radio Frequency signal transmitter that has Application-Specific Integrated Circuits to generate stable RF signals at multiple frequency wavelengths.

Abstract: The present invention is directed towards a method for facilitating roaming tests for a club network. The method includes simulating a roamer's profile by a signaling gateway and associating with either a club network or a roaming partner network of the club network. The club network and the roaming partner network correspond to a Home Public Mobile Network (HPMN) and a Visited PMN, respectively, in case the roamer is an outbound roamer. In case the roamer is an inbound roamer, the club network corresponds to the VPMN and roaming partner network corresponds to the HPMN. The method further includes performing by the signaling gateway, one or more CAMEL capability tests on the roamer. The roaming subscriber is associated with either the club network or the roaming partner network.

Abstract: An in-store mobile payment system and method can facilitate the use of a user's mobile device to facilitate payment for products purchased at a store. The user can take a picture of a product being purchased or can take a picture of a bar code for the product. The picture can be taken with the user's mobile device and can be used to identify the product. A payment provider can provide a unique PIN code for the transaction. The user can enter the PIN code into a keypad of the merchant and/or can swipe a card with a card reader of the merchant to complete the transaction. Thus, the user can avoid the inconvenience of waiting in line at a checkout counter and the merchant can reduce the store's overhead by eliminating at least some checkout counters and checkout clerks.

Abstract: One embodiment of the disclosure relates to a system of servicing an automated teller machine (ATM) using a display configured to display augmented reality images. The electronic device may be configured to receive low-level diagnostic information from the malfunctioning ATM. Data may be transferred to a central location, wherein the data is analyzed and a solution to the problem of the malfunctioning ATM is determined and transferred back to the electronic device. In some embodiments, the electronic device displays components of the ATM using augmented reality such that a technician viewing the display may visualize the components of the ATM and receive instructions regarding the repair or care of the ATM.

Abstract: Systems and methods for processing a financial transaction are provided. A representative system of processing a financial transaction comprises a product dispensing device that encodes and outputs public transaction data related to a purchasable item. A portable computing device receives the public transaction data and encodes a payment data with the received public transaction data. A payment processing server receives and processes the encoded data, and determines whether a transaction can be completed based on the encoded data. Responsive to determining that the transaction is completed, the payment processing server generates and transmits an authentication data based on the encoded data. The portable computing device receives and outputs the authentication data. The product dispensing device receives the authentication data, verifies payment based on the received authentication data, and provides the purchasable item to a customer who is operating the portable computing device.

Abstract: In general, apparatuses, methods and computer program products for making contactless financial transactions utilizing a mobile wallet are disclosed. Particularly, a mobile wallet application is disclosed that utilizes, at least in part, user specific data to generate a payment vehicle recommendation for different transactions. The user specific data may include the active user profile, prior payment vehicle usage, user preferences for the type of transaction, user location, rewards programs associated with use of one or more payment vehicles, or the like, or combinations thereof.

Abstract: In an example of an ordering method, an application receives an order for a product. The application may be an in-vehicle application resident on a memory of an in-vehicle infotainment unit of a vehicle or a mobile-device application resident on a memory of a mobile device. Without contacting a merchant of the product, the application determines a preparation time for the product. The application dynamically determines an estimated time of arrival of the vehicle or the mobile device at a location of the merchant. The application holds the order for the product until the estimated time of arrival is equal to or less than the preparation time for the product.

Abstract: A system for associating a data collector with a network account includes a first computing device to collect data associated with the use of a number of object devices on a network. The first computing device creates a network account associated with a second computing device, and the first computing device assigns a filename to a data collector data packet. The filename includes information related to the network account associated with the second computing device. The information related to the network account is embedded within binary code of the data collector data packet.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for associating payment information from a payment transaction with a user account. One of the methods includes receiving an indication of a payment transaction between a customer and a merchant, wherein the payment transaction is associated with payment information. A customer parameter that identifies an account with the payment service system is received. If the customer has consented to associate the payment information with the account of the payment service system based on receiving the customer parameter that identifies the account with the payment service system, the account is identified based on the received customer parameter, and the payment information is associated with the identified account of the payment service system.

Abstract: A system and method for data privacy in URL based context queries. A reference to a data object is received from a user. At least one entity that controls the data object is identified via the network. At least one permission for the data object is retrieved via the network, wherein the permission is associated with the entity that controls the data object. It is then determined, via the network, if the user is permitted to access to the data object using the permission for the data object and spatial data, temporal data social data and logical data available to the network that relates to the user and to the permission for the data object. If the user is permitted access to the data object, access is granted to the data object, and if the user is nor permitted access to the data object, access is denied to the data object.

Abstract: A client terminal sends a communication request to a server. The server generates at least one digit code according to a first preset rule. The server sends information including the at least one digit code to the client terminal. The client terminal generates at least one input box, a number of which corresponds to a number of the at least one digit code, detects an input event of the at least one input box, and obtains data of the at least input box when the input event occurs. The client terminal sends the data of the at least one input box as at least one verification data to the server. The server compares the digit data corresponding to the at least one digit code with the verification data and sends a successful information code to the client terminal when the two are the same. The techniques improve password security.

Abstract: In accordance with some implementations, a method for enabling clickless purchasing is disclosed. The method is performed on a server system having one or more processors and memory storing one or more programs for execution by the one or more processors. The server system detects commercial intent from a user of the computer system. In response to detecting commercial intent, the server system determines a product relevant to the detected commercial intent of a user. The server system sends a recommendation message to the user, wherein the recommendation message includes an option to purchase the product. The server system then receives a response message from the user, the message including authorization from the user to purchase the recommended product. The server system then purchases the recommended product on behalf of the user and delivers the purchased product to the user.

Abstract: A voicemail receptionist system includes a memory and a processor. The memory can store data relating to one or more users. An incoming communication can be handled by the voicemail receptionist system and provided with functionality based upon a user's preferences, for example. The data stored by the voicemail receptionist system can be updated at any time, or automatically updated upon updating of the data, or upon occurrence of a trigger event. Voicemail receptionist functionality can include standard voicemail system functionality as well as functionality relating to email, text messaging, MMS messaging, calendar features, schedule announcements, location data, as well as other features.

Abstract: A method of processing an online transaction request involves a network gateway generating a revised transaction request from an incoming transaction request that is received from a client terminal. The revised transaction request includes a revised transaction message that is derived from the incoming transaction request and a revised transaction request cryptogram that is generated from the revised transaction message. The revised transaction request cryptogram is uniquely associated with an identity token that is interfaced with the client terminal. The network gateway receives a transaction authorization from an issuer server for the revised transaction request, and provides a revised transaction authorization message to the client terminal in accordance with the received transaction authorization. The revised transaction authorization message provides an indication of authorization of the revised transaction request.

Abstract: Exemplary embodiments are directed to determining an availability of a transaction capability of a point-of-sale terminal, and alerting a customer of an availability of the transaction capability. Login activity can be detected at a point-of-sale terminal. An availability of a transaction capability for the point-of-sale terminal can be determined based on data retrieved by the point-of-sale terminal in response to the login activity. A visual alert associated with the transaction capability of the point-of-sale terminal is controlled based on the availability of the transaction capability.

Abstract: A system, method, and computer program product are provided for processing interdependent transactions between a requesting system and a target system. In use, a first request to process associated first data is received at a target system, the first request being received from a requesting system. Further, it is determined that processing of the first data by the target system is dependent on processing of second data associated with at least one second request. Responsive to determining that the processing of the first data by the target system is dependent on processing the second data by at least one second request, the first request and the associated first data are stored in the target system, in a temporary cache, a transaction is created by the target system, a notification is sent to the requesting system indicating that processing of the first data was not completed, and a transaction identifier associated with the transaction is sent to the requesting system.

Abstract: Systems and methods for person-to-person and person-to-merchant remittances from a person having a closed loop system account to merchants who are not members of the closed loop system. In an embodiment, a payment gateway computer receives a remittance transaction request from a payment services provider (PSP) computer associated with a closed-loop system, maps an alias identifier into a shadow account number assigned to the sender in an open-loop payment authorization system, determines that the alias identifier mapped into a valid shadow account number, debits a stored value account for the remittance transaction amount, credits a shadow account in the open-loop payment authorization system for the remittance transaction amount, generates an authorization request for an open-loop payment transaction and transmits it to the open-loop payment authorization system, receives an authorization response from the open-loop payment authorization system, and transmits an approval response.

Abstract: In one implementation, a processing system receives a request from a client device to access a user account of the user. In response to receiving the request, the processing system transmits credential data, which corresponds to a credential and which indicates client device data to transmit in response to receiving the credential data. The processing system receives the client device data from the client device, identifies an issuer of the credential, and transmits the client device data to the issuer of the credential.

Abstract: A method for facilitating bankless cash payments includes determining that a mobile device is within a threshold distance of a particular retail system and receiving a selection of a transit product or a stored value amount to be added to the virtual account. The method may also include providing the selection to a transit system and receiving, from the transit system, a code based on the selection. The code may include an amount to be tendered for the selection to be added to the virtual account. The method may further include providing the code to the particular retail system and receiving the transit product or the stored value amount on the mobile device from the transit system. The transit product or the stored value amount may be received upon the transit system receiving an indication from the retail system that the amount was tendered for the selection.

Abstract: The present disclosure relates generally to electronics systems, and more specifically to mobile communications systems and devices and including subscriber identification modules to which mobile currency, i.e. airtime minutes converted into mobile currency in pre-paid denominations from a telecommunications service provider, may be uploaded and used for payment transactions in a manner that is easier and more secure by providing a system and method related to a mobile phone having one or more subscriber identification module cards.

Abstract: Systems, methods, and other embodiments associated with event driven metric data collection optimization are described. In one embodiment, a method includes providing a domain knowledge catalog that defines, for each of a plurality of source metrics: i) a plurality of target type relationships and ii) for each target type relationship, a plurality of metrics that are related to the source metric. For a particular system, a deployment topology is determined defines target entities that are included in the system, where the target entities comprise respective instances of a subset of the target type relationships. The method includes receiving configuration of an event related to a source metric. The domain knowledge catalog is accessed and metrics that are related to the subset of target type relationships for the source metric are selected for collection.

Abstract: Methods, apparatuses, and embodiments related to improving security of data that is stored at a data store distributed over a computer network. In an example, source data to be protected is partitioned into multiple files, and each file is obfuscated, such as by being encrypted, to created multiple obfuscated data files. Information as to how each obfuscated data file was obfuscated is stored in an associated trace file. The multiple obfuscated data files are moved around a computer network via a data movement process that includes sending each of the multiple obfuscated data files to a different randomly selected computer, where the computer further obfuscates the obfuscated data the trace file, and sends the further obfuscated data and trace file to a next randomly selected computer.

Abstract: Methods and apparatus to obtain transaction confirmation are described.

Abstract: Provided a proof of play (PoP) method of a digital signage terminal and a digital signage server, the PoP method of the digital signage terminal including obtaining a digital signature and a PoP message generation policy provided by a content owner, generating log data comprising information on a play of at least one piece of content, based on the PoP message generation policy, generating a PoP message using information on the digital signature based on the generated log data, and providing the PoP message to at least one of the digital signage server and the content owner.

Abstract: Electromagnetic (EM)/radio frequency (RF) emissions may be detected and corresponding EM personas may be created. One or more EM personas may be associated with a super-persona corresponding to a particular entity. EM personas, super personas, and/or supplemental identifying information can be used to enforce security protocols.

Abstract: Techniques for a customized log-in experience are described in which, script associated with a log-in page is configured to recognize a domain identifier associated with a user log-in attempt via the page. The domain identifier may correspond to a particular customer or company that makes use of web applications and/or other resources from a service provider. The domain identifier may be employed to download or otherwise access data sufficient to implement one or more customizations of the log-in page that correspond to the domain identifier, such as a company logo, a custom background, custom styles, and so forth. The one or more customizations that correlate to the domain identifier are applied to customize the log-in page in a pre-login environment prior to completion of the user log-in attempt. In this way, a tailored user experience is provided even before user authentication to access resources from the service provider.

Abstract: An account management server, a communication device and a service device are provided for managing access to an account. The account management server, for example, includes, but is not limited to, a storage device configured to store identifying information for each of a plurality of service devices and configured to store an account associated with each of the plurality of service devices, and a processor communicatively coupled to the storage device, wherein the processor is configured to: receive identifying information from a communication device; identify at least one service device whose stored identifying information matches the received identifying information; and grant management access to the account associated with the identified at least one service device to the communication device.

Abstract: A dual-device tutorial system can facilitate user learning about a “primary” device by providing explanatory information on a “supporting” device while the user interacts with the primary device. The primary and supporting devices can be devices of different types. From a user perspective, the primary device can operate exactly as it would in normal (non-tutorial) use and can send event messages and/or other signals to the supporting device. Based on the event messages and/or other signals, the supporting device can provide explanatory information responsive to user interactions with the primary device.

Abstract: The invention provides a user terminal and a payment system. The user terminal comprises an input device, a multi-channel selection switch, an application module, a processor, a password processing module, and a security IC chip containing information on user's ID and/or banking card therein, wherein the multi-channel selection switch is coupled with the input device, the password processing module and the processor, the password processing module is coupled with the processor, and the security IC chip is coupled with the password processing module; the application module controls the multi-channel selection switch via the processor so as to place the user terminal in a password input mode or in a normal input mode. The invention ensures the safety in entering the user's password in hardware configuration so that even when software system of the user terminal is not safe in itself, the safety of input password can be ensured.

Abstract: A device includes an input part configured to input data, a first transmission part configured to transmit the data to a predetermined transmission destination, a second transmission part configured to transmit the data to a transmission destination different from the predetermined transmission destination, and a transmission control part configured to cause the second transmission part to transmit the data in response to receiving a request to transmit the data from the first transmission part.

Abstract: A device receives a request from a terminal device to start a session to authenticate a person associated with an account. The device creates the session. The session is associated with the terminal device. The device receives session information and authentication information from a user device operated by the person. The device determines the session based on the session information and generates an authentication message based on the authentication information. The device transmits the authentication message to the terminal device associated with the session to authenticate that the person is associated with the account.

Abstract: The present invention is directed towards a method for facilitating roaming tests for a club network. The method includes simulating a roamer's profile by a signaling gateway and associating with either a club network or a roaming partner network of the club network. The club network and the roaming partner network correspond to a Home Public Mobile Network (HPMN) and a Visited PMN, respectively, in case the roamer is an outbound roamer. In case the roamer is an inbound roamer, the club network corresponds to the VPMN and roaming partner network corresponds to the HPMN. The method further includes performing by the signaling gateway, one or more CAMEL capability tests on the roamer. The roaming subscriber is associated with either the club network or the roaming partner network.

Abstract: Various aspects of a method and system for remote interaction with an electronic device via a user interface are disclosed herein. In an embodiment, the method comprises establishment of a first communication channel between a first electronic device and a second electronic device by use of a first communication protocol. A second communication channel is dynamically established with the second electronic device based on the established first communication channel. The second communication channel uses a second communication protocol. Data associated with the second electronic device is received by the first electronic device. The data is received via the established second communication channel.

Abstract: An identity authentication system includes a storage unit, a display character set generation unit, a display unit and a password authentication unit. An identity authentication method includes the following steps: generating the dynamic display character sets; inputting a dynamic input code; and comparing the dynamic input code with the user password. This invention can improve the security of identity authentication and is convenient to use.

Abstract: An example method includes identifying a transport layer security (TLS) session between a client and a server, parsing one or more TLS messages to identify a session ticket associated with the session, transforming the session ticket into a fixed size session token, and managing the session using the session token to identify the session. The transforming may include computing a hash value of the session ticket using a hashing algorithm. If any of the TLS messages is spread across more than one TLS protocol record, the method can include computing a hash value of a portion of the session ticket encountered in a TLS protocol record using a hashing algorithm, incrementally computing another hash value of another portion of the session ticket encountered in a subsequent TLS protocol record from the previously computed hash value, and repeating the incremental computing until portions of the session ticket have been processed.

Abstract: A webpage comprising at least one rule rendering element including definition of a rule trigger is provided to a client. When a rule trigger is detected, the rule definitions are analyzed by means of a rules engine, including evaluation of the rule definitions. At least the evaluation takes place client-side. The client performs one or more operations within the webpage on the basis of the evaluation.

Abstract: The present technique relates to an information processing apparatus and method and a program that can easily handle replacement of an apparatus. First application creating means creates a first application that controls a device of another information processing apparatus communicating with an IC card, and first domain creating means allows another information processing apparatus to create a first domain where the first application is to be registered. First application registering means allows the first application to be registered in the first domain of another information processing apparatus. Writing means allows the first application to be written into an execution area of another information processing apparatus, and second application creating means creates a second application that performs a process for the IC card.

Abstract: A cloud based payment method for payment at a merchant's electronic cash register (202) comprising the steps of: —upfront: A. registering payment credentials (101) of a user; —at check-in of a store of a participating merchant: B1. launching a cloud payment application (211) on a mobile terminal (201) to establish connectivity with a cloud payment service (100); —and at check-out at an electronic cash register (202): C1. identifying (221, 222; 321, 323) the user with the cloud payment service (100) through an identification shared with the cloud payment service (100) via the electronic cash register (202) or via the cloud payment application (211); C2. communicating (222; 322) an amount payable from the electronic cash register (202) to the cloud payment service (100); C3. communicating (223; 324) the amount payable from the cloud payment service (100) to the cloud payment application (211); C4. receiving (224; 325) confirmation of the amount payable from the user; C5.

Abstract: A consumer uses a web client to transmit purchase information associated with a transaction to a merchant server. The purchase information is transmitted via a web acceleration server. The web acceleration server identifies enhanced authorization data associated with the transaction. The web acceleration server creates a pseudo authorization message. The web acceleration server transmits the pseudo authorization message to a transaction account issuer. The merchant server transmits an authorization request to the transaction account issuer. The transaction account issuer determines that the authorization request and the pseudo authorization message are associated with the same transaction. The transaction account issuer merges the authorization request and the pseudo authorization message and performs a fraud analysis. The transaction account issuer transmits an authorization response to the merchant.

Abstract: Managing memory allocation for application deployment on a J2EE® server. The server receives applications for processing. The server also receives defined memory boundaries of the application. A custom memory-aware classloader is generated on the server and tracks memory allocated to the application during application processing. Excess memory usage characteristic of the application is detected, and an out of memory exception is thrown, without affecting other applications on the server. A responsive action is taken without affecting other applications processed by the server.

Abstract: A system and method for monitoring the performance associated with fulfilling resource requests and determining optimizations for improving such performance are provided. A processing device obtains and processes performance metric information associated with processing a request for an original resource and any embedded resource. The processing device uses the processed performance metric information to determine a set of service providers for alternatively hosting, processing, and/or transmitting at least a portion of the original resource and/or any embedded resources. In some embodiments, in making such a determination, the processing device assesses performance metric information collected and associated with subsequent resource requests for the original resource and any embedded resources using each of a variety of alternative set(s) of service providers.