Abstract: A method for maintaining consumer privacy in behavioral scoring includes a first computing system and a second computing system. The first computing system disguises consumer characteristics and maps disguised consumer characteristics to unencrypted account identifiers, and then transmits the data to the second computing system. The second computing system encrypts the account identifiers upon receipt, and maps the encrypted account identifiers to anonymous transaction data. The second computing system uses the transaction data to calculate consumer behavioral scores, and then generates a scoring algorithm that uses disguised consumer characteristics to calculate consumer behavior scores based on the calculated consumer behavioral scores and corresponding disguised consumer characteristics.

Abstract: Technologies for an application reputation service to assist users with minimizing their computerized machines' exposure to and infection from malware, including an application reputation service that contains the reputations for elements (e.g., applications) that are known to be non-malicious as well as those known to be malicious. In one example, when a user attempts to install or execute a new application, the service is queried by the user's machine with a set of identities for the element. The service determines the reputation of the application by referencing a knowledge base of known reputations and returns an indication (e.g., an overall rating, or a flag) of how safe that application would be to install and run on the user's computer.

Abstract: A driving safety controlling method is provided. The controlling method is running on a wearable device, a smart key and a vehicle. The control controlling method comprises steps: obtaining sensing data stored in a first storage unit of the wearable device; obtaining a unique identifier stored in a second storage unit of the smart key and controlling a first wireless communication unit of the smart key to transmit a high-frequency signal containing the unique identifier and the sensing data to the vehicle; obtaining a predefined identifier and a range from a third storage unit of the vehicle, comparing the unique identifier with the predefined identifier, and comparing the sensing data with the range; and controlling a prompt unit to generate a prompting when the unique identifier is determined to match with the predefined identifier and the sensing data is within the range.

Abstract: An electronic device is provided. The electronic device includes a first memory unit for storing a non-payment application, a first processor, a fingerprint sensing unit and a security element including a second memory unit and a second processor. The second memory unit stores a payment application and user fingerprint information. When the second processor executes the payment application, the fingerprint sensing unit captures a fingerprint image of a user's finger and the second processor transmits the fingerprint image to the first processor via a secure channel. The first processor calculates biometric characteristics of the fingerprint image to generate to-be-recognized fingerprint information which is transmitted to the second processor via the secure channel. When the second processor determines that the to-be-recognized fingerprint information matches the user fingerprint information, the second processor generates an authentication signal for a payment transaction.

Abstract: A novel method of dealing with the problem of phishing, pharming, key-logging and man-in-the-middle attacks on internet-based applications which require the submission of valid login credentials, by permitting a user to control access to an internet-based application (3) (such as an internet banking website) by the simple transmission of a command via the internet to allow access to the internet-based application (3) whenever the user wishes to access the application, and by transmitting a command via the internet to deny access to the internet-based application at all other times, to prevent unauthorized access by any unscrupulous parties.

Abstract: It is inter alia disclosed to provide first identity data stored in an apparatus, the first identity data comprising an identifier and a first certificate, and to provide second identity data stored in the apparatus, the second identity data comprising an identifier and a second certificate, wherein the identifier of the first identity data is the same as the identifier of the second identity data.

Abstract: According to one aspect, the subject matter described herein includes a method for secure near field communication (NFC) of a non-secure memory element payload. The method includes receiving, at an NFC enabled mobile device and from a content provider, a payload. The method also includes storing the received payload in a non-secure memory element of the NFC enabled mobile device. The method further includes transferring the stored payload from the non-secure memory element of the NFC enabled mobile device to a secure memory element of the NFC enabled mobile device, wherein transferring the stored payload includes loading the stored payload into a secure reloadable payload instance. The method further includes establishing a NFC link between the NFC enabled mobile device and an NFC reader. The method further includes communicating, via the NFC link, the transferred payload from the secure reloadable payload instance to the NFC reader.

Abstract: Techniques involve a user taking a picture of a current one-time use passcode (OTP) and using the picture to authenticate. Such techniques alleviate the burden and frustration of the user having to manually type in the current OTP. Additionally, the user will not trigger a lockout via accidental typing errors. Furthermore, the current OTP can be augmented to include more than a string of six or eight alphanumeric characters for stronger security (e.g., by using non-alphanumeric characters, by capturing multi-digit seven-segment LCD display patterns, by using a QR code, by using a randomly selected image, etc.). One technique involves taking a picture of an OTP provided by a user. The particular technique further involves extracting the OTP from the picture and performing an authentication operation based on the OTP extracted from the picture to determine whether the user is authentic.

Abstract: In accordance with some embodiments of the disclosed subject matter, methods for conducting a transaction using transaction codes are provided, the methods comprising: obtaining information about a trade item associated with the transaction; generating, using a hardware processor, a sale transaction code on a first user device; transmitting the sale transaction code to the first user device; receiving a first input of the sale transaction code on a second user device; generating a confirmation transaction code in response to receiving the first input, wherein the confirmation transaction code includes information about a second user account associated with the second user device; transmitting the confirmation transaction code to the second user device; receiving a second input of the confirmation transaction code on the first user device; and settling the transaction using the second user account in response to receiving the second input.

Abstract: The present application provides a webpage login method involving two client devices and a server. The server receives an information access request from a first client device. In response to the information access request, the server returns a unique identifier to the first client device. The unique identifier is to be displayed on the first client device. Next, the server receives a first message from a second client device, the first message including user account information at the server system and authentication information. The server determines whether the authentication information corresponds to the unique identifier and authenticates the information access request in accordance with a determination that the authentication information corresponds to the unique identifier such that the user can access information at the server and associated with the user account information from the first client device.

Abstract: In an approach for authenticating a user computer, connectable to a mobile network, a computer retrieves an attribute credential, the attribute credential certifying a set of user attributes and a device identifier for identifying the user computer to the mobile network. The computer requests a location credential, the location credential certifying a device identifier and location data indicating a current location of the user computer determined by the mobile network. Additionally, the computer produces an authentication token comprising the attribute credential, the location credential, the location data, and a proof for proving that the device identifier in the attribute credential equals the device identifier in the location credential. Furthermore, the computer sends the authentication token for authentication.

Abstract: A method performed at a central entity includes (a) sharing a secret with a remote tenant server of one of a plurality of tenant organizations, the tenant server being configured to provide authentication services for accessing storage of the central entity, (b) receiving a storage request from a remote client device, (c) extracting an identification of the tenant organization from a core portion of the request, (d) selecting the shared secret of the identified tenant organization, (e) cryptographically combining the core portion and the shared secret to generate a preliminary signature, (f) performing a computation using the preliminary signature and a body portion of the request to generate a test signature, the body portion including the core portion and an object identifier, (g) comparing the test signature with a signature from the request, and (h) permitting the client device to access an identified object only when the comparison is positive.

Abstract: Embodiments of the present application relate to a method for authenticating user identity, a system for authenticating user identity, and a computer program product for authenticating user identity. A method for authenticating user identity is provided. The method includes generating a first verification code by a server, displaying the first verification code to a user in an application scenario of a service requiring user identity authentication, receiving a second verification code sent by the user via another application that is other than the application scenario, comparing the second verification code sent by the user and the first verification code generated by the server, and determining whether the user has passed identity authentication based on a result of the comparison.

Abstract: A system for selecting one of a plurality of video versions in response to a video request by a user of a user device having a processor is disclosed. The system includes a stream selector configured to adaptively select optimized bit-rates by selecting one of the plurality of video versions to deliver to the user device. The stream selector i) estimates an expected future utility of the user at different times during a billing cycle based on a remaining data quota and ii) selects one of the plurality of video versions that maximizes a current utility plus expected future utility of the user at selection time. A user profiler may be configured to perform predictive analysis of user data usage by determining the likelihood of a user requesting a video during each time interval of the user's billing cycle and a video type including utility vector and cost vector information.

Abstract: The present invention relates generally to a smart card device that is configured to facilitate wireless network access and credential verification. Specifically, the device is configured to meet the physical and electrical specification for commercially available mobile devices utilizing a standard Subscriber Identity Module (SIM) for network access. The device combines the features of the SIM with Common Access Card or Personal Identity Verification card features to allow a network subscriber to invoke secure payment transactions over a carrier's network. The system includes data storage for maintaining a plurality of network and transaction instrument profiles and a profile gateway for receiving transaction information from a payment gateway, sending an authorization request to a user's mobile device, receiving a transaction authorization from the mobile device, and sending transaction information to a payment gateway to finalize the payment transaction.

Abstract: Methods and device for simultaneous multi-touch input on a touchscreen display are described. In one aspect, the present application describes a method implemented by a processor of an electronic device. The electronic device has a touchscreen display. The method includes detecting a first touch gesture on a first portion of the touchscreen display associated with a first control element and, during the first touch gesture, detecting a second touch gesture on a second portion of the touchscreen display associated with a second control element different from the first control element; and while detecting the first touch gesture and detecting the second touch gesture, simultaneously, causing a first event in the first portion of the touchscreen display in response to the first touch gesture, and causing a second event in the second portion of the touchscreen display in response to the second touch gesture.

Abstract: In an aspect, a method for handling a transaction with multiple devices is described. The method can include storing information pertaining to a transaction on a first device and receiving on the first device an indication that the transaction will be passed to a second device. In response to receiving an indication that the transaction will be passed to the second device, information pertaining to the transaction can be transmitted to the second device.

Abstract: To improve known encryption methods for communication in non-secured wireless networks, the invention proposes using an active key for encryption, in each instance, and sending along a new key in the messages, in each instance, which key, after it has been received completely, becomes the key used, and, once again, another new key is exchanged. This allows dynamic encryption, which allows an interception-proof connection, starting from a secure initial exchange of keys, for example.

Abstract: The present invention relates to a system and method for integrating and assembling plurality of service delivery tools created on disparate technologies on a product assembly platform. Further, the invention provides a reference architecture and method for orchestrating the assembled plurality of service delivery tools and monitoring the lifecycle activities of the plurality of service delivery tools.

Abstract: A method of configuring a virtual network comprises: running a user-interactive business requirements wizard from a server, the wizard collecting business requirements from a user; translating the business requirements into technical requirements for a network configuration using the server; selecting a network configuration from a network configuration database using the server, the selecting utilizing the technical requirements; testing the network configuration using a processor; monitoring the testing and generating new facts regarding performance of the network configuration, using the processor; feeding back the new facts to the server for use by the server in the selecting; and repeating the selecting, testing, monitoring and generating, and feeding back, until the server determines a criterion for network stability has been reached.

Abstract: Techniques are described for use in inhibiting attempts to fraudulently obtain access to confidential information about users. In some situations, the techniques involve automatically analyzing at least some requests for information that are received by a Web site or other electronic information service, such as to determine whether they likely reflect fraudulent activities by the request senders or other parties that initiate the requests. For example, if a request is being made to a Web site based on a user's interaction with a third-party information source (e.g., another unaffiliated Web site) that is not authorized to initiate the request, the third-party information source may be a fraudulent phishing site or engaging in other types of fraudulent activity. If fraudulent activity is suspected based on analysis of one or more information requests, one or more actions may be taken to inhibit the fraudulent activity.

Abstract: Embodiments of the invention are directed at an enhanced data interface (EDI) for contactless communications between a mobile application operating on a mobile device and an access device (e.g., contactless reader) that allows for enhanced verification between the mobile device and access device. One embodiment of the invention is directed to a method. The method comprises a mobile device receiving a request for available applets from an access device and providing a list of available applets including trusted applet identifiers and untrusted applet identifiers to the access device. The method further comprises receiving a selection of an untrusted applet identifier from the list and an entity identifier associated with the access device, validating that the access device is authorized to access credentials associated with the selected untrusted applet identifier using the entity identifier, and providing the credentials associated with the selected untrusted applet identifier to the access device.

Abstract: A credit card reader is attached to a mobile device to process credit card transactions at the point of sale. A user of the credit card reader slides an authenticator card through the credit card reader to activate the credit card reader. Accordingly, the credit card reader may compare data stored in the authenticator card to an expected value for the data to determine whether the user is authorized to utilize the credit card reader. If there is a match, the credit card reader displays a unique password, known to the user, which the user can use to verify that the credit card reader is authentic. Further, if there is a match, the credit card reader may allow the user to process credit card transactions through the credit card reader.

Abstract: A method for regulating a plurality of collections of data includes analyzing collections of data to identify one or more deviations from a standard, guideline, or best practice governing the plurality of collections of data. The method further includes determining characteristics of the one or more deviations. Based on the characteristics, an action to be taken in response to the one or more deviations is determined and completed. Further, a record of the executed action is stored on a computer-readable medium.

Abstract: A method of transmitting a document from a computing device to a printing device using a document server comprising, at the server, receiving user credentials from a user of an authorized computing device, receiving encrypted data defining the document from the authorized computing device, receiving information indicating the intended recipients of the data, receiving user credentials from an authorized printing device, and delivering the encrypted data to an authorized recipient.

Abstract: A method for providing consistent security information between multiple applications is described herein. The method includes detecting potentially deceptive content from a communication application in a browser application. The method also includes generating consistent security information for the potentially deceptive content with the browser application. Additionally, the method includes sending the consistent security information for the potentially deceptive content to the communication application. Furthermore, the method includes providing a warning based on the consistent security information to the communication application.

Abstract: In embodiments of registration and network access control, an initially unconfigured network interface device can be registered and configured as an interface to a public network for a client device. In another embodiment, a network interface device can receive a network access request from a client device to access a secure network utilizing extensible authentication protocol (EAP), and the request is communicated to an authentication service to authenticate a user of the client device based on user credentials. In another embodiment, a network interface device can receive a network access request from a client device to access a Web site in a public network utilizing a universal access method (UAM), and the request is redirected to the authentication service to authenticate a user of the client device based on user credentials.

Abstract: Embodiments are directed to digital wallet management. Embodiments initiate presentation of a digital wallet management interface, comprising initiating presentation of at least one digital wallet; and initiating presentation of at least one representation of at least one payment credential and at least one indication of which of the at least one digital wallets are associated with each of the at least one payment credentials.

Abstract: Provided is a system for preventing personal information leakage and, more particularly, related to a legal authentication message confirmation system and method which enables a user to identify whether an authentication message transmitted to the user's mobile communication terminal during user authentication originates from a trusted source, thereby preventing damage caused by pharming, smishing, and the like, such as personal information leakage and small sum payment fraud.

Abstract: One embodiment provides an apparatus adapted to perform a secure firmware upgrade. The apparatus includes a first memory and a second memory. The first memory stores a private key for use in decrypting content and a unique identifier corresponding to the apparatus. The second memory includes a first version of firmware for the apparatus. The apparatus further includes a controller configured to perform an operation that includes receiving a first request to perform a firmware update operation for the apparatus. The operation also includes transmitting a second request for a second version of firmware to a remote server, the second request specifying the unique identifier corresponding to the apparatus. Additionally, in response to transmitting the second request, an encrypted firmware package is received from the remote server. The operation further includes decrypting the encrypted firmware package using the private key and installing the decrypted firmware package on the apparatus.

Abstract: A first service submits a request to a second service on behalf of a customer of a service provider. The request may have been triggered by a request of the customer to the first service. To process the request, the second service evaluates one or more policies to determine whether fulfillment of the request is allowed by policy associated with the customer. The one or more policies may state one or more conditions on one or more services that played a role in submission of the request. If determined that the policy allows fulfillment of the request, the second service fulfills the request.

Abstract: In one example, a method for image triggered transactions includes capturing an image of a document with an imaging device and searching a database for a template matching the captured image. If a matching template is found for the captured image, then retrieving pre-authored tasks associated with the captured image, extracting fields from the image related to the tasks, processing the extracted fields to obtain content to complete the tasks; and executing the selected task. If a matching template is not found for the captured image, then an authoring application is launched to add the captured image as a new template and author tasks associated with the captured image.

Abstract: A method of securing an industrial control system includes operating the industrial control system in an open mode, wherein communications between a plurality of devices of the industrial control system are unencrypted when the industrial control system is in the open mode. The method includes exchanging security tokens between the plurality of devices of the industrial control system. The method further includes ceasing operating the industrial control system in the open mode and instead operating the industrial control system in a secure mode, wherein the communications between the plurality of devices of the industrial control system are encrypted using the security tokens when the industrial control system is operating in the secure mode.

Abstract: Disclosed are various embodiments that facilitate bootstrapping authentication of a user at a first device using a second device. The second device is authenticated for access to a user account via a first security credential. A second security credential is received by the second device. The second security credential is then sent to the first device. Subsequently, the second security credential is received from the first device, and the first device is authenticated for access to the user account.

Abstract: The present invention relates to modifying rights to a security domain for a smartcard, and more specifically, to a server for managing modification of rights to a security domain, a smartcard for modifying the rights to the security domain, a terminal which is loaded with the smartcard, and to a method for modifying the rights.

Abstract: A document management (DM), data leak prevention (DLP) or similar application in a data processing system is instrumented with a document protection service provider interface (SPI). The service provider interface is used to call an external function, such as an encryption utility, that is used to facilitate secure document exchange between a sending entity and a receiving entity. The encryption utility may be configured for local download to and installation in the machine on which the SPI is invoked, but a preferred approach is to use the SPI to invoke an external encryption utility as a “service.” In such case, the external encryption utility is implemented by a service provider. When the calling program invokes the SPI, preferably the user is provided with a display panel. Using that panel, the end user provides a password that is used for encryption key generation, together with an indication of the desired encryption strength. The service provider uses the password to generate the encryption key.

Abstract: A method of providing a network-based service can include receiving a request for a service at a proxy server, wherein the request identifies a user. The method can also include identifying an application associated with the service based on the request and identifying a user data element required by the application for the user to access the application. The method can also include creating an application request element that includes the identified data element and proxying the request to the application using the created application request element.

Abstract: Authenticating cloud computing enabling secure services (ACCESS) offloads “client authentication” activity onto a third-party authenticating cloud computing enabling secure services (ACCESS) node. Instead of having a client device authenticate itself directly to a network server, the client device instead authenticates itself to a third-party authenticating cloud computing enabling secure services (ACCESS) node. The authenticating cloud computing enabling secure services (ACCESS) node then provides credentials that are used by the client device to communicate directly with the server (and utilize the service) without any further authentication being necessary.

Abstract: Systems and methods are provided for identifying a video object using digital fingerprints. The digital fingerprints are generated from information extracted from the video object including encoded video. The digital fingerprints can be calculated in a manner that permits identification of both the video object and operational characteristics of the video object based on matching calculated digital fingerprints with known fingerprints of known video objects. Systems and methods are described that allow a DVD to be uniquely identified and identify whether the DVD is original, copied or pirated. Systems and methods are described for computing digital fingerprints from strings of bits in which certain additional data is optionally embedded. Systems and methods are described that permit media players to access known signatures of known video objects maintained on one or more databases and to identify video objects presented for playing on the media player.

Abstract: A system, method, and computer-readable storage medium configured to anticipate travel by payment account holders without using payment transaction data.

Abstract: Transactions using a bank customer's electronic debit or credit card (“e-card”) are monitored by the card owner's consumer electronic (CE) device and reported to a server associated with the financial institution maintaining the e-card records for analysis of aggregated hack attempts.

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for executing a user interface on a computing device, generating one or more event handlers executed on the computing device, each event handler corresponding to a local device service file, receiving first data at a first event handler of a first local device service associated with a first device that is in electronic communication with the computing device, generating, using the first event handler, a first event that includes the first data, receiving, at an external device service, the first event, generating, using the external device service, a first external device event based on the first event, and performing a first action based on the external device event.

Abstract: Systems and methods can detect the unintended transfer of confidential data or confidential information over wireless networks. Further, systems and methods can prevent, wholly or in part, the loss of confidential user data during transfer of data through a wireless network. A protection rule or option can be selected according to a certain security level of a wireless network. Additionally, data can be subsequently transferred in accordance with the selected protection option.

Abstract: Identifying on-line advertising conversions includes identifying, at a computer server system, a plurality of reports from one or more computing devices, wherein each of the reports indicates a clock skew between one of the computing devices and a clock server system; using the clock skews to determine that two or more of the reports are likely from a common computing device; determining that the two or more of the reports are common, in that they correspond to display of an advertisement on the common computing device and to purchase of on-line content with the common computing device; and indicating that a purchase conversion occurred based on determining that the two or more of the reports are common.

Abstract: A method for reading and using partial data from a portable data carrier includes reading data from a portable data carrier, determining if any data is missing, and if any data is missing, restructuring the data for use, such as for running an audio decoder and expander. A method for writing data to a portable data carrier having limited capacity includes receiving a data file and optimizing at least one encoding parameter to fit at least a portion of the data file into the portable data carrier.

Abstract: Social media may be utilized to facilitate distribution of emergency alert messages. An emergency alert server may receive an indication of emergency and generate an emergency alert message based on the indication. The emergency alert message may then be distributed via social media and/or other mediums. An indication of trustworthiness may be incorporated in the emergency alert message. The indication of trustworthiness may be validated by validation system.

Abstract: Techniques for recommending content to a user include identifying classified public content stored on a server appliance or a repository; identifying private content of a user stored on a client appliance or a repository, the client appliance communicably coupled to the server appliance through a network; receiving, from the user, a request for a recommendation of content; generating a representative query based on the request for the recommendation of content; determining, based on the representative query, a portion of the classified public content stored on a server appliance or the repository; determining, based on the request, a portion of the private content stored on the client appliance or the repository; and preparing, for presentation to the user, the portion of the classified public content based on the representative query and the portion of the private content based on the request for the recommendation of content.

Abstract: Methods and systems may provide for selecting a hypervisor protocol from a plurality of hypervisor protocols based on a communication associated with a remote agent. The selected hypervisor protocol may be used to conduct a trust analysis of one or more digitally signed values in the communication, wherein a cloud attestation request may be processed based on the trust analysis. Processing the cloud attestation request may involve generating a trustworthiness verification output, a geo-location verification output, etc., for a cloud computing node corresponding to the remote agent.

Abstract: A trust control management method for security, operable on a computer system generates a unique Trust ID value by combining user-defined values with hardware-specific values associated with the user's computer system and storing the Trust ID value in a memory register physically associated with the hardware of the computer system. A Trust Control Suite (TCS) operable with a server OS/hypervisor maintains a database of user-defined values and hardware-specific values for computer systems clustered in a trusted computing pool. An attestation procedure is performed by the trust control server combining the user-defined values with the hardware-specific values from its database and comparing it to the user-stored Trust ID value stored in the memory register associated with a user's computer system. Depending on whether it is a match or mismatch, the TCS can determine if it is a trusted computer or not, and can take appropriate alerts and policy actions.

Abstract: A method and related system is disclosed for integrating a positioning system into the key management structure and within the information security boundary of an End Cryptographic Unit (ECU). This integration enables key management security rules written to include the ECU's trusted physical location and trusted time in determining if and with which key a message should be encrypted or decrypted. Only appropriate messages for a bounded geographic area would be decrypted and received by the ECU. The trusted positioning system allows extending functionality to allow position-enhanced authentication capabilities. Outgoing messages are cryptographically bound with the ECU's trusted position information as well as an accurate time stamp.