Abstract: In accordance with a first aspect of the present disclosure, a user authentication system is provided, comprising: a user authentication token, said user authentication token comprising a fingerprint sensor and a secure element; an assistance device configured to be coupled to the user authentication token through an interface of said user authentication token; wherein the assistance device is configured to request the secure element to verify a personal unlock key to be captured by the secure element through the fingerprint sensor; wherein the secure element is configured to capture the personal unlock key through the fingerprint sensor, to verify the captured personal unlock key and to enroll, upon or after a positive verification of the personal unlock key, fingerprint reference data captured through the fingerprint sensor. In accordance with a second aspect of the present disclosure, a corresponding method for enrolling fingerprint reference data in a user authentication token is conceived.

Abstract: Implementations disclose personalized interruptive dialogs for application rating and sharing. A method includes identifying a first application for which a feedback of a user of a user device is desired; determining by a processing device, whether previous user interactions with one or mole second applications indicate that the user is interested in providing feedback for the one or more second applications; and responsive to determining that the previous user interactions with the one or more second applications indicate that the user is interested in providing the feedback for the one or more second applications, causing the user device to display, to the user, a prompt for the feedback for the first application.

Abstract: The disclosed embodiments include methods and systems for providing tokenized transaction accounts. In one embodiment, a computer-implemented method is provided that may include generating, by one or more processors, a first tokenized transaction account from a first transaction account associated with a first user. The method may also include providing the first tokenized transaction account to a client device associated with the first user for storage in the client device and use in transactions. The method may also include updating the first tokenized transaction account based on one or more conditions and providing the updated first tokenized transaction account to the client device for storage and use in a subsequent transaction.

Abstract: A cryptographic method of performing a tokenised transaction between a payment offering party and a payment accepting party is described. The tokenised transaction is mediated by a transaction scheme. The payment accepting party is provided with a merchant identity and a merchant certificate associated with that identity by the transaction scheme provider. The payment accepting party provides the merchant identity and transaction seed data to the payment offering party. The payment offering party validates the merchant identity and uses the merchant identity and the transaction seed data to generate a cryptogram for the tokenised transaction. The payment offering party provides the cryptogram to the payment accepting party for transmission to the transaction scheme provider for authorisation of the tokenised transaction. A suitable user computing device and merchant computing device for acting as payment offering party and payment accepting party respectively are also described.

Abstract: Various embodiments are generally directed to the secure transfer of account tokens between devices. For example, a first device may receive an account token stored on a second device using web Bluetooth application programming interfaces (APIs). As another example, the second device may push the account token to the first device.

Abstract: A system designed for increasing network communication speed for users, while lowering network congestion for content owners and ISPs. The system employs network elements including an acceleration server, clients, agents, and peers, where communication requests generated by applications are intercepted by the client on the same machine. The IP address of the server in the communication request is transmitted to the acceleration server, which provides a list of agents to use for this IP address. The communication request is sent to the agents. One or more of the agents respond with a list of peers that have previously seen some or all of the content which is the response to this request (after checking whether this data is still valid).

Abstract: The present invention relates to payment handling apparatus (10) which is operable to effect payment from a purchaser to a vendor. The payment handling apparatus (10) comprises a purchaser's device running a purchaser program (12) which is operable by the purchaser and a vendor's device running a vendor program (16) which is operable by the vendor. The purchaser's device (12) and the vendor's device (16) are in data communication with each other by way of a communication channel (26). The purchaser program is configured to encrypt a payment message and to convey a payment request to the vendor program by way of the communication channel (26). The payment request comprises the encrypted payment message. The payment handling apparatus is configured to encrypt a confirmation message and to convey a confirmation code to the purchaser program in dependence on receipt of the payment request by the vendor program. The confirmation code comprises the encrypted confirmation message.

Abstract: An embodiment may involve persistent storage containing definitions of a set of queues and a set of servers, and wherein the servers are respectively associated with deactivation times. One or more processors may be configured to: (i) identify, by an assignment engine, an incoming request in a particular queue, wherein the incoming request is ready for assignment to one of the servers; (ii) determine, by the assignment engine and based on data associated with the incoming request, an expected duration for servicing of the incoming request; (iii) calculate, by the assignment engine and based on the deactivation times, times remaining in service for each of the servers; (iv) select, by the assignment engine and from the servers, a particular server that has a time remaining that is greater than the expected duration; and (v) assign, by the assignment engine, the incoming request to the particular server.

Abstract: An authentication factor is received, including an authentication key, an account information of a user, and a dynamic time factor. A bound authentication information is generated by using the authentication factor and a device information of a client device that requested the secure offline payment. The bound authentication information is transmitted to a service server system perform an offline payment authorization based on the bound authentication information. In response to a successful offline payment authorization, a graphical identifier is generated for completing the secure offline payment associated with the authentication factor, where the graphical identifier includes the bound authentication information and a dynamic password generated based on the dynamic time factor.

Abstract: Systems and methods for managing user data across multiple applications and devices are disclosed. An example method includes: detecting a user is conducting a transaction using a first application installed on a user device; determining that the user is requesting one or more payment options from a first merchant associated with the first application; determining that a global payment method is selected by the user; determining that the user device is a trusted device associated with the user; and in response to determining that the user device is a trusted device, providing the global payment method to the user in the first application on that same device or a different device.

Abstract: A network node that includes at least one processor, at least one memory, and at least one network interface is disclosed. The network node is part of a peer-to-peer network of network nodes implementing a distributed ledger. The network node is communicatively coupled to at least one remotely located computing device through the at least one network interface. The at least one processor is configured to receive, from a remotely located computing device, a request to transfer a security token. The at least one processor is also configured to execute a plurality of compliance rules associated with the security token. At least one of the compliance rules is implemented using at least one smart contract. The at least one smart contract references a global registry. The at least one processor is also configured to transfer the security token based on the execution of the compliance rules.

Abstract: The present invention relates to a method of secure generation by a client device and a server device of an RSA signature of a message to be signed with a private exponent component d of an RSA key (p, q, N, d, e), wherein said client device stores a client device private exponent component dA, a client value, and a client dynamic offset, and said server device stores a server device private exponent component dB, where dB=d?dA modulo phi(N), a server value, a server dynamic offset and a failure counter, comprising: a. receiving from the client device a client part of said RSA signature (HS1) of said message to be signed, after incrementing its client value (pvA) by a first predetermined step E, from the client device private exponent component and from an updated client dynamic offset function of said client dynamic offset and of said client value, b. setting said failure counter to a first default value, c. incrementing said server value (pvB) by a second predetermined step (E?), d.

Abstract: Methods and systems described in this disclosure electronically notarize a document. The system can receive biometric information from a user, extract characteristics from the biometric information, and compare the characteristics of the biometric information with previously stored characteristics of the user's biometric information. When the characteristics of the biometric information match the previously stored characteristics to a threshold, the system can create an identity of the user using the characteristics of the biometric information. The system can send a document to the user for cryptographic signature and receive an indication that the document has been signed. The cryptographic signature can be generated with a digest of the document, the identity, and a cryptographic key associated with the user. The system can inspect the digest of the document, the cryptographic key, and the identity associated with the document to verify authenticity of the document and the identity of the user.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a memory configured to store a first token and a second token, and at least one processing core configured to obtain a first value based at least in part on the first token and the second token, and to cause the apparatus to participate in a security procedure, based at least in part on the first hash, with a second apparatus.

Abstract: Method, device, computer program and apparatus are disclosed for: receiving by a first node from a second node a request for a resource controlled by a first node; and determining by the first node whether the request is authorized; wherein the determining includes: receiving from the second node a cryptocurrency transaction message indicative of a payment; and verifying credibility of the cryptocurrency transaction message.

Abstract: The embodiments described herein relate generally to securely establishing an account and authentication metrics associated with a communication platform. An account associated with a communication platform may allow a user associated with the account to send and receive communications via the communication platform.

Abstract: The present disclosure relates to a wireless-chargeable device and an apparatus for controlling a magnetic field strength of a magnetic field generated by an electromagnet. The wireless-chargeable device includes an electromagnet (102) and a control circuit (104). The control circuit (104) is configured to control a magnetic field strength generated by an electro-magnet for alignment of a power-receiving coil (106) of the wireless-chargeable device with respect to a power-transmitting coil of a wireless power supply device.

Abstract: Disclosed herein are representative embodiments of methods, apparatus, and systems for facilitating the use and exchange of customized third-party content in a distributed computing environment that allows for third-party hosting. Embodiments of the disclosed technology concern an application store within an application (e.g., an “in-app app store”). The application store can offer downloadable digital content and/or roaming entitlements to a user of the application. Further, in particular embodiments, the downloadable content and/or entitlements are generated by a third party (e.g., a party different than the provider/publisher of the application and the user of the application). Also disclosed are methods and mechanisms for copy-protecting such content.

Abstract: Automated assistance for an action is requested over a self-service network from a Self-Service Terminal (SST). A first approval is received as a token over the self-service network. The action and the token are sent over a secure network from the SST for a second approval. When the second approval is received over the secure network, the action is processed on the SST.

Abstract: A method and system for customizing a mobile application running on a mobile communication device of a user. In one implementation, the method includes providing the mobile application to the mobile communication device of the user, the mobile application having a generic platform; determining a special interest group (SIG) that is affiliated with the user; and customizing the generic platform of the mobile application based on information specific to the special interest group (SIG) that is affiliated with the user.

Abstract: A method and system may provide a secure credit card payment service which allows a merchant to store credit cards without storing credit card data on merchant servers. The customer, via a web-enabled device, transmits a request to register a credit card and receives from the merchant server, a credit card registration webpage including a first entry field for entering credit card data, and a second entry field for entering customer data for the credit card. In response to receiving the credit card data, the customer data, and a selection of a submit button, the web-enabled device transmits the credit card data to a token server that stores the credit card data and receives a token from the token server. In response to receiving the token, the web-enabled device transmits the token and the customer data to the merchant server to be stored for processing subsequent credit card payments.

Abstract: A method for distributing controlled tokens to a secondary mobile device includes: storing account profiles, each including an account identifier, set of token credentials, and an associated mobile device identifier; receiving a token distribution request from a first mobile device including a first mobile device identifier, recipient mobile device identifier, specific account identifier, and account controls; identifying a specific account profile including the specific account identifier and first mobile device identifier; generating a single use identification value and reservation identifier; transmitting the single use identification value to the first mobile device; transmitting the reservation identifier to a second mobile device associated with the recipient mobile device identifier; receiving the reservation identifier and the single use identification value from the second mobile device; verifying the reservation identifier and single use identification value received from the second mobile device;

Abstract: Technologies for device commissioning include a rendezvous server to receive, from a buyer device, a request to transfer ownership of a compute device to the buyer device. The rendezvous server verifies the provenance of the compute device based on a block chain and establishes a secure session with the compute device in response to verification of the provenance. The block chain identifies each transaction associated with ownership of the compute device.

Abstract: This electronic money transfer system provides an electronic money transfer method and a system for the same which allow handling electronic money in a sense that is very similar to cash, and which allow avoidance of loss of the electronic money even at a time of loss or theft of a terminal for operating the electronic money. To this end, first, information of an electronic certificate for a terminal (A) of a user A is sent from a terminal (B) of a user B to an electronic money management server (300), and information of the electronic certificate for the terminal (B) is sent from the terminal (A) to the electronic money management server (300). Thus, the terminals to perform the transaction are authenticated.

Abstract: A portable device receives an account information request signal from a merchant machine. The portable device transmits a response message to the merchant machine. The response message comprises the account information for a purchase. The portable device transmits a first message to an account server. The first message comprises a request to get information comprising the purchase amount. The portable device receives a second message comprising the information from the account server. The portable device sends the purchase amount to a display.

Abstract: Implementations of the present application provide methods and devices for linking to an account and providing service processing. In one example method, an uncertified server can receive a linking request sent by a terminal device, wherein the linking request corresponds to a user account logged in by a user to the uncertified server. The uncertified service can transmit, to the terminal device, a predetermined instruction based on the linking request, wherein the predetermined instruction instructs the terminal device to send a real service account request to a certified server based on predetermined instruction. The uncertified server can later receive, from the terminal device, a virtual service account identifier generated by the certified server in response to the real service account request sent by the terminal device to the certified server.

Abstract: Implementations of the present application provide methods and devices for linking to an account and providing service processing. In one example method, an uncertified server can receive a linking request sent by a terminal device, wherein the linking request corresponds to a user account logged in by a user to the uncertified server. The uncertified service can transmit, to the terminal device, a predetermined instruction based on the linking request, wherein the predetermined instruction instructs the terminal device to send a real service account request to a certified server based on predetermined instruction. The uncertified server can later receive, from the terminal device, a virtual service account identifier generated by the certified server in response to the real service account request sent by the terminal device to the certified server.

Abstract: A system is provided that includes a server having a first engine, a second engine, a search word warehouse, and a purchasing engine. The first engine (i) maps topics to product features of products using a topic hotness method which computes a hotness degree of a product on a topic from (a) product identifiers, (b) product features, (c) customer comments, and (d) topics with relevant key words, and (ii) builds a model providing a relevance degree of a topic to a product feature. The model is built based on the hotness degree. The second engine extracts remarkable topics based on product features using a method applied to the relevance degree of the topic to the product feature to identify remarkable topics for each product. The search word warehouse stores the remarkable topics for each product. The purchasing engine conducts purchases of products identified in searches using the remarkable topics.

Abstract: Systems and methods for interoperable network token processing are provided. A network token system provides a platform that can be leveraged by external entities (e.g., third party wallets, e-commerce merchants, payment enablers/payment service providers, etc.) or internal payment processing network systems that have the need to use the tokens to facilitate payment transactions. A token registry vault can provide interfaces for various token requestors (e.g., mobile device, issuers, merchants, mobile wallet providers, etc.), merchants, acquirers, issuers, and payment processing network systems to request generation, use and management of tokens. The network token system further provides services such as card registration, token generation, token issuance, token authentication and activation, token exchange, and token life-cycle management.

Abstract: A system may include a blockchain network, a trust entity, and multiple user devices. A smart contract of the blockchain network may be configured to receive data from the trust entity and transfer digital stable tokens to a first user's cryptocurrency wallet. The first user may generate a blockchain transaction on the blockchain network in order to transfer some digital stable tokens to a second user. The second user may cash out some of the digital stable tokens via a smart contract of the blockchain network. The smart contract may send an instruction to the trust entity's computing system to transfer fiat currency into a financial account of the second user. A token cross-chain bridge may also facilitate the exchange of cryptocurrency for digital stable tokens.

Abstract: Various examples described herein are directed to systems and methods for processing a payment using a mobile wallet network and issuer. A mobile wallet application provides payment information and an indication if payment may be done directly via the mobile wallet network to a point of sale (POS) terminal. The POS terminal determines which payment network to use. A bill may be sent to the mobile wallet application. The mobile wallet application requests payment authorization from an issuer. The issuer provides the authorization and the transaction is completed between the POS terminal and the mobile wallet application.

Abstract: In example embodiments, a system and method for managing the resale of digital media rights is provided. In example embodiments, user accounts that store digital media rights for digital content may be maintained. An indication that a first user having a first user account intends to transfer digital media rights for a particular digital content may is received. A verification process is performed to verify that the digital media rights of the first user are transferable. Based on an indication that a transaction has occurred, the digital media rights are transferred from the first user account to a second user account associated with a second user that is a recipient of the digital media rights.

Abstract: A computer-implemented method for authorizing access to transaction data to a third-party computer system is implemented by a payment processor computer system coupled to a memory. The method includes receiving a request for access to transaction data associated with a cardholder account, requesting a set of authentication information associated with the cardholder account, authenticating the set of authentication information upon receiving the set of authentication information, and authorizing the third-party computer system to receive transaction data associated with the cardholder account. Upon validation, the payment processor computer system generates an authorization token and provides the authorization token to the third-party computer system. The third-party computer system uses the authorization token and a secure identifier to retrieve transaction data associated with the cardholder account.

Abstract: Techniques for secure mobile payment are provided. A credit or gift card is registered for additional security, such that a secure identifier or personal identification number (PIN) is required for use of the credit or gift card. Registration is not required or even known by the third-party payment service associated with the card. Subsequently, when a consumer attempts to use the card and before payment instructions are sent to the corresponding third-party payment service, the secure identifier or PIN is requested and verified. If properly verified, the payment instructions are forwarded for processing by the third-party payment service.

Abstract: A computer-implemented method includes submitting a preauthorization request for a payment to a payment provider. An authorization code associated with a set of final payment criteria is received from the payment provider, where the final payment criteria comprise at least one of a location restriction, a timeframe restriction, a category restriction, and a seller restriction. The authorization code is saved for later use. The authorization code is presented to a seller terminal as a payment for a sale, where the payment is approved based on confirmation that sale data describing the sale complies with the final payment criteria.

Abstract: Systems and methods for in-store purchases are provided. An exemplary method may include receiving by a customer device associated with a customer, customer data including customer preference data. The method may include storing the received customer data and identifying a merchant at a location of the customer. The method may also include determining a customer order for the identified merchant based on the customer preference data. Further, the method may include transmitting a notification to a merchant device associated with the identified merchant, the notification including the determined customer order.

Abstract: Regulated crypto-assets, or blockchain tokens, that are regulated as securities (security tokens) can be purchased using a compliance platform through a compliance wallet that allows token purchasers and token sellers to purchase and sell security tokens in a regulatory compliant manner. A rules engine of the compliance platform determines what compliance rules need to be satisfied for a given transaction and guides the token purchasers through a compliance process. Token sellers, upon being presented with a request to purchase tokens on the blockchain, can verify approved transactions on the compliance platform to ensure that the transaction can be compliantly processed.

Abstract: Provided is a payment processing system for executing payment processing by transmitting and receiving payment data between a payment terminal and a payment server via a communication device, the payment terminal not including a dedicated network device for communication with the payment server, the payment data including at least payment amount information and service information to which a payment is to be executed. The payment terminal includes a payment data generation section configured to generate first payment data in which the payment amount information is encrypted, and a terminal communication unit configured to transmit the generated first payment data to the communication device by short range communication.

Abstract: Methods, systems, and apparatus, including computer program products, for online transactions. A web page of an online store includes a payment option that allows a payment application on a user device to pay for the merchandise using card payment information that does not include the account number of the card or require that the account number be shared with the online store merchant.

Abstract: A merchant computer generates a token including a “pay-me” merchant account identifier and transaction data for a transaction conducted by a consumer. The merchant token can be obtained by a mobile communication device and transmitted to a payment processing network along with a device identifier for the mobile communication device and an authentication token provided by the consumer. The payment processing network can authenticate the device using the authentication token, retrieve a consumer account number based on the device identifier, and complete the transaction by pushing money into the merchant “pay-me” account from the consumer account.

Abstract: The ELECTRONIC WALLET CHECKOUT PLATFORM APPARATUSES, METHODS AND SYSTEMS (“EWCP”) transform customer purchase requests triggering electronic wallet applications via EWCP components into electronic purchase confirmation and receipts. In one implementation, the EWCP receives a merchant payment request, and determines a payment protocol handler associated with the merchant payment request. The EWCP instantiates a wallet application via the payment protocol handler. The EWCP obtains a payment method selection via the wallet application, wherein the selected payment method is one of a credit card, a debit card, a gift card selected from an electronic wallet, and sends a transaction execution request for a transaction associated with the merchant payment request. Also, the EWCP receives a purchase response to the transaction execution request, and outputs purchase response information derived from the received purchase response.

Abstract: A system, computer-readable storage medium and method provide a secure transaction by receiving, from a mobile wallet a request to assign a vendor specific payment account identifier (VSPAI) to a payment account identifier (PAI) associated with a user of the mobile wallet. Identifying information is verified of: (i) an issuer of the PAI, (ii) a specific vendor; and (iii) the user of the mobile wallet. In response to verifying, a unique VSPAI is created that is associated with the PAI of the user and the specific vendor. Then, when a payment request is received including the unique VSPAI for a transaction with a particular vendor, the particular vendor is verified as the specific vendor associated with the unique VSPAI. In response to verifying that the particular vendor, payment of the transaction by the issuer using the PAI associated with the unique VSPAI is facilitated.

Abstract: A system that incorporates the subject disclosure may perform, for example, receive secret information and non-secret information from a secure download application function, provide a request for a first verification to a secure element where the first verification is associated with access to content and/or an application that is accessible via the secure download application function, receive the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor, receive the non-secret information from the secure element, and generate a second verification for the access based on the non-secret information, where the content and/or application is accessible from the secure download application function responsive to the first and second verifications. Other embodiments are disclosed.

Abstract: The technology relates to a method for creating a payment data structure called a payment container. The technology also relates to the use of such a payment container by means of a processing server. The method for creating is implemented by a communications terminal, and comprises: selection, by a user and via a man-machine interface, of at least one attribute of said container, comprising the selection of at least one attribute value for at least one of the following parameters: (a) category of beneficiary of the payment container and (b) beneficiary of the payment container. The method also comprises obtaining, by the communications terminal, of at least one piece of data representing a user's bank card; validation, by the user, of the creation of the payment container; and transmission, by said communications terminal, of said payment container to a payment container processing server.

Abstract: Disclosed is an information query method and apparatus. The method includes: obtaining a query word input by a user through a terminal, identifying a target entity in the query word and determining a globally unique identifier (GUID) of the target entity for a knowledge map; determining a target entity type corresponding to the target entity according to a corresponding relationship between an entity and the entity type. The target entity type is used to indicate the target attribute and/or target entity relationship to be queried of the target entity; according to the GUID and an identifier of the target attribute and/or an identifier of the target entity relationship, querying an attribute value and/or a related entity corresponding to the identity of the target attribute and/or an identifier of the target entity relationship in the knowledge map; returning a search result to the terminal.

Abstract: An approach is provided for authenticating a payment card. Information is read from the payment card being used for a purchase. The information includes an identifier and data on a chip, in braille cells, and in markings in the payment card. A hash read from the chip, the identifier, and security codes derived from the braille cells and the markings are sent to a payment system. A hash of an (n+1)-th block of a blockchain is received and recorded in the chip in response to validations of the hash as matching a hash of an n-th block of the blockchain, the identifier, and the first and second security codes, and a generation of the hash of the (n+1)-th block. Data about the purchase and the hash of the (n+1)-th block are sent to the payment system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based data synchronization are provided. One of the methods includes: receiving, a transaction order created based on a transaction record; storing, the transaction order in association with the blockchain upon confirming the transaction order; receiving, a payment order created based on a payment record; storing, the payment order in association with the blockchain upon confirming the payment order; receiving, a fund transfer corresponding to the payment order; verifying, an amount of the fund transfer is consistent with the amount paid by the payer to the payee through the payment node; performing, a split-settlement operation on the payee based on the amount paid by the payer to the payee through the payment node; creating, a split-settlement record based on the split-settlement operation; and uploading, the split-settlement record for confirmation by the transaction node and the payment node.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for a biometric authentication system. In one aspect, a method includes broadcasting, through a transceiver, a signal that includes a kiosk identifier; receiving, from a server system, a reference image of the user based on a mobile computing device associated with the user having received the signal and providing the kiosk identifier to the server system; capturing, with a camera, an image of the user; and authenticating the user based on a comparison of the captured image of the user to the reference image of the user based on a comparison of the captured image of the user to the reference image of the user.

Abstract: Delegated administration of permissions using a contactless card. In one example, a permissions module may receive a request from a first account to grant a second account access to a computing resource. The permissions module may receive permissions data of the first account from a contactless card and encrypted data generated by the contactless card. The permissions module may transmit the permissions data and the encrypted data to an authentication server, which may verify the encrypted data based at least in part on the private key, and determine, based on the permissions data, that the first account has permissions to grant access to the computing resource. The permissions module may receive, from the authentication server, an indication of the verification of the encrypted data and a permissions vector associated with the second account, the permissions vector reflecting the grant of access to the computing resource to the second account.

Abstract: Multiple bit values can be encoded on a single photon in a quantum key distribution (QKD) system using a plurality of sidebands of an optical carrier frequency. Computational and conjugate bases can be defined, and photons decoded based on a selected state from either basis. If n sidebands are available, as many as log2n bits can be encoded on a single photon. Errors in detected bit values due to selection of an incorrect basis state or other errors can be at least partially corrected by bit distillation to identity bit strings for which a transmitter and a receiver record the same values, without insecure transmission of these values.