Abstract: A kiosk system is described that may have multilevel displays and multiple network antennas. Upper level displays may be non-touch and a lower level display may include a touch display. The upper level displays may be affixed to a body of the kiosk using brackets. The kiosk may include first and second network interfaces. The first network interface may be provided to enable user terminals local to the kiosk to wirelessly access network resources via the kiosk system. The second network interface may enable the kiosk to access a remote system. The kiosk may be equipped with a camera, microphone, and/or a speaker.

Abstract: A dynamic transaction card that includes a transaction card having a number of layers, each of which may be interconnected to one another. For example, a dynamic transaction card may include an outer layer, a potting layer, a touch sensor layer, a display layer (including, for example, LEDs, a dot matrix display, and the like), a microcontroller storing firmware, Java applets, Java applet integration, and the like, an EMV chip, an energy storage component, one or more antenna (e.g., Bluetooth antenna, NFC antenna, and the like), a power management component, a flexible printed circuit board (PCB), a chassis, and/or a card backing layer.

Abstract: A system and method for facilitating sharing of credentials and other secret data in a networked computing environment. An example embodiment provides for access to data of an external data source by a software application, wherein the external data source requires use of credentials to allow access to the data, but where the credentials themselves are not to be supplied to the software application. An example method includes storing the credentials in a secure data store; providing a token to the application, the token associated with the credentials and with an indication of the external data source; transferring the token from the application to a secure connector; using the secure connector and the token to retrieve the credentials from the secure data store to the secure connector; using the secure connector and the credentials to request data from the external data source to the secure connector before transfer of the requested data to the application via the secure connector.

Abstract: The current application is directed to methods and systems that provide an information market in which information producers sell information, advertisers purchase consumption of advertisements, and information consumers purchase information from information producers and receive compensation from advertisers through automated and semi-automated information-market transactions. The information market provides a transaction-based marketplace for the provision and consumption of information in much the same way as various types of financial markets provide a marketplace for cost-effective exchange of goods and services. The transaction-based information market provides flexibility and control to both information providers and information consumers as well as the cost efficiency of a transaction-based information marketplace.

Abstract: The present disclosure discloses an application-based service providing method, apparatus, and system. The method includes: acquiring an application identifier of a currently running application; and searching a preset application-service relationship table for a service list corresponding to the application identifier, so as to provide a user of the application with a service in the service list, where the application-service relationship table includes a correspondence between an application identifier and a service list, and the service list includes at least one service. The service providing method in the embodiments decouples a third-party service from an application, and even if the application needs version update, the third-party service also does not need to depend on the version update of the application.

Abstract: Methods and systems for performing electronic transactions involve receiving, using a processor coupled to memory, from a mobile application on a user's mobile device processor, a transaction message consisting at least in part of the user's account information obtained by the mobile application reading user account information encoded on a token of the user that is physically distinct from the mobile device processor and a transaction request for the user. Using the processor, the user's account information is verified and a transaction confirmation message is generated and sent to the mobile application on the user's mobile device processor.

Abstract: A method of ensuring the identity of a first processing device to a second processing device allows for secure network communication between the devices. A network resource address including an encoded trusted identifier in a portion of the address excluding the host name of the first processing device are provided to a second processing device by a trusted distribution mechanism. The trusted identifier is derived from a public key of the first processing device. Communication is initiated with the first processing device at the network resource address and a public key purporting to identify the first processing device is received in response to initiating the communication. The trusted identifier is compared to a transformation of at least a portion of the public key to determine a match between the identifier and the transformation. If the trusted identifier and the transformation match, the identity of the first processing device is verified.

Abstract: In systems and methods of generating an authenticated document biosignature, a processor of a verification device may calculate a base verification score associated with a user based on at least one identification input, the identification input comprising one or more identification features, a feature validity rating of each identification feature, a source where the one or more identification feature are received, and a source validity rating, wherein at least one of the identification features includes a biometric identification feature. The processor of the verification device may generate a glyph based on the base verification score and the identification input. The glyph may be associated with a document, and may be used to verify the identity of the user associated with the glyph.

Abstract: An apparatus such as a mobile phone includes a contactless smart card or payment device, where the smart card is intended for use in both commerce transaction payment and transit fare payment (or other venue access) environments. The payment device may function as both an electronic wallet for commerce transactions and as a transit system card, for access to and fare payment of transit services. Implementation of both functions may be achieved by use of a dynamic memory management system that permits data for both the payment and transit applications to be stored on the card, with the transit data and storage locations isolated from those used to store data intended for use in paying for commerce transactions. The transit application specific data may include access control data (keys, passwords, identification data) or data required for fare calculations (rates, historical data on system use), for example.

Abstract: A portable communication device may include a mobile application executing in an application execution environment and a secure application executing in a trusted execution environment. The secure application may receive, from the mobile application, a storage request to store sensitive data. The storage request may include an encrypted data type identifier and an encrypted sensitive data. The secure application may decrypt the encrypted data type identifier and the encrypted sensitive data using a transport key, and re-encrypt the sensitive data using a storage key. The re-encrypted sensitive data can then be stored in a memory of the portable communication device which is outside the trusted execution environment.

Abstract: The utility of a portable consumer device is extended by allowing account holders the ability to gain entry into access-controlled venues using a portable consumer device that is associated with an account that was used to purchase the admission or tickets to the event at the access-controlled venue. Merchandise or other goods and services may be pre-purchased by the consumer. Pre-purchasing may occur at the time that the price of admission is paid or before entry into the venue. The portable consumer device may be validated at the entrance to the access-controlled venue. After the consumer's entry into the venue, an arrival notification alert may be triggered to provide additional goods or services. For example, when a consumer successfully enters the venue using the consumer portable device, the pre-purchased items may be delivered to the consumer location at a specific time.

Abstract: Systems and methods for providing secured network access are provided. A user device located within range of a branded hotspot initiates a request for the secured network access. The request concerns secured network access at the hotspot by the user device and includes a unique pre-shared key. A query regarding the unique pre-shared key is sent to a database, which retrieves information regarding a corresponding pre-shared key. That information is sent to the hotspot controller, which allows the user device secured network access as governed by one or more parameters associated with the pre-shared key.

Abstract: Described herein is a system for utilizing an embedded NFC chip in a rubber stamp for authenticating and verifying documents through a 2FA process that is connected to a cloud platform comprising a secure element operably connected to the NFC baseband; and a unique authentication id stored in the secured element.

Abstract: A system that incorporates the subject disclosure may perform, for example, operations including receiving an encrypted secure token from a secure token application function that is remote from the communication device, storing the encrypted secure token in a secure element memory of the secure element, accessing user input requesting the encrypted secure token where the secure device processor is separate from the secure element and is in communication with the secure element, generating a modified secure token by adding identification information to the encrypted secure token and by performing a second encryption of the encrypted secure token with the identification information, receiving the modified secure token from the secure element, and providing the modified secure token to a receiving device. Other embodiments are disclosed.

Abstract: Systems and methods provide for data management and governance to enforce proper usage of combined data formed from different pieces of data. Data governance metadata identifying authentication states for the individual pieces of data are combined to tag the combined data with new data governance metadata indicating the cumulative authentication states. Similarly, data governance metadata identifying standard contractual considerations for the individual pieces of data are combined to tag the combined data with new data governance metadata indicating the cumulative standard contractual considerations. An extent to which the combined data can be used to identify and/or contact a person is determined, and data governance metadata is tagged to the combined data identifying the extent to which the data can be used to identify and/or contact the person.

Abstract: A system for conducting transactions without a debit card or credit card may receive a request to complete a transaction including authentication data associated with a transaction account and a captured biometric template. The transaction request may lack information contained on a typical debit card or credit card. The system may identify the transaction account using the authentication data associated with the transaction account. The transaction account may be associated with a stored biometric template stored in a biometric data store. The system may also compare the stored biometric template with the captured biometric template. In response to the stored biometric template conflicting with the captured biometric template, the system may decline the transaction.

Abstract: Methods and apparatuses for maintaining data integrity in deduplicated storage environments. A processor receives a request to write a first block of data to a storage device. A processor compares the first block of data to a second block of data, wherein the second block is stored on the storage device. A processor writes the first block of data to the storage device based, at least in part, on the first block of data matching the second block of data and an amount of pointers to the second block of data being above a predetermined amount.

Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server device used for authentication and the client device. These operations may include fetching a user certificate from the smart card or signing data. Fast smart card logon may also improve security by optionally avoiding PIN (or other credential) transmission over networks, and to enable single sign on from an authentication event (e.g., Secure Sockets Layer (SSL) or Transport Layer Security (TLS) authentication) using a smart card to the domain logon without resorting to PIN caching.

Abstract: A method for providing a token revocation list is disclosed. The method includes maintaining a status for each of a plurality of tokens in a token revocation database. Token validation requests are received, and the statuses of payment tokens can be determined. Response messages with the statuses of the payment tokens are then sent to token status requesters so that they may make decisions on whether or not to use them to process transactions.

Abstract: Systems and methods are provided for transferring settlement funds received into a pooled settlement account of an acquirer processor account to one or more financial accounts of a merchant. The transferring of the funds can be directed by one or more settlement rules defined by a merchant. The type of transfer method can be based on the type of financial account. Example types of transfers include Automated Clearing House (ACH) transfers and intrabank transfers.

Abstract: A method of making a payment in which payment data is received by a user's terminal from a point-of-sale terminal, a secret of a payment application is received by the terminal from the operator's server system, a trust card is activated in the user's terminal by utilizing said secret of the payment application, and data of the trust card is transmitted from the user's terminal to the point-of-sale terminal for making the payment transaction. A trust card is created in the server system, data of the trust card is transmitted to the terminal to be used for making the payment transaction, the secret of the payment application is formed in the server system, and access to the secret of the payment application is provided to the terminal for activating the trust card for making the payment transaction.

Abstract: Payments assurance methods and systems are described. In some embodiments, a Proxy Service Manager Server computer receives a consumer authentication request from a merchant device, and transmits that request to an Authentication Service Manager Server computer. The Proxy Service Manager Server computer then receives a non-repudiable accountholder authentication value (“AAV”) token, generates a payment authorization request that includes the AAV token, and transmits the payment authorization request to an Acquirer financial institution (FI) Server computer. The Proxy Service Manager Server computer is then operable to receive a payment authorization message, and to transmit the payment authorization message to the merchant device to enable a merchant to complete a purchase transaction with a consumer.

Abstract: A system and method for securely authenticating a user for the purpose of accessing information, such as private financial or personal information, in an online environment are disclosed. In addition, a system and method for allowing consumers to make secure payments from an electronic wallet with biometric authentication are disclosed.

Abstract: Systems and methods are provided to allow a smart phone or any terminal to activate a door lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a door lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the door lock when a current reservation certificate has been presented.

Abstract: Embodiments are directed at systems, apparatuses, and methods for indirect device pairing through a trusted intermediary. One embodiment is directed to a method including receiving a pairing identifier associated with an untrusted device controller. The method further comprises extracting the pairing identifier from the pairing request, searching a pairing identifier database for a matching pairing identifier, determining an untrusted device controller associated with the matching pairing identifier, and sending the pairing request to the untrusted device controller. The untrusted device controller may identify the untrusted device, associate the pairing identifier with the trusted intermediary, and lock the pairing identifier. The method further comprises receiving a pairing response indicating that the untrusted device is paired with the computer.

Abstract: In an ad hoc peer-to-peer type network during peer discovery, information relating to users of various devices is broadcast to other devices in the network, which can compromise privacy of the users. Instead of announcing a public identifier that might be known by a multitude of individuals, the user device announces a private identifier that might be known to, or determined by, a select few individuals. The individuals selected can be given a key to determine the private identifier associated with a public identifier, or vice versa, wherein that key can have a validity range or a period of time, after which the key expires. Prior to the expiration of the key, the selected individuals, through their respective devices, can detect a corresponding user and/or device by the current private identifier being announced, thus mitigating the number of people that are aware of the user's presence.

Abstract: A method for authorizing a digital wallet transaction initiated by a consumer from a merchant web site or app includes providing an acceptance mark on a merchant landing page associated with the merchant web site or app for initiating the digital wallet transaction, the acceptance mark comprising a link to a host server accessing an acceptance network for authorizing payment, the acceptance network comprising a plurality of digital wallets. A wallet selector switch allows selection of a wallet, the transaction is routed to the selected wallet, a payment card and shipping address are selected and the transaction is redirected back to the merchant with purchase details for authorizing and completing the digital wallet transaction. The wallets can include federated and non-federated cobranded wallets and partner-hosted wallets. Direct provisioning with partner credentials and automatic update of consumer details is provided in a federated cobranded wallet.

Abstract: A data processing system is disclosed for accessing databases and updated data items and triggering event notifications. The data processing system may comprise a first database including a plurality of records, and a second database including a plurality of trigger indicators. The database system may further include a hardware processor configured to execute computer-executable instructions in order to: receive an update data item; identify a record corresponding to the update data item; cause an update to the record based on information included with the update data item; identify a trigger indicator corresponding to the update to the record; determine that a type of the trigger indicator matches a type of the update to the record; and generate an event notification including information included in the update.

Abstract: A system for warranting the identity of a party over an electronic network. The system comprises a root entity and a plurality of additional entities. Each additional entity is admitted to the system after agreeing to abide by a plurality of operating rules promulgated by the root entity. The additional entities may comprise level-one participants and level-two participants. Certificate authorities maintained by level-one participants issue digital certificates to their customers. The digital certificates bind the customers to their public keys. System customers are also provided with a warranty request formatter which is adapted to formulate a request for a warranty as to the veracity of information contained in a digital certificate. The warranty request formatter is also adapted to transmit the request for the warranty to the customer's level-one participant.

Abstract: A method of conducting a financial transaction by a purchaser over a communications network is provided where the purchaser does not transmit his or her “real” payment card information over the network but instead secure payment application software is provided which allows for the transmission of a pseudo account number that is cryptographically processed for purposes of responding to an authorization request based on the real account number.

Abstract: A network access system, e.g. a network hotspot, requires a mobile network access device, e.g. a smart phone or WiFi only device, to provide a network access standard designation and/or a device identification datum to gain access to network services. The network access standard designation may be provided by the mobile network access device to an online signup server via a EKU_key_purpose field of a PKCS10 certificate signing request. The device identification datum may be provided to the OSU via a subject field of the signing request. The OSU may require that the device identification datum be the same as a device identification datum provided by the mobile network access device prior to the mobile network access device requesting a signed network access certificate.

Abstract: One aspect of the disclosure relates to providing an online game for facilitating assumption of a player identity. The online game comprises a player account associated with the player. By facilitating assumption of a first player identity associated with a first player account, game support personnel and/or an administrator may be substituted for a player in the online game. The assumption of the first player identity may be accomplished through transmission and/or implementation of a private key stored on a client computing platform associated with the first player account, in order to facilitate a different client computing platform (e.g., associated with support personnel) to be authenticated to the first player account. This may allow the support personnel and/or an administrator to directly experience the player problems in the online game.

Abstract: Conducting hands-free transactions comprises a server at a payment processing system, a user computing device, and a merchant computing device. The payment processing system registers a merchant system as a hands-free payment participant and provides a beacon identifier. The payment processing system receives a communication from a hands-free payment application on a user computing device, the communication comprising a transaction token, an identification of a user account, and the beacon identifier received by the user computing device via a wireless communication from a device associated with the merchant system and transmits the transaction token to the merchant system computing device.

Abstract: A method of measuring a campaign performance includes transforming identifiers into non-identifiers, and providing the non-identifiers to an external processing party; receiving encrypted non-identifiers comprising the non-identifiers after encryption by the external processing party, other non-identifiers, spending values, and a public cryptographic key, each member of the other non-identifiers being associated with a corresponding member of the spending values; encrypting the non-identifiers to generate other encrypted non-identifiers, and determining an intersection of the encrypted non-identifiers and the other encrypted non-identifiers to generate common encrypted non-identifiers; identifying a subset of the spending values associated with members of the encrypted non-identifiers in the common encrypted non-identifiers; and deriving a total spending value based on the subset of the spending values.

Abstract: Systems and methods which allow for a money transfer transaction to be funded without providing payment at the point in time when the transaction is originated and which also do not require a customer to undertake a separate transaction with a separate entity prior to initiating the money transfer transaction with a money transfer service are provided. Embodiments may therefore allow for money transfers, such as in emergency situations, when customers would not otherwise have payment readily available at the time of the transaction.

Abstract: A system and method that keeps check of financial transactions by maintaining distinct records for a plurality of devices associated with a financial account, in conjunction with performing authentication further to inputting transaction data from a point of sale, the system comprising a communication portion that inputs transaction data received from the point of sale, the transaction data including an account number and one of a CVV number and an expiration date; a device identification portion that identifies a particular device, from which the transaction originated, out of the plurality of devices based on the account number and one of the CVV number and the expiration date; and an authentication portion that performs authentication processing based on a comparison process that utilizes the transaction data, the authentication portion generating an authentication result, and the authentication portion outputting the authentication result.

Abstract: A system and method for verifying a digital signature on a certificate, which may be used in the processing of encoded messages. In one embodiment, when a digital signature is successfully verified in a signature verification operation, the public key used to verify that digital signature is cached. When a subsequent attempt to verify the digital signature is made, the public key to be used to verify the digital signature is compared to the cached key. If the keys match, the digital signature can be successfully verified without requiring that a signature verification operation in which some data is decoded using the public key be performed.

Abstract: Systems and methods may comprise RFID data acquisition technology which may be embedded in a fob or tag for use in completing financial transactions. This fob may a self-contained device which includes a transponder and which may be contained on any portable form factor. For instance, the tag may be housed in a wearable transaction instrument, such as an activity tracker. The tag is configured to be used in concert with an RFID reader device.

Abstract: Some embodiments of the present invention provide a system that facilitates interactivity during automated web-site accesses. During operation, the system executes a script which automatically accesses one or more websites. While executing the script, the system retrieves user-specific data associated with a user. The system then uses the user-specific data to access a target website. While accessing the target website, the system receives an interactivity request which the system presents to the user. The system then receives a response to the interactivity request from the user, and forwards the response to the website.

Abstract: Various embodiments of the present technology involve creating a secure unique identifier for a content item to be used in a synchronized content management system while off-line with the synchronized content management system. In some embodiments, securing the unique identifier involves generating a random key and applying a hash function to an input to generate a hash. The synchronized content management system can require a user to send both the secure identifier and the key to the content management system in order to register the content item with the content management system. Accordingly, a malicious user who only has access to the secure identifier cannot use it to identify the key. This prevents a malicious user who has obtained the secure identifier, but does not have access to the key from registering a malicious document using the original user's secure identifier.

Abstract: An apparatus such as a mobile phone includes a contactless smart card or payment device, where the smart card is intended for use in both commerce transaction payment and transit fare payment (or other venue access) environments. The payment device may function as both an electronic wallet for commerce transactions and as a transit system card, for access to and fare payment of transit services. Implementation of both functions may be achieved by use of a dynamic memory management system that permits data for both the payment and transit applications to be stored on the card, with the transit data and storage locations isolated from those used to store data intended for use in paying for commerce transactions. The transit application specific data may include access control data (keys, passwords, identification data) or data required for fare calculations (rates, historical data on system use), for example.

Abstract: In a network to which a plurality of electronic devices and a server are connected, an electronic key system controls locking and unlocking of ID information output of each electronic device. Each electronic device includes a switching device that locks or unlocks output of ID information of each electronic device. The server includes an availability changing unit and a management unit. The availability changing unit unlocks only one of the plurality of electronic devices and locks the other electronic devices. The management unit updates a state at which the locking of ID information output and the unlocking of ID information output are swapped between a pair of the electronic devices.

Abstract: A two-dimensional code authenticating device reads a self-authentication two-dimensional code to obtain an RS bit string, and detects a bit string c? as an error using the RS bit string. Next, an exclusive OR between a bit string l included in the RS bit string and the bit string c? detected as an error is calculated to obtain a bit string c?, and a bit string md is obtained by decrypting the bit string c? through a scheme corresponding to the encryption. Subsequently, it is determined whether or not the decrypted bit string md matches the bit string m included in the RS bit string, thereby authenticating the self-authentication two-dimensional code.

Abstract: A system that incorporates the subject disclosure may perform, for example, operations including receiving an encrypted secure token from a secure token application function that is remote from the communication device, storing the encrypted secure token in a secure element memory of the secure element, accessing user input requesting the encrypted secure token where the secure device processor is separate from the secure element and is in communication with the secure element, generating a modified secure token by adding identification information to the encrypted secure token and by performing a second encryption of the encrypted secure token with the identification information, receiving the modified secure token from the secure element, and providing the modified secure token to a receiving device. Other embodiments are disclosed.

Abstract: An environment for facilitating the management of content for users associated with specific partner networks is provided. Users may be granted access to such specific partner networks in accordance with each user's affiliation with one or more organizations. In accordance with the above, a content management system facilitates the content/information exchange by accepting software applications from content providers. Additionally, the content management system accepts software application specifications or manifests from partner network administrators. Accordingly, the content management system can audit and recommend actions to users regarding applicable software application based one user organizational associations. Still further, the content management system can facilitate requests from affiliated users for specific types of content that can be forwarded to content providers and later made available to affiliated users.

Abstract: An information processing apparatus includes a memory and a processor that is connected to the memory. The processor executes a process including: determining, when startup of an application is instructed, whether the application needs user authentication; executing, when it is determined that the user authentication is needed, the user authentication by starting up an authentication application that is different from the application; and executing, when the result of the user authentication indicates that the user authentication is successful, the application that is instructed to start up.

Abstract: A device managing apparatus for managing software installed in at least one device includes a determination unit configured to determine whether a software item to be installed in the device requires license validation; a validation unit configured to perform a license validation operation on the software item for which the determination unit determines that license validation is required, depending on an available license for the software item; and a setting unit configured to set a license issued by the validation unit in the device in which the software item is installed.

Abstract: A mediation server which is able to communicate with a plurality of account managing servers (104) and mediates requests for issuing subscription information transmitted from a plurality of communication devices between each communication device and any one of the plurality of account managing servers (104), the mediation server comprising, a selection unit configured to select the account managing server to which the request is to be transmitted based on information regarding a current operational status of each account managing server stored in a database, when the request is received from the communication device, and a transmission unit configured to transmit the request for issuing the subscription information to the selected account managing server.

Abstract: Systems and methods are provided to allow a smart phone or any terminal to activate a door lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a door lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the door lock when a current reservation certificate has been presented.

Abstract: A payment card comprises a supporting body with a controller provided with an inner memory in which identification data of a user and the issuing institution are stored. In addition the card provides a connection interface combined with the controller for the connection with an outside device. The connection interface is a connection port incorporating a male portion and a female portion arranged, one with respect to the other, according to a specific layout rendering such a port a “hermaphrodite” port, that is able to couple with a port having an identical geometry. The connection port further comprises a plurality of electric contact elements combined with the male portion and/or the female portion. A method referring to virtual transfer of money between two payment cards is further described.