Abstract: One of the objects of the present invention is to provide a communication system in which biometrics can be utilized without leaking to a third person so that a strict personal authentication can be conducted. The communication system includes, storing a correspondence table in a card, storing a reference password which is formed by converting a part of biometrics of an authorized user in the card by using the correspondence table, reading a part of biometrics of a user by the card, converting a part of the biometrics of the user into a password by the card using the correspondence table, and checking the password against the reference password by the card, wherein the card and the user are authenticated if a the password and the reference password match in the step of checking.

Abstract: An embodiment relates generally to a method of binding a token to a user. The method includes receiving a token embedded with an address and inserting the token into a computer. The method also includes connecting to the address stored on the token and binding a user to the token based on information from the address.

Abstract: Described is a mobile terminal. The mobile terminal includes: a SIM card identity registration module, configured to acquire registration information of a user; a security management module, configured to encrypt the registration information to acquire encrypted registration information; and a NFC authentication module, configured to acquire and transmit information about an intelligent card to the security management module which is also configured to decrypt the encrypted registration information to acquire the decrypted information, match the information about the intelligent card with the decrypted information, and if the matching is successful, output a balance and/or transaction information stored in the intelligent card. Described also is a method and a system for inquiring information stored in an intelligent card by using a mobile terminal.

Abstract: A method for crediting a customer account maintained by a vendor of services in response to payment received from a customer is disclosed herein. The method includes issuing, to the customer, a membership account number associated with at least the customer account. A membership account number and a payment corresponding to a requested amount of a service offered by the vendor are received from the customer at a point-of-sale. The method further includes generating, at the point-of-sale, an authorization message including at least the membership account number and embedded transaction information identifying the service offered by the vendor and the requested amount. The embedded transaction information is then communicated from the point-of-sale to a database server. The customer account is credited, in response to the embedded transaction information, based upon an amount of the payment.

Abstract: Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords.

Abstract: A smart card transaction allows a consumer to load value onto a smart card and to make purchases using a smart card with a mobile telephone handset over the telecommunications network. For loading, the system includes: a mobile telephone handset including a card reader; a gateway computer; a funds issuer computer; and an authentication computer. The mobile telephone handset receives a request from a user to load a value onto the smart card. The handset generates a funds request message which includes the value and sends the funds request message to a funds issuer computer. The funds issuer computer debits an account associated with the user. Next, the handset generates a load request message with a cryptographic signature and sends the load request message to an authentication computer which authenticates the smart card. The handset receives a response message which includes a cryptographic signature and an approval to load.

Abstract: A system and method for generating an authentication token which is used by an issuer associated with a integrated circuit card to authenticate a transaction. A personal card reader receives data, including an authentication cryptogram, from the integrated circuit card. The personal card reader uses the data received from the integrated circuit card to select one of at least two default bitmaps stored in a memory portion of the personal card reader. The personal card reader uses the selected default bitmap and the authentication cryptogram to build the authentication token.

Abstract: A method and a system is provided for establishing a communications path over a communications network between a personal security device (PSD) and a remote computer system without requiring the converting of high-level messages such as API-level messages to PSD-formatted messages such as APDU-formatted messages (and inversely) to be installed on a local client device in which the PSD is connected.

Abstract: Methods of and systems for securely monitoring a balance of a payment account include storing, in a first database, ledger data and storing, in a second database, wallet data. Wallet data includes a wallet balance value for the payment account. When a transaction is initiated using the payment account, an access operation is performed on the wallet table. Illicit or improper modifications can be detected by deriving a ledger comparison value from the ledger data and comparing the derived ledger comparison value to a wallet comparison value from the wallet data.

Abstract: A method for generating tokens for use in an email-based e-commerce transaction between third party vendor and a customer that is facilitated by a payment server is disclosed. The method may comprise generating a token for use with an email checkout, wherein the token comprises a customer name, and customer email address. The processor may generate an email message for at least one recipient, the email message including a mailto hyperlink including the token, wherein the mailto hyperlink generates an email response message addressed to the payment server including the token. The method may comprise receiving a notification from the payment server indicating that the at least one recipient that the email response message was successfully received by the payment server and the email-based e-commerce transaction is successful.

Abstract: In some example embodiments, a system and method is shown that includes receiving a purchase request through an Electronic Payment Financial Network (EPFN), the purchase request including a token to identify a merchant server. The system and method further includes comparing the token against a merchant identifier value to determine that that token is assigned to the merchant server. Additionally, the system and method includes transmitting a purchase request authorization authorizing an online transaction, where the token and merchant identifier value are equivalent.

Abstract: A data security system includes providing a unique identification from a first system to a second system; copying the unique identification in the second system by the first system; and unlocking a memory in the first system or the second system only when the unique identifications in the first system and the second system are the same.

Abstract: The invention provides systems and methods of authenticating a customer device, in conjunction with a requested interaction, the customer device associated with a customer, the method performed by an authentication entity processing portion in the form of a tangibly embodied computer.

Abstract: In some embodiments, a method comprises receiving a request from a customer to temporarily associate a token issued to the customer with a payment account associated with the customer, and temporarily associating the token with the payment account in response at least in part to the request. In some embodiments, a method comprises issuing a token to a customer before the token is associated with a payment account; and arranging for the customer to have an ability to request that the token be associated with a payment account and usable as a payment token. In some embodiments, a method comprises receiving a mapping associating an identifier of a token with a payment account; receiving the identifier from a point of sale system; and determining the payment account based at least in part on the mapping and the identifier received from the point of sale system.

Abstract: A smart card transaction allows a consumer to load value onto a smart card and to make purchases using a smart card with a mobile telephone handset over the telecommunications network. For loading, the system includes: a mobile telephone handset including a card reader; a gateway computer; a funds issuer computer; and an authentication computer. The mobile telephone handset receives a request from a user to load a value onto the smart card. The handset generates a funds request message which includes the value and sends the funds request message to a funds issuer computer. The funds issuer computer debits an account associated with the user. Next, the handset generates a load request message with a cryptographic signature and sends the load request message to an authentication computer which authenticates the smart card. The handset receives a response message which includes a cryptographic signature and an approval to load.

Abstract: Embodiments of the present disclosure provide a method and system for guided implicit authentication. The system first receives a request to access the controlled resource from a user. The system then determines whether the user request is inconsistent with regular user behavior by calculating a user behavior measure derived from historical contextual data of past user events. Next, the system allows the user to provide information associated with regular user behavior and/or current contextual data. The system further updates the user behavior measure based on current contextual data.

Abstract: A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity.

Abstract: The present application relates to a system and method for managing a plurality of accounts. A plurality of accounts is provided, with each account being associated with a customer. Account activity information associated with at least one action regarding one of the plurality of accounts is received at a first predetermined frequency. The received account activity information is analyzed, and at least one term of another account amongst the plurality of accounts is modified based upon a result of the analysis at a second predetermined frequency.

Abstract: A transponder-initiated transaction system is electromagnetically coupled to an account transponder device at the point of sale. The account transponder device may be embedded within a watch, key chain or other personal article for convenience or affinity. The transponder device may communicate account information to an RF-enabled point of sale device, enabling transactions to take place without resort to remote data processing facilities. In other embodiments partial or complete account information may be accessed or stored at co-located or remote sources. New account registrants may access a Web site to enter a transponder ID and activate a new account, which may be a credit account, debit account, cash account, special purpose vending account, or other types of accounts.

Abstract: A method of transferring money from a first user to another user through a cellular network is disclosed. The method includes a the first user buying a voucher of a specified money from market and sending a USSD string to a cellular network, the cellular network authorizing details provided by the first user, sending a notification to the first user confirming transfer of the money to the second user, sending the second user a notification informing receipt of the money from the first user, sending the second user a secret code, a vendor confirming details provided by second user by contacting the cellular network, the cellular network further confirming the second user, authorizing the vendor to pay the specified money to the second user, crediting the money to the vendor account, and sending a confirmation to the first user notifying the second user has received the cash.

Abstract: A method for providing fast and secure access to MIFARE applications installed in a MIFARE memory being configured as a MIFARE Classic card or an emulated MIFARE Classic memory, comprises: keeping a repository of MIFARE memories and user identifications assigned to said MIFARE memories as well as of all MIFARE applications installed in the MIFARE memories, wherein, when a new MIFARE application is to be installed in a MIFARE memory identified by a user identification the present memory allocation of said MIFARE memory is retrieved, an appropriate sector of said MIFARE memory is calculated, a key is calculated for said MIFARE application and the MIFARE application together with the assigned sector and key are linked to the user identification and are stored in the repository.

Abstract: A Universal Positive Pay Database (UPPD) method, system and/or computer useable medium to reduce financial transaction fraud. A UPPD database is configured to store thereon transaction records associated with financial transactions corresponding to customers of the UPPD database. A particular financial transaction is initiated between a payer and a payee by providing parameters associated with the financial transaction to the UPPD database. An issue File is provided to the UPPD database that includes parameters associated with the particular financial transaction. A correspondence determination is made between the financial transaction parameters from the Issue File and the financial transaction parameters provided to the UPPD database at every point along the financial transaction clearing process.

Abstract: Various embodiments are directed to methods for generating proxy account data for a financial account and authorizing payment from an account of a customer based on proxy account data. Example methods may comprise selecting a serial number for a first customer and storing an association between the serial number and an account of the first customer. The methods may further comprise encrypting the serial number and consolidating the encrypted serial number with checkable data. An association between the encrypted serial number and the checkable data may be stored and the consolidated encrypted serial number and checkable data may be encrypted to generate proxy account data.

Abstract: A payment processing system for accepting manually-entered payment-card numbers. Rather than entering a payment-card account number into an application module, the card number is instead captured and stored within a tokenizer prior to being sent to the application module. The tokenizer then returns a random token to the calling application as a pointer to the original payment-card number. The token has no algorithmic relationship with the original payment-card number, so that the payment-card number cannot be derived based on the token itself. Since the token is not considered cardholder data, the token may be used in an application module without the module or its connected hardware from being subject to regulatory standards compliance. Some embodiments involve browser-based schemes, and some embodiments involve PIN-entry device-based schemes.

Abstract: Systems, methods, and devices are disclosed which allow a mobile device user to complete financial transactions even when the mobile device is not connected to a wireless network. The systems, methods, and devices of the present disclosure may utilizing a combination of an encrypted lockbox containing out of network payment codes on the mobile device and a matching set of out of network payment codes stored on a server of a payment authority.

Abstract: A purchase card system configured in accordance with the invention offers purchase card products that facilitate online purchases of life sciences research products and/or services via an e-commerce application. The acquisition and use of such purchase card products complies with mandated procurement, spending, and appropriations rules, regulations, and laws, such as the Federal Acquisition Regulation, the Anti-Deficiency Act, and the Department of Defense “bona fide needs” rule.

Abstract: Methods, systems, and computer-readable media are disclosed for access control. A particular method receives a resource access identifier associated with a shared computing resource and embeds the resource access identifier into a link to the shared resource. The link to the shared resource is inserted into an information element. An access control scheme is associated with the information element to generate a protected information element, and the protected information element is sent to a destination computing device.

Abstract: A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity.

Abstract: A method of conveying monetary value between at least two parties, may utilize a computer system or a vending machine. A first party requests an amount of monetary value to be in one or more desired incremental monetary amounts, and provides a payment. A system administrator requests a personal identification number (PIN), which is associated, within an administrator database, with a Globally Unique Identifier (GUID) that is located on one or more QwikCash tickets, which are thereby activated, and thereafter issued to the first party. The GUID is machine scannable, and each QwikCash ticket may comprise a textual reference denoting its incremental monetary amount, and a textual reference identifying issuance of the PIN. The first party may use the PIN and remit the QwikCash ticket: to a second party, as a person-to-person monetary transfer; to a merchant for making a purchase; or to a bank ATM in exchange for cash.

Abstract: A method includes: establishing a first connection between a first ID token and a first computer system via a second computer system for reading at least one first attribute from the first ID token, establishing a second connection between a second ID token and the first computer system via the second computer system for reading at least one second attribute from the second ID token, sending the first and second attributes from the first computer system to a third computer system, receiving the data from the third computer system by the first computer system, writing the data into the second ID token via the second connection by the first computer system thereby storing the data in the second ID token, where the first connection still exists, wherein the first and the second connection are respectively connection with end-to-end encryption and a connection oriented protocol.

Abstract: In a value transfer scheme, users are provided with programmable devices, for example, smart cards, capable of carrying data representing at least one available commodity value. Data representing user accounts is held at a remote processing station. Transactions between users are effected by the off-line exchange of data between users'respective smartcards, the exchanged data containing a record of each transaction entered into. The user account data for each user's account held at the remote processing station is updated only subsequently when the user's smartcard is on-line to the remote processing station and data therefrom is uploaded to the remote processing station. The scheme of the invention can, conveniently, be based around the ITSO scheme which is used to govern the secure transfer of data. The scheme is capable of providing a secure multi-commodity value transfer system.

Abstract: An authentication token using a smart card that an organization would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user.

Abstract: A method of diagnosing a mobile device is provided. The method comprises obtaining an access key from a key store based on an identity of the mobile device and based on an identity associated with an issuer of a confidential information, wherein the access key is associated with a secure element of the mobile device storing the confidential information. The method also comprises wirelessly transmitting a message from a station associated with the issuer to the mobile device to initiate diagnostics of at least the secure element of the mobile device, the message comprising the access key, wherein the diagnostics are performed by diagnostic instructions stored on the mobile device. The method also comprises displaying the result of the diagnostics.

Abstract: A method for operating a signal receiver which authorizes controlled access, comprising providing an authentication token device having a predetermined usage limit stored therein, providing a reading device for reading the authentication token device, and for implementing the predetermined usage limit while deauthorizing the authentication token device for use with other reading devices, comprising a signal generator for communicating with a signal receiver through a wireless transmission, receiving the wireless transmission at the signal receiver, to permit access based on the received transmission, and upon exceeding the predetermined usage limit, deauthorizing further access.

Abstract: A system may include a point-of-sale system that gathers payment card track data from a payment card and a payment card gateway that processes the track data to authorize purchase transactions. The point-of-sale system may remove sensitive data such as a portion of a primary account number from the track data and may compress the removed data. The compressed version of the data may be appended to a discretionary field in the track data. The discretionary field may be encrypted following insertion of the compressed data. Track data that has been modified in this way may be conveyed to the payment gateway for processing.

Abstract: A personal digital key (e.g., which can be carried by a human) contains a memory having different service blocks. Each service block is accessible by a corresponding service block access key. As the personal digital key (PDK) moves around, it is detected by sensors. The sensors report position data, thus enabling location tracking of the PDK. The sensors also provide a data path to various applications. An application that has access to a service block access key can therefore access the corresponding service block on the PDK. The sensors themselves may also contain service block access keys.

Abstract: Facilitating transactions using non-traditional devices and biometric data to activate a transaction device is disclosed. A transaction request is formed at a non-traditional device, and communicated to a reader, wherein the non-traditional device may be configured with an RFID device. The RFID device is not operable until a biometric voice analysis has been executed to verify that the carrier of the RFID equipped non-traditional device is the true owner of account information stored thereon. The non-traditional device provides a conduit between a user and a verification system to perform biometric voice analysis of the user. When the verification system has determined that the user is the true owner of one or more accounts stored at the verification system, a purchase transaction is facilitated between the verification system. Transactions may further be carried out through a non-RF device such as a cellular telephone in direct communication with an acquirer/issuer or payment processor.

Abstract: Systems and methods are provided for secure transactions according to one or more embodiments. According to an embodiment, a method for providing secure transactions comprises initiating a transaction via a point of sale device having a one time password generator. The method also comprises generating at least one password by the point of sale device. The method further comprises associating the at least one password with account information. The method further comprises transmitting the password associated with the account information to a remote location. If the transmitted password matches predetermined associated information at the remote location, the method further comprises confirming the transaction.

Abstract: Particular embodiments provide a method for orchestrating an order fulfillment business process that includes a sub-process. In one embodiment, abstraction of business processes from an underlying information technology (IT) infrastructure is provided. An orchestration process can be designed using sub-processes such that the sub-process is assembled at run-time into an executable process. The sub-process may be defined in an interface as a single step. A plurality of services as then assembled as steps in the executable process at run-time.

Abstract: Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input.

Abstract: Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords.

Abstract: A system and method which enable online network participants to enter into transactions with each other are provided. Accounts are maintained for first and second network participants, and an authentication token is generated that is associated with the account of the first network participant. The first network participant may use the authentication token in a transaction request, and the transaction request can then be applied to the accounts of both participants.

Abstract: The invention is directed towards methods, systems and apparatuses, see FIG. 1, (100) for providing secure and private interactions. The invention provides capability for verifying the identity of a party initiating an electronic interaction with another party through data input module (140) which is verified by the identity verification module (150), which further includes a self-destruct mechanism (153). Embodiments of the invention include secure methods for conducting transactions and for limiting the transfer and distribution of personal data to only those data that are absolutely necessary for the completion of the transactions. The invention facilitates the transfer of additional personal data contingent upon an agreement that appropriately compensates the provider of the personal data.

Abstract: An embodiment defines access control allowing the expression of access control rules using ontology based semantics and references an ontology subset using XPath as the ontological expression. The access control rules or access criteria are defined by an access control statement and may be expressed using classification criteria and ontology classes. The access control statement comprises a structural description that is used to define an asset and a logical expression that may be used to express the classification criteria. The access control statement defines access policy for various assets.

Abstract: A user authentication method and system. A computing system receives from a user, a first request for accessing specified functions executed by a specified software application. The computing system enables a security manager software application and connects the specified software application to a computing apparatus. The computing system executes first security functions associated with the computing apparatus. The computing system executes second security functions associated with additional computing apparatuses. The computing system determines if the user may access the specified functions executed by the specified software application based on results of executing the first security functions and the second security functions. The computing system generates and stores a report indicating the results.

Abstract: A system for facilitating data access and management on a smart card is provided. According to one exemplary aspect of the system, a storage architecture is provided in the smart card which allows data stored thereon to be shared by multiple parties. Access to data stored on the smart card is controlled by various access methods depending on the actions to be taken with respect to the data to be accessed.

Abstract: Embodiments of the present disclosure provide systems and methods for secure Short Message Service (SMS) communications. According to an embodiment, a method of providing secure Short Message Service (SMS) communications comprises requesting that SMS data to be sent from a client device to a remote location be encrypted. The method also comprises encrypting the SMS data by processing the SMS data with a Message Authentication Code (MAC) and a timestamp and/or counter along with second factor authentication information. The method further comprises sending the encrypted SMS data to the remote location by a secure SMS application via a regular SMS channel of the client device.

Abstract: Computer-implemented methods and apparatus to perform a valid transfer of an electronic mobile ticket on a mobile device by a ticketing application system of a ticket processing center. One method includes: receiving a first electronic message from a first user, where the first message includes an encrypted electronic mobile ticket and a mobile device number of a second user, and where the electronic mobile ticket is encrypted with a key shared between the first user and the ticketing application system; decrypting the encrypted electronic mobile ticket; generating an electronic mobile ticket encrypted with a key shared by the ticketing application system and the second user; and transmitting a second electronic message that includes the electronic mobile ticket encrypted with the key shared between the ticketing application system and the second user to a mobile device of the second user.

Abstract: In general, the subject matter described in this specification can be embodied in methods, systems, and program products for providing access to secured resources. A token providing system stores a primary authentication token that is used to obtain temporary authentication tokens. The token providing system provides, to application programs that are unable to access the primary authentication token, the temporary authentication tokens. The token providing system receives, from a first application program of the application programs, a first request to obtain a first temporary authentication token. The first request does not include the primary authentication token. The token providing system transmits a second request to obtain the first temporary authentication token. The second request includes the primary authentication token. The token providing system receives the first temporary authentication token.

Abstract: An IC chip, an information processing apparatus, system, method, and program are provided. An IC chip includes an authentication control unit configured to authenticate a request using authentication information. The request and/or the authentication information is received from outside the IC chip.