Abstract: The invention of the wireless electronic vehicle window display system employs the latest technology in electronic paper and low power consumption wireless networking devices. One contemplated embodiment of the present invention consists of three main components: A vehicle information portal, an electronic vehicle window display system subscriber, and the electronic paper. The invention is intended to provide an effective method of displaying pricing, vehicle specifications, promotions, and warranties on vehicles at the dealer's lot. The invention removes the time-consuming and costly tasks of updating information on the current paper-based window sticker.

Abstract: Smart card transactions allow consumers to load value onto and make purchases using smart cards with a mobile telephone handset over the telecommunications network. To load the smart card, the handset receives a request to load value. The handset generates a funds request message and sends the message to a funds issuer computer that debits a user account. Next, the handset authenticates the smart card and receives a response message including approval to load. The handset validates the response and loads the value onto the smart card. For payment, the handset sends an order request message to the merchant server computer, and in return receives a purchase instruction message. The handset processes the message locally, and sends a draw request message to a payment server computer. The payment server computer sends an approval to debit the smart card. The handset validates the approval and debits the smart card.

Abstract: This invention discloses a novel system and method for distributing electronic ticketing such that the ticket is verified at the entrance to venues by means of an animation or other human perceptible verifying visual object that is selected by the venue for the specific event. This removes the need to use a bar-code scanner on an LCD display of a cell phone or other device and speeds up the rate at which human ticket takers can verify ticket holders. The system providing the service also can maintain a persistent communication channel with the user device in order to control the ticket verification process.

Abstract: A system and method for facilitating electronic transactions using an intelligent instrument is disclosed. An authorization server enables users to obtain authorization credentials through the use of the intelligent instrument by issuing a challenge to an intelligent token of the intelligent instrument. The intelligent token generates a challenge response and transmits the challenge response to the authorization server, which assembles credentials including a key for the electronic transaction upon validating the response. The authorization server sends the assembled credentials to the intelligent instrument and the intelligent instrument transmits the assembled credentials to the authorization server during a subsequent transaction. The authorization server validates the assembled credentials and provides authorization for the transaction in response to the validating the assembled credentials.

Abstract: A method for crediting a customer account maintained by a vendor of services in response to payment received from a customer is disclosed herein. The method includes issuing, to the customer, a membership account number associated with at least the customer account. A membership account number and a payment corresponding to a requested amount of a service offered by the vendor are received from the customer at a point-of-sale. The method further includes generating, at the point-of-sale, an authorization message including at least the membership account number and embedded transaction information identifying the service offered by the vendor and the requested amount. The embedded transaction information is then communicated from the point-of-sale to a database server. The customer account is credited, in response to the embedded transaction information, based upon an amount of the payment.

Abstract: A method for granting secure network access comprising requesting, by a mobile device, access to a network via an access point; receiving a passcode from the access point; sending a message including the passcode and an indicia back to the access point; and generating, by the access point, a secure key based on the indicia, the secure key providing network access to the mobile device.

Abstract: A method for using multiple channels to access a resource, wherein a first user requests a resource that requires an indication of approval from a second user, a token value is transmitted to the first user on the first channel, and the second user transmits the token value and a second authentication parameter over a second channel. The token value is used to associate the first authentication parameter to the second authentication parameter, whereby the first user is allowed access to the resource on the first. The first and second user may be independently authenticated in some implementations and not independently authenticated in other implementations.

Abstract: Remote authentication that allows a previously enrolled individual to be remotely authenticated and provided with a benefit from a first party payor through a third-party agent. Remote authentication may include biometric authentication including voice biometric authentication. Use of an authorization token to prove current eligibility to receive a benefit transfer from a third-party agent that is not going to perform an independent biometric authentication. Processes for beneficiaries with a bank account and those without a bank account are disclosed.

Abstract: A method of issuing electronic vouchers (Vi) which a user (U) may submit to a merchant (M) in exchange for goods or services comprises the steps of: an issuer (I) receiving an electronic declaration (Di?1) from the user (U), the issuer verifying the electronic declaration (Di?1), and the issuer issuing a new electronic voucher (Vi) for use with the merchant (M) only if the electronic declaration comprises a signature (SM) of a merchant on a previous electronic voucher (Vi?1). The vouchers (Vi) and declarations (Di?1) are preferably blinded by the user such that the user remains anonymous. However, the electronic vouchers (Vi) may contain the identity (Q) of the user (U), which identity may be revealed when a voucher is submitted more than once.

Abstract: A portable electronic device is disclosed. The portable electronic device comprises a contactless communication transceiver configured to provide payment information to a point-of-sale terminal, a first input device configured to receive inputs, and a processor. The first input device is selected from the group consisting of an accelerometer, a microphone, a camera, and a biometric sensor. The processor is configured to activate an electronic wallet based on inputs from at least one of the first input device and the contactless communication transceiver, to access the payment information in the electronic wallet, and to provide the payment information to the contactless communication transceiver.

Abstract: According to one embodiment, an apparatus may store a plurality of tokens. The apparatus may receive a subject token indicating an attempt to authenticate a user. The apparatus may determine at least one token-based rule based at least in part upon a token in the plurality of tokens and the subject token. The at least one token-based rule may indicate a plurality of attributes required to access a resource. The apparatus may determine a second plurality of attributes represented by the plurality of tokens and the subject token. The apparatus may determine at least one missing attribute, which may be in the plurality of attributes but not in the second plurality of attributes. The apparatus may then request the at least one missing attribute, and in response, receive at least one token representing the at least one missing attribute.

Abstract: Techniques for funding an electronic purse (e-purse) are disclosed. According to one aspect of the invention, a mechanism is provided to enable a portable device to conduct transactions over an open network with a payment server without compromising security. In one embodiment, a device is loaded with an e-purse manager. The e-purse manager is configured to manage various transactions and functions as a mechanism to access an e-purse therein. The e-purse is funded by interactions among the e-purse manager, a payment server and a financial institution (its server) that maintains an account therefor.

Abstract: A value is associated with a token within a trust zone. The token is used in place of the value in operations executed within the trust zone. A key is defined for an entity outside of the trust zone. A processor encrypts the token using the key to form an encrypted token that cannot be decrypted by entities outside of the trust zone. The encrypted token is provided to the entity outside of the trust zone.

Abstract: A method for calibrating a temperature float of a one time password token and a device thereof are provided in the invention relating to the information security field. The method includes steps: the one time password token measures a current ambient temperature at intervals of a first predetermined time, retrieves a data table for a characteristic value relating to the measured temperature, and calibrates a current time value inside the token according to the characteristic value at intervals of a second predetermined time. The one time password token includes a timer module, a measuring module, a retrieving module, a table storing module, a calibrating module, a triggering module, a generating module and a displaying module. The invention calibrates time differentiation of the one time password token caused by the temperature float.

Abstract: This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.

Abstract: A system and method for facilitating electronic transactions using an intelligent instrument is disclosed. An authorization server enables users to obtain authorization credentials through the use of the intelligent instrument by issuing a challenge to an intelligent token of the intelligent instrument. The intelligent token generates a challenge response and transmits the challenge response to the authorization server, which assembles credentials including a key for the electronic transaction upon validating the response. The authorization server sends the assembled credentials to the intelligent instrument and the intelligent instrument transmits the assembled credentials to the authorization server during a subsequent transaction. The authorization server validates the assembled credentials and provides authorization for the transaction in response to the validating the assembled credentials.

Abstract: Systems and methods are configured to manage data sets associated with a transaction device. For example, a method is provided for facilitating the management of distinct data sets on a transaction device that are provided by distinct data set owners, wherein the distinct data sets may include differing formats. The method includes the steps of: adding, by a read/write, a first data set to the financial transaction device, wherein the first data set is owned by a first owner; adding, by the read/write device, a second data set to the financial transaction device, wherein the second data set is owned by a second owner; and storing the first data set and the second data set on the financial transaction device in accordance with an owner defined format. The first and second data sets are associated with first and second owners, respectively, and are configured to be stored independent of each other.

Abstract: A system and method for facilitating electronic transactions using an intelligent instrument is disclosed. An authorization server enables users to obtain authorization credentials through the use of the intelligent instrument by issuing a challenge to an intelligent token of the intelligent instrument. The intelligent token generates a challenge response and transmits the challenge response to the authorization server, which assembles credentials including a key for the electronic transaction upon validating the response. The authorization server sends the assembled credentials to the intelligent instrument and the intelligent instrument transmits the assembled credentials to the authorization server during a subsequent transaction. The authorization server validates the assembled credentials and provides authorization for the transaction in response to the validating the assembled credentials.

Abstract: Embodiments of methods and apparatus for tag-based personalization of kiosk computing devices are disclosed. In embodiments, an authentication server/system may receive, from a mobile device, a plurality data packets having data associated with a display tag of a kiosk computing device. The authentication system/server may, in response, instruct the kiosk to activate an account-specific mode based on an account associated with the mobile device. Other embodiments may be described and/or claimed.

Abstract: A client device comprises a first secure element and a second secure element. The first secure element comprises a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction. The second secure element comprises a second computer-readable medium having a security key, a payment instrument, stored authentication data and instructions for generating a secure payment information message responsive to the payment application. The secure payment information message comprises the payment instrument and is encrypted in accordance with the security key.

Abstract: A method and a system is provided for establishing a communications path over a communications network between a personal security device (PSD) and a remote computer system without requiring the converting of high-level messages such as API-level messages to PSD-formatted messages such as APDU-formatted messages (and inversely) to be installed on a local client device in which the PSD is connected.

Abstract: Facilitating communications between an electronic payment device and an issuer host includes storing in the payment device a set of personalization parameters. A first set of status information indicative of available status information relating to the payment device is transformed into a second set of status information based on the set of personalization parameters, and/or a second set of actions is selected from a first set of actions indicative of available actions to be performed by the payment device based on the set of personalization parameters and an order received from the issuer for initiating at least one corresponding action in the payment device. The second set of status information includes a subset of the first set of status information; the second set of actions includes a subset of the first set of actions.

Abstract: For delayed purchases, a purchase token is used to store purchase details on a user device until a user is ready to make a purchase. The purchase token has an expiration date. The purchase token sets a maximum price for a selected item and reserves the selected item until the expiration date. For routine purchases, the user device is preauthorized to complete the purchase. For obvious purchases, a tracking system is used to track the user device and bill the user.

Abstract: An authentication token using a smart card that an organization would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user.

Abstract: A method of generating authentication seeds for a plurality of users, the method involving: based on a single master seed, generating a plurality of derivative seeds, each one for a corresponding different one of a plurality of users; and distributing the plurality of derivative seeds to a verifier for use in individually authenticating each of the plurality of users to that verifier, wherein generating each one of the plurality of derivative seeds involves mathematically combining the master seed and a unique identifier identifying the corresponding user.

Abstract: Embodiments of the invention are directed to methods, a computer-readable medium, servers and systems for enabling merchants to pass payment tokens, instead of actual payment information, to third party HOPs and SOPs. This, for example, enables a merchant to charge a consumer, such as on a recurring basis or for a one-off purchase, without having the consumer enter payment information each time and without the merchant actually having to handle payment information. As such, merchants can avoid costs and responsibilities associated with handling and storing consumer payment data, while at the same time it also gives merchants the benefit of engaging in purchase transactions with consumers without requiring that the consumers reenter payment data each time they want to make a purchase.

Abstract: A method for accessing a service on a network, via a user terminal (30), includes a subscription phase wherein: a container is generated, including a first set of authentication data for accessing the service and a second set of useful data relating to access rights to the service the first and second sets of data being encrypted, the container is transmitted securely from the user terminal, and an access phase wherein: the container is transmitted securely from the terminal to a management server connected to the network, during a request for access, after decryption of the constituent data of the container, the server verifies the validity of the first set of data and, in the event that verification is successful, authorizes access to the service for its execution, based on the access rights.

Abstract: A security token includes (a) a personal data memory configured to store digital identity credentials related to personal data of a user; (b) an input appliance configured to check said personal data; (c) a key record data memory configured to store at least one identity credential of an authentication server or of an application operator; (d) a transmitter and receiver unit configured to create a secure channel directly or indirectly to said authentication server or application operator to handle said key record relating to said authentication server or application operator, respectively; (e) a control unit configured to control the transmitter and receiver unit and the key record data memory in view of said handling, wherein the control unit is configured to perform one of: interpreting, deciphering, creating, checking, renewing, withdrawing and further key record handling actions. A method for authentication of a user using the security token is also disclosed.

Abstract: An interface and device architecture for a payment device. An interface between a payment application installed in a payment device and one or more value-add applications (such as loyalty programs, transit applications, etc.) that are also installed in the payment device. The API or interface design permits communications and data transfer between the payment application and one or more value-add applications. This reduces (and in some cases may prevent) the need for back-end server processing of data that may be relevant to both a payment transaction and to a function of the value-add application. Similarly, the same or another API or interface may enable communications and data transfer between a value-add application and the payment application.

Abstract: The invention relates to an authentication and/or rights containing retrievable token such as an IC card comprising at least one physical channel of communication to at least one apparatus and at least two logical channels of communication with said at least one apparatus wherein each logical channel of communication is associated with a different execution environment.

Abstract: A “Portable Card Generator” is implemented within a portable device, such as a mobile phone, and provides various techniques for writing secure account information from user selected accounts to a “wildcard” having rewritable magnetic stripes, rewritable RFID tags, and/or rewritable smartcard circuitry. The account information is retrieved by the portable device from local or remote stores of user accounts. Once that account information is written, the wildcard is then available for immediate use for credit card or debit-type payments, loyalty card use, etc. Consequently, by providing a credit card sized object having a rewriteable magnetic stripe, RFID tag, and/or smartcard circuitry, in combination with account information for various credit cards, debit cards, consumer loyalty cards, insurance cards, ID cards or badges, etc., the user is no longer required to physically carry those cards in order to use the corresponding accounts within existing card-based infrastructures.

Abstract: To secure communications in an untrusted environment for a commercial transaction on an account between the account's holder and a merchant, an identifier and a signature can be derived from a token. The identifier is associated by use of a directory with an application context that identifies the account's issuer. The merchant will provide the signature to the account's issuer, or agent thereof, to be verified. In practice, a merchant to the identified issuer of an account an authorization request message for a transaction that includes a signature and an identifier for the account upon which the transaction is to be conducted. The account's issuer responds with an authorization response message that includes an indicator that the signature has been verified. After notice of the signature's verification, the transaction on the account is deemed authorized and the merchant can proceed.

Abstract: A digital broadcasting system and a data processing method are disclosed. A data processing method of a digital broadcasting receiver comprises receiving a mobile/handheld (MH) broadcasting signal including mobile service data and main service data; generating a RS (Reed-Solomon) frame from the received MH broadcasting signal; extracting control data from the RS frame, the control data including charge adjustment information required to use a service provided by at least one service provider, the service being encrypted; determining whether the service is available, by comparing the extracted charge adjustment information with balance information written in the smart card; controlling the second RS frame using the control data so that an encrypted service of the second RS frame is decrypted, if the service is available; and mapping the extracted charge adjustment information with a corresponding service provider and storing the information.

Abstract: Methods, systems, and computer program products are provided for token-based content subscription. Embodiments include receiving a request for content subscription; receiving from a user a subscription token; and delivering content to a device associated with the subscription token.

Abstract: An authentication program on a network authenticator establishes a secure communication channel with an embedded device. The authentication program receives security credentials from an embedded device. The authentication program receives from the embedded device via the secure communication channel either a secret for the embedded device or a request to generate the secret for the embedded device. The authentication program registers the secret for the embedded device.

Abstract: A method and system automatically harmonizes access to a given software application program via different access devices. Through use of the method and system, a financial institution can provide access to a given application (such as, for example, automatic bill payment services) to customers using different access devices such web browsers, screen phones and personal computers. A single application program is all that needs to be written and maintained by the financial institution. Also, the method and system enables financial institutions to “leverage” existing programs because now the institution can automatically “project” its existing stock of program services unto new access devices—devices which may not have even existed at the time the program was created. By receiving information from the user via the user's access device, including information identifying the type of device being used and the application program the user wishes to access, the present invention solves these problems.

Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.

Abstract: Peculiar identification information to identify a recording medium itself is recorded onto the recording medium on which contents information as a target of a reproduction deadline management is recorded. At least the identification information recorded on the recording medium as mentioned above is read by a terminal apparatus and transmitted to a server apparatus. In the server apparatus, a reproduction possible deadline of the contents information recorded on the recording medium is managed on the basis of reproduction possible deadline information indicative of the reproduction possible deadline regarding the contents information recorded on the recording medium on the basis of at least the identification information. Thus, when the reproduction deadline of the contents recorded on the recording medium is managed, the operation for allowing the server apparatus side to set registration information such as personal information or the like of the user as in the conventional system is unnecessary.

Abstract: Computer media, systems, and computer-implemented methods for enhancing SMS messaging sessions with user data are provided. A data sharing agreement between a service provider and a receiving entity, such as broadcaster or a consumer goods manufacturer, is established. A user with a wireless device sends an SMS message to the receiving entity. Data associated with the user is retrieved by the service provider in accordance with the data sharing agreement and is transmitted to the receiving entity along with the SMS message.

Abstract: An acquirer communicates with an intermediary transaction processing service to handle financial transaction requests received from multiple points of purchase. The acquirer receives an initial authorization request generated based on a transaction initiated by a customer at a point of purchase. The initial authorization request includes unique identifying information associated with the customer. The acquirer determines that the unique identifying information is associated with the intermediary service and provides at least part of the initial authorization request to the intermediary service. In response, the intermediary service provides account information to the acquirer. The acquirer then generates a modified authorization request based on the initial authorization request and the received account information and transmits the modified authorization to an issuing institution to request approval of the transaction.

Abstract: In some embodiments, a method comprises: sensing at least one of movement and position of an identification token; determining if a criteria is satisfied; and enabling operation of the identification token if the criteria is satisfied; wherein determining if the criteria is satisfied comprises determining if the at least one of movement and position satisfies a reference criteria; and wherein the sensor comprises a sensor to provide a signal indicative of at least one of movement and position of the identification token prior to presentation to a proximity coupling device.

Abstract: In general, the invention relates to a method for executing at least a portion of a server operation. The method includes providing an extension to a client connected to the server, where the extension includes a portable object connected to the client. The method further includes performing at least the portion of server operation by the extension, where performing at least the portion of the server operation includes executing a copy of at least a portion of server software stored on the portable object.

Abstract: Smart card transactions allow consumers to load value onto and make purchases using smart cards with a mobile telephone handset over the telecommunications network. To load the smart card, the handset receives a request to load value. The handset generates a funds request message and sends the message to a funds issuer computer that debits a user account. Next, the handset authenticates the smart card and receives a response message including approval to load. The handset validates the response and loads the value onto the smart card. For payment, the handset sends an order request message to the merchant server computer, and in return receives a purchase instruction message. The handset processes the message locally, and sends a draw request message to a payment server computer. The payment server computer sends an approval to debit the smart card. The handset validates the approval and debits the smart card.

Abstract: System and method for establishing a remote connection over a network with a personal security device connected to a local client without using a local APDU interface or local cryptography.

Abstract: The invention concerns a method for reducing factory customizing time in a smart card (CPn), wherein a pre-customizing manager (GM) into a customizing machine loads post-customizing data (AP, OP1-OP1, DOP1-DOP1) in the smart card. Then a post-customizing application (AP) included in the smart card is enabled after delivery of the card to a user following a connection of the smart card to a terminal to process the loaded post-customizing data so as to make the smart card operational.

Abstract: Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords.

Abstract: A proxy authentication method and apparatus is described for use in user authentication, e.g. for payment transactions. The authentication is carried out before the transaction between a electronic, e.g. digital identification device and a person terminal. Verification information is entered at the personal terminal to authenticate the user and if this is successful a verification flag is set in the digital identification device. The status of this flag, or an encrypted version thereof can be used by a transaction terminal of evidence that the user has been authenticated without having to transmit any secret identification information to the transaction terminal.

Abstract: Techniques are described for facilitating interactions between computing systems, such as by performing transactions between parties that are automatically authorized via a third-party transaction authorization system. In some situations, the transactions are programmatic transactions involving the use of fee-based Web services by executing application programs, with the transaction authorization system authorizing and/or providing payments in accordance with private authorization instructions previously specified by the parties. The authorization instructions may include predefined instruction rule sets that regulate conditions under which a potential transaction can be authorized, with the instruction rule sets each referenced by an associated reference token.

Abstract: An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user's personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption.

Abstract: An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user's personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption.