Abstract: According to some embodiments, a method comprises: providing a card sized to fit within a card personalization machine, the card including a surface defining at least a portion of a recess; inserting at least a portion of a sub-card into the recess; providing adhesive between the surface and the sub-card to releasably retain the at least a portion of the sub-card within the recess; and personalizing the sub-card, using the card personalization machine, while the at least a portion of the sub-card is within the recess. According to some embodiments, apparatus comprises: a card defining a recess; a sub-card, at least a portion of the sub-card being inserted into the recess; adhesive to releasably retain the at least a portion of the sub-card within the recess; and a card personalization machine to personalize the sub-card while the at least a portion of the sub-card is within the recess; wherein the card is sized to fit within the card personalization machine.

Abstract: A payment device such as a debit card may be issued to an individual such as a minor. The debit card may be associated with spending control parameters to prevent overspending and other financial issues. Control parameters may include a weekly maximum that may be spent, approved transaction types (e.g., deposits only), authorized transaction entities (e.g., grocery stores, gas stations, etc.). Thus, transaction might only be approved if the transaction qualifies under the set control parameters. An individual may further access a banking interface that allows the individual to view financial education materials, games, savings trackers and the like. A savings tracker may be used to help an individual save money toward a particular goal. In one or more configurations, a parent, guardian or primary account holder may have the ability to modify control settings of the payment device and/or modify the banking interface (e.g., change the options available).

Abstract: The invention provides a form of reacting on security or vulnerability information relevant for a system comprising computer software and/or hardware or electronics, wherein a service provider with a first subsystem (1) is providing activation tokens to be received by a customer with a second subsystem (2). The activation tokens including activation information and naming of system characteristics in machine readable and filterable manner. The second subsystem (2) comprises receiving means (11) for controlling the receiving of the activation tokens, checking means (12) for automatically determining whether the activation information is relevant for the second subsystem (2) by checking whether the second subsystem has characteristics corresponding to the naming of an activation token, and transforming means (13) for transforming relevant activation information into at least one activation measure for the second subsystem (2). The activation measures will reduce the vulnerability of the second subsystem.

Abstract: A key management technique establishes a secure channel through an indeterminate number of nodes in a network. The technique comprises enrolling a smart card with a unique key per smart card. The unique key is derived from a private key that is assigned and distinctive to systems and a card base of a card issuer. An enrolled smart card contains a stored public entity-identifier and the secret unique key. The technique further comprises transacting at a point of entry to the network. The transaction creates a PIN encryption key derived from the smart card unique key and a transaction identifier that uniquely identifies the point of entry and transaction sequence number. The technique also comprises communicating the PIN encryption key point-to-point in encrypted form through a plurality of nodes in the network, and recovering the PIN at a card issuer server from the PIN encryption key using the card issuer private key.

Abstract: A system and method of providing users with an accessible system and convenient method for conducting purchase benefit transactions. When enrolling in a biometric authorization system, a user may authorize the system to apply for purchase benefits on the user's behalf at subsequent transactions.

Abstract: Techniques are described for facilitating interactions between computing systems, such as by using an authorization system to automatically authorize financial payments between parties in accordance with previously specified private authorization instructions of at least one of the parties. In some situations, some or all of the payments are associated with commerce-related or other transactions, such as transactions initiated by a consumer via the Web to acquire items from a retailer. The authorization instructions may include predefined instruction sets that regulate conditions under which a potential payment can be authorized, with the instruction sets each associated in some situations with a reference. After one or more parties each supply one or more such references or otherwise indicate one or more such instruction sets for use with a potential payment, the authorization system can determine whether to authorize the payment based on whether the instruction sets are compatible or otherwise satisfied.

Abstract: Allowing an account holder for a newly-established financial card account to establish a PIN at the time the financial card account is opened and use that PIN to authenticate transactions at the time the account is opened. The systems and methods may include a POS device that securely captures and encrypts a custom PIN, that is, a PIN supplied by the customer for a new financial card account. The systems and methods would also include a transaction processing system that receives an encrypted PIN, along with customer information about a new financial card account, and processes that information and encrypted PIN to establish a new account. As a result of this processing, an authorization platform would receive information necessary to authenticate a user and authorize a transaction. Through these systems and methods, a customer would be able to use the custom PIN to authenticate a transaction at the time the new account is opened.

Abstract: A system is disclosed for a digital rights management system which enforces license rights by incorporating a decryption key in a license rights package that further includes an account number associated with a primary consumer. The digital rights management system also includes a mechanism for renewing/updating the license by charging the account number associated with a primary consumer. This way, the consumer may transfer the license rights package along with the digital content to any personal devices he likes but he is discouraged from freely disseminating the license package as uses by other consumers will be debited against his package or, if renewed/extended, charged against his account.

Abstract: A smart card transaction allows a consumer to load value onto a smart card and to make purchases using a smart card with a mobile telephone handset over the telecommunications network. For loading, the system includes: a mobile telephone handset including a card reader; a gateway computer; a funds issuer computer; and an authentication computer. The mobile telephone handset receives a request from a user to load a value onto the smart card. The handset generates a funds request message which includes the value and sends the funds request message to a funds issuer computer. The funds issuer computer debits an account associated with the user. Next, the handset generates a load request message with a cryptographic signature and sends the load request message to an authentication computer which authenticates the smart card. The handset receives a response message which includes a cryptographic signature and an approval to load.

Abstract: A system for communicating program data between devices includes a first device configured to disassemble a program file comprising program data into at least one logical data unit, partition each logical data unit into at least one protocol data unit and compute a first fingerprint over the payload portion of the protocol data units. The first device is also configured to send the protocol data units and at least one member of the group comprising the first fingerprint and a first authentication code based on the first fingerprint to a second device. The second device is configured to compute a second fingerprint over the payload portion of the protocol data units and to commit the program to a memory based on whether the at least one member matches the second fingerprint or a second authentication code based on the second fingerprint.

Abstract: A payment card comprises an internal virtual account number generator and a user display for online transactions. Offline transactions with merchant card readers are enabled by a magnetic array positioned behind the card's magnetic stripe on the back. The internal virtual account number generator is able to program the magnetic bits encoded in the magnetic stripe to reflect the latest virtual account number. The internal virtual account number generator produces a sequence of virtual numbers that can be predicted and approved by the issuing bank. Once a number is used, it is discarded and put on an exclusion list.

Abstract: A value information management system includes, a value exchange card, user terminal, and management server. The value exchange card stores value information representing the value of a product/service purchased through a network, together with ID information. The user terminal includes a medium information reading unit which reads the information of the value exchange card and an information transmitting unit which transmits the information read by the medium information reading unit through the network. The management server includes an information storage management unit which receives the information transmitted from the user terminal and stores/manages ID information and value information in association with each other, and a value information search unit which searches for the value information corresponding to the ID information in response to an inquiry sent through the network and returns the value information. A value information management method is also disclosed.

Abstract: An automated teller machine (ATM) having a wireless network access apparatus and a method for providing financial services using the ATM are provided. The ATM includes a user interface unit, a first financial processing unit, a first network access unit, a second network access unit, and a second financial service unit. The user interface unit performs data communication with a storage medium on which information is recorded, and outputs information to a user through an output apparatus. The first financial processing unit provides financial services including account inquiry, deposit, and withdrawal, by performing data communication processes with a recognized storage medium. The first network access unit is connected to an ATM network connected to a financial institution server, transmits data obtained as a result of performing financial services, to the financial institution server, and receives processed data from the financial institution server.

Abstract: An automatic control and management method for identification by using an identity equipment is proposed. The method includes using a login system to generate an identity certificate code; using a password to encode the identity certificate code and a unique random variable to generate an identity value; and generating an on-line connection verification data by using the identity certificate code and then storing the same into the login system. The process for logging in the login system includes using a portable identity equipment and inputting a password for identification so as to read out the encoded data. If disconnection occurs the login system automatically logs out to protect the confidential data. Thus, the identity equipment used in the present invention can be easily carried away.

Abstract: A method for allocating a plurality of user licenses for simultaneous use of a software application in a wireless communication system. The method includes negotiating allocation of a single user license over a wireless connection. The single user license is allocated to a mobile device including the software application. The allocation of the single license is tracked with a used license count using an entity in the wireless communication system. The software application is run on the mobile device after allocation of the single user license. The method further includes detecting termination of the wireless connection and, responsive to that detection, starting a first timer included in the mobile device and a second timer operatively associated with the communication system entity. Operation of the software application is halted on expiration of the first timer and the used license count is decremented on the expiration of the second timer.

Abstract: A secure server installation is provided that abstracts credit card identifiers from its server, network, application and database environments, thus reducing investment in securing, segregating and/or isolating these environments in their entirety. The secure server installation intercepts credit card transactions sent from front end applications to back end applications, and forwards tokens in replacement of credit card identifiers for processing by the back end applications. The same secure server installation can be applied for the encryption, storage (data-at-rest), transmission of private data within a network of other private or sensitive data not limited to social insurance numbers, drivers license numbers, phone numbers, bank account numbers, etc.

Abstract: A method, and associated apparatus, comprises calculating a first part of a message authentication function by a first processor, calculating a second part of the message authentication function by a second processor, and combining the first and second parts into the message authentication function by the first or second processor. The message authentication function can be used to authenticate data transmitted between the first processor and a third processor.

Abstract: Techniques for generating a token that can be used to transfer value. The token may be used to transfer value in a value-based transaction with a vendor in a way that is secure and safe and maintains anonymity of the source of the value and preserves secrecy of information that should preferably not be disclosed to an untrusted third party such as a vendor. The token comprises sufficient information that enables value to be transferred from an account associated with the token to a vendor during a value-based transaction. Such a token may be presented by a user to a vendor in a value-based transaction with the purpose of transferring value involved in the transaction to the vendor in order to complete the transaction.

Abstract: An automated banking machine (12, 200, 302) is provided. The machine may be operative to install a terminal master key (TK) therein in response to at least one input from a single operator. The machine may include an EPP (204) that is operative to remotely receive an encrypted terminal master key from a host system (210, 304). The machine may authenticate and decrypt the terminal master key prior to accepting the terminal master key. The machine may further output through a display device (30) of the machine a one-way hash of at least one public key associated with the host system. The machine may continue with the installation of the terminal master key in response to an operator confirming that the one-way hash of the public key corresponds to a value independently known by the operator to correspond to the host system.

Abstract: An online transaction system configured to implement authentication methods that allow for strong multi-factor authentication in online environments. The authentication methods can be combined with strong security methods to further ensure that the authentication process is secure. Further, the strong multi-factor authentication can be implemented with zero adoption dependencies through the implementation of automated enrollment methods.

Abstract: A system and method for performing an on-line transaction, such as making a payment, with a single-use payment instrument makes use of computer hardware and software, such as the computing device of a customer, the customer's bank's home banking server, the bank's card authorization server, a vendor's website server, and the vendor's credit card acquirer, coupled to one another over a network. The customer is issued a single use payment instrument through the bank, the bank debits an account nominated by the customer for the requested value of the payment instrument and may also specify an expiry for the payment instrument. The customer is able to nominate a particular source of funds for each transaction from among various accounts of the customer. The payment instrument settles and clears through existing credit card payment mechanisms without a need for special accommodation with the Internet vendor.

Abstract: A system and method for providing promotional pricing is disclosed. One or more pricing offers may be provided to a plurality of credit accounts, wherein the pricing offers may be directed to transactions associated with particular products and/or merchants. It may be determined whether a transaction associated with a credit account qualifies for certain pricing offers based on predetermined criteria. A balance incurred through a transaction may be assigned to a promotional bucket associated with a particular pricing offer if the transaction qualifies for the particular pricing offer, or the balance may be assigned to a default bucket if the transaction does not qualify for any pricing offer, thereby causing a total balance to be distributed among the default bucket and the promotional buckets. Payments associated with the credit account may be allocated to the default bucket and the one or more promotional buckets according to a payment hierarchy.

Abstract: The present invention discloses a system and methods for biometric security using hand geometry recognition biometrics in a transponder-reader system. The biometric security system also includes a hand geometry scan sensor that detects biometric samples and a device for verifying biometric samples. In one embodiment, the biometric security system includes a transponder configured with a hand geometry scan sensor. In another embodiment, the system includes a reader configured with a hand geometry scan sensor. In yet another embodiment, the present invention discloses methods for proffering and processing hand geometry scan samples to facilitate authorization of transactions.

Abstract: A system for facilitating a transaction between a first party and a second party is controlled by a trusted third party system and is programmed to carry out the method by receiving the first party's instructions for fulfilling at least a part of the first party's obligations in said transaction. The system communicates with the second party and provides the second party with perceptible assurance that the second party is in communication with a trusted third party system through the system. The system transmits information to the second party to provide assurance that the first party's instructions have been or will be fulfilled. Thus trust in the third party is transferred to the first party and the second party can trust that the first party's obligations have been or will be fulfilled.

Abstract: Techniques are described for facilitating interactions between computing systems, such as by performing transactions between parties that are automatically authorized via a third-party transaction authorization system. In some situations, the transactions are programmatic transactions involving the use of fee-based Web services by executing application programs, with the transaction authorization system authorizing and/or providing payments in accordance with private authorization instructions previously specified by the parties. The authorization instructions may include predefined instruction rule sets that regulate conditions under which a potential transaction can be authorized, with the instruction rule sets each referenced by an associated reference token.

Abstract: A conventional looking payment card comprises a plastic card with a legacy card reader compatible magnetic stripe for dynamic user account data. Internal to the plastic card, and behind the magnetic stripe, a number of fixed-position magnetic write heads allow the user account data to be modified autonomously. Electronics within the card are pre-loaded with many unique numbers that are selected for one-time use in financial transactions. A payment processing center keeps track of the unique numbers used, and knows which numbers to expect in future transactions. It will not authorize transaction requests if the unique number read during a magnetic card swipe is not as expected. A card-swipe detector embedded in the plastic card detects each use in a scanner, so changes can be made to the data bits sent to the write heads.

Abstract: A transaction card processing and activation system comprising the identification of a unique identifier corresponding to an aggregate of transaction cards of affiliated or non-affiliated card issuers and the activation of each transaction card corresponding to the unique identifier of the aggregate irrespective of the number, types, or card issuers of the transaction cards. Additionally, the present invention allows a point of sale entity to initiate the activation of each of the multiple, disparate transaction cards in the aggregate by merely processing the unique identifier associated with the aggregate.

Abstract: A method of connecting a card to a terminal including the following steps: a) on receiving corresponding respective commands from the terminal, it modifies the contents of the card memory by provisionally recording in the card memory each of said interdependent items of information without losing prior values corresponding to said items; and then b) the modifications are finalized either by all of them being confirmed or by all of them being discarded.

Abstract: A method is disclosed. The method includes generating an initial key after interacting with an access device, storing the initial key at a key storage location, altering the initial key with a public key to form an altered key, and sending the altered key to a server computer along with an identifier for the access device. The altered key is changed to the initial key at the server computer and is stored with the identifier in a database in operative communication with the server computer. The initial keys that are stored at the key storage location and in the database are used to alter and restore transaction data associated with multiple financial transactions that are conducted using the access device.

Abstract: The invention relates to a method and associated security module for protecting the processing of sensitive information in a security module with a monolithic structure, the module comprising information processing means (9) and means for storing (3, 4) information capable of being processed by said processing means. The method comprises the following steps: selecting a piece of sensitive information in the storage means; determining (7) a specific condition for the integrity of said information; reading the information and transmitting (1) it to the processing means; verifying (11) during the processing of the information that the specific condition is satisfied; and disabling the processing of the information if the specific condition is not satisfied.

Abstract: Techniques are described for facilitating interactions between computing systems, such as by performing transactions between parties that are automatically authorized via a third-party transaction authorization system. In some situations, the transactions are programmatic transactions involving the use of fee-based Web services by executing application programs, with the transaction authorization system authorizing and/or providing payments in accordance with private authorization instructions previously specified by the parties. The authorization instructions may include predefined instruction rule sets that regulate conditions under which a potential transaction can be authorized, with the instruction rule sets each referenced by an associated reference token.

Abstract: An authentication system providing a safety authentication process of electronic values with the use of mobile terminals which do not have a tamper-resistant function. The electronic value including encrypted value authentication information (F(VPW)), wherein an authentication information (VPW) corresponding to an electronic value specified by a user is acquired by the hash calculation, is stored in user's mobile terminal.

Abstract: A cart ID according to the present invention is an identification code including receipt information containing at least a receipt number (serial number) indicating a receipt number of the transaction, and further unmeaning password information. Furthermore, it is preferable that the receipt information has date information in which the cart ID is issued. In this manner, the cart ID according to the present invention contains the password information in addition to the receipt information having conventional date information and the receipt number, whereby even when the cart ID is disclosed to the principal, it is possible to prevent another person from being informed thereof.

Abstract: A process and system for managing and leasing memory capacity on a plurality of smartcards and/or smartcard terminals. The capacity is leased to developers of various applications who wish to load their applications on desired smartcards and/or smartcard terminals.

Abstract: An automated transaction machine such as an ATM (10) is provided. The ATM is operative to digitally sign electronic documents (42). The ATM may be in operative connection with a storage server (32). The storage server is operative responsive to the ATM to maintain electronic documents (42) in a data store (34) in association with the user's digital safe deposit account (40) and/or a financial account (48) such as checking, savings, debit, or credit account. The storage server is further operative to store a private key (44) of a user in association with the user's digital safe deposit account and/or financial account. The ATM is operative to cause electronic documents to be signed using the private key associated with the user. The ATM is further operative to output the electronic document on a display device (18) of the ATM where the user may view and edit the electronic document.

Abstract: The electronic wallet system comprises a plurality of devices interconnected through a local network and capable of conducting electronic business transaction on an open network (40). Each device contains a smart card reader. A plurality of smart cards (31–3p) represent the electronic purses of the system. One of the devices comprises an entity called the server which contains a list of purses liable to receive tokens from others purses of the system. The tokens transferred between purses are stored temporally by said server. Application to a family wallet system allowing children to participate to electronic commerce. The system makes it possible to transfer tokens from one first purse to a second purse without having in hands the smart card corresponding to the second purse.

Abstract: Systems and methods for accepting payments for goods and services provided by a merchant. In one embodiment, a method for accepting payments from a consumer for a good or service provided by a merchant comprises receiving a transaction request from the merchant, receiving a payment from the consumer, associating the payment with the transaction request, and sending at least a portion of the payment to the merchant. In this manner, the merchant stages the transaction, and the consumer completes the transaction by making the payment. An optional time limit feature also may be used, and the transaction may be staged by the consumer, or others.

Abstract: Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords.

Abstract: A payment service method and system involve a payment service provider, a customer/payor and a client/payee. The customer/payor enrolls in the service and is provided the unique identifier which enables him or her to conduct all transactions with the payment service provider. The customer/payor interfaces with the payment service provider through various forms of communication, and can facilitate payments to the clients/payees through the payment service provider while remaining anonymous. Various enhancements are provided for promoting the services of the clients and the payment service provider to customer bases obtained from persons enrolled in the payment service and from persons who are customers of the clients.

Abstract: A multiple use ticket generating method is disclosed which enables a recipient to obtain signatures for arbitrarily many (correctly formed) messages after only one interaction with the signer. The method provides a blind signature in a ticket, the signature having a multiple use with a built-in expiration. Then, the method develops a blinding value for the signature in a reproducible computation using a seed key substantially known only to the issuer of the ticket. The method implements a new class of signature schemes almost as efficiently as do previous one-time restrictive blind signature methods.

Abstract: In an authentication-data issuing system based on unique time, a master computer (1) creates authentication data on the basis of an elapsed time measurement indicated by an unique time generating device (6) and transmits the created authentication data to a lower-level computer (2A), which further delivers the authenticating data to a still-lower-level computer (3A). The lower-level computer and still-lower-level computer sequentially impart respective unique additional data to the authentication data and then transmits the resultant additional-data-imparted data to a lowest-level vending machine (5). The lowest-level vending machine (5) also imparts its unique additional data to the authentication data, received from the still-lower-level computer, to create unique authentication data and records the thus-created unique authentication data on a prepaid card (20) to be issued thereby.

Abstract: A payment service method and system involve a payment service provider, a customer/payor and a consumer provider/payee. The customer/payor enrolls in the service and is provided a unique identifier that enables the customer to conduct transactions with the payment service provider. The customer/payor interfaces with the payment service provider through various forms of communication, and can facilitate payments to the consumer providers/payees through the payment service provider while remaining anonymous.

Abstract: The invention provides an information processing system, a portable electronic device, an access apparatus for the portable electronic device, as well as a method of using a memory space. When applied to, for example, a system employing non-contact IC cards, the invention enables one IC card to be used for a plurality of business organizations in common. To this end, an access key is created based on issuer key information managed by a management sector and file key information specific to each business organization, and the created access key is signed to the business organization. A portable electronic device is then accessed using the access key.

Abstract: A method and system of payment of goods and services in an electronic commerce system reduces the transfer and processing costs for each purchase made by a customer from a merchant. A customer agent, a merchant agent, and account manager associated with the agents administer customer accounts and merchant accounts. A mediating trusted agent associated with one of the account managers and merchant agent transactions during a trading session. The customer agent and merchant agent, the account manager, and the mediating trusted agent are interconnected by an electronic communication network.

Abstract: A method for crediting a customer account maintained by a vendor of services in response to payment received from a customer is disclosed herein. The method includes issuing, to the customer, a membership account number associated with at least the customer account. A membership account number and a payment corresponding to a requested amount of a service offered by the vendor are received from the customer at a point-of-sale. The method further includes generating, at the point-of-sale, an authorization message including at least the membership account number and embedded transaction information identifying the service offered by the vendor and the requested amount. The embedded transaction information is then communicated from the point-of-sale to a database server. The customer account is credited, in response to the embedded transaction information, based upon an amount of the payment.

Abstract: Various embodiments pertain to an integrated circuit (IC) device and related systems that are configured to modify data values held by the device.

Abstract: A user inserts a magnetic card to a magnetic card reader, and inputs his/her electronic signature and dealing data through an input device. The input dealing data are recorded on an electronic account data file together with the electronic signature. The input data are also recorded on a log file after encryption. An administrator inserts his/her IC card to an IC card reader/writer for updating the dealing data. The IC card reader/writer collaborates with a SAM to certify the inserted IC card (medium verification). A finger print recognizer obtains the administrator's finger print to compare it with finger print data stored in a finger print file (user verification). If both medium verification and user verification are passed, a controller decodes log data in the log file. After the log data are decoded, the administrator is allowed to access the electronic account data file for to update data. Data regarding to the update done by the administrator are also recorded on the log file after encyption.

Abstract: A method for accepting payments from a consumer for a travel ticket from a travel company comprises receiving at a point of sale device a transaction request that includes a transaction identifier that identifies a travel arrangement made with the travel company and a payment amount. The payment amount and the transaction identifier is transmitted to a host computer system for validation. Also, a validation from the host computer system is received indicating that the transaction requested has been validated. A payment is received from the consumer, and at least a portion of the payment is electronically transmitted to the travel company.

Abstract: Systems and methods for accepting payments for goods and services provided by a consumer provider. The methods can include associating consumers and consumer providers with a payment provider. The payment provider can receive payments destined for the consumer provider, associate the payments with one or more identifiers, and transfer at least portions of the receive payments to the consumer provider. The systems can include a point-of-sale device configured to accept payments from consumers on behalf of consumer providers. In some cases, the systems include a plurality of such point-of-sale devices in communication with a payment provider control. The payment provider control can be in communication with one or more consumer provider controls.

Abstract: The method and system of the invention provide a variety of techniques for using a selected alias and a selected personal identification entry (PIE) in conjunction with use of a transaction card, such as a credit card, debit card or stored value card, for example. A suitable number or other identification parameter is selected by the account-holder as an alias. The account-holder is then required to choose a PIE for security purposes. The alias is linked to the account-holder's credit card number via a database. When the account-holder enters into a transaction with a merchant, the physical card need not be present. The account-holder simply provides his or her alias and then the PIE. This can be done at any point of sale such as a store, catalog telephone order, or over the Internet. The alias and PIE are entered and authorization is returned from the credit card company.