Abstract: A dynamic code may be validated by comparing the dynamic code to a verification code. The card may generate the dynamic code using a random object and a function. The random object may be generated using a random object generator. The function may be determinable using a function determination object and a look-up-table (LUT), the function determination object associable to exponents and operators, listed in the LUT, that may be combined with base variables to determine the function. The dynamic code may be determined by substituting portions of the random object for the base variables in the function. The card may communicate the dynamic code, the random object and an identifier to a remote processing facility. The remote processing facility may use the identifier to determine the function, use the random object to determine a verification code and compare the verification code to the dynamic code.

Abstract: Techniques for facilitating the exchange of information and transactions between two entities associated with two wireless devices when the devices are in close proximity to each other. A first device uses a first short range wireless capability to detect an identifier transmitted from a second device in proximity, ideally using existing radio capabilities such as Bluetooth (IEEE802.15.1-2002) or Wi-Fi (IEEE802.11). The detected identifier, being associated with the device, is also associated with an entity. Rather than directly exchanging application data flow between the two devices using the short range wireless capability, a second wireless capability allows for one or more of the devices to communicate with a central server via the internet, and perform the exchange of application data flow. By using a central server to draw on stored information and content associated with the entities the server can broker the exchange of information between the entities and the devices.

Abstract: Disclosed are apparatuses, systems, and methods pertaining to the secure communication of payment information from portable consumer devices, such as credit cards, to online merchants using verification tokens.

Abstract: Facilitating transactions using non-traditional devices and biometric data to activate a transaction device is disclosed. A transaction request is formed at a non-traditional device, and communicated to a reader, wherein the non-traditional device may be configured with an RFID device. The RFID device is not operable until a biometric voice analysis has been executed to verify that the carrier of the RFID equipped non-traditional device is the true owner of account information stored thereon. The non-traditional device provides a conduit between a user and a verification system to perform biometric voice analysis of the user. When the verification system has determined that the user is the true owner of one or more accounts stored at the verification system, a purchase transaction is facilitated between the verification system. Transactions may further be carried out through a non-RF device such as a cellular telephone in direct communication with an acquirer/issuer or payment processor.

Abstract: Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for providing, along with a token, a token assurance level and data used to generate the token assurance level. At the time a token is issued, one or more Identification and Verification (ID&V) methods may be performed to ensure that the token is replacing a PAN that was legitimately used by a token requestor. A token assurance level may be assigned to a given token in light of the type of ID&V that is performed and the entity performing the ID&V. Different ID&Vs may result in different token assurance levels. An issuer may wish to know the level of assurance and the data used in generating the level of assurance associated with a token prior to authorizing a payment transaction that uses the token.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for location-based authorization to access a resource. A first computer receives a request to access a resource from a second computer. The request to access the resource includes location information of the second computer. The first computer responds by sending a request to a third computer, requesting location information of the third computer. In response to receiving from the third computer, the location information of the third computer, the first computer determines a distance between the second computer and the third computer. If the distance between the second computer and the third computer fulfills a proximity condition, the first computer authorizes the resource request.

Abstract: A server apparatus having a one-time scan code issuing function, a user terminal having a one-time scan code recognizing function, and a method for processing a one-time scan code are provided so as to safely and conveniently transmit one-time information used for key-exchange-scheme-based encryption, using a scan code such as a bar code and a QR code.

Abstract: In a method for processing a data transfer, an electronic device accesses card-specific data and a card account number from a data-storing card. The electronic device generates a device-generated authentication number which is associated with the data transfer, and which is transmitted, together with the card account number and the card-specific data, to a network platform. The network platform compares an inputted authentication number from a portable device and the device-generated authentication number, and transmits to-be-transferred data to the portable device when the authentication numbers correspond with each other.

Abstract: A system is provided in which at least one first server comprises at least one data processor executing a business application platform providing various business applications for access by at least one remote client. In addition, at least one second server comprises at least one data processor executing an embedded business intelligence server (EBIS). The EBIS provides an interface to the platform to at least one business intelligence applications providing business intelligence functionality. With such a system, a unified interface can be rendered on the at least one remote client concurrently provides functionality from the platform and the at least one business intelligence client. Related apparatus, systems, techniques and articles are also described.

Abstract: A method of enabling the creation of a wallet entry in a digital wallet, wherein the wallet entry is for use in completing online transactions. The method comprises associating a local device with a network portal, using the local device to obtain card data relating to a card, encrypting the card data on the local device, and transmitting the encrypted card data from the local device to a remote server by means of the network portal. The remote server is arranged to decrypt the card data and use the card data to create the wallet entry.

Abstract: Embodiments of the present invention are directed to methods, systems, apparatuses, and computer-readable mediums for generating and providing a transaction token that may provide contextual information associated with the token. Accordingly, the transaction token may provide any entities within a transaction processing system immediate information about the context in which the token was generated, how the token may be used, and any other information that may be pertinent to processing the token.

Abstract: Techniques described herein relate to using tokenization with BIN table routing by configuring a computer system, such as an acquirer computer, to utilize a token BIN translation table to determine which payment processing network(s) are eligible to route a transaction based upon a utilized token. In an embodiment, each token BIN translation table entry associates a token BIN with one or more payment processing networks that are eligible to route transactions. An acquirer computer, upon receiving a token for a transaction, thus may flexibly route the transaction to an eligible network from the set of payment processing networks identified by the entry corresponding to the token's BIN value. The entry may further identify verification methods for the eligible payment processing networks, and may identify product type attributes of the account associated with the token, either of which may be used in determining which payment processing network to select.

Abstract: Metering is enabled through an arrangement in which a metering certificate is communicated to a mobile device using an over-the-air protocol. A metering trigger provides the metering certificate that includes a location to which metering data is posted by the mobile device and a public key of a public-private key pair, or alternatively provides a link to such metering certificate. A metering helper passes the metering certificate to a DRM system on the mobile device which collects metering data associated with the metering ID and uses the public key to encrypt the metering data into a metering challenge. The metering helper posts the metering challenge to the location. The metering service extracts the metering data from the metering challenge using a private key and generates a metering response that is received by the metering helper which prompts the DRM system to reset at least a portion of a data store in which the metering data is stored.

Abstract: Point of sale processing of multiple options is possible with a single tap of a contactless device. The user taps the contactless device in the device reader's radio frequency field. The device reader and the contactless device establish a secure communication channel. Once a secure communication channel is established, the device reader communicates the purchase to the contactless device. The contactless device presents value-added services available to the user. The contactless device communicates the user's selected value-added service(s) to the device reader, and the reader communicates the purchase price of the transaction. The contactless device communicates payment options to the user and then communicates the user-selected payment options to the device reader. The device reader communicates a digital receipt to the contactless device, and the secure communication is terminated.

Abstract: The present invention is a switching system able to prevent fraud from falsified digital information, generally installed into card reader device, wherein the card reader device can read integrated circuit card. The switch system can provide safe financial transaction during advertisement broadcasting, and resume advertisement broadcasting after transaction. The transaction processor of the present invention turns off all the links with the card reader device except certain transaction center, stops broadcasting advertisement sent from advertisement center, and prevent falsified information from displaying on the monitor.

Abstract: An approach is provided for linking one or more virtual gift cards to the wallet database associated with the unique identifier of at least one mobile device. The approach involves receiving a request for registering a virtual gift card to a mobile device, wherein the request specifies a unique identifier associated with the mobile device. The approach also involves determining a card identifier associated with the virtual gift card. The approach further involves generating a card token for the virtual gift card based on the card identifier. The approach also involves storing the card token in a wallet database, wherein the wallet database is associated with the unique identifier of the mobile device, and wherein the wallet database is accessed from an application of the mobile device.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for enrolling a user in a device identification program. In some embodiments, a system is configured to: receive device identification information from a mobile device, receive user information associated with a user, the user information enabling identification of the user, associate the device identification information with the user information, and create a record based on the device identification information and the user information.

Abstract: The present invention relates to a system, a method, a service server, a mobile communication terminal, an end-point terminal, and a storage medium, for providing a service to an end-point terminal that uses authentication information of a mobile communication terminal to which it is not currently connected, wherein the end-point terminal is connected to a first mobile communication terminal and to a second mobile communication terminal through a short-range communication network and to a service server via the second mobile communication terminal. The end-point terminal uses the authentication information of the first mobile communication terminal and is connected to the service server which is connected to the first and second mobile communication terminals through the mobile communication network, for authenticating the end-point terminal that uses the authentication information of the first mobile communication terminal.

Abstract: A method of conducting secure electronic credit payments to a payment acquirer using a credit payment unit, comprising of a smart card, a portable card reader device and a mobile phone, and a payment server. The method is based on using a unique reader key in the card reader device to encrypt all the sensitive smart card information communicated to the payment server, and thus being able to use an unsecure mobile phone to communicate with the payment server. The payment server then completes the transaction with the payment acquirer over a secure line.

Abstract: Methods and apparatus are provided for secure function evaluation between a semi-honest client and a semi-honest server using an information-theoretic version of garbled circuits (GC). An information-theoretic version of a garbled circuit C is sliced into a sequence of shallow circuits C1, . . . Cn, that are evaluated. Consider any wire wj of C that is an output wire of Ci, and is an input wire of Ci+1. When a slice Ci is evaluated, Ci's 1-bit wire key for wj is computed by the evaluator, and then used, via oblivious transfer (OT), to obtain the wire key for the corresponding input wire of Ci+1. This process repeats until C's output wire keys are computed by the evaluator. The 1-bit wire keys of the output wires of the slice are randomly assigned to wire values.

Abstract: One or more instances of a bonus game (e.g., Class II games such as Bingo games) may be provided to players of another wagering game (e.g., a Class III game such as a slot game, a poker game, etc.). Some implementations of the invention allow players to exchange indicia of credit (e.g., money, game credits, or player loyalty points) for bonus opportunities. For example, players may be able to purchase one or more Bingo cards for Bingo bonus games. Some implementations award bonus opportunities to players based on wager levels, game results, a player's level in a player loyalty program and/or other criteria.

Abstract: A method, device and system for service presentation, which includes: receiving a presentation request message; acquiring presentation information from the presentation request message; storing the presentation information; when the presentee accesses the presented content, receiving an authentication and rating request message transmitted from the service enabling component; performing authenticating and rating according to the authentication and rating request message and the stored presentation information. The present invention is applicable to presenting content type services and so on.

Abstract: The present invention provides a method and system for validating the authenticity of products in which a known payment network infrastructure is used to convey messages for applications other than effecting financial transactions. In particular, the invention provides a method of allocating an identification number to a product manufacturer that may be processed in the same manner as a Personal Account Number (PAN). Standard network messages from the payment network infrastructure may then be used to record an action for example verifying the authenticity of the product. Conveniently, such standard network messages may be translated by an application, for example running on a mobile point of sale (MPOS) device or a suitably enabled smart device, into a more MPOS-user readable format more associated with a warranty action (e.g. a given standard network message may be translated into a “warranty activated” message).

Abstract: A two-factor network authentication system uses “something you know” in the form of a password/Pin and “something you have” in the form of a key token. The password is encrypted in a secure area of the USB device and is protected from brute force attacks. The key token includes authentication credentials. Users cannot authenticate without the key token. Four distinct authentication elements that the must be present. The first element is a global unique identifier that is unique to each key. The second is a private credential generated from the online service provider that is stored in a secure area of the USB device. The third element is a connection profile that is generated from the online service provider. The fourth element is a credential that is securely stored with the online service provider. The first two elements create a unique user identity. The second two elements create mutual authentication.

Abstract: A method for using a secondary PAN is disclosed. The method includes providing a secondary PAN associated with a primary PAN, where the secondary PAN has at least one end portion that is the same as the primary PAN, but has a middle portion of that is different than the primary PAN.

Abstract: A novel system and methodology for conducting financial and other transactions using a wireless device. Credentials may be selectively issued by issuers such as credit card companies, banks, and merchants to consumers permitting the specific consumer to conduct a transaction according to the authorization given as reflected by the credential or set of credentials. The preferred mechanism for controlling and distributing credentials according to the present invention is through one or more publicly accessible networks such as the Internet wherein the system design and operating characteristics are in conformance with the standards and other specific requirements of the chosen network or set of networks. Credentials are ultimately supplied to a handheld device such as a mobile telephone via a wireless network. The user holding the credential may then use the handheld device to conduct the authorized transaction or set of transactions via, for example, a short range wireless link with a point-of-sale terminal.

Abstract: A token has an antenna and a short-range RF receiver to receive wireless receive bursts comprising receive protocol overhead and transaction credentials. A parsing circuit selects a subset of the transaction credentials including a duration of an associated transaction. A credentials memory holds at least the subset of the transaction credentials for the duration of the transaction. A display and/or short-range RF transmitter notifies a transaction notification indicative of the subset of the transaction credentials held in the credentials memory. The short-range RF transmitter transmits wireless transmit bursts in a burst data length shorter than a burst data length of the receive bursts. The wireless receive bursts can have control data and the parsing circuit selects the subset based on instructions in the control data. A display on a vehicle can render the subset of the transaction credentials for the duration of the associated transaction.

Abstract: A method authenticates an encryption of a probe vector of biometric data based on an encryption of an enrollment vector of the biometric data using consistency of discriminative elements of the biometric data. The method determines an encryption of a first distance between discriminative elements of an enrollment vector stored at a server and a probe vector presented for an authentication. The method also determines an encryption of a second distance between discriminative elements of a first consistency vector stored at the server and a second consistency vector presented for the authentication. Next, the biometric data is authenticated based on encryptions of the first and the second distances.

Abstract: Pursuant to some embodiments, methods, systems, apparatus, computer program code and means for conducting an online transaction by a user operating a computer are provided which include identifying, at the computer, that the user has selected a secure payment option during a transaction with a merchant. The computer is caused to enter a private session. During the private session, payment card data from a physical payment card held by the user is received, and the payment card data is forwarded to a payment provider to cause the payment provider to provide substitute payment card details to the merchant to complete the transaction.

Abstract: A transaction handler receives, for forwarding to a sponsor account's issuer, a coupon authorization request message from a merchant's acquirer that identifies the sponsor account and a coupon for an item being purchased by a consumer in a transaction with the merchant. The issuer determines eligibility of the coupon for use by the consumer, and sends an authorization response message to the merchant via its acquirer and the transaction handler for the application of a corresponding discount for the item when the coupon is eligible. One or more coupon eligibilities for the purchase of the item by the consumer from the merchant can be derived from comparisons of the transaction to predetermined times, geographies, jurisdictions, sets of merchants, and/or the number of times that coupons have been used in other transactions. The transaction handler can further process the transaction for authorization the consumer's account to pay of the transaction.

Abstract: Systems, apparatuses, and methods are provided for enabling a transaction using a token associated with a first payment network to be conducted using a second payment network. When a transaction using a token is submitted to a payment network, the payment network can determine the payment network associated with the token. If the token is associated with a second payment network, a token verification request including the token can be sent to the second payment network. The second payment network can then return a token verification response including a primary account identifier such as a primary account number (PAN) corresponding to the token and a validation result. The transaction may then be processed using the primary account identifier.

Abstract: Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords.

Abstract: A method for forming a dynamic verification value. The method includes altering a first data string to form a second data string, and forming a first dynamic verification value using at least a portion of the second data string. The first dynamic verification value is used to authenticate a phone in a first transaction. The second data string is used to form a third data string. A second dynamic verification value is formed using at least a portion of the third data string. The second dynamic verification value is used to authenticate the phone in a second transaction.

Abstract: Embodiments are directed to purchasing content provided by a cloud-based entertainment platform and to accessing media content provided by a cloud-based entertainment platform. In one scenario, a computer system receives authentication credentials from a user. The computer system authenticates the user to the cloud-based entertainment platform using the received authentication credentials. The computer system then receives payment data from the authenticated user, where the payment data includes a tokenized QR code that contains an indication of the media items being purchased and embedded account information for both the provider of the selected media items and the user. The computer system also processes a payment transaction based on the indication of media items being purchased and the embedded account information in the tokenized QR code and, upon determining that the authenticated user has paid for a media item, transmits the purchased media item to the user.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for enrolling a user in a device identification program. In some embodiments, a system is configured to: receive device identification information from a mobile device, receive user information associated with a user, the user information enabling identification of the user, associate the device identification information with the user information, and create a record based on the device identification information and the user information.

Abstract: Fraud risk is monitored in financial transactions. Biometric information is received over the communications interface configured to exchange data with multiple distinct financial institutions. The received biometric information is compared with a database of biometric information to identify an individual. A fraud-detection analysis is performed on the financial transaction information associated with the individual. The financial transaction information associated with the individual is identified as suspicious in accordance with a result of the fraud-detection analysis. The biometric parameters associated with the individual are designated as associated with suspicious financial activity.

Abstract: A system and method for conducting electronic commerce are disclosed. In various embodiments, the electronic transaction is a purchase transaction. A user is provided with an intelligent token, such as a smartcard containing a digital certificate. The intelligent token suitably authenticates with a server on a network that conducts all or portions of the transaction on behalf of the user. In various embodiments a wallet server interacts with a security server to provide enhanced reliability and confidence in the transaction. In various embodiments, the wallet server includes a toolbar. In various embodiments, the digital wallet pre-fills forms. Forms may be pre-filled using an auto-remember component.

Abstract: A mobile-to-mobile transaction method allows two mobile smartphones to engage in a private transaction between themselves. The two share the same transaction server using prearranged individual enrollments. These build a dynamic digital image of a colorgram with a selected shape that defines a colorgram matrix boundary. Authentication codes, merchant coupons, product advertisements, and browser uniform resource locator (URL) links for product information and ordering, one-time-password (OTP) seeds, initialization vectors, individual enrollment passwords, or password seeds are embedded and encrypted in each colorgram. The colorgram is sent to a first one of the mobile smartphones for its display to a collocated second one of the mobile smartphones. A transaction is authenticated between users based on a calculated expectation of what should be returned when it provides its own digital image of the colorgram displayed by the first mobile smartphone.

Abstract: Provided is a radio frequency identification (RFID) tag device. The RFID tag device includes memory which stores ID information and a second count value, and a certification unit which performs a certification process according to a keyed hash value received from the outside and a result of a comparison between first and second count values received from the outside, and adjusts the second count value.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for facilitating management of data in an on-demand services environment. In one embodiment and by way of example, a method for facilitating management of data in an on-demand services environment is provided. The method of embodiment includes detecting an attempt by a user to manipulate data via a collaboration application at a computing system, wherein the attempt includes attempted deletion of the data posted for viewing using the collaboration application. The method may further include determining whether the user is authorized to manipulate the data, and blocking the attempt if the user is not authorized to manipulate the data.

Abstract: A method of processing a transaction for provision of funds to a mobile telephone prepayment account associated with a mobile telephone is disclosed. The method includes: an Automated Teller Machine (ATM) receiving, from a card associated with a user of the mobile telephone, information identifying a financial account associated with the user of the mobile device; the ATM receiving, from a user, an identifier associated with the mobile telephone; the ATM receiving, from the user, information indicating an amount of funds to be provided to the mobile telephone prepayment account; and the ATM sending, to a financial institution associated with the financial account, an instruction to transfer the indicated amount of funds from the financial account to the wireless service provider, so as to provide the indicated amount of funds to the mobile telephone prepayment account.

Abstract: An account management system creates a bundle of private application transaction counters (ATCs) and a bundle of corresponding public ATCs, and transmits them to a user device. The device receives a request for payment information from a merchant and processes the request without accessing a secure element processor on the device. The device calculates a security code using one of the bundle of private ATCs and a transaction number received from the merchant. The device transmits proxy account information, the calculated security code, and the corresponding public ATCs to the merchant. The merchant transmits a payment request to the account management system as the issuer of the proxy account information. The account management system retrieves the private ATC using the public ATC, and determines the validity of the security code by recomputing it. The account management system retrieves the financial account information and requests authorization from the issuer.

Abstract: Methods and apparatus, including computer program products, for payment card terminals for mobile phones. In general, data characterizing a payment card and a settlement amount for a transaction may be received, where the data is user-generated input and is received at a mobile phone associated with a mobile phone number. Wireless transmission of data characterizing a request to provide a payment card settlement service of a merchant account of a merchant account provider for the transaction may be initiated, where the wireless transmission is to be from the mobile phone over a carrier data network to an application server. Data characterizing authorization of settlement of the transaction with the payment card may be wirelessly received by the mobile phone from the application server.

Abstract: A system and method for generating an authentication token which is used by an issuer associated with a integrated circuit card to authenticate a transaction. A personal card reader receives data, including an authentication cryptogram, from the integrated circuit card. The personal card reader uses the data received from the integrated circuit card to select one of at least two default bitmaps stored in a memory portion of the personal card reader. The personal card reader uses the selected default bitmap and the authentication cryptogram to build the authentication token.

Abstract: A domain to be published to an enterprise ECDN is associated with a set of one or more enterprise zones configurable in a hierarchy. When a DNS query arrives for a hostname known to be associated with given content within the control of the ECDN, a DNS server responds by handing back an IP address, by executing a zone referral to a next (lower) level name server in a zone hierarchy, or by CNAMing to another hostname, thereby restarting the lookup procedure. At any level in the zone hierarchy, there is an associated zone server that executes logic that applies the requested hostname against a map. A name query to ECDN-managed content may be serviced in coordination with various sources of distributed network intelligence.

Abstract: A quantum ticket is defined by a unique serial number; and a set of qubits, each qubit encoding quantum information. The serial number and the set of qubits are distributed only among one or more trusted verifiers who require a tolerance fidelity Ftol in order to authenticate the token, where Ftol represents a minimum percentage of correct outcomes during authentication of the serial number and the set of qubits. The experimental fidelity Fexp for the quantum token is greater than the Ft0i set by the verifiers, so that an honest user of the quantum ticket who achieves Fexp is exponentially likely to be successfully authenticated when seeking authentication by any of the trusted verifiers. The forging fidelity Fforg for the quantum token is less than Ft0i, so that a dishonest user who achieves Fforg and attempts forgery of the quantum ticket is exponentially likely to fail to obtain authentication for his forged ticket.

Abstract: Illustrated is a system and method that includes identifying data stored as an entry in a list. The system and method also includes truncating the entry to create a truncated entry. It further includes transforming the truncated entry into a hash, the hash used to set an index position value within a Bloom filter. The system and method also includes an interface module to transmit the Bloom filter.

Abstract: A system and method for creating a document containing secured personal identification information includes a database containing personal identification information; a classifier module for collecting and classifying the personal identification information; a memory module for storing the classified personal identification information; a password generator for associating a password combination with the classified personal identification information; a controller module for receiving and sending the classified personal identification information and the password combination to a processor; an encryptor in operative communication with the processor, for encrypting the classified personal identification information using the password combination; an encoder for converting the encrypted personal identification information into machine readable code; and a data recording system for creating a document containing secured personal identification information.

Abstract: A user makes a purchase request through a merchant app on a mobile device, such as by selecting an item for purchase. A mobile SDK of a payment provider is installed in the merchant app. The payment request includes the phone number for the mobile device. The payment provider verifies the phone number of the user and requests approval of the payment from a mobile operator providing wireless communication services on the mobile device. If the request is approved, the payment is charged to the user mobile operator account. The user simply taps a button to select an item to purchase and selects another button to confirm the purchase. Once processing is done, the user is notified on the mobile device of a successful payment.

Abstract: A method for efficiently decrypting asymmetric SSL pre-master keys is divided into a key agent component that runs in user mode, and an SSL driver running in kernel mode. The key agent can take advantage of multiple threads for decoding keys in a multi-processor environment, while the SSL driver handles the task of symmetric decryption of the SSL encrypted data stream. The method is of advantage in applications such as firewalls with deep packet inspection in which all encrypted data traffic passing through the firewall must be decrypted for inspection.