Abstract: Illustrated is a system and method that includes identifying data stored as an entry in a list. The system and method also includes truncating the entry to create a truncated entry. It further includes transforming the truncated entry into a hash, the hash used to set an index position value within a Bloom filter. The system and method also includes an interface module to transmit the Bloom filter.

Abstract: A system and method for creating a document containing secured personal identification information includes a database containing personal identification information; a classifier module for collecting and classifying the personal identification information; a memory module for storing the classified personal identification information; a password generator for associating a password combination with the classified personal identification information; a controller module for receiving and sending the classified personal identification information and the password combination to a processor; an encryptor in operative communication with the processor, for encrypting the classified personal identification information using the password combination; an encoder for converting the encrypted personal identification information into machine readable code; and a data recording system for creating a document containing secured personal identification information.

Abstract: A user makes a purchase request through a merchant app on a mobile device, such as by selecting an item for purchase. A mobile SDK of a payment provider is installed in the merchant app. The payment request includes the phone number for the mobile device. The payment provider verifies the phone number of the user and requests approval of the payment from a mobile operator providing wireless communication services on the mobile device. If the request is approved, the payment is charged to the user mobile operator account. The user simply taps a button to select an item to purchase and selects another button to confirm the purchase. Once processing is done, the user is notified on the mobile device of a successful payment.

Abstract: A method for efficiently decrypting asymmetric SSL pre-master keys is divided into a key agent component that runs in user mode, and an SSL driver running in kernel mode. The key agent can take advantage of multiple threads for decoding keys in a multi-processor environment, while the SSL driver handles the task of symmetric decryption of the SSL encrypted data stream. The method is of advantage in applications such as firewalls with deep packet inspection in which all encrypted data traffic passing through the firewall must be decrypted for inspection.

Abstract: A universal authentication token is configured to securely acquire security credentials from other authentication tokens and/or devices. In this manner, a single universal authentication token can store the authentication credentials required to access a variety of resources, services and applications for a user. The universal authentication token includes a user interface, memory for storing a plurality of authentication records for a user, and a secure processor. The secure processor provides the required cryptographic operations to encrypt, decrypt, and/or authenticate data that is sent or received by universal token. For example, secure processor may be used to generate authentication data from seed information stored in memory.

Abstract: This electronic money transfer system provides an electronic money transfer method and a system for the same which allow handling electronic money in a sense that is very similar to cash, and which allow avoidance of loss of the electronic money even at a time of loss or theft of a terminal for operating the electronic money. To this end, first, information of an electronic certificate for a terminal (A) of a user A is sent from a terminal (B) of a user B to an electronic money management server (300), and information of the electronic certificate for the terminal (B) is sent from the terminal (A) to the electronic money management server (300). Thus, the terminals to perform the transaction are authenticated.

Abstract: In one embodiment, a method for promoting the sale of a substitute product at the point of sale (POS). Upon the presentation of an original product for purchase by a consumer at a POS terminal, various manufacturers may decide to offer a substitute product to the consumer, prior to completing the purchase of the original product. If the customer accepts the offer, the point of sale terminal completes the sale of the substitute product.

Abstract: Apparatus and methods for the execution of a transaction between a customer and a merchant using a virtual purchasing instrument. The apparatus and methods may involve receiving from the customer a request to pay funds or draw credit from an account based on the customer's electronic presentation of the virtual purchasing instrument to the merchant.

Abstract: In accordance with some embodiments, apparatus comprises a body defining: a first seat to receive a first device having a wireless communication interface; and a second seat to receive a second device having a wireless communication interface; a first wireless communication interface supported by the body to communicate with the wireless communication interface of the first device; and a second wireless communication interface supported by the body to communicate with the wireless communication interface of the second device.

Abstract: Methods of and systems for securely monitoring a balance of a payment account include storing, in a first database, ledger data and storing, in a second database, wallet data. Wallet data includes a wallet balance value for the payment account. When a transaction is initiated using the payment account, an access operation is performed on the wallet table. Illicit or improper modifications can be detected by deriving a ledger comparison value from the ledger data and comparing the derived ledger comparison value to a wallet comparison value from the wallet data.

Abstract: A method for ID authentication, in which equipment involved in a transaction requests a password from a physically separate but limited-range communicating device, which automatically supplies a password in response to such request and communicates it to the equipment, the password is assessed as valid or invalid and the transaction approved or not accordingly.

Abstract: The present invention is directed to a smartcard that enables a one-time pin code offline security authentication with a card reader. This is achieved by generating a one-time pin code when the user inputs their pin code. The inputted pin code is encrypted and matched with the encrypted user correct pin code. If there is a match the one-time pin code is stored in memory and the transaction can proceed.

Abstract: The invention relates to systems and methods for secure, remote, wireless submission of financial transactions. Authentication and authorization functionality are provided through use of proof of possession tests, a token service that provides a user device with a token that includes user entitlement data, and high assurance digital certificates.

Abstract: A system and method is provided for authorizing a payment for a point of sale transaction by authenticating the user of a mobile device, such as a mobile phone. The present invention authenticates the consumer and verifies that he is authorized to conduct a transaction at the point of sale by means of the consumer's mobile device.

Abstract: A request from a client system to perform computations on encrypted data is received at a server system. A request for a data key configured to decrypt the encrypted data is sent from the server system to the client system. The data key from the client system is received at the server system. The encrypted data is accessed at the server system. The encrypted data is decrypted using the data key to generate unencrypted data at the server system. The computations are performed on the unencrypted data to generate result data at the server system. The result data is provided to the client system.

Abstract: A method and apparatus for securing transactions using verified resource locations is described. In one embodiment, the method for authorizing a transaction request using published location information for at least one resource includes examining relationship data regarding at least one resource to identify at least one publisher computer and at least one subscriber computer, wherein the at least one publisher computer communicates location information for the at least one resource and in response to at least one transaction request from the at least one subscriber computer, comparing the location information with the at least one transaction request to verify at least one resource location.

Abstract: Disclosed are systems and methods for authenticating use of a mark. In one embodiment, a system for facilitation, authentication, and authorization of the use of a mark comprises a mark owner server that receives registration information from a reseller server via a network that requests to use a mark. The mark owner server determines whether the reseller server is authenticated to use the mark. If the reseller server is authenticated to use the mark, the mark owner server sends a key to the reseller server. The mark owner server receives the key from the reseller server to access the mark via the network and determines whether the reseller server is authorized to use the mark based on the key. If the reseller server is authorized to use the mark, the mark owner server sends a first mark via the network to be displayed.

Abstract: A method and associated system for authenticating an end user. A selected subset of root nodes of a set of root nodes in a server mask is received, the selected subset of root nodes having been selected by the end user. In response to the receiving of the selected subset of root nodes, the end user is authenticated by determining that the spatial location in the server mask of each root node of the selected subset of root nodes matches a spatial position of a corresponding root node of a server set of transparent root nodes in the server mask, wherein the server set of transparent root nodes are a result of a first random selection of root nodes from the set of root nodes in the server mask.

Abstract: An authentication apparatus receives an authority delegating request from an apparatus, acquires information of authorities possessed by the user from a storage unit, presents information of the acquired authorities to the user, and receives an instruction indicating which of the authorities possessed by the user is delegated to the apparatus. A storage unit stores, when the instruction to delegate the authority to the apparatus is received, an identifier required to uniquely identify the instruction and the authority instructed by the user to delegate, in association with each other. Authentication information indicating delegation of the authority is transmitted to the apparatus based on the instruction from the user.

Abstract: A system for transferring secured data has an authentication facilitator that transmits data indicative of a graphical key pad to a remote display device of a user computing device and, in response, receives from the user computing device icon location data indicative of locations of icons selected by a user. Additionally, the authentication facilitator recovers a personal identifier (PI) from the icon location data, translates the recovered PI to obtain a translated PI, and transmits the translated PI. The system further has a partner computing apparatus that receives the translated PI and allows the user access to a secured area based upon the translated PI.

Abstract: Systems and methods for controlling access to resources using spoken Completely Automatic Public Turing Tests To Tell Humans And Computers Apart (CAPTCHA) tests are disclosed. In these systems and methods, entities seeking access to resources are required to produce an input utterance that contains at least some audio. That utterance is compared with voice reference data for human and machine entities, and a determination is made as to whether the entity requesting access is a human or a machine. Access is then permitted or refused based on that determination.

Abstract: In various embodiments, a server grants access to a plurality of anonymous one-time-usable, time-sensitive encrypted tokens that identify consumer purchase orders. A plurality of certified merchant servers are certified by being provided with an application to securely connect the certified merchant servers to the server for, among other things, transmitting purchase order data to the server for use in generating the tokens. A plurality of financial institution servers can also be certified by being configured for use with an application that enables secure connection to the server for, among other things, requesting the tokens.

Abstract: Methods and apparatus for conducting electronic transactions such as commerce transactions or purchases and exchanging related information. In one aspect, a robust and integrated apparatus and associated method is provided whereby a purchaser can securely provide transaction data and/or information in an electronic format to another party such as a vendor. In one exemplary embodiment, the purchaser can authenticate his or her right to use the billing information contained therein to complete a purchase without actually having to disclose the billing information in a human readable format, thereby enabling the vendor to obtain and authenticate the purchaser's identity and billing information while still protecting the purchaser's privacy, and without requiring disclosure of the purchaser's billing information to the vendor's employees or any other parties. In another aspect, the vendor can provide information about the transaction in an electronic form that can be authenticated and verified for accuracy.

Abstract: Similarity-based fraud detection techniques are provided in adaptive authentication systems. A method is provided for determining if an event is fraudulent by obtaining a plurality of tagged events and one or more untagged events, wherein the tagged events indicate a likelihood of whether the corresponding event was fraudulent; constructing a graph, wherein each node in the graph represents an event and has a value representing a likelihood of whether the corresponding event was fraudulent and wherein similar transactions are connected via weighted links; diffusing through weights in the graph to assign values to nodes such that neighbors of nodes having non-zero values receive similar values as the neighbors; and classifying whether at least one of the one or more untagged events is fraudulent based on the assigned values.

Abstract: A method of authentication and authorization over a communications system is provided. Disclosed herein are systems and methods for creating a cryptographic evidence, called authentication/authorization evidence, AE, when a successful authentication/authorization between a client and an authentication server is complete. There are a variety of methods for generating AE. For instance, the AE can be data that is exchanged during the authentication signaling or data that results from it. A distinctive point being that AE results from the authentication process and is used as prior state for the following TLS exchange. An example for creation of AE, is as follows: EAP authentications typically result in an Extended Master Session Key (EMSK). The EMSK can be used to create an Evidence Master Key (EMK) that can then be used to create AE for a variety of servers.

Abstract: A method of providing particular account configurations to a user of a mobile device based on a predetermined account configuration offering between a mobile device manufacturer and a third-party service provider based on a code stored on the mobile device. During the out-of-box experience (OOBE) when the user is initially configuring the mobile device, the third-party provider receives user information, a code, and a mobile device identification number. The third-party service provider confirms that the mobile device is eligible for the particular account configuration by using the code and mobile device identification number. Once account configuration eligibility is confirmed, the third-party service provider associates the particular account configuration with either an existing user account or with a new user account established during the OOBE.

Abstract: A method for leveraging email to complete an online transaction from a third party vendor, the method comprising: storing customer information, the customer information including a customer name, customer email address, customer shipping address, and customer billing information. The method further comprises receiving an authorization request from an application programming interface associated with a third party vendor requesting access to a portion of the customer information and receiving confirmation from a customer to allow the third party vendor to access the portion of the customer information. The method further comprising transmitting an access code to the third party vendor and receiving a request message from the third party vendor, wherein the request message comprises the access code, and wherein the request message requests an authorization token. The method may further comprise confirming the received access code and transmitting an authorization token to the third party vendor.

Abstract: A system for verifying and authenticating the identity of a user in a transaction. The user's identity is authenticated through the user's computer, tablet computer, mobile computing device, web browser (as a web-page, or as a plug-in for the browser), or other computing device by means of a single-use, time sensitive, system-generated transaction token and user selected system PIN. The user presents the transaction token to the vendor or merchant, which forwards a request for authentication to the system. The system prompts the user to confirm the transaction and enter the PIN into the device used to generate the transaction token. Upon confirmation, the transaction is completed.

Abstract: The embodiment(s) relate to a method of securely communicating between a Point-of-Sale (PoS) terminal and a payment card. The method includes signing payment data with a private key of the PoS terminal to create a signature. The method includes encrypting the payment data and signature using a public key certificate of the payment card, which is encrypted and signed by a certificate authority using a certificate authority private key and is received at the PoS terminal after a public key certificate of the PoS terminal is validated at the payment card. The PoS terminal public key certificate is encrypted and signed by the certificate authority using the certificate authority private key. The method includes transmitting the encrypted payment data and signature to the payment card for decryption of the payment data and signature using a payment card private key corresponding to the payment card public key certificate.

Abstract: A system and method of authorizing a product including transmitting from an end user device a character string, including a Transaction ID, to a licensing authority. The licensing authority encrypts the Transaction ID using an encryption key associated with a product for which the end user is seeking authorization to produce an Authorization number. Each product is associated with a different encryption key resulting in a different Authorization number being produced for each product based on the same Transaction ID. The licensing authority then returns the Authorization number to the end user device. A decryption processor associated with the end user device decrypts the Authorization number using an unchangeable decryption key and compares the decrypted Authorization number with the Transaction ID. If the decrypted Authorization number matches the Transaction ID the product is authorized.

Abstract: A method, system, and computer program product for authenticating an end user. A login field is generated and sent to an end user, and a set of nodes is subsequently received from the end user. The login field includes first colored nodes having multiple colors distributed in a first random pattern. A transparent credit card controlled by the end user includes second colored nodes having multiple colors distributed in a second random pattern. An authenticity status of the end user is determined, and then sent to the end user, by determining whether each node of the set of nodes (i) corresponds to a unique node of the first colored nodes and (ii) has a same color determined by a function of a static integer and a dynamic integer D, wherein S and D are known only to the end user and the provider of the transparent credit card.

Abstract: A method for using a secondary PAN is disclosed. The method includes providing a secondary PAN associated with a primary PAN, where the secondary PAN has at least one end portion that is the same as the primary PAN, but has a middle portion of that is different than the primary PAN.

Abstract: This invention provides a dynamically generated security code for smart, debit and credit cards as a way to thwart fraudulent use of these cards in financial transactions. The card internally contains a processor connected to a viewable display powered by a battery where the processor is capable of generating security codes on a periodic basis. The card can generate the security code by encrypting certain data is a way that the card issuer as the same security codes so that when the security code is used in a financial transaction, the card issuer can ascertain whether the transaction is valid and authorized or potentially fraudulent.

Abstract: Payment tokens designed for display on a consumer's mobile device include dynamic trust data (e.g., transaction history and/or token generation date) along with financial account information, enabling merchants to make an informed decision about whether to accept payment without communication with the central processing system, and also protecting the consumer's account information from theft.

Abstract: Payment tokens designed for display on a consumer's mobile device include dynamic trust data (e.g., transaction history and/or token generation date) along with financial account information, enabling merchants to make an informed decision about whether to accept payment without communication with the central processing system, and also protecting the consumer's account information from theft.

Abstract: Systems and techniques for mediating user communications. A user persona manager maintains one or more user profiles and manages user interactions with other parties and with service providers based on user preferences associated with the user profile or profiles selected for a particular interaction. The persona manager receives a single set of user authentication information to establish the user identity, and provides previously stored information to other parties and service providers as appropriate, and otherwise conducts user interactions involving communications initiated by or on behalf of the user. The persona manager also examines interactions initiated by others, selects user profiles appropriate to the interactions, and routes and responds to the interactions based on information stored in the user profiles.

Abstract: In some example embodiments, a system and method is shown that includes receiving a purchase request through an Electronic Payment Financial Network (EPFN), the purchase request including a token to identify a merchant server. The system and method further includes comparing the token against a merchant identifier value to determine that that token is assigned to the merchant server. Additionally, the system and method includes transmitting a purchase request authorization authorizing an online transaction, where the token and merchant identifier value are equivalent.

Abstract: The various embodiments herein provide a system for a secure electronic transaction. The system comprises a dongle connected to a computing device for reading an electronic card data, a client application running on the client device for collecting a transaction information from a customer, a service provider system connected to the computing device through a first communication network for transmitting the collected transaction information and the audio signal from the computing device to the service provider system, a production server located at the service provider system for processing the received card data, a payment server for processing the audio signal, a second communication network for transmitting a processed card data from the production server to a payment system and a payment gateway running on the payment system for interfacing with the service provider system. The payment system performs the financial transaction by authenticating the customer and a merchant.

Abstract: This invention relates to an anti-fake identification system and method capable of automatically connecting to web address, in which an electronic tag of commodity is scanned by a reader device so as to read the identification code into the computer device; the identification code includes a web address of a remote maker to which the computer can automatically connect so as to transmit the identification code to the web address; a verifying device receives and verifies the identification code at the web address, and produce an authentication code according to the identification code after the identification code passes through verification so as to confirm the accuracy of the identification code. The method comprises the following steps of: reading an identification code of commodity; transmitting the identification code to the web address; verifying the identification code and generating an authentication code when the identification code is accurate.

Abstract: A data security system includes providing a unique identification from a first system to a second system; copying the unique identification in the second system by the first system; and unlocking a memory in the first system or the second system only when the unique identifications in the first system and the second system are the same.

Abstract: A method for producing an electro-biometric signature allowing legal interaction between and the identification of persons utilizing biometric features. The method includes inputting a user's biometric features in a pre-determined sequence and checking that no feature is entered repeatedly.

Abstract: Processes are described for provision of privacy-sensitive sample analysis results to a sample provider. The sample provider generates a cryptographic commitment encoding a secret value, r, and a sample identifier, s, associated with a sample container. The sample provider provides the commitment to an analysis provider in association with the sample container containing a sample for analysis. The analysis provider analyzes the sample to obtain a set of analysis results corresponding to the sample identifier, s, and generates a cryptographic pre-credential, ??, corresponding to the sample identifier, s. The pre-credential, ??, encodes the set of analysis results and the commitment. Completion of the pre-credential, ??, requires knowledge of the secret value, r, in the commitment.

Abstract: Systems and methods are disclosed for performing online charging for text messages. One embodiment comprises a system that handles a Mobile Originated (MO) text message. The system receives a send request for the MO text message, and generates an online credit request for the MO text message. The system determines a type of originating network for the MO text message, and inserts an indicator of the originating network type in the online credit request. The system may also determine a type of terminating network for the MO text message, and insert an indicator of the terminating network type in the online credit request. The system then transmits the online credit request to an online charging system to charge for the MO text message.

Abstract: A payment system and method using a mobile telephone network for charging and settlement, which comprises a user's cell phone being associated with a payment account, and the user's cell phone accessing the international payment and settlement center. The international payment and settlement center generates a payment code according to the amount of payment, which is transmitted to the user's cell phone. The user uses said payment code to pay the merchant's POS machine. The POS machine reads said payment code and requests authorization for the transaction from the international payment and settlement center. The international payment and settlement center authorizes said transaction after verifying the correctness. During settlement, the international payment and settlement center collects the money of said transaction from the payment account of the user, and pays the money that should be charged by the merchant in this transaction to the receipts account of the merchant.

Abstract: A method is provided for completing an authenticated commercial transaction over an internet protocol (IP) network (40) for an account holder (60) engaged in the transaction via a non-IP based telecommunications platform (30).

Abstract: The invention provides systems and methods of authenticating a customer device, in conjunction with a requested interaction, the customer device associated with a customer, the method performed by an authentication entity processing portion in the form of a tangibly embodied computer.

Abstract: Equipments and methods are disclosed for facilitating service provisioning in a system that comprises a payment processor, a number of service providers and a mediator that mediates information exchange between the payment processor and service providers, and a mobile terminal operated by payment card holder. In some implementations, service provisioning can be facilitated in cases wherein the payment processor must reside in a strictly regulated Payment Card Industry (PCI) compliant environment and the service providers operate servers that are not PCI-compliant.

Abstract: An authentication string, such as a password, consists of characters. Each of the characters in the authentication string is randomly associated with a defined location on a device. For example, an area on a touch screen can be associated with a character in the authentication string. When a user selects a location associated with the character, feedback is provided that identifies the character. When the user selects a location that is not associated with the character, feedback is provided that does not identify the character. If the user responds by indicating that the associated location matches the character, the character is authenticated. If the user responds by indicating that a location not associated with the character is a match, the character is not authenticated. This process is then repeated for each character in the authentication string.

Abstract: A wireless connection may be established between a mobile device and a reader device and/or a sensor. The reader device and/or sensor may authenticate the mobile device. The reader device and/or sensor may receive a credential or token from the mobile device. An action may be performed based on certain criteria such as if the credential or token is valid.

Abstract: A smart card transaction allows a consumer to load value onto a smart card and to make purchases using a smart card with a mobile telephone handset over the telecommunications network. For loading, the system includes: a mobile telephone handset including a card reader; a gateway computer; a funds issuer computer; and an authentication computer. The mobile telephone handset receives a request from a user to load a value onto the smart card. The handset generates a funds request message which includes the value and sends the funds request message to a funds issuer computer. The funds issuer computer debits an account associated with the user. Next, the handset generates a load request message with a cryptographic signature and sends the load request message to an authentication computer which authenticates the smart card. The handset receives a response message which includes a cryptographic signature and an approval to load.