Abstract: A security architecture in which a security module is integrated in a client machine, wherein the client machine includes a local host that is untrusted. The security module performs encryption and decryption algorithms, authentication, and public key processing. The security module also includes separate key caches for key encryption keys and application keys. A security module can also interface a cryptographic accelerator through an application key cache. The security module can authorize a public key and an associated key server. That public key can subsequently be used to authorize additional key servers. Any of the authorized key servers can use their public keys to authorize the public keys of additional key servers. Secure authenticated communications can then transpire between the client and any of these key servers. Such a connection is created by a secure handshake process that takes place between the client and the key server.

Abstract: An information processing apparatus determines whether a device accesses a box region of the information processing apparatus. When it is determined that the box region is accessed, a box ID entry screen is displayed on the device. The information processing apparatus determines whether a box ID is entered by a user of the device. If it is determined that a box ID is entered, then device information about the device is obtained. After the device information is obtained, the information processing apparatus determines whether the device possesses a hardware keyboard. If it is determined that the device possesses a hardware keyboard, a password authentication screen is displayed on the device. If it is determined that the device does not possess a hardware keyboard, an image authentication screen is displayed on the device.

Abstract: Systems and methods provide a gaming machine that is protected from the introduction of rogue code. One aspect of the systems and methods includes disabling a user access feature, such as a login or network access feature of an operating system executing on the gaming machine. A further aspect of the systems and methods includes removing debuggers and debugging information from an operating system or application executing on the gaming machine.

Abstract: A gaming system is provided. The gaming system allows users to access applications via gaming communication devices coupled to a communication network. At least a portion of the network may be wireless. The gaming applications include gambling, financial, entertainment service, and other types of transactions. The system may include a user location determination feature to prevent users from conducting transactions from unauthorized areas. The gaming system may incorporate a user profile feature according to which certain information regarding users of the system may be maintained. Such information can include, without limitation, information relating to preferences, finances, activities participated in by the users, and trends and habits of the users.

Abstract: An apparatus, system, and method are disclosed for securely authorizing changes to a transaction restriction. A security module securely stores encryption keys for a payment instrument. The payment instrument electronically transacts payments and includes a transaction restriction. An authentication module receives an authentication from a user of the payment instrument. The security module validates the authentication with a first encryption key. In addition, the security module authorizes a change to the transaction restriction using a second encryption key if the authentication is valid. The security module resides on a computer that the user designates as authorized to validate the authentication.

Abstract: Techniques for generating and providing phrases are described herein. These techniques may include analyzing one or more sources to generate a first corpus of phrases, each of the phrases for use as an identifier and/or for association with a user for executing a transaction. Once a first corpus of phrases has been generated, these phrases may be filtered to define a second corpus of phrases. Phrases of this second corpus may then be suggested to one or more users. In some instances, the phrases suggested to a particular user are personalized to the user based on information previously known about the user or based on information provided by the user.

Abstract: Techniques for generating and providing phrases are described herein. These techniques may include analyzing one or more sources to generate a first corpus of phrases, each of the phrases for use as an identifier and/or for association with a user for executing a transaction. Once a first corpus of phrases has been generated, these phrases may be filtered to define a second corpus of phrases. Phrases of this second corpus may then be suggested to one or more users. In some instances, the phrases suggested to a particular user are personalized to the user based on information previously known about the user or based on information provided by the user.

Abstract: The present invention provides apparatus, systems and methods to wirelessly pay for purchases, electronically interface with financial accounting systems, and electronically record and wirelessly communicate authorization transactions using Personal Digital Assistant (“PDA”)(also referred to as Personal Intelligent Communicators (PICs), and Personal Communicators), palm computers, intelligent handheld cellular and other wireless telephones, and other personal handheld electronic devices configured with infrared or other short range data communications (for referential simplicity, such devices are referred to herein as “PDA's”).

Abstract: A method includes: establishing a first connection between a first ID token and a first computer system via a second computer system for reading at least one first attribute from the first ID token, establishing a second connection between a second ID token and the first computer system via the second computer system for reading at least one second attribute from the second ID token, sending the first and second attributes from the first computer system to a third computer system, receiving the data from the third computer system by the first computer system, writing the data into the second ID token via the second connection by the first computer system thereby storing the data in the second ID token, where the first connection still exists, wherein the first and the second connection are respectively connection with end-to-end encryption and a connection oriented protocol.

Abstract: Digital content rendering services provided over the Internet are disclosed. The service enables multiple concurrent users to log on and access server and applications in separate and protected sessions. The server may receive content objects and instructions for manipulating the content with an information apparatus operated by a user. The server may further receive job objects including at least one of authentication, payment, and subscription information. The server may generate output data related to the rendering job and the content, and send the output data to an output controller or media box, internally included or externally connected, to an output device for rendering, the output device may be a television, a display device, a sound device, or a printer. The service may send service confirmation to the information apparatus. The service may also store user's digital content at a node over the Internet for later access by the user.

Abstract: The present application provides a subscription interface positioned between client devices and third-party digital subscription providers. The subscription interface allows multiple different publication-related applications (e.g., Sports Illustrated, Time magazine, etc.) running on different client devices (e.g., tablets, desktop computers, laptop computers, smart phones, etc.) to obtain a list of digital issues available from an associated third-party digital subscription provider based on entitlements of the user of the client device. The subscription interface ensures that the application receives the list and associated metadata in a desired format for that particular application on a particular client device.

Abstract: Systems and methods for managing mobile payments is provided. An account issuer provides an application that is loaded onto a mobile device, which enables a consumer to pay for transactions. The mobile payment application generates a unique code. The code is read by the point of sale terminal, which is then provided to the payment management system. The payment management system contracts the account issuer and authenticates the code, thereby receiving a primary account number. Account number and transaction information is used to authorize the transaction via payment systems. The payment system accepts or declines the transaction in a response. Tokens may be generated for the account number, and value added services may be generated based upon user behaviors.

Abstract: A method and system for mutually authenticating an identity and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server. Thereafter, the method continues with establishing a secure data transfer link. A server certificate is transmitted during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes an authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.

Abstract: A method and system arc disclosed for determining the geographic location of a user communicating on a communications network such as the Internet. In one embodiment, a provider of a product or service: (a) receives the user's phone number (or other identification for contacting the user's station), and (b) supplies the user's station with a distinctive identifier. The provider then supplies a location determining service with the user's phone number (or other identification). A phone call is made to the phone number by the location determining service for retrieving the distinctive identifier from the network station having the phone number. If the distinctive identifier is retrieved and the location determining service determines that the user's station is within an appropriate geographical area (or not within an inappropriate area), then the provider can provide the requested product or service to the user.

Abstract: Payment tokens designed for display on a consumer's mobile device include dynamic trust data (e.g., transaction history and/or token generation date) along with financial account information, enabling merchants to make an informed decision about whether to accept payment without communication with the central processing system, and also protecting the consumer's account information from theft. In particular embodiments, a displayed token is used for payment via one communication channel (i.e., the merchant's network) but tokens are flagged for expiration via a different network (i.e., a public wireless telephone network).

Abstract: A system and method for interconnecting multiple point of sale devices creating a mesh-like network structure which reduces connectivity costs while providing greater reliability due to multiple network paths is disclosed. By linking point of sale devices within a virtual network, the need for individual connections to a point of sale controller is eliminated and alternative network paths are provided, thereby ensuring maximum up-time and optimal connection speeds.

Abstract: One embodiment of the present disclosure provides a system and associated processes for sharing cardholder data (CHD) between a merchant that utilizes tokenization and a second merchant that may or may not utilize tokenization. In one embodiment, the merchant, or an employee of the merchant, can use the system and associated processes to reacquire CHD from a tokenization provider system. In one embodiment, the merchant identifies to the tokenization provider system a desire to share CHD, which is associated with a token, with a second merchant. The merchant and/or the tokenization provider system can then invite the second merchant to register with the tokenization provider system. Once registered with the tokenization provider system, the second merchant can access any CHD that the merchant associated with the second merchant.

Abstract: An electronic registry stores information relating to a transferable electronic record and the controller of an authoritative copy of the transferable electronic record. The electronic registry includes information for authenticating a true copy of the authoritative copy of the transferable electronic record. The electronic registry also facilitates registration of the transferable electronic record and transfer of legal rights associated therewith.

Abstract: A method for minimizing risk of a consumer performing a fraudulent Internet purchase transactions using a transaction card is disclosed herein, the method comprising receiving an enrollment verification request for a transaction from a merchant's website, transmitting the enrollment verification request to an access control server; receiving an enrollment verification response from the access control server, determining whether the transaction is risky based on at least a portion of the enrollment verification request, if the transaction is not risky, forwarding the enrollment verification response to the merchant website and it the transaction is risky, modifying the enrollment verification response to denote the transaction is risky and forwarding the modified enrollment verification response to the merchant's website.

Abstract: A method includes providing advertisement data to a mobile device, receiving an input associated with the mobile device based on the advertisement data, and providing a credit based on the input. The input may be based on at least one of a location of the mobile device, a messaging communication initiated using the mobile device, an entry in an information management application, and a transaction executed using the mobile device.

Abstract: A method of diagnosing a mobile device is provided. The method comprises obtaining an access key from a key store based on an identity of the mobile device and based on an identity associated with an issuer of a confidential information, wherein the access key is associated with a secure element of the mobile device storing the confidential information. The method also comprises wirelessly transmitting a message from a station associated with the issuer to the mobile device to initiate diagnostics of at least the secure element of the mobile device, the message comprising the access key, wherein the diagnostics are performed by diagnostic instructions stored on the mobile device. The method also comprises displaying the result of the diagnostics.

Abstract: Exemplary embodiments are directed to near field communication A device may include a current digital-to-analog converter (DAC) configured to convey a current to an antenna in a first near-field communication (NFC) mode and enable for load modulation in a second NFC mode.

Abstract: An apparatus, method, and computer readable storage for automatically deciding slot machine configuration changes. Slot machine usage is electronically monitored and ideal settings are determined from the usage. Slot machines can then be updated electronically according to the ideal settings, either automatically or upon operator approval.

Abstract: A client-server communication protocol permits the server to authenticate the client without requiring the client to authenticate the server. After establishing the half-authenticated connection, the client transmits a request and the server performs or responds accordingly. A network management system and environment where this protocol can be used is also described and claimed.

Abstract: The virtual account and token-based digital cash token protocols use a combination of blind digital signatures and pseudonym authentication with at least two pairs of public and private keys. A user has one master pair of private and public keys and many pseudonym pairs of private and public keys. The new protocols combine blind digital signature and pseudonym-based authentication. Blind digital signatures based on the master pair of keys are used to withdraw digital cash from the user's bank account under the user's real identity. A pseudonym pair of keys is used for depositing digital cash with a digital cash issuer. Pseudonym key pairs are used for spending the digital cash. Digital cash includes digital cash tokens in virtual accounts, which can be managed from a user's fixed or mobile computing platform.

Abstract: A security component may be associated with a network-enabled application. The security component may initiate the display of an embedded region of a window drawn according to display information received from a relying party. The security component may define at least a portion of the appearance of the embedded region; the relying party may not define this portion. The embedded region may include customization information configured by a user, and “Card” information received from an assertion provider, indicating how to authenticate user credentials in order to gain access to relying party restricted content. The security component may request authentication of user credentials from the assertion provider, which may be trusted by the relying party. The security component may receive an assertion token from the assertion provider indicating the credentials are authentic. The security component may forward the assertion token to the relying party to gain access to the restricted content.

Abstract: Methods and systems for supply chain management in accordance with a state model. A supply chain management system includes a transaction state module within an inter-enterprise server assessable by trading partners. The transaction state module can define a state model which allows a trading partner to view a transaction and perform an action in accordance with a state of the transaction. The state model describes, in association with each state, which of the trading partners have visibility to the transaction and ability to perform an action. The trading partners can include consumers, retailers, distributors, etc. The transactions can include a forecast order, a purchase order, a billing, a product shipment, a payment, an invoice, a credit memo, a request for quote (RFQ), and a return material authorization (RMA). States of the transaction can include, for example, create, open, public view, private view, publish, commit, cancel, supersede, and the like.

Abstract: An apparatus and method for preventing falsification of a client screen is provided, in which a web server dynamically generates URIs and provides them to clients, thus preventing the falsification of client screens due to a web injection attack or a memory hacking attack. The apparatus includes a random web generation unit for converting an identical web page into random URIs that are randomly generated, at a request of a plurality of clients, generating different random web sources, and providing the different random web sources to the respective clients. A web falsification determination unit compares display web source eigenvalues respectively generated by the clients with respect to any one of the random web sources with a generative web source eigenvalue for the one of the random web sources, thus determining whether screens corresponding to the random web sources displayed on the respective clients have been falsified.

Abstract: The user (11) opens the payment app using his individual password, selects on a menu a load function with a specific amount to the payment card (17), selects the payment method and accepts to send the payment details (Step S301). The token data set representing the payment details is sent via the wireless network (14) to the gateway system on the remote server (13) for authentication and authorization (Step S302). In order to access the respective token data set required for authorization and stored only on the mobile electronic device (1) but not on the remote server (13), a respective key is used created from the device key, the individual password and the server key (verifying data) provided by the gateway system on the remote server (13).

Abstract: A personal digital key (e.g., which can be carried by a human) contains a memory having different service blocks. Each service block is accessible by a corresponding service block access key. As the personal digital key (PDK) moves around, it is detected by sensors. The sensors report position data, thus enabling location tracking of the PDK. The sensors also provide a data path to various applications. An application that has access to a service block access key can therefore access the corresponding service block on the PDK. The sensors themselves may also contain service block access keys.

Abstract: Ensuring secure electronic transactions between a wallet service center and a cluster of electronic wallet transaction facilities provided at a user device involves registering the cluster of electronic wallet transaction facilities by delivering electronic transaction facility software that provides electronic wallet capabilities to the user device, exchanging a user authentication code between the wallet service center and the user via the electronic transaction facility software, and activating an account of a registered electronic wallet transaction facility.

Abstract: Architecture that employs a software development kit and an add-in model to collect payment data and communicate with payment processors in a point-of-sale (POS) application to meet new requirements in new markets. Data gathered from an add-in and from the POS application can be combined and then communicated to the payment processor. The payment method can be determined and payment processing routed to different payment processors based on data and schema of data collected is also described. An add-in can also programmatically obtain information from the POS application information about a transaction and authorize a payment. A payment collecting/processing API is the interface between the POS application tender logic and payment collecting/processing logic and defines how a payment collecting/processing add-in interacts with the POS application.

Abstract: A method for authenticating an end user. The method begins by generating a login field in response to receiving an authentication request from an end user. The login field comprises a plurality of colored nodes containing a first subset of nodes matching both color and location to a second subset of nodes residing in a transparent credit card being controlled by the end user. Next the method determines the authenticity status of the end user by comparing data received from the end user with the first subset of nodes. The end user having generated the data by overlaying the transparent credit card on top of the login field and selecting at least one colored node. Each node being selected according to a function utilizing both static and dynamic variables. Finally, the method sends the determined authenticity status to the end user via an output device.

Abstract: Facilitating transactions using non-traditional devices and biometric data to activate a transaction device is disclosed. A transaction request is formed at a non-traditional device, and communicated to a reader, wherein the non-traditional device may be configured with an RFID device. The RFID device is not operable until a biometric voice analysis has been executed to verify that the carrier of the RFID equipped non-traditional device is the true owner of account information stored thereon. The non-traditional device provides a conduit between a user and a verification system to perform biometric voice analysis of the user. When the verification system has determined that the user is the true owner of one or more accounts stored at the verification system, a purchase transaction is facilitated between the verification system. Transactions may further be carried out through a non-RF device such as a cellular telephone in direct communication with an acquirer/issuer or payment processor.

Abstract: A method for inhibiting phishing can include sending information from a mobile network device to a website server, generating a one time password at the mobile network device from the information, generating a one time password at the website server from the information, sending the one time password generated at the website server to the mobile network device when the mobile network device subsequently accesses the website, and comparing the one time password generated at the website server to the one time password generated at the mobile network device. In this manner, the website can be authenticated such that the occurrence of phishing is substantially mitigated.

Abstract: A framework is provided for reducing the number of locations modified when hiding data, such as a digital watermark, in binary data. The framework complements data hiding techniques, such as digital watermarking techniques. After determining potential embedding locations according to an underlying technique, a data structure is created with values associated with those locations. A parity calculation is performed on the values in the data structure. The calculated parity is compared with hidden data to determine locations for modifications. Manipulations are then performed to reduce the total number of modifications needed to represent the hidden data. Modifications are made to the binary data according to the underlying technique. During decoding of the hidden data, the same locations can be determined, the same data structure can be created with the modified values, and a parity calculation is then performed to decode the hidden data.

Abstract: A_system and method for verification of a person identifier received online is described. The method includes receiving a request for verifying a person identifier (PI1); and estimating whether (a) PI1 identifies the same person as another person identifier (PI2), (b) sender of PI1 is the same person as sender of PI2, and (c) PI2 identifies the sender of PI2.

Abstract: Systems, devices and/or methods that facilitate mutual authentication for processor and memory pairing are presented. A processor and a suitably equipped memory can be provided with a shared secret to facilitate mutual authentication. In addition, the memory can be configured to verify that the system operating instructions have not been subjected to unauthorized alterations. System integrity can be ensured according to the disclosed subject matter by mutual authentication of the processor and memory and verification of the authenticity of system operating instructions at or near each system power up. As a result, the disclosed subject matter can facilitate relatively low complexity assurance of system integrity as a replacement or supplement to conventional techniques.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. The payment application is associated with a certificate and a corresponding hash. The hash is adapted to be generated on the basis of an application expiration date parameter, which is adapted to comprise data indicative of an expiration date of day level granularity associated with the certificate. During processing of the EMV transaction, the point-of-sale terminal verifies the hash, thereby establishing the authenticity of the application expiration date, and hence the validity of the certificate.

Abstract: A method for detecting against unauthorized transmission of digital works comprises the steps of maintaining a registry of information permitting identification of digital copyrighted works, monitoring a network for transmission of at least one packet-based digital signal, extracting at least one feature from the at least one digital signal, comparing the extracted at least one feature with registry information and applying business rules based on the comparison result.

Abstract: A method for verifying permission to use a payment system such as an electronic credit card, using a hand held communication device such as a smart phone, where the customer presents the communication device to a merchant who extracts account information from the hand held device, and the hand held device generates a transaction code that is shared with the merchant and sent by both to a financial institution. The financial institution sends a new random code to the user and the merchant, which can be compared to verify the user's account and the financial institution's approval of the transaction.

Abstract: An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.

Abstract: One method herein includes forwarding an invoice for a purchase agreement made between a seller and a buyer. The method includes receiving a service selection indicating that the invoice is to be paid using an escrow system. The service selection includes a token for verification of a buyer's signatory. The method receives funding confirmation that the buyer has deposited funds into an escrow account. Based on funding confirmation, notification to ship the goods is sent. The method receives shipping confirmation confirming that the goods have been shipped. Upon receipt of the goods, a receiver is authenticated as the authorized signatory using the verification system. This authentication is based on the stored token matching a provided token. Based on verification of the receiver, the goods are released and the deposited funds from the escrow account are deposited into the seller's account.

Abstract: A method for calculating a One Time Password. A secret is concatenated with a count, where the secret is uniquely assigned to a token. The secret can be a private key or a shared secret symmetric key. The count is a number that increases monotonically at the token with the number of one-time Passwords generated at the token. The count is also tracked at an authentication server, where it increases monotonically with each calculation of a one-time Password at the authentication server. An OTP can be calculated by hashing a concatenated secret and count. The result can be truncated.

Abstract: The invention is a system and method for accessing an online user account registry, comprising: a) Approving access to an online user account registry via a verification platform comparing a bid verification data, comprising a unique user code provided from a nexus access token, with a registered verification data; b) Accessing the online user account registry via a rule-module invoked from a rule-module nexus, said online user account registry comprising a plurality of financial accounts of the user; Whereby an online account registry, comprising a plurality of financial accounts, is accessed via a unique user code provided from a nexus access token.

Abstract: An electronic transaction verification system for use with transaction tokens such as checks, credit cards, debit cards, and smart cards that gathers and transmits information about the transaction token and biometric data. Customers can be enrolled in the system by receiving customer information that includes at least a biometric datum, associating the received customer information with a transaction instrument issued to the customers and storing the received customer information and the issued transaction instrument information in a database for future reference.

Abstract: A method and system for biometric authorization to facilitate a radio frequency transaction is disclosed. In an exemplary embodiment, a system and method is provided for using biometric sample and biometric sample data to authorize completion of an RF transaction. Authorization of biometric sample data may authorize increasing a preloaded value, or using an additional value to supplement the preloaded value, in order to facilitate completion of an RF transaction.

Abstract: Systems and method for producing, validating, and registering authentic verification tokens are disclosed. Such systems and methods include generating verification token specific key pairs. The key pairs can be signed by a verification token manufacturer master key or public key certificate for an additional level of authenticity. Related methods and systems for authenticating and registering authorized verification token manufacturers are also disclosed. Once a verification token manufacturer is authenticated, it can be assigned a manufacturer-specific key pair or certificate and in some cases, a predetermined set of serial numbers to assign to the verification tokens it produces. Each serial number can be used to generate a verification token specific key pair specific to the associated verification token. One component of the verification token key pair can be stored to the verification token.

Abstract: A method and a system generate a contextual visual challenge image to be presented to a user thereby to verify that the user is human. For example, an image module generates a visual challenge to be presented to a user as part of a challenge-response to verify that the user is human. A contextual background module identifies a contextual background that is contextual to a specific environment and a combiner image module combines the visual challenge and the contextual background into an image which is to be presented to the user in the specific environment, the contextual background associating the visual challenge with the specific environment.

Abstract: Disclosed herein is a financial card system. The system includes a communications device on which a non-contact integrated circuit chip is installed; and an authentication terminal having a reader/writer allowing reading/writing information on the communications device and capable of transmission and reception of information with the communications device through the reader/writer. The communications device has a storage block, a common area information transmission block, and an individual area information transmission block. The reader/writer of the authentication terminal has a storage block, a common area information reception block, and an individual area information reception block.