Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: Systems and methods are provided for secure transactions according to one or more embodiments. According to an embodiment, a method for providing secure transactions comprises initiating a transaction via a point of sale device having a one time password generator. The method also comprises generating at least one password by the point of sale device. The method further comprises associating the at least one password with account information. The method further comprises transmitting the password associated with the account information to a remote location. If the transmitted password matches predetermined associated information at the remote location, the method further comprises confirming the transaction.

Abstract: Electronic documents corresponding to executed paper documents are certified. A certifying agent receives an electronic document and a corresponding paper document that had been executed pursuant to some transaction. The certifying agent compares the information contained in the paper to that in the electronic mortgage document. If the paper adequately corresponds to the electronic document and is otherwise sufficient, then the certifying agent certifies the electronic document so that other parties can reliably engage in transactions involving the electronic document without having to possess or otherwise inspect the executed paper document. Certification involves application of some form of indicia of certification to the electronic document, such as updating the value of a field corresponding to certification in the electronic document and/or applying a digital or electronic signature corresponding to the certifying agent to the electronic document.

Abstract: Methods, systems, and computer program products for storing usual order preferences associated with a point of sale transaction involving an identification article. In one embodiment, the method includes receiving an initial order involving the use of an identification article for purchasing at least one good or service. As part of receiving the initial order, a query asking if the initial order is to be designated as a usual order is issued. The method also includes registering the initial order as the usual order if a received response to the query indicates a usual order designation and storing an indication of the usual order in a storage medium.

Abstract: The invention relates to a method for reading at least one attribute stored in an ID token, wherein, where the ID token is associated with a user, having the following steps: the user is authenticated to the ID token, a first computer system is authenticated to the ID token, following successful authentication of the user and the first computer system to the ID token, the first computer system effects read access to the at least one attribute stored in the ID token in order to transmit the at least one attribute, when it has been signed, to a second computer system, where the authentication of the first computer system to the ID token is performed because of an attribute specification, which is received by the first computer system from a third computer system.

Abstract: Particular embodiments provide a method for orchestrating an order fulfillment business process that includes a sub-process. In one embodiment, abstraction of business processes from an underlying information technology (IT) infrastructure is provided. An orchestration process can be designed using sub-processes such that the sub-process is assembled at run-time into an executable process. The sub-process may be defined in an interface as a single step. A plurality of services as then assembled as steps in the executable process at run-time.

Abstract: Embodiments described herein provide communication control features and functionality, but are not so limited. In an embodiment, a computing environment includes an access control component that can use a number of access states to control access to computing data and/or services. In one embodiment, a server computer can control access to data and/or services using a number of access states including, but not limited to: an allowed state, a blocked state, a device discovery state, and/or a quarantined state. Other embodiments are available.

Abstract: Methods of securely performing online transactions are described which involve two independently controlled web servers. In order to complete a transaction, a user interacts concurrently with each of the two web servers and authentication may occur between the user and each web server and between web servers. Each of the two web servers provide data which is used to complete the transaction and the data provided by the first web server is communicated directly to the second web server for use in the transaction. In an embodiment, the first web server provides a web page which enables a user to specify a variable which is used in the transaction. This is communicated to the second web server which processes the transaction along with an identifier for the message. The identifier may be used in validating the variable before it is used in processing the transaction. Following completion of a transaction this may be reported in real time to the first web server.

Abstract: Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input.

Abstract: The present invention extends to methods, systems, and computer program products for auditing in-store sales transactions when a digital receipt is issued. A receipt application server formulates a digital receipt from digital receipt data received from a POS system. The digital receipt is sent from the receipt application server to an auditor mobile device at the location of the POS system. A human auditor can view the digital receipt during an in-store audit. In some embodiments, one or both of the receipt application server and the auditor mobile device reorder receipt entries so that items having specified characteristics are presented more prominently on a display. For example, receipt entries can be re-ordered such that higher profit margin items, bulkier items, or more likely to be stolen items are presented more prominently. As such, a human auditor is more likely to expressly audit these types of items.

Abstract: A system that enables a wireless point-of-sale transaction. In one embodiment the system comprises an account module, an account selection module, a display, an input interface, and a wireless transmitter. The account module stores account information corresponding to a plurality of payment accounts. The account selection module selects a payment account from the plurality of payment accounts as a default payment account for a wireless point-of-sale transaction based on one or more predetermined criteria. The display displays the default payment account to a user. The input interface enables the user to accept the default payment account by the account selection module. The wireless transmitter that wirelessly transmits payment information to a point-of-sale device, wherein the payment information comprises account information associated with the default account when the default payment account is accepted via the input interface.

Abstract: A server is operable to receive a media device identifying number (ID) and to create an established association between the media device with a payment account and to support at least one of payment authorization and payment clearing based at least in part on the media device ID and the payment account. The server is further operable to produce the payment account information to a smart card personalization service server to facilitate creation of a smart card with the payment account information that is associated with the media device. The server is also operable to produce the media device ID to the smart card personalization service server to facilitate creation of a smart card with the payment account information based in part on the media device ID.

Abstract: A wagering game system and its operations are described herein. In embodiments, the operations can include managing multiple instances of gaming applications associated with a wagering game client device and determining event data from the multiple instances of gaming applications. The operations can further include aggregating the event data into an event repository and determining that a requesting application requests some portion of the event data. The operations can further include opening a communication channel between the event data repository and the requesting application, formatting the requested portion of the event data in a format understandable to the requesting application, and communicating the requested portion of the event data to the requesting application via the communication channel.

Abstract: The claimed subject matter provides a system and/or a method that facilitates ensuring reliability in an online transaction. An interface component can receive data related to at least one user involved with an online transaction associated with commerce. An evaluation component can generate a reputation associated with the user based on at least one online activity and can employ a pre-determined handshake period for at least one of a feedback on the online transaction or an acknowledgement of a portion of the online transaction.

Abstract: A client device may receive an offer from a tandem device. The offer may include an indication of a location and a cost. In response to receiving the offer, the client device may display a representation of the offer. The client device may receive acceptance of the offer. In response to receiving the acceptance of the offer, the client device may transmit an indication of the acceptance to the tandem device. The indication may include an encrypted payment token, and the encrypted payment token may include an encrypted instruction to (i) debit a first account associated with the client device based on the cost, and (ii) credit a second account associated with the tandem device based on the cost.

Abstract: A patient care coordination system that includes a plurality of hand-held computers in communication with a cloud computing network or a remote server that has an accessible database of all patients and the health care information of each. The cloud computing network or remote server synchronizes, in real time, patient health care information input in any one of the plurality of hand-held computers with all the others of the plurality of hand-held computers. The hand-held computers are able to download and view the patient health care information in the database in a user friendly graphic user interface equipped with a touch screen for ease of user data navigation. The cloud computing network or remote server also receives, as input, data from patient care devices that are used to monitor patient condition periodically or continuously and store these in the database for the appropriate patient.

Abstract: Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords.

Abstract: A voucher verification system is based on SMS message-based processing of voucher verifications by a central verification authority. Merchants may establish an account with the system and then register mobile communication devices and those of employees by sending an SMS-based registration request to the system. Once registered, the merchant and employees may verify the status of vouchers by sending SMS-base verification requests to the system. Verifications of voucher status are returned to the merchant mobile device via SMS messaging.

Abstract: Automatic identification and authentication of a user of a mobile application entails receiving from the wireless communications device a unique device identifier and an e-mail address corresponding to the wireless communications device, associating a registration identifier with the unique device identifier and the e-mail address, generating an authentication token, and communicating the authentication token and the registration identifier to the wireless communications device. This technology obviates the need for the user to remember and enter a user ID and password to access backed-up application data on a server. This is particularly useful for instant messaging applications, e.g. PIN messaging, in which the unique device identifier is used to identify the user and is also the transport address. Once registered, the user who has switched to a new device or has wiped his existing device, can restore contacts or other application data from the server based on the registration identifier.

Abstract: A first information handling system (“IHS”) receives identification information of a first user of a second IHS. The first IHS initiates a network session in response to authenticating the identification information of the first user. Within the network session, the first IHS receives identification information of a second user of the second IHS. The first IHS authenticates the identification information of the second user.

Abstract: Systems, methods, and interfaces for screening clients for security compliance with a Customer Identification Program are disclosed. An illustrative system for screening clients can include a client screening engine adapted to filter client account data based on one or more filtering criteria, a database adapted to store client account information and verification status information, and a graphical user interface adapted to selectively display client account information and verification status information for one or more selected clients on a screen. The system can be used to submit identity verification requests to Customer Identification Program vendors for only those clients whose identity have not been verified.

Abstract: A digital signature system and method are disclosed. The digital signature system may include a remote certificate server for storing and maintaining at least one digital certificate of a user by a service provider and a digital signature printer driver loaded on the user's computer for communicating with the service provider via a network, such as the Internet. The digital signature printer driver may obtain verification of the user's identity from the service provider via the network and electronically place on a printable document a digital signature of the user based on the remotely stored digital certificate. The system may further include a remote storage server for storing a digital copy of the digitally signed document. The digital signature may include a unique identifier for subsequent validation of the digital signature by the service provider.

Abstract: A method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier are disclosed. The system includes an issuer providing an issuer public key; a user device having a security module for generating a first set of attestation-signature values; a privacy certification authority computer for providing an authority public key and issuing second attestation values; and a verification computer for checking the validity of the first set of attestation signature values with the issuer public key and the validity of a second set of attestation-signature values with the authority public key, the second set of attestation-signature values being derivable by the user device from the second attestation values, where it is verifiable that the two sets of attestation-signature values relate to the user device.

Abstract: A method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier are disclosed. The system includes an issuer providing an issuer public key; a user device having a security module for generating a first set of attestation-signature values; a privacy certification authority computer for providing an authority public key and issuing second attestation values; and a verification computer for checking the validity of the first set of attestation signature values with the issuer public key and the validity of a second set of attestation-signature values with the authority public key, the second set of attestation-signature values being derivable by the user device from the second attestation values, where it is verifiable that the two sets of attestation-signature values relate to the user device.

Abstract: The limiting of data exposure in authenticated multi-system transactions is disclosed. A client system authenticates and requests secured data and unsecured data with an initial system. The initial system transmits to an external system a token request that corresponds to the request for the secured data. A token is generated and passed to the initial system, which relays the same to the client system. The client system uses the token to access the secured data on the external system, while also retrieving the unsecured data on the initial system. The initial system thus does not have access to the secured data, while the request therefor is known.

Abstract: A system and method which enable online network participants to enter into transactions with each other are provided. Accounts are maintained for first and second network participants, and an authentication token is generated that is associated with the account of the first network participant. The first network participant may use the authentication token in a transaction request, and the transaction request can then be applied to the accounts of both participants.

Abstract: An authentication method, a server, and a terminal for a wireless local area network (WLAN) are provided. The method includes: redirecting a Hypertext Transfer Protocol (HTTP) request message sent by a WLAN terminal to an address of a login webpage of a WLAN network and returning the redirected HTTP request message to the WLAN terminal; sending authentication request information carrying an International Mobile Subscriber Identity (IMSI) identifier of a Subscriber Identity Module (SIM) card sent by the WLAN terminal to an Authentication/Authorization/Accounting (AAA) server corresponding to the address of the login webpage of the WLAN network, such that the AAA server performs authentication based on the IMSI identifier.

Abstract: A market for unbiased private individual data is disclosed. A data market maker managing the market collects information from owners of private individual data on their privacy and risk attitudes. The collected information includes choices from the owners of private individual data on different pricing schemes that reflect the privacy and risk attitudes of the owners of data. The data market maker receives requests for access to private individual data from data buyers over time and determines pricing menus listing prices for the data buyers to pay for access to the private individual data based on the collected information. The data market maker compensates the owners of the private individual data for selling access to their data to the data buyers.

Abstract: Methods and systems are disclosed for providing a plurality of virtual secure elements (virtual SEs) to mobile devices with secure elements (SEs). A method generates and forwards a certificate authority security domain (CASD) key for a plurality of virtual SEs to an SE supplier that created the CASD. The method receives a card serial number (CSN) and a card production life cycle (CPLC) key from the SE supplier and forwards these to a mobile device maker. An updated CSN and CPLC data is received from the device maker with an International Mobile Equipment Identity (IMEI) and an issuer security domain key (ISD key) is added to the CSN and CPLC data by a master secure element issuer trusted service manager (master SEI TSM). An application is provisioned to the device that retrieves the CSN, CPLC data, and the IMEI, which are used for to verify and activate the virtual SE.

Abstract: An artist or a music company creates multimedia music contents using interactive media creating tools on their computer and upload to a fans club server. The fans club server maintains all fans registration information and client uploaded multimedia music/songs contents. An interactive media description module on the fans club server generates the interactive media using the multimedia contents provided by the client or the artist as its input. The generated interactive media will be distributed among the fans of the respective artist for playing on their mobile phones and review their contents online for a feedback before the songs being released in the market. The interactive media also prompts mobile phone user for purchasing the songs online. The mobile phone user can also purchase trial songs, and download on their mobile phone and make the online payment.

Abstract: Technologies are generally described for multi factor security authentication algorithm methods in authorizing and using client devices to perform banking transactions. A customer can register and associate a client device with their account. The customer can further create unique login information associated with their account. A customer's login information, client device, and a push confirmation must be verified for accuracy prior to allowing the customer to perform banking operations. Using multi factor authentication process, banking transactions can be performed more reliably and securely.

Abstract: A method and apparatus for establishing security associations between nodes of an ad hoc wireless network includes two authentication steps: an initial first contact step (authentication, authorization, and accounting (AAA)-based authentication), and a “light-weight” step that reuses key material generated during first contact. A mesh authenticator within the network provides two roles. The first role is to implement an 802.1X port access entity (PAE), derive transient keys used for encryption with a supplicant mesh point via a four-way handshake and take care of back end communications with a key distributor. The second role is as a key distributor that implements a AAA-client and derives keys used to authenticate a mesh point during first contact or fast security association. The key distributor and the on-line authentication server can communicate to one another without these messages being transported over mesh links.

Abstract: A method to authorize a mobile payment for a transaction. The method includes receiving a facial image of a consumer who requests the mobile payment for the transaction using account information stored in a mobile device of the consumer, wherein the facial image is provided by a point-of-sale (POS) device while initiating the transaction on behalf of the consumer, receiving a verified facial image of an account holder, comparing the facial image of the consumer and the verified facial image of the account holder based on a pre-determined criterion to verify the consumer as the account holder, generating, in response to verifying the consumer as the account holder, an authorization of the mobile payment based on the account information, and sending the authorization to the POS device to complete the transaction.

Abstract: A first server device is configured to receive an authentication request from a second server device; add the authentication request to a queue associated with a user; and provide a representation of the queue to a mobile device of the user. The representation of the queue includes an entry for the authentication request. The first server device is further configured to receive, from the mobile device, authentication information, provided by the user, for the authentication request; determine that authentication, of the user, for the authentication request is successful based on the authentication information; generate an authentication response that indicates that the authentication, of the user, for the authentication request is successful; and transmit, by the first server device, the authentication response to the second server device.

Abstract: A secure system and method are disclosed to effectuate financial transactions over a secure internet backbone establishing and using a secure closed loop financial transactional system encompassing a proxy account and a pre-registered personal handheld mobile device to the account a preregistered merchant where all funds within the account remain in an “inactive” non-usable state until activated and allocated only by the consumer's registered mobile handheld device using a unique, time sensitive, device specific and merchant specific transactional token initially developed on the system's backend and subsequent token activation completion by the intended specific registered mobile device and by the intended merchant application.

Abstract: Disclosed are authentication systems and techniques that can automatically recognize, validate, and utilize different types of information including user information, device information, and network information. Each of these types of information is processed with a unique algorithm and then is encrypted for security purposes. The processed and encrypted information are then used as components of a multi-factor authentication process. During an actual authentication transaction, these unique identifiers are used along with real-time personal identification methods including, but not limited to, biometrics and/or a personal identification number (the “PIN”), to complete the authentication process between two devices. A backend server communicates to both the devices to create a highly secure closed-loop authentication process.

Abstract: The invention is directed towards methods, systems and apparatuses, see FIG. 1, (100) for providing secure and private interactions. The invention provides capability for verifying the identity of a party initiating an electronic interaction with another party through data input module (140) which is verified by the identity verification module (150), which further includes a self-destruct mechanism (153). Embodiments of the invention include secure methods for conducting transactions and for limiting the transfer and distribution of personal data to only those data that are absolutely necessary for the completion of the transactions. The invention facilitates the transfer of additional personal data contingent upon an agreement that appropriately compensates the provider of the personal data.

Abstract: In general, the subject matter described in this disclosure can be embodied in methods, systems, and program products. A first third-party application program that was developed by a first entity receives a first request to purchase a first product for use within the first third-party application program. In response to receiving the first request, a purchasing user interface is customized to include first details that are specific to the first product. The purchasing user interface that includes the first details is displayed. A second request to purchase a second product for use within the second third-party application program is received from a second third-party application program that was developed by a second entity. In response to receiving the second request, the purchasing user interface is customized to include second details that are specific to the second product. The purchasing user interface that includes the second details is displayed.

Abstract: A system and method for secure communication is provided. A first hash-based message authentication code is generated from a shared secret and a first counter value stored in storage of a computing device. A second hash-based message authentication code is generated from such shared secret and a second counter value. An encryption key is derived from a function of the first hash-based message authentication code and the second hash-based message authentication code. A message is encrypted using the encryption key, and communicated via a network interface of the computing device.

Abstract: Systems and methods for increasing user trust by authenticating an electronic commerce server over an electronic communications channel using information received through an out-of-band communication in a physical communications channel are described. In one configuration, a paper bill is sent to a user by physical mail delivery and it includes challenge and response data used to authenticate the electronic commerce server over the electronic communications channel.

Abstract: A system including a temporal key module, a nonce module, a security module, and an encryption module. The temporal key module generates a first temporal key used to encrypt a plurality of packets. The nonce module generates a nonce for each packet encrypted based on the first temporal key. Each nonce includes a packet number that is different than packet numbers associated with other nonces generated by the nonce module. The packet number is greater than N bits in length, where N is an integer greater than 40. The security module determines when the packet number included in the nonce generated by the nonce module is greater than or equal to a predetermined threshold. The encryption module encrypts more than 2(N?1) packets using the first temporal key and the nonces without reusing a value of the packet number.

Abstract: Facilitating the purchase and sale of private data between anonymous entities based on the use of encryption and a centralized on-line entity to exchange the private data in a secure environment. The seeker of private data, such as consumer information, transmits an encrypted query to the centralized exchange entity. The query submission includes legal representations stating the legally permissible purpose for seeking the information. The centralized exchange entity compares the encrypted query to an encrypted data index collected from at least one data provider, to determine if the query matches any private data held by a data provider. The comparison is conducted within a secure, search component to ensure the privacy of all data and all parties to the transaction. The exchange entity facilitates the anonymous exchange between the data purchaser and the data provider. A payment invoice can be generated and electronically presented by maintainer.

Abstract: A permission level associated with an associate's web access is identified. A relationship ticket is obtained from an authentication server and a request is generated to set the identified permission level. The request and the relationship ticket are sent to a Web server and a success code is received from the Web server if the requested permission level is established.

Abstract: An e-mail message to which a document is attached is received, and it is determined whether or not a digital signature is appended to the e-mail message. The document attached to the e-mail message is saved as an approved document, which is approved for printing, when it is determined that the digital signature is appended to the e-mail message. On the other hand, the document attached to the e-mail message is saved as a non-approved document, which is not approved for printing, in association with an e-mail address of the e-mail message when it is determined that the digital signature is not appended to the e-mail message. User information is acquired, and the non-approved document saved in association with an e-mail address that is associated in advance with the user information is retrieved. The retrieved non-approved document is changed to an approved document, and that approved document is saved.

Abstract: An embodiment defines access control allowing the expression of access control rules using ontology based semantics and references an ontology subset using XPath as the ontological expression. The access control rules or access criteria are defined by an access control statement and may be expressed using classification criteria and ontology classes. The access control statement comprises a structural description that is used to define an asset and a logical expression that may be used to express the classification criteria. The access control statement defines access policy for various assets.

Abstract: A method for authenticating a financial transaction at a point of sale (POS) includes storing an application program in a first secure element of a mobile phone. The application is configured to generate instruction codes to effect the financial transaction upon verification of a user's identity. The user's credentials are stored in a second SE of the phone, which is operable to verify the user's identity from a biometric trait of the user input to the phone and to generate data authenticating the financial transaction in response to the verification of the user's identity. At the POS, the user invokes the application and then inputs a biometric trait to the phone. The second SE verifies the user's identity, and upon verification, generates data authenticating the transaction. The financial transaction data, including the instruction codes and the authenticating data, are then transmitted from the phone to the POS.

Abstract: A method in a telecommunications system, in which there are at least three parties involved in the system's exploitation, namely at least one service provider capable of providing services for at least one user, and at least one operator responsible for the operation of the telecommunications system, wherein payable services delivered to an authorized and authenticated user are identified, and in which system each service transaction as well as the user are identified. The definition of the transaction flow is done on the basis of at least one predefined transaction rule and the parties involved are allowed to dynamically alter the function of at least one of the rules and/or the execution order of multiple rules for creating a flexible transaction flow.

Abstract: A method and system for verifying a check that is being used for an on-line transaction, utilizes a hash code value either printed directly on the check, or obtained from an insert card provided by a check printer. To conduct an on-line transaction using a check, the customer enters in data obtained from a MICR line of the check, whereby the data includes a one-way hash value that is based on the data provided on the MICR line as well as private data not provided on the MICR line. A web server of an e-tailer for which the customer seeks to make the on-line transaction, receives the data entered by the customer. The web server of the e-tailer transmits, to a check verifier, the data entered by the customer. The check verifier verifies whether or not the check is valid, by comparing the hash code value entered in by the customer with a hash code value that is separately calculated by the check verifier, based on private data of the customer obtained by the check verifier from a database.

Abstract: When purchasing an item or service, a user enters a PIN enter their mobile communication device and send the PIN, e.g., via text message to a payment authority. The payment authority authenticates the user using at least the PIN and the mobile communication device identifier associated with the user's mobile communication device. If the user is authenticated, then the payment authority will send a transaction code back to the user, which will be displayed on the user's mobile communication device. The user can then provide the transaction code to the merchant. The merchant can enter the transaction code into the Merchant's point of sale system and complete the transaction.