Abstract: Charitable donations are increased by automatically providing immediate on-line recognition of on-line donors. A list of donors is maintained on a Web page acknowledging the on-line contributions. Donor names on the list can be links to additional information about the donation or the donor. Information about donor and donation is entered by the donor, who can specify what information is to be published on the Web and what information is to remain unpublished. The donor list can be arranged in order of donation size, and donors can compete for position on the list. The donor information can indicate membership in a group, and donations can also be totaled by group to encourage donation competition between groups.

Abstract: Computer-implemented system and methods for authenticating the identity of a person, for example a customer (1) of an E-Commerce web site (15). The web site or other verification “client” (110) contacts a verification engine (10, 100) (“Authentex”), which may be implemented as a web server (604). The verification engine (10), in turn, has limited access to a plurality of independent, third-party secure databases (21, 112) which are maintained by Trusted Validators (3, 610, 620, etc), which are entities such as banks that have a pre-existing relationship with customer (FIG. 4), and due to that relationship, acquire and maintain “out-of-wallet” data (4) that may be useful to authenticate the identity of the customer. That confidential customer data—held by the third-party “Trusted Validators”—is not disclosed.

Abstract: A method for conducting a financial transaction can be used by a person using a mobile device to conduct the transaction. The mobile device receives information related to the person that can be used for authentication purposes, such as a PIN or biometric data. The mobile device then authenticates the person by verifying the information received. If the person is authenticated, the transaction is completed using the mobile device, and if the person is not authenticated, the transaction is prevented.

Abstract: A method of managing reliance in an electronic transaction system includes a certification authority issuing a primary certificate to a subscriber and forwarding to a reliance server, information about the issued primary certificate. The reliance server maintains the forwarded information about issued primary certificate. The subscriber forms a transaction and then provides the transaction to a relying party. The transaction includes the primary certificate or a reference thereto. The relying party sends to the reliance server a request for assurance based on the transaction received from the subscriber. The reliance server determines whether to provide the requested assurance based on the information about the issued primary certificate and on the requested assurance. Based on the determining, the reliance server issues to the relying party a secondary certificate providing the assurance to the relying party.

Abstract: Systems and methods to provide and maintain secure financial transaction conducted with a credit card or other cashless payment mechanism at a vending machine or other potentially unattended vending or point of sale device. Encapsulated card readers providing end-to-end encryption capabilities encrypt transaction data for secure transmission to a transaction host or server. Pre-authorization transaction data checking maintains account numbers in a secure encrypted format further enhancing security. Protection mechanisms that guard against, and provide warnings of equipment tampering, while also providing a visual indication to customers regarding the security of the system.

Abstract: The present invention relates generally to a smart card device that is configured to facilitate wireless network access and credential verification. Specifically, the device is configured to meet the physical and electrical specification for commercially available mobile devices utilizing a standard Subscriber Identity Module (SIM) for network access. The device combines the features of the SIM with Common Access Card or Personal Identity Verification card features to allow a network subscriber to invoke secure payment transactions over a carrier's network. The system includes data storage for maintaining a plurality of network and transaction instrument profiles and a profile gateway for receiving transaction information from a payment gateway, sending an authorization request to a user's mobile device, receiving a transaction authorization from the mobile device, and sending transaction information to a payment gateway to finalize the payment transaction.

Abstract: The present invention relates generally to a smart card device that is configured to facilitate wireless network access and credential verification. Specifically, the device is configured to meet the physical and electrical specification for commercially available mobile devices utilizing a standard Subscriber Identity Module (SIM) for network access. The device combines the features of the SIM with Common Access Card or Personal Identity Verification card features to allow a network subscriber to invoke secure payment transactions over a carrier's network by way of a transaction account token. The system includes data storage for maintaining a plurality of network and transaction instrument profiles and a profile gateway for receiving transaction information from a payment gateway, sending an authorization request to a user's mobile device, receiving a transaction authorization from the mobile device, and sending transaction information to a payment gateway to finalize the payment transaction.

Abstract: In general, this disclosure describes techniques of dynamically selecting deposit clearing methods based on business rules. As described in this disclosure, a financial institution receives checks drawn on other financial institutions as customer deposits. When the financial institution receives a check, the financial institution automatically applies one or more customizable business rules to identify a method to clear the check. The financial institution then uses the identified method to clear the check.

Abstract: The present disclosure attempts to migrate from a first authenticator to a second authenticator. In the most preferred embodiment, the first step is to migrate the data that is not stored encrypted by a traditional replication or transformation between the datastores of the authenticators. The new authenticator is placed in position, while the old authenticator is maintained. When a user attempts to login, servlets check to see if the user's password exists within the datastore for the new authenticator. If not, then the user is sent to the old authenticator's sign-on page. When the user enters their authentication credentials into the old authenticator, a code snippet or second servlet will capture this information and, on confirmation from the old authenticator that the user is properly authenticated, use the captured information to populate the new datastore.

Abstract: A method for authenticating a user of certain service provided by a system through a first communication channel, in one aspect including receiving an access request from a first terminal of the user through the first communication channel; receiving an address or number of a second terminal of the user through the first communication channel; transferring data including an identification code, to the second terminal of the user through a second communication channel; receiving a user confirmation response, including the user identification code, from the second terminal of the user through the second communication channel; determining whether the identification code transferred to the second terminal is identical to the user identification code received from the second terminal; generating an authentication code if it is determined that both the user identification codes are identical to each other; transferring the user authentication code to the first terminal of the user through the first communication ch

Abstract: To solve problems in that a load on a VPN device is large in a case where the number of terminal devices increases in encrypted communication using a VPN technique, and that only communication between the terminal device and the VPN device is encrypted, thus disabling end-to-end encrypted communication, a communication system is provided, including: a terminal device; a plurality of blades; and a management server that manages the blades, in which: the management server selects a blade, authenticates the terminal device and the selected blade, and mediates encrypted communication path establishment between the terminal device and the selected blade; the terminal device and the blade perform encrypted communication without the mediation of the management server; and the management server requests a validation server to authenticate each terminal.

Abstract: A system and method are disclosed. The method includes receiving, at a server computer, a transaction clearing request for a transaction, and then determining, using the server computer, if the transaction satisfies a stored blocking parameter. The method further includes allowing, using the server computer, the transaction clearing request if the transaction does not satisfy the stored blocking parameter, and denying, using the server computer, the transaction clearing request if the transaction satisfies the stored blocking parameter.

Abstract: The method includes the steps of receiving at the PEAD first digital data representing the transaction request. The PEAD provides information to the user regarding an ability to approve the transaction request. When the transaction request is approved by the user, the PEAD receives second digital data representing the electronic service authorization token. A remote agent server may provide a bridge between the electronic transaction system and the PEAD. In another embodiment, the private key is stored on the portable device, encrypted. The decryption key is stored outside of the device, at a trusted 3rd party location. When the user attempts to make a signature the software sends a request for the decryption key, along with the user's password or pass phrase keyed in at the keyboard of the PDA, smart phone, or cell phone, to a server belonging to the trusted 3rd party.

Abstract: A system and method for authenticating the source and ensuring the integrity of traffic data collected from probe vehicles while maintaining the privacy of the data's source. This is accomplished by dividing the traffic analysis functionality into two distinct responsibilities: data collection, including authentication and verification, and data processing, and assigning each responsibility to a different entity, such the first entity has access to authentication information which identifies the data's source but not to traffic information such as the source's location, and the second entity has access to the traffic information but not to the authentication information which identifies the data's source.

Abstract: A cash dispensing banking transaction machine that operates responsive to data bearing records includes a card reader that reads identifying data from a user card. The machine dispenses cash from a cash dispenser for a financial account without causing the card reader device to read data from a card corresponding to the financial account, when a determination indicates that a voice of the user included in an audio input signal to audio input device corresponds to a particular recognized user stored in a data store in correlated relation with the financial account.

Abstract: The present invention is a method, system and apparatus for the policy based provisioning and management of a collaborative context. A policy based application provisioning system for use in a collaborative environment can include a policy having rules for limiting collaborative context creation and operation in the collaborative environment. A context provisioning process can be coupled to the policy and configured to create collaborative contexts in the collaborative environment limited by the rules in the policy. Finally, a context management process can be coupled to a data store of usage data for created ones of created collaborative contexts in the collaborative environment.

Abstract: Authenticating users for mobile transactions conducted over mobile phones. In general, the present invention makes it possible to securely authenticate a rural user (using the unique user ID from the uWallet, the client certificate in the mobile phone of the rural user and PIN code/password provided by the rural user) and then permit mobile banking transactions over the mobile phone. Both participating individuals employ their individual mobile phones and secure USB/Bluetooth based mobile banking devices (the uWallet) to authenticate themselves and conduct monetary transactions (funds transfer, mobile payments, etc.).

Abstract: A billing system that allows a consumer to order products from computers connected to the Internet, wherein the consumer is automatically billed for the ordered product by its telephone service provider. When a product is ordered over the Internet, a plug-in component of the consumer's computer establishes an Internet connection to a billing server. A billing server component transfers an encrypted version of the product to the plug-in component. The plug-in component then disconnects from the Internet and establishes a point-to-point (PPP) connection with the billing server. During the PPP connection, the billing server component transfers an access key assigned to the order to the plug-in component so that the plug-in component may decrypt the product. The consumer is charged a unit rate or “drop-charge” for the product by the telephone service provider using a premium telephone number assigned and administered by the telephone service provider.

Abstract: An electronic device with radio and GNSS receiving capabilities is used to provide a second or further authentication factor to current and future transaction systems. The device's embedded characteristics are combined with GNSS data into a unique identifiable device code. The device can be used initially to put a bank or credit card into a “transaction enabled” mode. The location of the electronic device can be compared to the location from which a request to use the enabled card originates.

Abstract: Disclosed herein are a system and method for facilitating point of sale transactions with minimal transfer of sensitive data corresponding to a consumer or merchant. The system and method comprise connecting to a central banking system using a communications apparatus for connecting to a landline or mobile communications network. The communications apparatus is coupled to one or more slots for receiving a merchant digital token and a consumer digital token storing merchant public and private keys and consumer public and private keys, respectively. The merchant and consumer public keys are used to identify the merchant and consumer, respectively, to the central banking system. The merchant and consumer private keys are used to sign, and thereby authenticate, a merchant sign-on agreement and a payment authorization form, respectively.

Abstract: A system for monitoring an item including a plurality of item identification devices, each item identification device including unique information indicative of the item and being disposed during use on the item, a plurality of supplier identification devices, each supplier identification device including stored supplier biometric data indicative of the identity of a representative of a supplier of the item.

Abstract: Disclosed herein is a financial card system. The system includes a communications device on which a non-contact integrated circuit chip is installed; and an authentication terminal having a reader/writer allowing reading/writing information on the communications device and capable of transmission and reception of information with the communications device through the reader/writer. The communications device has a storage block, a common area information transmission block, and an individual area information transmission block. The reader/writer of the authentication terminal has a storage block, a common area information reception block, and an individual area information reception block.

Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.

Abstract: A system and method for facilitating electronic transactions using an intelligent instrument is disclosed. An authorization server enables users to obtain authorization credentials through the use of the intelligent instrument by issuing a challenge to an intelligent token of the intelligent instrument. The intelligent token generates a challenge response and transmits the challenge response to the authorization server, which assembles credentials including a key for the electronic transaction upon validating the response. The authorization server sends the assembled credentials to the intelligent instrument and the intelligent instrument transmits the assembled credentials to the authorization server during a subsequent transaction. The authorization server validates the assembled credentials and provides authorization for the transaction in response to the validating the assembled credentials.

Abstract: A system and method for facilitating electronic transactions using an intelligent instrument is disclosed. An authorization server enables users to obtain authorization credentials through the use of the intelligent instrument by issuing a challenge to an intelligent token of the intelligent instrument. The intelligent token generates a challenge response and transmits the challenge response to the authorization server, which assembles credentials including a key for the electronic transaction upon validating the response. The authorization server sends the assembled credentials to the intelligent instrument and the intelligent instrument transmits the assembled credentials to the authorization server during a subsequent transaction. The authorization server validates the assembled credentials and provides authorization for the transaction in response to the validating the assembled credentials.

Abstract: A system and method for facilitating electronic transactions using an intelligent instrument is disclosed. An authorization server enables users to obtain authorization credentials through the use of the intelligent instrument by issuing a challenge to an intelligent token of the intelligent instrument. The intelligent token generates a challenge response and transmits the challenge response to the authorization server, which assembles credentials including a key for the electronic transaction upon validating the response. The authorization server sends the assembled credentials to the intelligent instrument and the intelligent instrument transmits the assembled credentials to the authorization server during a subsequent transaction. The authorization server validates the assembled credentials and provides authorization for the transaction in response to the validating the assembled credentials.

Abstract: A document access control system for determining whether to allow a client to access a target document file according to a security policy set in a server, the system includes a cache timing determination part for determining the timing for caching policy determination data corresponding to the target document file in the client, a policy determination data obtaining part for obtaining the policy determination data from the server according to a report from the cache timing determination part, a policy determination data storage part for storing the obtained policy determination data in correspondence with the target document file, and a file access control part for controlling access to the target document file according to the policy determination data stored in the policy determination data storage part in a case where the user of the client requests access to the target document file when the client is in an offline mode.

Abstract: An online card-present transaction system facilitates card-present type transactions with a merchant over a public network. A host system is configured to accept authentication data from a user via an authentication device. The host system, after authenticating a user is configured to retrieve the user's account information from a user database system and translate a user account number into a temporary transaction number. The temporary transaction number is then transmitted directly from the host system to the merchant, thereby eliminating the need for the user to send to the merchant over the internet, the user's transaction account number.

Abstract: A buyer (110) wishes to use a payment instrument as part of an online commerce transaction with a seller (120) and it is desired to authenticate that the buyer (110) has authority to use the payment instrument. A separate authentication service (130) determines whether the buyer (110) has access to certain secret information without revealing the secret information to the seller (120). Access to the secret information would verify that the buyer (110) has authority to use the payment instrument. The authentication service (130) informs the seller (120) whether the buyer (110) is authorized to use the payment instrument.

Abstract: A system may account for the number of bounced e-mails by adding a number of records over the desired quantity to ensure that a minimum number of e-mails are not returned. To calculate an accurate number of extra records to identify, a system may need to track the percentage of messages returned and add a number of records equal to that percentage over the minimum number required by the particular campaign. However, unless the system accurately identifies a bounced e-mail as one originating from the system, spam or other unsolicited e-mail sent to the system may result in inaccuracies.

Abstract: The claimed subject matter relates to an architecture or arrangement that can limit access to sensitive information by means of encryption. In particular, data obtained from a payment instrument at, e.g., a Point-Of-Sale (POS) location can be encrypted at an early stage such that a POS (or another) application does not have access to the data in an unencrypted form and/or does not have access to a means for decrypting the data. For example, a Public Key Infrastructure (PKI) arrangement can be employed such that a back-end payment processor can define encryption algorithms, associate itself with a public key, and maintain a private key for decryption. The public key can be delivered to the POS location and employed for data encryption, and, moreover, the PKI can be regulated by the more trusted parties.

Abstract: Methods and systems for processing negotiable economic credits through, or at the request of, a hand held device in association with a third-party provider communicative with the hand held device and/or a point of sale. At least one negotiable economic credit can be transferred from a third-party provider communicative with the hand held device to the hand held device and/or point of sale. The negotiable economic credit can be stored within a memory of the hand held device and/or point of sale for retrieval and processing at a point of sale associated with a retail establishment and/or by a hand held device. The negotiable economic credit can be associated with a security module for protecting the privacy of the negotiable economic credit. A user profile can be compiled for utilization during the retrieval of the negotiable economic credit.

Abstract: In order to prevent without fail the abuse of certificate information which are exchanged on a network, an orderer inputs the certificate information to a certificate terminal when placing an order for a commodity, the certificate terminal encrypts the certificate information to send it to an order receiver and holds the certificate information and a decryption key. A deliveryman, at the time of commodity delivery, inputs the encrypted certificate information to the certificate terminal, and the orderer inputs data of terminal certification to the certificate terminal.

Abstract: The mailing machine and a method of initializing it are based on an unremovable program memory, which contains an initialization program. A removable authorization device is operationally connected to the mailing machine and is designed such that it can be interrogated. The interrogation is performed before and during the initialization of the mailing machine with predetermined INIT data. A security module connected to the program memory serves for checking the authorization and can prevent initialization without authorization. The initialization of the mailing machine takes place at the goods receiving location in the destination country by switching into an initialization mode, authorization of the initialization by means of the authorization device, input of initialization data and ending of the initialization and cancellation of the authorization.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: The present invention relates generally to a system and method that provides add-on services and/or facilitates authentication, authorization and/or secure communications of a user using a dialog based interactive protocol and accessing a first computer system, separately from the authentication and security mechanism(s) provided by a second computer system using a dialog based interactive protocol system.

Abstract: The present invention provides a value information management system capable of printing electronic data (e.g. electronic receipt) representing value information while restricting the electronic receipt to one of printed form and unprinted form so as to prevent fraudulent billing. A secure memory card 13 securely stores therein a payment-related electronic receipt, a printer 14 prints the electronic receipt, and deletes the electronic receipt from the secure memory card 13 after completion of the printing, and transmits a receipt ID identifying the electronic receipt to a receipt management server 17, so that the receipt management server 17 can manage the electronic receipt identified by the receipt ID as being printed out.

Abstract: An authorization device includes an input module, a key generator, and an output module. The input module receives a request to authorize a transaction between a mobile device and a merchant terminal. The key generator generates a key used for authorizing the transaction. The key relates only to the transaction. The output module transmits an authorization for the transaction that is based on a processing of the key.

Abstract: A hand-held token can be operated to generate an acoustic or other wireless signal representing a digital signature produced from the private key of a public key/private key pair, with the public key being confidential in that it is known only to authorized entities, such as bank computers. The signal from the token can be received by, e.g., a receiver at a bank ATM that also requires a PIN for account access. The user enters the PIN into the ATM, and the ATM encrypts the signal from the token with the PIN and sends it on to the bank computer over a link that need not be secure, since even if the PIN is guessed there is no way to verify that it is the correct PIN without also knowing the confidential public key held by the bank computer.

Abstract: A mobile communications device is described which includes an input sensor, a memory unit, processing unit, and an antenna configured to wirelessly transmit and receive financial account data for a transaction. The antenna is configured to receive a request for data stored on the memory unit, and may also be configured to induce a voltage from a magnetic field to power certain components of the device. The input sensor may control whether the components can be so powered from the magnetic field. Alternatively, input from the input sensor may otherwise control the functionality of the device. By way of example, data representative of an input received by the input sensor may be transmitted in addition to the requested data.

Abstract: Embodiments of the present invention are drawn to systems and methods for securing information using cryptographically keyed units. Specifically, in one embodiment of the present invention, a system is provided for securing information that uses two cryptographically keyed units to encrypt information flowing between a fuel pump device and a remote device. Thus, even if the information is intercepted, it could not be used to perpetrate fraud.

Abstract: Systems, apparatus, and methods for verifying a user's identity and conducting a transfer of funds via a payment proxy system are herein provided. A message including a request for verification of the user's identity and/or a transfer of funds via a proxy payment system may be received. The message may also include user identification information and/or a token. Completion of the identification verification and/or requested funds transfer may be dependent upon verification of user identification information and/or a token.

Abstract: Disclosed herein is a financial card system. The system includes a communications device on which a non-contact integrated circuit chip is installed; and an authentication terminal having a reader/writer allowing reading/writing information on the communications device and capable of transmission and reception of information with the communications device through the reader/writer. The communications device has a storage block, a common area information transmission block, and an individual area information transmission block. The reader/writer of the authentication terminal has a storage block, a common area information reception block, and an individual area information reception block.

Abstract: Portable terminal MS downloads coupon data and public key KEYP2 of IP server 20 from IP server 20. Service terminal T obtains from IP server 20, a server certificate to which a digital signature is applied by secret key KEYS2. One to one local communication by infrared radiation is performed between portable terminal MS and service terminal T. At this point, portable terminal MS decrypts a server certificate by utilizing public key KEYP2 of IP server 20. Then, portable terminal MS communicates specified data after authenticating the identity of service terminal T.

Abstract: An improved interactive network system is provided that allows the Network Operator to control the transfer of information to and from the network end users, the system preferably using triggers or markers embedded within the programming broadcast to users via the network. As a consequence of this system, the Network Operator is able to efficiently garner revenues from third parties transacting business over the network and to control the look and feel of programming offered to network users. Additionally the system can be used as a means of limiting network access, filtering programming, providing on-screen graphics or audible signals for particular programming types or providers, bookmarking programming, profiling network users, targeting advertising, and simplifying network transactions.

Abstract: Techniques are described for facilitating interactions between computing systems, such as by performing transactions between parties that are automatically authorized via a third-party transaction authorization system. In some situations, the transactions are programmatic transactions involving the use of fee-based Web services by executing application programs, with the transaction authorization system authorizing and/or providing payments in accordance with private authorization instructions previously specified by the parties. The authorization instructions may include predefined instruction rule sets that regulate conditions under which a potential transaction can be authorized, with the instruction rule sets each referenced by an associated reference token.

Abstract: Techniques are described for facilitating interactions between computing systems, such as by performing transactions between parties that are automatically authorized via a third-party transaction authorization system. In some situations, the transactions are programmatic transactions involving the use of fee-based Web services by executing application programs, with the transaction authorization system authorizing and/or providing payments in accordance with private authorization instructions previously specified by the parties. The authorization instructions may include predefined instruction rule sets that regulate conditions under which a potential transaction can be authorized, with the instruction rule sets each referenced by an associated reference token.

Abstract: The present disclosure relates to secure electronic receipt systems and methods. The present invention removes the need for paper-based receipts while preserving security through use of a digital signature on each electronic receipt verifying the transaction and other data related to the transaction. In an exemplary embodiment, the present invention includes a trusted email server, an authentication server, a point-of-sale (POS) terminal or the like, and a smart card or the like. A buyer can utilize the smart card to instruct the terminal to provide an electronic receipt. The terminal can utilize the trusted email server and the authentication server to digitally sign the electronic receipt with credentials trusted by the buyer, and these credentials can later be utilized to verify the electronic receipt.

Abstract: A system and method for facilitating electronic transactions using an intelligent instrument is disclosed. An authorization server enables users to obtain authorization credentials through the use of the intelligent instrument by issuing a challenge to an intelligent token of the intelligent instrument. The intelligent token generates a challenge response and transmits the challenge response to the authorization server, which assembles credentials including a key for the electronic transaction upon validating the response. The authorization server sends the assembled credentials to the intelligent instrument and the intelligent instrument transmits the assembled credentials to the authorization server during a subsequent transaction. The authorization server validates the assembled credentials and provides authorization for the transaction in response to the validating the assembled credentials.

Abstract: An electronic commerce process that facilitates online transactions among multiple participants, that prevents consumer fraud due to pirated payment card numbers, with calculated risk, involving at least one trusted payment card host (3), where buyer's payment card number is registered and corresponding secret keys are set up. The buyer (1b) initiates an online transaction by selecting a host from a list of hosts that served by the seller's web server (2a). Then, the buyer participant (1a) sends an order online (4), SSL encrypted. The seller participant (2a) receives and decrypts the order, confirms the availability of ordered items, assigns an orderID to the order, and sends a response (5a), SSL encrypted, to the buyer participant (1a) with the assigned orderID. The buyer participant (1a) encrypts and notifies the selected host (3) of this order and orderID, and authorizes the payment (6a) using secret keys.