Abstract: Universal electronic card, of the smart card or intelligent card type, similar to a form of plastic card, with integrated circuital elements which are integrated in the thickness of the stratified card and within it at least one microchip, structured integrally with: i—a microprocessor associated to a memory; ii—an interchangeable flat battery within the card-thickness able to power-supply the microprocessor and the memory; iii—at least one data transmission device connected to the microprocessor and/or to the memory; iv—one fingerprint reader device integrated in it and to the processor system to read the imprint of the user, checking its authenticity before allowing the access at its various functions.

Abstract: This invention relates to an expense reporting system for viewing and manipulating a user's financial transaction data and a method for associating financial transaction data with a user's project data. The system includes a user's financial transaction data hosted in a data storage unit, addressable on a network, and accessible by a remote user on a user interface unit having a user input means and a display; and an expense reporting module having a graphical user interface (GUI) that allows a user to define project category data and associate representations of the user's financial data with the user-defined project category data.

Abstract: An interactive information dissemination system includes a media server (210) for receiving a plurality of media elements and storing the media elements in a database. A sender client (200) enables a first user to identify message data, a recipient identifier, and a media element from the database of media elements. A recipient client (202) presents the media element to a second user associated with the recipient identifier. The recipient client (202) further presents the message data to the second user when the second user performs a predetermined action, such as submitting authentication information or requesting the message data, to receive the message data. The message data may be secured by requiring sender and recipient authentication, and by encoding the data using a private encoding key and data package identifier managed by a main server (206) and a key server (208).

Abstract: An information management system is described comprising one or more workstations running applications to allow a user of the workstation to connect to a network, such as the Internet. Each application has an analyzer, which monitors transmission data that the application is about to transmit to the network or about to receive from the network and which determines an appropriate action to take regarding that transmission data. Such actions may be extracting data from the transmission data, such as passwords and usernames, digital certificates or eCommerce transaction details for storage in a database; ensuring that the transmission data is transmitted at an encryption strength appropriate to the contents of the transmission data; determining whether a check needs to be made as to whether a digital certificate received in transmission data is in force, and determining whether a transaction about to be made by a user of one of the workstations needs third party approval before it is made.

Abstract: Various embodiments of the invention provide a more secure financial transaction system for e-commerce sectors that (1) more securely processes payment transactions, (2) helps to protect merchants and banks against fraudulent transactions, money laundering, and underage gambling, and (3) helps to limit other abuses in areas of e-commerce that are perceived to pose special risks, such as Internet gaming, travel, and consumer purchasing of electronic goods. To accomplish the above goals, various embodiments of the financial transaction system (1) establish operating and transaction processing protocols for merchants, Internet payment service providers, acquiring banks, and card schemes and (2) provide automated systems for monitoring and securely processing payment and financial transactions.

Abstract: A method, apparatus and computer program for validating that a client's request has been routed to an appropriate server hosting a specific stateful web service instance in a system comprising a plurality of stateful web service instances. The specific stateful web service instance is one which has required state data for processing the client's request. A request is received for processing by a web service instance. Any identity data is extracted from the request. The identity data uniquely identifies the required state data and the identity of the target server that hosts that state data. It is then determined whether the target server identity matches that of the server that has received the client's request and responsive to a negative determination, a routing failure is reported.

Abstract: A method of verifying a digital signature of a first party that was generated using an elliptic curve digital signature algorithm (ECDSA) includes the steps of receiving a public key from the first party; receiving a digital signature from the first party, the digital signature being for an electronic message; identifying domain parameters of an elliptic curve used in elliptic curve cryptography, including identifying a generating point of the elliptic curve; transforming the identified generating point into a second generating point as a deterministic function of shared knowledge known to and between the first party and a second party; and verifying the received digital signature as a deterministic function of the received public key, the electronic message, and the identified domain parameters, in which the second generating point is substituted for the identified generating point.

Abstract: Systems and methods that storage device content authentication are provided. A system that verfies storage device content received from a storage device may comprise, for exmple, a security processor coupled to the storage device. The security processor may be adapted to receive a partitioned storage device region from the storage device. The partitioned storage device region may comprise, for example, regional content and first hashed regional content. The security processor may generate, for example, second hashed regional content by performing a hashing function on the regional content received by the security processor. The security processor may compare, for example, the first hashed regional content to the second hashed regional content. The security processor may varify the regional content received by the security processor if the first hashed regional content is the same as the second hashed regional content.

Abstract: An online card-present transaction system facilitates card-present type transactions with a merchant over a public network. A host system is configured to accept authentication data from a user via an authentication device. The host system, after authenticating a user is configured to retrieve the user's account information from a user database system and translate a user account number into a temporary transaction number. The temporary transaction number is then transmitted directly from the host system to the merchant, thereby eliminating the need for the user to send to the merchant over the internet, the user's transaction account number.

Abstract: A server computer is disclosed. It comprises a processor and a computer readable medium coupled to the processor. The computer readable medium comprises code executable by the processor for implementing a method comprising: (i) receiving a request to conduct a transaction, (ii) providing a user interface to a user in response to the request, wherein the user interface includes a list of candidate identification tokens, wherein the list of candidate identification tokens includes an authentic identification token and one or more non-authentic identification tokens, wherein the authentic identification token is associated with a user account.

Abstract: A joint subscriber management system includes a joint subscriber management unit for acting as a surrogate in performing a registration activity for enabling a receiver to receive a broadcast and/or an electronic commerce transaction. A reception unit receives a reception-limiting identification number of the receiver for receiving a specific broadcast, a broadcaster identification number of at least one broadcaster of a plurality of broadcasters, and registrant information concerning registration of a user allocated to the reception-limiting identification number. A generation unit generates a joint management identification number corresponding to the received reception-limiting identification number. A recording unit records the reception-limiting identification number, the joint management identification number, and the registrant information in a registrant information table in correspondence with one another.

Abstract: A system and method for securing a Radio Frequency (RF) transaction using a RF identification device (RFID) transaction device is provided. The method includes a RFID transaction device including a random number generator for generating a random number. The random number may be used by an account issuer to verify the validity of a RFID transaction device or RFID reader communicating on the RF transaction network. The authorizing agent may receive the random number and compare the random number to a device validating code.

Abstract: A method that uses a computer network to provide a single point of access between a plurality of video & audio devices and a plurality of video & audio content provider systems. The present invention is a method for providing a searchable, aggregated directory view of available video & audio content from multiple content providers as well as additional services such as content renting. The present invention includes a method for identifying users as subscribers of content providers' memberships.

Abstract: A method and wireless communication device are provided for managing information associated with purchases of active lifestyle products. The method includes receiving a notification (704) indicating a purchase transaction associated with at least one radio frequency ID enabled item. The notification is analyzed (706) and in response to the analyzing a user identifier corresponding to a user related to the purchase transaction is determined (708). A radio frequency ID associated with the at least one radio frequency ID enabled item is also determined (710). A wireless device (104) associated with the user is identified based on the user identifier (712). An information set associated with the at least one radio frequency ID enabled item is transmitted (714) to the wireless device (104). The information set includes at least the radio frequency ID associated with the at least one radio frequency ID enabled item.

Abstract: A client-side on-board computing device is partitioned into a trusted computing module, and a private computing platform. When a metric report is required, the private computing platform retrieves an original data file and transfers the original data file to the trusted computing module. The original data file includes a global positioning system coordinate stream and time information. Communication between the private computing platform and the trusted computing module is via an unencrypted serial link. The private computing platform applies at least one billing algorithm to the original data file to determine a billing charge. The private computer platform signs and hashes the billing charge using a private key of a public-private endorsement key pair to create a signed metric report. The private computer platform forwards the signed metric report to the trusted computing module via the unencrypted serial link.

Abstract: The present invention is a method and system for selectively executing content on a display based on the automatic recognition of predefined characteristics, including visually perceptible attributes, such as the demographic profile of people identified automatically using a sequence of image frames from a video stream. The present invention detects the images of the individual or the people from captured images. The present invention automatically extracts visually perceptible attributes, including demographic information, local behavior analysis, and emotional status, of the individual or the people from the images in real time. The visually perceptible attributes further comprise height, skin color, hair color, the number of people in the scene, time spent by the people, and whether a person looked at the display. A targeted media is selected from a set of media pools, according to the automatically-extracted, visually perceptible attributes and the feedback from the people.

Abstract: A method, system and device for secure mobile healthcare selection are presented in which a user can, from a mobile device, authorize the comparison of pangenetic (genetic and epigenetic) data with data profiles corresponding to healthcare products, services and service providers to determine which are the most appropriate for a particular consumer. Data masking is used to maintain privacy of sensitive portions of the pangenetic data.

Abstract: A transaction authentication card uses a biometric input and a wireless output. The biometric input may be a sensor pad on the transaction authentication card that measures blood flow patterns, temperature, and/or fingerprint patterns to identify a user to permit access. The transaction authentication card is preferably substantially rigid, but may be formed to have some flexibility. Power to the transaction authentication card may be accomplished through an internal battery that is optionally rechargeable. Biometric data is stored on the card only and used for user verification. Biometric data will not be transferred from the card. If authorized biometric data is authenticated the card will transmit a wireless access code to a proximity reader or transaction equipment.

Abstract: Metering is enabled through an arrangement in which a metering certificate is communicated to a mobile device using an over-the-air protocol. A metering trigger provides the metering certificate that includes a location to which metering data is posted by the mobile device and a public key of a public-private key pair, or alternatively provides a link to such metering certificate. A metering helper passes the metering certificate to a DRM system on the mobile device which collects metering data associated with the metering ID and uses the public key to encrypt the metering data into a metering challenge. The metering helper posts the metering challenge to the location. The metering service extracts the metering data from the metering challenge using a private key and generates a metering response that is received by the metering helper which prompts the DRM system to reset at least a portion of a data store in which the metering data is stored.

Abstract: A system and method for completing a financial transaction using a wireless communication device is provided. A transaction authorization request is sent from the device to an issuer using SMS. An authentication message is sent from the issuer to the device, and a response is sent by a user of the device to confirm the identity of the user. Once the identity of the user is verified, a surrogate account number, in a bar code format, is sent to the mobile communication device to be read by a POS device to complete the financial transaction. A computer program product enabling the systems and methods described is also provided.

Abstract: A method of authenticating a PSD and an initializing infrastructure that uses a secret key, a PSD public/private key pair and a provider public/private key pair. The infrastructure prepares a signed provider key record using the provider public key and the provider private key and a first MAC using the signed provider key record and the secret key. Both are sent to the PSD. The PSD authenticates the signed provider key record using the first MAC and the provider public key using the included digital signature. The PSD prepares a signed PSD key record using the PSD public key and the PSD private key and a second MAC using the signed PSD key record and the secret key. Both are sent to the infrastructure. The infrastructure authenticates the signed PSD key record using the second MAC and the PSD public key using the included digital signature.

Abstract: An information management system is described comprising one or more workstations running applications to allow a user of the workstation to connect to a network, such as the Internet. Each application has an analyzer, which monitors transmission data that the application is about to transmit to the network or about to receive from the network and which determines an appropriate action to take regarding that transmission data. Such actions may be extracting data from the transmission data, such as passwords and usernames, digital certificates or eCommerce transaction details for storage in a database; ensuring that the transmission data is transmitted at an encryption strength appropriate to the contents of the transmission data; determining whether a check needs to be made as to whether a digital certificate received in transmission data is in force, and determining whether a transaction about to be made by a user of one of the workstations needs third party approval before it is made.

Abstract: An adaptive multi-tier authentication system provides secondary tiers of authentication which are used only when the user attempts a connection from a new environment. The invention accepts user input such as login attempts and responses to the system's questions. User login information such as IP address, originating phone number, or cookies on the user's machine are obtained for evaluation. User/usage profiles are kept for each user and the user login information is compared to the information from the user/usage profile for the specific user which contains all of the user information that the user used to establish the account and also the usage profile detailing the user's access patterns. The trust level of the current user login location is calculated and the invention determines if any additional questions to the user are required. If the trust level is high, then the user is granted access to the system.

Abstract: A method of conducting real time, on-line financial transactions includes operating at least one communication network (12) which can communicate with first and second communication devices (14, 16) having first and second electronic addresses respectively, the communication network (12) being in communication with one or more databases (20) which contain details of first and second accounts, receiving information from the first communication device (14), which information includes details of transfer to be made into the second account from the first account, communicating a signal to interrogate the first account to determine if the transfer can be made, and if the transfer can be made, debiting the first account with the amount of the transfer, and crediting the second account with the amount of the transfer.

Abstract: A virtual payment system for ordering and paying for goods, services and content over an internetwork is disclosed. The virtual payment system comprises a commerce gateway component (52) and a credit processing server component (53). The virtual payment system is a secure, closed system comprising registered sellers and buyers. A buyer becomes a registered participant by applying for a virtual payment account. Likewise, a seller becomes registered by applying for a seller account. A buyer can instantly open an account on-line. That is, the credit processing component (53) immediately evaluates the buyer's virtual payment card application and assigns a credit limit to the account. Once an account is established, a digital certificate is stored on the registered participant's computer. The buyer can then order a product, i.e., goods, services or content from a seller and charge it to the virtual payment account.

Abstract: Disclosed are methods and electronic devices 102 including a display 104 that is configured to display indicia 114, 116, 118 persistently during a shipping process. The disclosed methods and electronic devices may include an indicia control 110 for dynamically determining the indicia for persistent display based on at least one of a self-diagnostic software tool 112, a selection from a table 122 of predetermined information, or downloaded data 124. In one embodiment, by self-diagnosing a condition in the device 102, repair or other similar indicia may be determined dynamically based on the self-diagnosis, and displayed persistently on the display 104 during a shipping process. In another embodiment, the persistent labeling indicia may include destination information 116 for routing based on the self-diagnosis. In yet another embodiment, product recycling indicia may be persistently displayed when the age of the device is determined in accordance with a self-diagnostic software tool 112.

Abstract: Disclosed are systems and methods that facilitate securing communication channels used in a challenge-response system to mitigate spammer intrusion or deception. The systems and methods make use of unique IDs that can be added to outbound messages originating from a sender, a recipient, and a third-party server. The IDs can be correlated according to the relevant parties. Thus, for example, a sender can add a signed ID to an outgoing message. A challenge sent back to the sender for that particular message can echo the same ID or a new ID derived from the original ID to allow a sender to verify that the challenge corresponds to an actual message. The IDs can include cookies as well to facilitate correlation of messages and to facilitate the retrieval of messages once a sender is determined to be legitimate.

Abstract: An apparatus that authenticates the contents of identification documents provided by different issuers having machine-readable and/or human readable information is disclosed. The contents of the identification documents are verified without encountering any human error. The verified contents of the identification documents may be used for identification purposes such as age restricted purchases, preordained organ donors or possible criminal prosecution. The verified contents of the identification documents may be logged to provide ID checking compliance and/or may be transferred to a remote computer for additional processing or logging.

Abstract: The systems and methods of the invention provide a technique for authenticating a finance related transaction. The method may include providing a token which contains a token counter, the token counter periodically advancing to generate a changing token value, the token counter being synchronized to a base counter that generates an authenticating value; transforming the token value into a token output sequence using logic; and outputting at least part of the token output sequence to an authenticating authority, the authenticating authority having access to the authenticating value.

Abstract: A method, a communications system and a receiving device are for billing of access-controlled programs and/or data which are broadcast by a broadcast transmitter unidirectionally and encrypted, and are received by at least one receiving device. A monetary value is stored in a data memory of the receiving device. The costs for access to the access-controlled programs and/or data are determined in the receiving device based on received cost data, and decryption of the access-controlled programs and/or data in the receiving device is prevented if the determined costs are greater than the stored monetary value. Billing records are generated in the receiving device for the allocation of credit items to the vendors of the access-controlled programs and/or data, and are transmitted to a billing center via various data channels.

Abstract: There is disclosed a method for performing secure electronic transactions on a computer network, the network comprising a buyer's computer, a vendor server, a creditor server and a security server. The buyer's computer has a fingerprint file stored in the memory thereof.

Abstract: Methods and systems for delivering advertising content to selected users in combination with out-of-band passwords or access code information delivered over a selected communication medium.

Abstract: This invention is a method and system for tokenless biometric authorization of an electronic communication, using a biometric sample, a master electronic identicator, and a public communications network, wherein the method includes: an electronic communication formation step, wherein at least one communication comprising electronic data is formed; a user registration step, wherein a user electronically submits a registration biometric sample taken directly from the person of the user; a public network data transmittal step, wherein the registration biometric sample is electronically transmitted to a master electronic identicator via a public communications network, said master electronic identicator comprising a computer database which electronically stores all of the registration biometric samples from all of the registered users; a user registration biometric storage step, wherein the registration biometric sample is electronically stored within the master electronic identicator; a bid biometric transmittal

Abstract: An online service and system are provided through which digital content publishers can package, protect, market and sell their content through on-line retailers, and through which on-line retailers can both build a unique inventory of digital content with all associated marketing metadata to sell through their on-line stores and seamlessly integrate the digital content into their on-line shopping cart. The system provides publishers with abstract fulfillment such that they only.

Abstract: A system and method for forwarding multiple credit applications to multiple potential lenders. A user computer or a credit management server sends queries to potential lenders inquiring about the respective information fields used in the potential lenders' respective credit applications. The queries also request information relating to the desired format and transmission method of the respective credit applications. With this information, a dynamic credit application is generated which includes all of information fields from all potential lenders. A credit applicant enters credit information into the dynamic credit application. The system then generates tailored credit applications for each lender and forwards these tailored applications to the respective potential lenders. The lenders process the tailored applications and provide results to the user.

Abstract: A system and method for generating an authentication token which is used by an issuer associated with a integrated circuit card to authenticate a transaction. A personal card reader receives data, including an authentication cryptogram, from the integrated circuit card. The personal card reader uses the data received from the integrated circuit card to select one of at least two default bitmaps stored in a memory portion of the personal card reader. The personal card reader uses the selected default bitmap and the authentication cryptogram to build the authentication token.

Abstract: An online card-present transaction system facilitates card-present type transactions with a merchant over a public network. A host system is configured to accept authentication data from a user via an authentication device. The host system, after authenticating a user is configured to retrieve the user's account information from a user database system and translate a user account number into a temporary transaction number. The temporary transaction number is then transmitted directly from the host system to the merchant, thereby eliminating the need for the user to send to the merchant over the internet, the user's transaction account number.

Abstract: An online card-present transaction system facilitates card-present type transactions with a merchant over a public network. A host system is configured to accept authentication data from a user via an authentication device. The host system, after authenticating a user is configured to retrieve the user's account information from a user database system and translate a user account number into a temporary transaction number. The temporary transaction number is then transmitted directly from the host system to the merchant, thereby eliminating the need for the user to send to the merchant over the internet, the user's transaction account number.

Abstract: Methods and apparatus, including computer program products, implementing and using techniques for managing security and privacy associations between an electronic product code value and an address of a repository containing information about an item represented by the electronic product code. A security certificate is issued to each of one or more parties that are authorized to use the repository. In response to a party among the one or more parties sensing the electronic product code, a record is created in the repository. The record represents the sensing of the electronic product code and includes a security certificate belonging to the party that sensed the electronic product code.

Abstract: The method includes the steps of receiving at the PEAD first digital data representing the transaction request. The PEAD provides information to the user regarding an ability to approve the transaction request. When the transaction request is approved by the user, the PEAD receives second digital data representing the electronic service authorization token. A remote agent server may provide a bridge between the electronic transaction system and the PEAD. In another embodiment, the private key is stored on the portable device, encrypted. The decryption key is stored outside of the device, at a trusted 3rd party location. When the user attempts to make a signature the software sends a request for the decryption key, along with the user's password or pass phrase keyed in at the keyboard of the PDA, smart phone, or cell phone, to a server belonging to the trusted 3rd party.

Abstract: Methods and systems are provided of initiating a wireless device for use in performing transactions. A wireless communication is received from the wireless device at a host system. The wireless communication identifies a financial account to be authorized for use in supporting transactions. A location-positioning signal is received at the host system. The location-positioning signal identifies a geographical location for the wireless device at a time when the wireless communication is received at the host system. The geographical location is determined from the location-positioning signal. An authorized address for the financial account is retrieved from a storage device in communication with the host system. It is verified that the geographical location is at a position substantially the same as the authorized address. Information defining an account transaction mechanism is transmitted wirelessly to the wireless device. The information includes an identification of the financial account.

Abstract: An eVault system securely stores personal data and documents for citizens and allows controlled access by citizens and optionally by service providers. The eVault may be adapted to allow processes involving the documents to be carried out in a secure and paperless fashion. Documents are certified, and biometric matching is used for security. On effecting a match with a biometric identifier presented by a user, the user is allowed access to his personal eVault and to access a personal cryptographic key stored therein. One or more of these personal keys may be securely applied within the eVault to generate an electronic signature, amongst other functions.

Abstract: A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction and determining whether the transaction requires access to protected resources. Moreover, the method determines whether inputted information is known, determines a state of a communications device when the inputted information is known, and transmits a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled.

Abstract: A method for verifying the identity of one party on behalf of another party is provided. The method includes providing a money-transfer system and a communication system that communicates with the money-transfer system; receiving at the money-transfer system from the first party certain verification criteria for confirming the identity of a second party; and storing the verification criteria in the host computer system of the money-transfer system. When an ID is received from the second party at a money-transfer location; the verification criteria is retrieved from the host computer system; and the acceptability of the ID is determined in accordance with the verification criteria. If the identification device is acceptable, identification information is obtained from the identification device; and the identification information is processed to verify the identity of the second party.

Abstract: A system that enables a wireless point-of-sale transaction. In one embodiment the system comprises an account module, an account selection module, a display, an input interface, and a wireless transmitter. The account module stores account information corresponding to a plurality of payment accounts. The account selection module selects a payment account from the plurality of payment accounts as a default payment account for a wireless point-of-sale transaction based on one or more predetermined criteria. The display displays the default payment account to a user. The input interface enables the user to accept the default payment account by the account selection module. The wireless transmitter that wirelessly transmits payment information to a point-of-sale device, wherein the payment information comprises account information associated with the default account when the default payment account is accepted via the input interface.

Abstract: The embodiments disclosed herein include new, more efficient ways to request, create, send, and receive product reviews from the Internet. One aspect of the invention is an email message for a customer. The email message includes a request to review a product obtained by the customer in a transaction; a rating input area and/or a text input area; an authentication token that includes a transaction identifier corresponding to the transaction; and an HTTP form submission command to send a response to the request from the customer to a remote computer. The response includes a rating entered in the rating input area and/or text entered in the text input area, and the authentication token.

Abstract: A method wherein, by using a storage medium arranged on goods, it is possible to distinctly register a conveyance of ownership or title on this storage medium, and wherein only the current owner or proprietor and possibly also an independent verifying agency has access to the storage medium.

Abstract: A personal communication apparatus is presented for generating a verifiable recording of a transaction, the transaction comprising an exchange of information. The apparatus includes a receiving component, a protection component, a memory and a recording component. The receiving component receives a transaction between a user of the apparatus and a remote person, and of receiving biometric data (BIOKY) of the remote person. The protection component protects the voice conversation with the biometric data (BIOKY). The recording component records the transaction protected with the biometric data on the memory. A communication apparatus is also presented that includes a memory and an authentication component. The authentication component provides access to a protected transaction stored on the memory.

Abstract: A method of performing a transaction over a contactless interface placing a first device in wireless communication with a second device, selecting the interface over which the first and second device with communicate, selecting the application to be used to approve or disapprove the transaction, communicating to the second device the data necessary for the application to approve or disapprove the transaction.

Abstract: A system and method are provided for automatically managing item record interchange in a business enterprise, where an item may be a product, component part, partially assembled or manufactured part, a process, or other item that requires indicia used to identify it within a business enterprise, whether it is a single company enterprise, or a widespread business that receives items from other sources such as manufacturers, suppliers, purchasers, shippers, or other entities. The system provides a universal solution that allows the intake of item records, such as records for manufacturer component parts shipped to a product manufacturer, and integrating the part records from disparate sources into a standard and useable format.