Abstract: The disclosed technology is generally directed to secure key storage. A secret device key may be mutated based on a hash of a first boot loader to derive a first mutated key. The first mutated key may be mutated based on a random seed to derive a second mutated key. The second mutated key may be used to encrypt the hash of the runtime for a first core. The second mutated key may be mutated based on a hash of the runtime of the first execution environment for the second core to derive a third mutated key. The second mutated key may be used to encrypt the hash of the runtime of the first execution environment. The encrypted keys and hashes may be stored in a secure key store.

Abstract: A system, method, and apparatus for providing a value transfer is provided. A method includes creating, by a mobile device, a value transfer message, the message including terms of a value transfer from an account of a sending party to a receiving party or one or more merchants; signcrypting, by the mobile device, the value transfer message using each of the receiving party's public key and the sending party's public and private keys; and sending, by the mobile device, the signcrypted value transfer message to the receiving party, wherein the receiving party can de-signcrypt the signcrypted value transfer message using each of the receiving party's public and private keys and the sending party's public key, and present the value transfer message to a third party to receive the value transfer.

Abstract: The present disclosure provides a method and device for in-vehicle payment. A face image of an in-vehicle user and a geographic location of the in-vehicle user are received at a point of a ride route traveled by a vehicle occupied by the in-vehicle user. An image set associated with the geographic location is received from an image database using the geographic location of the in-vehicle user. The image set includes face images of a plurality of users. The face image of the in-vehicle user is compared with face images in the image set to determine an identity of the in-vehicle user. A fare deduction account corresponding to the in-vehicle user is identified using the identity of the in-vehicle user. A fare corresponding to the ride route is deducted from the fare deduction account.

Abstract: A method and apparatus for selecting a financial account associated with a payment object based on fund availability are disclosed. A payment object, such as a proxy card associated with multiple financial accounts, is used by a consumer to make a purchase. In one example, the consumer selects a debit card associated with the proxy card to use for the purchase. A computer system determines that the debit card account has insufficient funds available for the purchase, and determines that an alternate account associated with the proxy card has sufficient funds. The computer system notifies the consumer, via a mobile device of the consumer, that the debit account has insufficient funds, and provides the consumer with the option of using the alternate account. The consumer indicates a desire to use the alternate account, and the computer system processes the payment based on the alternate account.

Abstract: Methods and systems for a networked computing system are provided. One method includes detecting that a processor executable, policy decision point (PDP) has not responded to a request for accessing data associated with a storage system; predicting a response to the request using a machine-learned, request-response association maintained by a processor executable training device; and presenting the predicted response to a processor executable, policy enforcement point (PEP) for granting access to the data and denying access to the data, based on the predicted response.

Abstract: An agent that may assist a service provider of gaming services with registering/signing up users, with accepting funds/money from a user and depositing these funds in a gaming account of the user for the user to play games with, and/or with receiving requests from a user to withdrawal funds from the user's account and paying the user the withdrawn funds. The agent may also assist a user in obtaining a report of an account of the user, the account being associated with a service provider that provides gaming services.

Abstract: A method is provided for processing an electronic payment.

Abstract: Systems, methods, apparatus and computer program code are provided to receive payment card and mobile identity information from a mobile device associated with a user, determine account and mobile device eligibility and capability and in the case where the mobile device is NFC capable, triggering a tokenization process to generate a tokenization record associated with the payment card, storing the payment card information associated with the user securely, and transmitting card reference information associated with at least one of (i) the tokenization record, and (ii) the stored payment card information to the mobile device for use in transactions.

Abstract: Embodiments of the invention are directed to methods, systems and devices for providing sensitive user data to a mobile device using an encryption key. For example, a mobile application on a mobile device may receive encrypted sensitive user data from a mobile application server, where the user sensitive data is encrypted with a key from a token server computer. The mobile application may then request that the encrypted payment information be sent to the token server. The mobile device may then receive a payment token associated with the payment information from the token server.

Abstract: An arbitraged enhanced payment processing system in association with a distributed enhanced payment processing system includes a merchant point of sale (POS) terminal system and a remote payment management system. The POS terminal system initiates a transaction that includes receiving a payment amount, a purchaser account identifier, a virtual electronic payment indicator, and a merchant via a payment client. Subsequently, the POS terminal system outputs the transaction to the remote payment management system which generates a token for the transaction. The payment management system then provides the purchaser account identifier, a merchant account identifier, and the payment amount to a payment processing servicer. Upon receiving a payment processing servicer response, the payment management system outputs the response and token to the POS terminal system.

Abstract: In general, the invention relates to a system and method of operating a shopping system to facilitate payment using a mobile device. A network is configured to include a server programmed with a personal characteristic database, a database searching algorithm, and to be coupled to a wireless communication system that is capable of communicating with the user's personal data device. The user logs on through the wireless communication system to the secure network using her personal data device, and communicates to and stores in the database personal data defining her characteristics. Either the secure network automatically identifies the first users precise geographic location, or the user himself otherwise indicates and stores in the database of the network an identifying address that indicates his current specific geographic location. Personal data defining the user's characteristics are then sent to a business location at the user's location to facilitate a payment transaction.

Abstract: A system and method are provided for the secure sharing of information across and open network and for performing management of keys used for encrypting and decrypting data.

Abstract: According to exemplary embodiments, a secure kiosk for receiving, transmitted, securing, and verifying data may be shown and described. For example, the kiosk may be fully automated. The kiosk may include a display, a tablet computer, a card reader, a printer, and a network link. For example, a kiosk may be provided and may be fully automated. The kiosk may accept data inputs in a variety of manners. The inputted data may then be transmitted, in real time, to a first server, where the information can be displayed and stored. Additionally, the information, at predetermined times, may be transmitted to a number of other servers which may receive, compare, and validate information. Further, a hierarchical data transmission system may be utilized such that, when information is verified or indicated as unverified at any of the other servers, instructions may be sent to at least the first server and the kiosk.

Abstract: Systems and methods for controlling access rights of a document using enterprise digital rights managements are described. A document is encrypted for generating a protected document and access rights are assigned to a user upon receiving a request from an owner of the document. The access rights include offline access of the protected document by the user. Upon assigning the access rights, access information of the user is monitored. Based on the access information, the user is locked from accessing the protected document when the access information indicates misuse of the protected document by the user.

Abstract: A method, apparatus, and computer program product for improved pseudo-random number generation are provided. An example method includes receiving, by a computing device, a request for a pseudo-random number, selecting, by randomization circuitry of the computing device, a first attribute from a biometric attribute dataset, and obtaining a first value for the first attribute. The method further includes selecting, by the randomization circuitry, a second attribute, and obtaining a second value for the second attribute. The method includes convoluting, by convolution circuitry, the first value with the second value to generate the pseudo-random number.

Abstract: Embodiments of a portable data storage device and a method of protecting data stored in the portable data storage device are provided. In one embodiment, the portable data storage device includes a device identification unique to the portable data storage device, a rights object containing information indicative of access rights and a verification identification, a memory to store the device identification and the verification identification, and controller logic. The memory is partitioned into a plurality of areas of memory, including: a first area as a protection area to store an instruction code, a second area as a partition table area to store a partition table, and a third area as a file area to store data files. In response to a request from a client external to the portable data storage device, the controller logic compares the verification identification with the device identification to allow the client to access of the data files if the verification identification matches the device identification.

Abstract: Aspects provide for a virtual machine structure wherein processors are configured to create an encrypted code virtualization machine for code machine instructions of a retrieved package that has a security field value that indicates secure code, wherein the code machine instructions of the first retrieved package are allocated to encrypted code memory regions of a computer memory resource. Configured processors further create a non-encrypted code virtualization machine in non-encrypted code memory regions of a computer memory resource comprising code machine instructions of another retrieved package that has a security field value that does not indicate secure code; and define a union mixed secure virtual machine image to include (as a function of) the encrypted code virtualization machine and the non-encrypted code virtualization machine.

Abstract: In a method of operating a software engine for storing, organizing and reporting data in an organizational environment through user created templates and data items, users can build highly customizable templates for data and web forms for data entry, with many different specifiable attributes. Related data is linked and can be queried for retrieval. Users can design, create, add, and use unlimited number of forms, reports, business processes, and queries without any additional programming. Metadata objects (mobjects) and data items (ditems) are created by an administrator. Mobject templates are form templates that are rendered into web forms by a render module, and ditem templates are inputs and controls on the web forms. The schema of the production database remains unchanged regardless of user interaction with the system, thus providing a highly customizable data storage and organization system for any business environment.

Abstract: The invention relates to a bank card (100) comprising a presentation surface of a pictogram (120) coding at least one item of information for executing a transaction.

Abstract: A system and process for coordinating streaming content or messages is provided. A network-connected server maintains a database containing media content-related data, such as the text of a message, accompanying media, time of airing, payment and related comments. A user can view these feeds or streams of these consciousness messages by downloading a mobile application or browsing to a website. The application can also be used to create, schedule and pay for a media content message.

Abstract: Techniques for managing discussion sharing on a mobile platform, comprising a mobile discussions application. The mobile discussions application may include, among other components, a discussions imaging component for recognizing a ticket associated with a resource in a social networking system and a discussions management component for enabling a user having an associated user profile information to access the resource based at least partially on the ticket associated with the resource.

Abstract: A method for processing a financial transaction includes: storing, in a database, a plurality of wallet data entries, wherein each wallet data entry includes at least a mobile device identifier and payment details associated with at least one payment account; receiving, by a receiving device, an authorization request for a financial transaction, wherein the authorization request includes at least a mobile device identifier and transaction data; transmitting, to a mobile computing device associated with the mobile device identifier, at least the transaction data; receiving, from the mobile computing device, an indication of a payment account for funding of the financial transaction; identifying, in the database, payment details associated with the indicated payment account in a wallet data entry including the mobile device identifier included in the authorization request; and transmitting, to an issuer associated with the indicated payment account, at least the payment details and the transaction data.

Abstract: Wireless power transfer systems in accordance with embodiments of the invention are disclosed. In one embodiment, a wireless power transfer system includes a power transmitter driven by an oscillator, a power receiver including a resistive load, and a coupled resonator link configured to deliver power from a transmitter tank circuit to a receiver tank circuit, wherein the free-running oscillator automatically tunes to oscillate at a frequency that does not experience a phase shift due to the impedance of the transmit side of the coupled resonator link, wherein the power transmitter provides regulated voltage across a range of distances between the transmitter tank circuit and the receiver tank circuit, and wherein the power transmitter regulates voltage across a range of resistive loads of the power receiver.

Abstract: A system and method for electronic payment that involves generating and then using a temporary token based on a legacy PAN (Primary Account Number) to conduct an electronic transaction. The token is generated by transforming the PAN using specific inputs such that the original PAN can be recovered by manipulating the token in various ways as disclosed herein. One potential manipulation that may be used is encryption/decryption. The token is transmitted to a portable electronic device such that the portable electronic device may present the token to a point-of-sale device. The POS communicates the token to a server which validates the token by, among other things, recovering the PAN. If the PAN is recovered as expected a validation message is returned to the POS device.

Abstract: Instructions and logic support suspending and resuming migration of enclaves in a secure enclave page cache (EPC). An EPC stores a secure domain control structure (SDCS) in storage accessible by an enclave for a management process, and by a domain of enclaves. A second processor checks if a corresponding version array (VA) page is bound to the SDCS, and if so: increments a version counter in the SDCS for the page, performs an authenticated encryption of the page from the EPC using the version counter in the SDCS, and writes the encrypted page to external memory. A second processor checks if a corresponding VA page is bound to a second SDCS of the second processor, and if so: performs an authenticated decryption of the page using a version counter in the second SDCS, and loads the decrypted page to the EPC in the second processor if authentication passes.

Abstract: A computer-implemented method is provided for fault diagnostics and recovery of network service chains. The method includes discovering, by a processor, a network graph representative of components of the network service chains. The method further includes identifying, by the processor, intersecting ones of the components of the network service chains in the network graph. The method also includes repairing, by the processor, one or more of the components of at least one of the network service chains based on a component repair sequence that maintains service continuity of the network service chains and that is determined based on a commonality.

Abstract: An information wallet system includes an information wallet account associated with a user of the system, and a server having a memory and a processor. The processor is configured to receive user information from a user computing device, wherein the user information is related to a user of the information wallet account, determine, based on the user information, one or more user settings preferences related to a second computing device, receive an information request, wherein the information request includes a request to send the one or more user settings preferences to the second computing device, and to send the one or more user settings preferences to the second computing device, wherein the one or more user settings preferences are useable by the second computing device to adjust one or more settings of the second computing device.

Abstract: A computer-implemented method is provided for fault diagnostics and recovery of network service chains. The method includes discovering, by a processor, a network graph representative of components of the network service chains. The method further includes identifying, by the processor, intersecting ones of the components of the network service chains in the network graph. The method also includes repairing, by the processor, one or more of the components of at least one of the network service chains based on a component repair sequence that maintains service continuity of the network service chains and that is determined based on a commonality.

Abstract: A computer-based method for collecting digital wallet data from a digital wallet transaction initiated by a user is provided. The method includes receiving registration data for a user in response to the user registering into a digital wallet application, wherein the registration data includes demographic data and device registration data including a device identifier used for identifying the user device when in communication with another computing device. The method also includes storing the registration data within at least one memory device and receiving digital wallet data as part of a digital wallet transaction initiated by the user using the digital wallet application on the user device, wherein the digital wallet data includes transaction data, device communication data, and biometric data. The method further includes comparing the digital wallet data to the registration data and linking the digital wallet data within the at least one memory device to the registration data.

Abstract: Methods and apparatus related to improving secure communications are described. In an embodiment, a security agent pins a domain to a certificate. The certificate is used in authenticating the domain, and the existence of a pinning indicator within the certificate is used in authenticating the domain. Once the security agent pins the domain to a certificate, a relationship between the domain and the certificate used in authenticating the domain is stored. Other embodiments are also disclosed and claimed.

Abstract: A system for creating a combined electronic identification that obtains user information (202) about a user of a hardware device (100), authenticates the user from the user information (202), obtains a hardware profile (208) of the device (100), the hardware profile 208 comprising user generated data stored on the device (100) and links the user information (202) and the hardware profile (208) as a combined electronic identification. The hardware device (100) can be comprised of a main processor, memory, a touchscreen interface, and a wireless communication module, such as a mobile phone, computer, or tablet computer.

Abstract: A first creator creates a first priority user information. When an installer installs a program that has a user authentication function, a second creator creates a second priority user information for use in the installed program separately from the first priority user information. An authenticator performs user authentication of the installed program using the created second priority user information.

Abstract: Systems and methods for providing a searchable platform for online content. Online content may be obtained over a network. The online content may have existing metadata associated with the online content. The existing metadata may include platform information related to distribution of the online content through the online content distribution platform, file information related to an electronic file that defines the online content, and/or other information. The existing metadata associated with the online content may be processed such that the existing metadata is searchable. Supplemental metadata for the online content may be obtained. The supplemental metadata may be associated with the online content. The supplemental metadata may include one or more of platform information, file information, content information, contextual information, and/or other information. A search query may be received and a result may be generated based the existing metadata and/or the supplemental metadata.

Abstract: A method for contactless payment is disclosed. The method comprises, at a point of sale, initiating payment by transmitting a token from a first device to a second device using a speaker associated with a first device, and a microphone associated with the second device; transmitting the token from the second device to a payment server; authenticating the token by the payment server; and upon successful authentication of the token, determining with a payment server whether the authorize of the payment.

Abstract: A method for displaying a seeded, continuously updating identifier in a QR code and a QR code display and replay attack prevention device that displays a seeded, continuously updating identifier displayed in a QR code are disclosed. This method and QR code display and replay attack prevention device has a changing QR code, preventing replay attacks. The QR code display and replay attack prevention device has a small form factor, is low powered, is inexpensive, and requires no connectivity to the internet.

Abstract: In one aspect, a method for processing a card-not-present account-on-file transaction is provided. The transaction involves a cardholder using payment card information stored by a merchant. The method includes receiving an authorization request message for the transaction, the authorization request message received at a payment network from an acquirer associated with the merchant and receiving an authorization response message, the authorization response message received at the payment network from an issuer. The authorization response includes a denial indicator indicating that the transaction has been denied. The method further includes querying a database coupled to the payment network to determine whether the database includes updated payment card information for a payment card associated with the transaction.

Abstract: Embodiments of the invention are related generally to systems and methods for enabling remote control functionality of an Automated Teller Machine (“ATM”) from a mobile device. In the present invention, a customer may use a mobile device to connect to an ATM and remotely control the ATM while completing various transactions. In embodiments of the invention, the user may scan a Quck Response (“QR”) Code with the mobile device which will initiate the remote connection to the ATM. The ATM display screen may remain frozen or blank, or in embodiments of the invention, may display generic content and/or content directed towards the user. Thus, the user may securely complete the desired transaction(s). In embodiments of the invention, the user may also use the mobile device to generate a one-time authentication code for use by a second user at an ATM.

Abstract: An apparatus and method are described for modifying packet interval timing to identify a data transfer condition. For example, one embodiment of a system comprises: an Internet of Things (IoT) device comprising a first wireless networking interface to establish communication with an IoT hub over a local wireless network channel, the first wireless networking interface implementing a first advertising interval between advertising packets; advertising interval selection logic to cause the first wireless networking interface to use a second advertising interval for advertising packets upon detecting that the IoT device has data to be transmitted to the IoT hub, the IoT hub to detect that the IoT device has data to be transmitted based on the change to the second advertising interval.

Abstract: Provided is a method for securing network traffic flow in a multi-service containerized application, including: obtaining, with one or more processors, a composition record defining a multi-service containerized application; analyzing, with one or more processors, the composition record to look for one or both of network traffic patterns and network traffic flow; adding, with one or more processors, to the composition record a configured firewall container definition of a network traffic enforcement container that upon execution of the multi-service containerized application is communicatively coupled between a first container and a second container of the multi-service containerized application, wherein the first container and the second container are configured to communicate with each other across a first virtualized network; and converting, with one or more processors, the first virtualized network between the first container and the second container into a second virtualized network and a third virtualiz

Abstract: A method and system for detecting fraud in a payment card network using a pattern of transaction ticket size are provided. The method including receiving transaction information, for a current financial transaction, from at least one of a merchant point of sale (POS) device and a merchant website, the transaction information including a current transaction amount, the transaction information associated with a single payment card cardholder, retrieving a predetermined number of historical transactions for the single cardholder based on the transaction information, and generating a historical spend ticket size pattern based on average ticket size and dispersions for at least one of the same store, similar stores, and relevant merchant categories. The method further including comparing the current transaction amount to the historical spend ticket size pattern and generating a recommendation for approval or decline of the current financial transaction based on the comparison.

Abstract: A process for efficiently storing and accessing data for a payment system is described. An association is created between a payment system participant and a hierarchy node associated with a hierarchy. An association is created between a payment system data element and each node in the hierarchy. The hierarchy is stored in a first database and the second data elements are stored in a second database. A request for information is accepted from a payment system participant. The hierarchy is retrieved from the first database. The second database is traversed to obtain a set of data elements including all of the data elements located at memory locations associated with each node in a portion of the hierarchy. The set of data elements is provided in response to the request. The portion of the hierarchy traversed to obtain the data elements consists of all nodes subordinate to the hierarchy node.

Abstract: A reservation store is monitored for a business in order to detect when a customer of the network transaction service makes a reservation with the business. At about a time of the reservation, a courier to provide the merchant at the reservation location with a card instrument of the network transaction service. A transaction resulting from the reservation may be funded by allocating funds to the card instrument. A receipt of the transaction may be provided to the customer after the transaction is completed.

Abstract: According to one embodiment of the present disclosure, a method and a terminal can be provided, and a beacon service method of the terminal comprises the steps of: transmitting a beacon including identification information of the terminal; receiving beacon-related information from a reception device having received the beacon; receiving a beacon-related information report request message from an information collection device; and transmitting stored beacon-related information to the information collection device. In addition, the present disclosure can provide a beacon reception device communicating with the terminal and an operation method therefor, an information collection device communicating with the terminal and an operation method therefor, and a server for providing a beacon service and an operation method of the server.

Abstract: A method, apparatus, and computer-readable medium providing instructions to cause a computing device to establish a portion of a memory of the computing device as a trusted execution environment and execute a trusted third party application within the trusted execution environment. The trusted third party application is to receive a signed public key and an identifier for a verifier from a user client attestation application executing on a client platform. The signed public key is signed with an identifiable platform attestation private key for the client platform. The trusted third party application is further to verify the signed public key, determine a policy of the verifier, encode the policy into a trusted third party anonymous certificate for the signed public key, issue the trusted third party anonymous certificate without including identification information of the client platform, and send the trusted third party anonymous certificate to the user client attestation application.

Abstract: A method including receiving a first application user credential associated with a user profile; comparing, for a first match, the first application user credential with a stored second application user credential, wherein the stored second application user credential is associated with a user identity; and responsive to finding a first match, verifying the user identity by performing the following: communicating with a card using near field communication; receiving a public key of a key pair of the card and cardholder identification information of an account holder of the card; instructing the card to generate a digital signature; receiving the digital signature from the card; verifying the digital signature using the public key; and comparing, for a second match, at least a portion of the user identity with at least a portion of the cardholder identification information.

Abstract: Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is communicatively coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer's display, or may display the value to the user using the computer's display.

Abstract: A transaction instrument comprising a metal-filled biodegradable polymer. The biodegradable polymer is a plant-based polymer, a protein-based polymer, or a combination thereof. The metal of the blended composite of metal and biodegradable polymer is a heavy-gravity compound. The transaction instrument is biodegradable in whole or in part. A method(s) for making a transaction instrument comprising a blended composite of metal and a biodegradable polymer is also provided.

Abstract: In various example embodiments disclosed herein, a Dynamic Security Architecture Environment (DSAE) security architecture is provided in an externally connectable endpoint device (the security device), which can be connected to an existing host endpoint device, such as a computer, laptop, tablet, phone, vehicle, medical device, Industrial Control System (ICS), or other electronic or Internet connected device. The example embodiments can implement the DSAE security architecture in the security device that connects to a host endpoint device to make the host endpoint device more secure by enabling the security device to combat cyber attacks targeted toward the host device. The example embodiments described herein also provide details for creating a security device that leverages the DSAE architecture, wherein the security device is configured to connect via a wired or wireless medium for data communication with a host endpoint device to make the host device more secure.

Abstract: Embodiments of the present invention provide a system and method for an access point providing client to point-of-sale communication over a network, comprising: receiving credentials from the point-of-sale; sending at least one beacon message; receiving a probe request from a client; sending a probe response to the client; authenticating a connection with the client; exchanging capabilities with the client; performing a security handshake with the client; assigning at least one dynamic IP address to the client; and establishing an https session between the client and the point-of-sale over the network.

Abstract: Systems and methods for processing payment requests via a series of matching operations are described. Rules that compensate for incomplete or inaccurate information are applied to customer requests and stored merchant information to create identifiers, or “tokens.” Tokens can be searched for, compared, and matched with confirmed merchant information, allowing for the identification of merchants known to financial institutions despite erroneous or missing information in the customer request.