Abstract: An authentication token using a smart card that an organization would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user.

Abstract: An artifact is provided that includes a substrate imprinted with personalized information including time-sensitive elements. At least a portion of the personalized information is configured to self-destruct over a time period that is commensurate with the time-sensitive elements. The artifact also includes a material operable for affixing the substrate to a subject with which the personalized information is associated.

Abstract: A capability for localization of a wireless tag based on wireless gateway association information uses a wireless tag supporting multiple states and wireless gateway association information associated with the wireless tag to control localization of the wireless tag. The wireless tag may support an unconnected state in which the wireless tag communicates location tracking information using a wireless beacon signal which may be detected by various wireless gateways and a connected state in which the wireless tag communicates location tracking information via one or more connections with one or more wireless gateways. The wireless gateway association information may include wireless gateway lists (e.g., whitelists, blacklists, or the like), association rules, notification rules, or the like. The wireless gateway association information may be used to control transitions of the wireless tag between the unconnected state and the connected state, to control notifications for the wireless tag, or the like.

Abstract: A methods and system of hosted thin-client payment authorization and authentication services for processing payments for value-added service (VAS) providers is described. A method, performed by a host server operating a thin-client device, includes receiving transaction request data at a host server computer from a thin-client device, where the transaction request data can include financial account data and biometric data. The host-server transmits a verification request message to a VAS provider and receives an indication that it is a valid merchant. The host-server transmits an authorization request message comprising the biometric data to a payment processing network (PPN), where the PPN communicates with an authentication server computer to validate the biometric data, sends the authorization request message to an issuer and receives an authorization response message from the issuer.

Abstract: A computer-implemented method, system, and/or computer program product inserts a new e-mail into an interior of an original e-mail thread. An e-mail server receives a request to send a new e-mail to a new recipient. The new e-mail is relevant to an interior e-mail in an original e-mail thread. The original e-mail thread is an existing e-mail thread that has an unbranched single thread status, and includes an initial e-mail and a latest e-mail that are addressed to prior recipients. The interior e-mail is chronologically between the initial e-mail and the latest e-mail in the original e-mail thread. The e-mail server retrieves the original e-mail thread and inserts the new e-mail into the original e-mail thread next to the interior e-mail to create an updated e-mail thread, such that the updated e-mail thread retains the unbranched single thread status of the original e-mail thread.

Abstract: Embodiments are provided for securely visualizing and routing digital signatures in an electronic document generated by an application program executing on a computer system. The application program may generate an electronic document for receiving a signature graphic, and calculate a hash value from the electronic document and the signature graphic, and create a cryptographic signature from the hash value using a cryptographic encryption method. The electronic document is digitally signed by embedding the cryptographic signature therein. The application program may further collect and route digital signatures by automatically collecting signatures from individual signers, one-by-one, and identify the appropriate signature line for each signer to sign. The application program may further generate a user interface for creating and collecting digital signatures.

Abstract: In an example, a DHN (DHN) is provided for enabling grantees to access digitally-controlled assets of a principal. The principal (level 0) establishes a digital testament (DT), identifying one or more grantees on levels 1-n. Each grantee receives a digital heritage certificate (DHC), which may be based on the PKI certificate definition. The DHC includes a “PREDECESSORS” field, identifying one or more predecessor certificates that must be revoked before the DHC is valid. All grantee DHCs have the principal's level 0, DHC as a predecessor certificate. Level n certificates may also be valid only if all certificates at level n?1, have been revoked. In practice, a DHC may be revoked when a user of the certificate passes away, so that nth generation grantees inherit only when generation n?1, has passed away.

Abstract: When a split amount decided by a representative splitting, in a representative terminal, a total amount transmitted from a store terminal is notified from each member terminal to a credit company server as a payment amount, the credit company server holds information for payment settlement, and transmits payment permission information including encrypted information generated by encrypting the information for payment settlement, to each member terminal. Each member terminal transmits payment permission information of the same contents as the payment permission information to the representative terminal. The representative terminal transmits payment permission information obtained by concatenating the payment permission information, to the store terminal.

Abstract: Disclosed is a server-based system allowing users to utilize photo-based documentation to capture, organize, annotate, and share collections of photographs and images. Photos and images are added to a Photo Set. Photo Sets belong to Teams. Teams have users with memberships. Each Photo Set also has membership groups consisting of users. Each membership group may have common and unique permissions that differ from other groups. Photos and images may be flagged and annotated to bring attention to specific portions of the photo or image. Photo Sets are stored and managed from a central server. When a user updates a Photo Set, the updates are sent to other members of the Photo Set. Users may use a mobile application on a smartphone or tablet to capture an image and add flags before the image is uploaded to the server. Typical camera images may also be captured, annotated, and uploaded from a personal computer. Standard flags or a combination of standard and custom flags may be used.

Abstract: A method and system is provided for embedding cryptographically modified versions of secret in digital certificates for use in authenticating devices and in providing services subject to conditional access conditions.

Abstract: The present disclosure involves systems and methods for providing end-to-end tamper protection in a cloud integration environment. One example method includes receiving, at a receiver in a cloud-based integration scenario, a B2B communication from a sender including data associated with a business transaction, the received communication in a target format. The cloud-based integration system transforms the original communication in a source format into the target format of the receiver. A digitally-signed sender fingerprint of critical fields extracted from the set of data associated with the at least one business transaction in the source format of the original B2B communication are received and verified as signed by the sender. A receiver fingerprint in the target format is generated using the critical fields from the received communication based on a pre-defined algorithm. The sender fingerprint and the generated receiver fingerprint are compared to determine if they are identical.

Abstract: In one implementation, a public key infrastructure utilizes a two stage revocation process for a set of data. One stage authenticates or revokes the set of data based on the status of the digital signature and another stage authenticates or revokes the set of data based on the status of an individual signature by the digital certificate. For example, a digital certificate based is assigned a certificate number. A serial number is assigned for a signature for the set of data as signed by the digital certificate. A data transmission, data packet, or install package includes the set of data, the certificate number and the serial number. Therefore, individual instances of the signature may be revoked according to serial number.

Abstract: A method, a terminal device, and a cloud server are provided for presenting schedule reminder information. The method includes after a second terminal logs in to the cloud server by using a first group account, acquiring schedule information stored in the cloud server, where the schedule information is information that is created by a first user who registers a first personal account, and is transmitted to the cloud server by a first terminal that logs in, by using the first personal account, to the cloud server; when reminder time of the schedule information arrives, acquiring second biometric characteristic information of a second user who is using the second terminal; and when it is determined that the second biometric characteristic information is the same as first biometric characteristic information of the first user, presenting reminder information of the schedule information.

Abstract: Systems and methods for transmitting beacon messages are described. A beacon message is transmitted from a first beacon device and broadcast to an area within a transmission range of the first beacon device. A mobile device receives and stores the message. When the mobile device is out of the range of the first beacon device and within the range of a second beacon device, the message is transmitted to the second beacon device and broadcast by the second beacon device.

Abstract: Method, system and infrastructures for managing certificates for platform providers are described. A platform provider provides a platform to host a plurality of virtual sites designated individually with custom specified hostnames. According to one aspect of the present invention, traffic originating from a web browser to a designated website with a hostname is directed to a server (herein “control server”) designed for serving a corresponding certificate to establish a secure session between the browser and the designated website being hosted on a server (herein “platform server”) operated by a platform provider. In operation, the corresponding certificate may be retrieved from a cache in or accessible by the control server, or the control server is caused to generate a certificate based on the access request from the browser after a verification process.

Abstract: Examples described herein provide advanced pairing between an application and a selected device within an application-driven user experience. An application is enabled to pair devices within the application context and customize the user experience without relying on an experience or user interface provided by an operating system. This application-driven pairing is abstracted from protocols, allowing the application to provide custom pairing user experiences for any protocol.

Abstract: Provided are a method and apparatus for achieving encrypted communications, which are used for achieving a secure session between a calling UE and a called UE in an IP multimedia subsystem (IMS) architecture, so as to prevent a session message from being eavesdropped in a session process.

Abstract: This invention refers to a microporous crystalline material of zeolitic nature that has, in its calcined state and in the absence of defects in its crystalline matrix manifested by the presence of silanols, the empirical formula x(M1/nXO2):yYO2:gGeO2:(1-g)SiO2 in which M is selected between H+, at least one inorganic cation of charge +n, and a mixture of both, X is at least one chemical element of oxidation state +3, Y is at least one chemical element with oxidation state +4 different from Si, x takes a value between 0 and 0.2, both included, y takes a value between 0 and 0.1, both included, g takes a value between 0 and 0.5, both included that has been denoted ITQ-55, a method for its preparation and its use.

Abstract: Embodiments of the present invention utilize a data hash and an associated geotag for authentication of geolocation policies for data object storage in a cloud system. The geotag may be an alphanumeric identifier such as a city name, postal (ZIP) code, and/or latitude-longitude pair. Embodiments include a post-authenticate process, in which, after a data object is retrieved from a BMS, the geographic location of the source is confirmed to ensure the location policies have not been violated. Additionally, embodiments include a pre-authenticate process, in which, prior to storing a data object in a BMS, the geographic location of the BMS that is to receive the data object is confirmed to ensure the location policies will not be violated. Embodiments may use pre-authenticate, post-authenticate, or both pre-authenticate and post-authenticate, in order to implement and verify the location policies.

Abstract: The computer implemented method comprising controlling the access to different resources and actions defined for a user by a first server, reducing the exposure time at which such operations are available, establishing a dual channel verification through the use of a second server and reinforcing an authentication factor mechanism by including a biometric identity verification of biometric information of the user.

Abstract: In accordance with one embodiment, a method for securing data is disclosed. The method includes sensing multi-dimensional motion of a body part of a user to generate a multi-dimensional signal; in response to the multi-dimensional signal and user calibration parameters, generating a neuro-mechanical fingerprint; and encrypting data with an encryption algorithm using the neuro-mechanical fingerprint as a key.

Abstract: A system and method for signing and authenticating electronic documents using public key cryptography applied by one or more server computer clusters operated in a trustworthy manner, which may act in cooperation with trusted components controlled and operated by the signer. The system employs a presentation authority for presenting an unsigned copy of an electronic document to a signing party and a signature authority for controlling a process for affixing an electronic signature to the unsigned document to create a signed electronic document. The system provides an applet for a signing party's computer that communicates with the signature authority.

Abstract: A client device comprises a first secure element and a second secure element. The first secure element comprises a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction. The second secure element comprises a second computer-readable medium having a security key, a payment instrument, stored authentication data and instructions for generating a secure payment information message responsive to the payment application. The secure payment information message comprises the payment instrument and is encrypted in accordance with the security key.

Abstract: A root key of a computing device that is typically “burned” into the device hardware at time of manufacture is used to establish a master key and if desired a Transport Layer Security pre-shaped key, a WiFi configuration key, and application verification keys. The keys established from the root key are stored in a region of flash memory, and this region of flash memory is then encrypted using a random encryption code.

Abstract: The invention provides a method of generating at least one derived identity of an individual 1, the method comprising the following steps: generating a first identifier id1 from biometric data of the individual; defining a serial number ns associated with the individual; generating first check data ctrl1 for verifying consistency between the first identifier id1 and the serial number ns; and concatenating the serial number ns, the first identifier id1, and the first check data ctrl1 in such a manner as to form a first derived identity ident1 of the individual.

Abstract: Methods and systems consistent with the present invention overcome the shortcomings of existing trading systems by providing an invoiceless trading system that creates incentives for customers to pay suppliers within a predetermined period of time, such as a settlement period. Specifically, the invoiceless trading system enables a customer to obtain a discount on orders placed with suppliers in return for an immediate payment (e.g., within 24 hours) by the customer. The supplier receives payment within the predetermined period of time, and the customer receives additional cash benefits by providing an early payment to the supplier. To communicate with and transfer funds between customers and suppliers, the invoiceless trading system may use an electronic gateway and a settlement bank. In addition to creating an incentive to embrace e-commerce, both customers and suppliers avoid the need to manually process orders and use invoices to complete transactions.

Abstract: Leveraging the wealth of information available on-line to accelerate and facilitate commercial transactions initiated by viewers of television programming, both during conventional programming and while using interactive features such as shopping channels, application channels, executing downloaded applications, and the like, for reducing the amount and frequency of user input required by accelerating and simplifying the process of accessing stored profiles and payment methods in these transactions, and by reducing user efforts in maintaining their on-line presence without compromising user security, is described. The motivation for such simplification derives from concerns apparent in emerging t-commerce transactions, where the means by which viewers may engage in two-way transactions directly in the context of the television programming are different and frequently more constrained than in traditional e-commerce and m-commerce modes.

Abstract: A method for ID authentication, in which equipment involved in a transaction requests a password from a physically separate but limited-range communicating device, which automatically supplies a password in response to such request and communicates it to the equipment, the password is assessed as valid or invalid and the transaction approved or not accordingly.

Abstract: An authentication token using a smart card that an organization would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user.

Abstract: A method for verifying an image by a first electronic device, the method comprising the first electronic device: sending a request for an image to a second electronic device, wherein the second electronic device is remote from the first electronic device and, optionally, a server; receiving an image and a certificate from the second electronic device, wherein the certificate comprises a protected checksum of at least the image; generating a checksum in dependence on at least the received image; performing a comparison in dependence on said generated checksum and the protected checksum received in the certificate; and verifying the received image in dependence upon the comparison. Advantageously, the first electronic device is able to verify each received image and to prevent the display of any received images that are not authenticated. Applications include the display of card images.

Abstract: An approach is provided for logically connecting customer endpoint devices to transaction services. The customer endpoint devices perform a customer purchase transaction and require access to transaction services to process payments and benefits that may be available for certain items. The customer endpoint devices use a transaction connection mediator to isolate communications with the transaction services.

Abstract: A facility is provided for the wireless resonant charging of rechargeable hearing instruments. The hearing instrument is freely positionable in a charging device for charging purposes. The charging device for the wireless charging has a transmit antenna arrangement, a transmit amplifier for actuating the transmit antenna arrangement and a charging space. The transmit antenna arrangement has two feeding points, which are spatially arranged in relation to the charging space such that a circularly polarized electromagnetic field can thus be generated in the charging space. The transmit amplifier actuates the antennas accordingly to generate a circularly polarized electromagnetic field in the charging space. In the process a coil arrangement generates a circularly polarized HF field. A good resonant coupling, even with a tilted hearing instrument, is possible, in other words with an undetermined and unpredictable orientation and position of the receive coil of the hearing instrument.

Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.

Abstract: An agent that may assist a service provider of gaming services with registering/signing up users, with accepting funds/money from a user and depositing these funds in a gaming account of the user for the user to play games with, and/or with receiving requests from a user to withdrawal funds from the user's account and paying the user the withdrawn funds. The agent may also assist a user in obtaining a report of an account of the user, the account being associated with a service provider that provides gaming services.

Abstract: A system, apparatus, method, and machine readable medium are described for authentication with asymmetric cryptography. For example, a method in accordance with one embodiment comprises: generating a challenge at a server; encrypting the challenge at the server using a public encryption key; transmitting the encrypted challenge to a connected device having a first connection over a network with the server; providing the encrypted challenge from the connected device to a user device; decrypting the encrypted challenge using a private encryption key corresponding to the public encryption key to determine the challenge; converting the challenge to a converted challenge, the converted challenge having a different format than the original challenge; receiving the converted challenge at the connected device and providing the converted challenge from the connected device to the server; and validating the converted challenge at the server to authenticate the user.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for user registration with a multi-tenant on-demand database system. These mechanisms and methods for user registration with a multi-tenant on-demand database system can provide user registration of the multi-tenant on-demand database system which takes into consideration a registration of an associated tenant of the multi-tenant on-demand database system. The ability to consider a tenant's registration with the multi-tenant on-demand database system when registering a user with the multi-tenant on-demand database system can improve the management of permissions associated with of the multi-tenant on-demand database system.

Abstract: The system may comprise receiving a data element, and receiving an encryption key and an associated encryption key identifier from an encryption keystore database. The system may further comprise transmitting the data element to an encryption module for encryption using the encryption key to form an encrypted data element. The system may also comprise receiving the encrypted data element from the encryption module and concatenating the encryption key identifier with the encrypted data element to form a protected data field entry.

Abstract: A method of providing web site verification information to a user can include receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also can include accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further can include transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.

Abstract: A system including a memory storing user account information with a payment provider associated with specific merchants, and a method for use of the system are provided. The system includes one or more processors in communication with the memory and adapted to: receive login information from a user from a merchant website; access an account of the user with the payment provider; cause information for the account of the user to be displayed on the merchant website; and process a payment to the merchant from the account of the user.

Abstract: The disclosure relates to methods, devices, and systems to identify a user of a wearable fitness monitor using data obtained using the wearable fitness monitor. Data obtained from motion sensors of the wearable fitness monitor and data obtained from heartbeat waveform sensors of the wearable fitness monitor may be used to identify the user.

Abstract: A method and system may provide a secure credit card payment service which allows a merchant to store credit cards without storing credit card data on merchant servers. The customer provides a credit card by specifying customer data such a nickname for the credit card, a billing address, a billing phone number, a credit card company that issued the credit card, etc., as well as credit card data such as a credit card number, a credit card expiration date, a credit card service code, etc. The customer data may be received and stored at a merchant server, while the credit card data may be received and stored at a separate token server, which generates a token to represent the credit card data. The token may be stored at the merchant server and used to access the credit card data from the token server.

Abstract: In one embodiment, the present invention provides a method and communication device with an emulated mag stripe capability. Information is transmitted in the mag stripe data indicating that the communication device has chip capability as well. This information is used by a server on the back-end (acquirer, issuer, network) to take advantage of that chip capability. For example, additional fields can be used for security measures and communication over the telecommunications network with the device can be performed to provide a more secure communication with a terminal. In one embodiment, the additional information is provided in the service code, using a unique 3 digit code other than 2xx.

Abstract: Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.

Abstract: Provided is an information processing apparatus including a reception unit that receives a request for access to an IC chip from an application having access right information for accessing to the IC chip, an acquisition unit that acquires an authentication information for authenticating the application from an external server based on the access right information contained the request for access received by the reception unit, an authentication unit that authenticates the application based on the authentication information obtained by the acquisition unit, and a control unit that controls an access of the application to the IC chip based on an authentication result by the authentication unit.

Abstract: A method for binding a token key to an account is provided. The method includes: sending a binding request message including information regarding the account, for a security authentication server to generate a certification link and a first token key corresponding to the account; receiving the certification link and the first token key from the server; generating display information based on the certification link and the first token key; receiving encrypted information from the server, wherein the encrypted information is generated according to the first token key and included in an access request message from a mobile terminal to the server; obtaining a second token key based on the encrypted information; determining that the second token key matches the first token key; and sending a binding success message to the server.

Abstract: The present application is directed to establishing ownership of a secure workspace (SW). A client device may provide a SW data structure (SWDS) to a SW configurator. A SWDS may comprise a hash of an original SW and a public key, and may be signed by a private key corresponding to the public key. The SW configurator may cause an execution container (EC) to be generated including a SW initiated using the SWDS. The client device may claim SW ownership using a request (signed by the private key) transmitted along with a copy of the public key. SW ownership may be determined by an ownership determination module that verifies the signature of the request using the public key received with the request, determines a hash of the received public key and compares the hash of the received public key to a hash of the public key in the SWDS.

Abstract: An authentication management system for managing use of a processing apparatus includes an authentication management apparatus including a position storing unit to store position information of the processing apparatus; a receiving unit to receive user information that identifies a portable terminal to be used for authenticating when a user requests the processing apparatus via a requester to perform a target process; a determination unit to determine whether distance between the portable terminal and the processing apparatus satisfies a proximity determination condition between the portable terminal and the processing apparatus, the distance being obtained based on position information of the portable terminal received from the portable terminal, and the position information of the processing apparatus; and an authentication unit to conduct authentication processing based on user information received from the requester, and the user information received from the portable terminal when the distance satisfies

Abstract: An apparatus, a method, and a computer program receive a request message from a mobile device to connect with an agent and authenticate the request message and provisioning a database for enabled services and service location. A service provider is identified and selected from a plurality of service providers. As a result, the request message is transmitted to the service provider in order to determine availability of the service provider.

Abstract: Methods, systems, and apparatus for digital content management and distribution are provided. In an example, a method of protecting digital content at a kiosk is provided. The method includes providing a plurality of memory devices, the plurality of memory devices having pre-loaded content thereon. A selection is received from a user. A memory device is selected from the plurality of pre-loaded memory devices that matches the selection from the user. A dock to which the memory device is to be coupled is determined. The memory device is protected with a unique key corresponding to the dock.

Abstract: An access manager manages access to a resource. At a first time, the access manager designates a variable attribute associated with a recurring public event as a shared secret between the access manager and a user. At a second time occurring after the first time, the access manager receives a shared key from the user. As received, the shared key is based on a value of the variable attribute associated with the recurring public event at a most recent recurrence of the recurring public event relative to the second time. The access manager evaluates the shared key. In response to the evaluation, the access manager grants or denies the user access to the resource.