Abstract: Embodiments of the invention provide a method and apparatus (“system”) that overcome the above-mentioned problems among others and provide an innovative solution aimed at creating an interactive, dynamic and effective multi-media object with HIP capabilities which may be used in online advertising, security, and user-defined security. The system leverages the existing HIP CAPTCHA real estate to create multi-media objects that guarantee a captivated audience, especially in online advertising. Combining interactive multi-media objects with HIP capabilities helps to meet a very critical need faced by advertisers and websites today—creating an effective impression of any multi-media object on a user (a guaranteed eyeball). Embodiments of the current invention introduce a variety of formats that involve interacting with a multi-media object to provide a more natural user interaction and ease of use while maintaining security.

Abstract: Objects in a shared storage system can be marked as including prohibited content. Incidents that result in objects being so marked can be stored in an incident history associated with a user responsible for those objects. The incident history can be processed to identify repeat offenders and modify access privileges of those users. However, when objects are shared by one user with another user, prohibited content is blocked from being shared, while the remainder of the shared objects can be accessed by the other user. Functions that allow sharing of content are implemented so as prevent sharing of prohibited content with another user, while allowing other content to be shared. If a group of files or objects is shared, then the presence of prohibited content in one object in the group results in that prohibited content not being shared, but the remaining files or objects are still shared.

Abstract: During a financial transaction, a customer provides a token that identifies the customer to a peripheral device (which is other than a credit-authorization terminal or a magnetic-stripe reader) coupled to the point-of-sale terminal. Then, a unified point-of-sale service object executing on the point-of-sale terminal, which is a driver for a virtual peripheral device, performs one or more operations based on at least the token to obtain financial information associated with the customer. After providing the financial information and transaction information associated with the financial transaction to a financial institution specified in the financial information, the point-of-sale terminal receives a confirmation from the financial institution that the financial transaction has been completed. For example, the confirmation may be received via a credit-authorization-terminal service object that is a driver for the credit-authorization terminal.

Abstract: Techniques for managing identities are provided. In some examples, identity management, authentication, authorization, and token exchange frameworks may be provided for use with mobile devices, mobile applications, cloud applications, and/or other web-based applications. For example a mobile client may request to perform one or more identity management operations associated with an account of a service provider. Based at least in part on the requested operation and/or the particular service provider, an application programming interface (API) may be utilized to generate and/or perform one or more instructions and/or method calls for managing identity information of the service provider.

Abstract: In some examples, a device may include at least one communication interface configured to exchange signals with another device, and a pairable component configured to: assure the another device of mutual proximity by exchange of at least two progressively increasing locator signals and corresponding acknowledgement signals, receive executable validating code from the another device, execute the validating code, output a self-validating result of executing the validating code, verify pairing with the another device, and generate a secret key to ensure a private exchange of data between the mutually proximate, paired, and validated device and another device.

Abstract: In accordance with one embodiment, a method for locally verifying the identification of a user with an electronic device is disclosed. The method includes regenerating a neuro-mechanical fingerprint (NFP) in response to a micro-motion signal sensed at a body part. In response to a plurality of authorized user calibration parameters, a match percentage of the neuro-mechanical fingerprint is determined. The match percentage is determined without the use of a calibration NFP that was previously used to generate the user calibration parameters. Access to the electronic device and its software applications is then controlled by the match percentage. If the match percentage is greater than or equal to an access match level, access to the electronic device is granted. If the match percentage is less than the access match level, access is denied. Subsequent access requires further regeneration of the NFP and a determination of its match percentage in response.

Abstract: A session to enroll customers to make payments has two stages, a first stage completed on the telephone or on a merchant or debt collector website, and a second stage completed via a communications link such as a telephone or Internet link. The customer enrollment record is linked to financial account information received from the customer in the second stage and stored on a second, secure server. A token linked to the securely stored financial account information is returned to the merchant and then used by the merchant to initiate payments on that financial account. The merchant's personnel and customer record system do not store or have access to the underlying financial account information.

Abstract: Apparatus and method for generating random numbers. In accordance with some embodiments, a first multi-bit string of entropy values is derived from a first entropy source having a first trust level and a different, second multi-bit string of entropy values is derived from a second entropy source having a different, second trust level. The first and second multi-bit strings of entropy values are combined in relation to the associated first and second trust levels to generate a multi-bit random number. The multi-bit random number is used as an input to a cryptographic function.

Abstract: Electronic access control systems and methods address one or more weaknesses of conventional electronic access control systems. In some cases, an electronic access control system includes a secure communication channel for transmitting information to the access control system computer (ACC). In some cases, a method secures the communication channel between user access credentials (UACs) and the ACC.

Abstract: A platform including an always-available theft protection system is described. In one embodiment, the system comprises an arming logic to arm the platform, when an arming command is received, a risk behavior logic to detect a potential problem when the platform is armed, and a core logic component to provide logic to analyze the potential problem, and to move the platform to a suspecting mode, when the potential problem indicates a theft suspicion. The system, in one embodiment, further comprises configuration logic to configure settings for the system when the platform is in an unarmed mode, the configuration logic including a user logic enabling an authorized user to alter settings and an administrator logic enabling an administrator to alter the settings using an authenticated set request.

Abstract: A method of operating a node for performing handover between access networks wherein a user has authenticated for network access in a first access network. The method comprises receiving from a home network a first session key and a temporary identifier allocated to the user for the duration of a communication session. The identifier is mapped to the first session key, and the mapped identifier and key are stored at the node. A second session key is derived from the first session key and the second session key is sent to an access network, and the identifier sent to a user terminal. When the user subsequently moves to a second access network, the node receives the identifier from the user terminal. The node then retrieves the first session key mapped to the received identifier, derives a third session key and sends the third session key to the second access network.

Abstract: The disclosed embodiments provide a system that manages access to an online user account. During operation, the system uses stored authentication credentials for a user to access the online user account of the user. Next, the system aggregates financial data for the user from the online user account. Upon detecting an error associated with aggregating the financial data, the system obtains error information describing the error from a web page associated with the error. Next, when the user subsequently accesses the aggregated financial data, the system displays the error information to the user to facilitate resolution of the error by the user.

Abstract: Systems, methods and computer program products for direct communication between hardware accelerators in a computer cluster are disclosed. The system for direct communication between hardware accelerators in a computer cluster includes: a first hardware accelerator in a first computer of a computer cluster; and a second hardware accelerator in a second computer of the computer cluster. The first computer and the second computer differ from one another and are designed to be able to communicate remotely via a network, and the first accelerator is designed to request data from the second accelerator and/or to retrieve data by means of a direct memory access to a global address space on the second computer and/or to communicate data to the second computer.

Abstract: In one aspect, a method for processing a card-not-present account-on-file transaction is provided. The transaction involves a cardholder using payment card information stored by a merchant. The method includes receiving an authorization request message for the transaction, the authorization request message received at a payment network from an acquirer associated with the merchant and receiving an authorization response message, the authorization response message received at the payment network from an issuer. The authorization response includes a denial indicator indicating that the transaction has been denied. The method further includes querying a database coupled to the payment network to determine whether the database includes updated payment card information for a payment card associated with the transaction.

Abstract: The system provides a method and apparatus for providing controlled access to premises. The system in one embodiment uses a reader/scanner associated with a controlled entrance that can receive credentials manually or via scanning or some other form of electronic communication. In one embodiment, the system uses NFC (Near Field Communication) from a mobile device to determine if access should be granted. The system contemplates a number of different tiers of users whose right of access to a location depends on the tier in which the user resides. For one time visitors, the system contemplates transmitting an access credential that can be used by a specific user for a limited time period. In some cases, the access credential is tied to a particular device.

Abstract: In one embodiment, a method comprises determining, by a first access network computing node at a venue, a position of a person based on an image of the person captured with at least one camera at the venue; controlling rendering, by the first access network computing node, of an icon moving toward a destination in response to a determined movement of the person; and handing-off, by the first access network computing node, the controlling rendering of the icon to a second access network computing node in response to the position of the person moving from a first domain zone associated with the first access network computing node to a second domain zone associated with the second access network computing node.

Abstract: A method is provided for interaction of a portable data carrier with an end device. The data carrier comprises a transducer arrangement having at least one or a set of capacitive transducer elements which are arranged on or in the data carrier at defined positions in relation to the geometry of the data carrier, at least one contactless interface, and a dedicated energy supply. The end device comprises a capacitive display screen having a touch-sensitive display, wherein the data carrier generates via the capacitive transducer elements signals which, when the data carrier is placed onto the display screen, are picked up by the display screen of the end device and evaluated as input signals through the end device.

Abstract: A computing apparatus configured to verify a digital signature applied on a set of data received from a user device, including a user ID assigned by a partner system to uniquely identify a user of the user device among customers of the partner system, and a user device identifier identifying the user device. The digital signature is generated via applying a cryptographic one-way hash function on a combination of the set of data and a secret, shared between the computing apparatus and the partner system via a secure communication channel separate from a channel used to receive the set of data.

Abstract: The present disclosure relates to systems and methods for controlling loss and theft of a radio equipment of a base station in a cellular communications network. In one embodiment, a radio equipment of a base station of a cellular communications network includes a radio subsystem configured to wirelessly transmit and receive radio signals for the cellular communications network, a local wireless interface, memory, and a controller. During commissioning of the radio equipment, the controller is configured to receive a physical location of the radio equipment and an access password for the radio equipment from a wireless device via a local wireless connection between the radio equipment and the wireless device established via the local wireless interface. The controller is configured to store the physical location of the radio equipment and the access password for the radio equipment in the memory of the radio equipment.

Abstract: The invention relates to a method for purchasing a product by a consumer using a computing device. The method includes transmitting product information from a payee to the computing device, obtaining a purchase request for the product from the computing device, wherein the purchase request comprises a security identifier input by the consumer, inferring a consumer identity based on the purchase request and consumer information, authorizing the consumer to access the consumer information based on the purchase request and the consumer identity, wherein the consumer information is used to purchase the product, and generating a purchase authorization for the product and sending the purchase authorization to the payee based on the purchase request and the consumer information.

Abstract: A mobile device is disclosed that is not only capable of wirelessly receiving power from a source device, but also of wirelessly transmitting power to a destination device. The device includes one or more power modules and corresponding coils for transmitting/receiving signals from which power can be loaded/extracted. In addition, the device can receiving initiation information identifying power transfer standards supported by each of the source and destination devices, and can control its one or more power modules to operate in accordance with the standards identified in the initiation information.

Abstract: A method and system for detecting fraud in a payment card network using a pattern of transaction ticket size are provided. The method including receiving transaction information, for a current financial transaction, from at least one of a merchant point of sale (POS) device and a merchant website, the transaction information including a current transaction amount, the transaction information associated with a single payment card cardholder, retrieving a predetermined number of historical transactions for the single cardholder based on the transaction information, and generating a historical spend ticket size pattern based on average ticket size and dispersions for at least one of the same store, similar stores, and relevant merchant categories. The method further including comparing the current transaction amount to the historical spend ticket size pattern and generating a recommendation for approval or decline of the current financial transaction based on the comparison.

Abstract: Embodiments described herein are directed to preventing development of insecure web pages, preventing deployment of insecure web pages and to preventing access to insecure web pages. In one embodiment, a computer system accesses a web page that includes one or more web elements. The computer system then determines that the web page includes at least one element that requests user authentication and determines whether various specified secure protocols have been implemented on the web page. Then, if the specified secure protocols have not been implemented on the web page, the computer system displays a warning or error indicating that the web page is insecure.

Abstract: Described is a technology for seamless initiation of a transfer of payment from a sender to a recipient by sending email, without requiring any account creation and/or login procedure. The technology can involve sending payment from one mobile device to another. In one aspect, the technology includes receiving a payment amount from a sender via the sender's mobile device, causing an email with pre-populated information to be generated using a native email application on the mobile device, and initiating the process to transfer the payment amount upon sending of the email. The technology enables a simplified payment transaction system for ordinary consumers without the hassle of having to sign up, to remember a user account and a password, and to login for sending or receiving every payment transaction, while not sacrificing the essential security feature of authenticating the user for every payment transaction.

Abstract: Various embodiments can enable a content item associated with a sharer account of a content management system to be shared with a recipient account of the content management system. The content item can be analyzed to determine at least some information about the content item, which can include one or more properties associated with the content item, one or more representations of one or more content portions present in the content item, or any combination thereof. A communication can notify the recipient account that the sharer account has shared the content item with the recipient account. The communication can further comprise the determined information about the content item, which can include the one or more properties and/or the one or more representations of the content portions. This information can enable the recipient to make a better decision regarding whether or not to accept the share invitation.

Abstract: A digital wallet that facilitates fast, convenient, and secure commerce using a mobile electronic device (or non-mobile electronic device) and stores information associated with transactions, such as purchase confirmations and receipts. The digital wallet can store information for use in transactions, including information associated with one or more financial accounts, user information, and shipping information. To complete an online purchase, the digital wallet can interact with a merchant's website to obtain information regarding the purchase. The digital wallet provides a user interface for the user to review and confirm the purchase information. The user interface also allows the user to select from multiple payment options, customize shipping information, or provide information requested by the merchant. The digital wallet can transmit user confirmation to the merchant's website and receive a receipt for the purchase.

Abstract: A method and system for authenticating financial transactions is disclosed wherein biometric data is acquired from a person and the probability of liveness of the person and probability of a match between the person or token and known biometric or token information are calculated, preferably according to a formula D=P(p)*(K+P(m)), wherein K is a number between 0.1 and 100, and authenticating if the value of D exceeds a predetermined value.

Abstract: Systems and methods for generating and responding to billing requests in a wireless subscriber billing system are disclosed. A billing request can be generated at a trusted service. The billing request including billing information is communicated to a wireless subscriber billing system. A validation response to the billing request is generated in the wireless subscriber billing system and the validation response is communicated to the trusted service.

Abstract: Embodiments of the invention is directed to a dynamic network analytics system capable of receiving and analyzing queries sent in data messages from data requesters. The queries contain a request from the data requester as to a risk level associated with an interaction conducted by a user. The dynamic network analytics system can determine an optimized process for determining the risk level of the interaction, based on an analysis of past interactions by the user and past interactions by users similar to the user. The dynamic network analytics system can retrieve data from internal and external data sources to generate a response to the query. The dynamic network analytics system conducts the optimized process and uses the retrieved data to generate risk assessments and risk scores in response to the query from the data requester.

Abstract: A method, system or computer usable program product for secure short range protocol based transaction processing including using a mobile device capable of short range protocol communication to receive a user password; exchanging transaction data between the mobile device and a point of transaction device through a short range protocol communication, the transaction data including a timestamp; using the mobile device, generating a hash including the user password and the timestamp as inputs; providing the hash and the timestamp to an authorization agent; and receiving an authorization from the authorization agent for an account transaction with the point of transaction device based on the password in the hash.

Abstract: Systems and methods for verifying the uniqueness of requested authentication credentials among one or more entities may include one or more verification credential servers configured to receive information associated with the requested authentication credentials and determine if the requested authentication credentials are unique.

Abstract: A typical system environment comprises a terminal device, a secure storage subsystem, and an interconnectivity component. The terminal device has a network connectivity subsystem enabled for data connectivity with a wireless communications network. The secure storage subsystem has a secure storage memory for securely storing contents and is enabled for local RF connectivity through a local RF communication subsystem. The secure storage subsystem is operable as a contactless smartcard in accordance with any contactless technology. The interconnectivity component is adapted to enable communication of the secure storage subsystem through the network connectivity subsystem with the network. The interconnectivity component is further configured to detect that messages received from the network are destined for the secure storage subsystem and is configured to supply that identified messages to the secure storage subsystem.

Abstract: An apparatus and method pertaining to detecting user input, such as a signature, with respect to a stylus and the transmission of information regarding that input. The detected input can comprise, for example, characteristics of the input and transmit them to a secondary device to verify the input matches a stored template.

Abstract: Disclosed are various embodiments for network site account management using a proxy server. A first request for a secured resource on a network site is received from a client. It is determined whether stored account information is available for the secured resource. A second request for the secured resource is generated based at least in part on the stored account information in response to determining that the stored account information is available for the secured resource. The second request is sent to a server corresponding to the network site. The secured resource is received from the server, and the secured resource is sent to the client.

Abstract: A novel system and methodology for conducting financial and other transactions using a wireless device. Credentials may be selectively issued by issuers such as credit card companies, banks, and merchants to consumers permitting the specific consumer to conduct a transaction according to the authorization given as reflected by the credential or set of credentials. The preferred mechanism for controlling and distributing credentials according to the present invention is through one or more publicly accessible networks such as the Internet wherein the system design and operating characteristics are in conformance with the standards and other specific requirements of the chosen network or set of networks. Credentials are ultimately supplied to a handheld device such as a mobile telephone via a wireless network. The user holding the credential may then use the handheld device to conduct the authorized transaction or set of transactions via, for example, a short range wireless link with a point-of-sale terminal.

Abstract: There is provided a printing apparatus including: a storage section configured to store printing data; an accepting section configured to accept an issuance instruction to issue a password corresponding to the printing data; a password generating section configured to generate a password; an obtaining section configured to obtain a destination corresponding to the printing data; a transmission section configured to transmit the generated password to the destination, on condition that the accepting section accepts the issuance instruction; an input section configured to accept an input of a password by a user; a judgment section configured to judge as to whether or not a password accepted by the input section is coincident with the transmitted password; and a printing section configured to start printing in a case that the judgment section judges that the accepted password is coincident with the transmitted password.

Abstract: A content recording system comprises a digital media recording device to record content. A rights-management module is in electrical communication with the digital media recording device to detect a desired recording performed by the digital media recording device. The rights-management module further communicates digital rights information of a rights-managed content to the digital recording device. The recording of the rights-managed content is performed according to the digital rights information.

Abstract: A short-range wireless network is established by direct communication between wireless devices and wireless access points. A wireless communication device provides initial registration information to a network and becomes a registered device. An API is downloaded to the wireless device to permit automatic authentication of the device for future communications. When a registered device enters a venue, at least one access point will automatically detect the wireless device and extract the necessary identification data to permit authentication of the device. Customized messages may be provided to the wireless device. If the wireless device enters a different venue, even in another city or state, the registration data may be automatically extracted by an AP and provided to a cloud network for authentication. Authenticated devices receive a list of authenticated vendors and unauthenticated vendors near the present location of the authenticated device.

Abstract: Embodiments of the invention include methods, systems, and computer-readable media for processing transactions involving sensitive information, such as a credit card number. Embodiments include a first server authenticating a second server based on a security token and determining whether the security token is expired. Based on the results, the first server may request a transaction token associated with sensitive information. The first server may encrypt the transaction token using a public key of the second server. The first server may send the encrypted transaction token as a parameter to a URL, wherein the URL is configured to cause a browser on a client to send, to the second server, a request for the page and the encrypted transaction token.

Abstract: Systems, apparatus, and methods are disclosed for accurately identifying a mobile thing (MT), a mobile thing motion activity (MTMA) associated with the MT, or both, using sensor data from one or more sensors, such as an accelerometer, gyroscope, etc., associated with a wireless communication device (WCD) transported by the MT, so as to enable or initiate a further one or more intelligent MT-identity-based and/or MTMA-based actions.

Abstract: The present invention relates to a method and a system for authentication processing, a 3rd Generation Partnership Project (3GPP) Authentication, and Authorization Accounting (AAA) server, and a User Equipment (UE). The method includes: receiving an authentication request message that carries authentication mode indication information; determining an authentication mode according to the authentication mode indication information; and performing authentication processing according to the authentication mode. The system for authentication processing includes the 3GPP AAA server and a network device which enables the UE to access the 3GPP AAA server through the network device.

Abstract: In one implementation, a public key infrastructure utilizes a two stage revocation process for a set of data. One stage authenticates or revokes the set of data based on the status of the digital signature and another stage authenticates or revokes the set of data based on the status of an individual signature by the digital certificate. For example, a digital certificate based is assigned a certificate number. A serial number is assigned for a signature for the set of data as signed by the digital certificate. A data transmission, data packet, or install package includes the set of data, the certificate number and the serial number. Therefore, individual instances of the signature may be revoked according to serial number.

Abstract: A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer.

Abstract: An embodiment relates generally to a method of using a token. The method includes embedding the token with at least one action and detecting a presence of the token. The method also includes authenticating the token; and executing an applet in response to a valid authentication of the token.

Abstract: Architecture for a communications system enabling a user to provision a telephone at a new location without network administrative pre-configuring. An input component (e.g., keypad) receives a numeric extension and PIN. The extension is a telephone extension of the user and the PIN can be administratively assigned. A location component provides location information of an enterprise communications server to the telephone based on the extension. The telephone uses the location information to send messages to the enterprise communications server. A registration component registers the telephone with the enterprise communications server based on the numeric extension. A telephony address is returned to the telephone. An authentication component authenticates the telephone based on the PIN. Upon authentication, the extension is assigned to the telephone, and telephone communications can be sent and received from that location.

Abstract: A system and method for deriving associations between assets is disclosed. The system comprises a signature module, a matching module and an association module. These components of the system are communicatively coupled to each other. The signature module generates a first fingerprint for a first asset. The matching module determines a matching fingerprint that matches the first fingerprint from a candidate set. The matching module determines a first asset type for the first asset associated with the first fingerprint and a second asset type for a second asset associated with the matching fingerprint. The matching module determines an association test. The association module associates the first asset with the matching asset based on whether the association test is passed.

Abstract: A communication system 10 includes a head end 12. The head end communicates with a system gateway 26. A plurality of user devices 28 is coupled to the gateway 26 that includes a memory device 94 for storing content therein. The gateway 26 receives the plurality of first encrypted signals and stores the signals in the memory device 94. The storing in the memory device 94 may be performed after further encryption. One of the user devices 28 generates a request for content and communicates the request to the gateway 26. The gateway 26 communicates content corresponding to the request to the user device 28.

Abstract: A payment authorization system includes a network server configured to create strong bindings between individual user identifiers and a peculiar combination of devices corresponding users employ, and the associated communications services each utilizes. The combination of user-devices-services reduces the possibilities to the one user who is authorized to establish access to a set of security keys held by another secure server. The principal goal being to authorize a payment transaction without exposing the security keys. A secure backend payment server is configured to produce a surrogate output that will satisfy a payment processor when asked to do so by an authorized user. Such surrogate duplicates what a payment chip card or secure element would have presented in person, but here the security keys never have to leave the backend payment server.

Abstract: An authentication service for hosting in trusted server environments includes a validation process for validating the identities of mobile users from a server's vantage point in the Cloud. A confidence scoring process is further included for estimating the certainty to which (1) a particular user, (2) a user's device apps and devices hosting them, and (3) a user's intent to carry out a given transaction have been correctly identified.

Abstract: Secure establishment of a key associated with a first facility identifier is facilitated. The key is shared between a device and an operator of a first facility, via a public key management infrastructure of a payment system operating according to the payment standard, during a first transaction, substantially in accordance with the payment standard, between the device and the first facility. Controlling access to a first facility is facilitated, via the device, using the key associated with the first facility identifier, substantially without reference to an issuer of the device and substantially without use of asymmetric keys of the device, during a plurality of subsequent transactions, substantially in accordance with the payment standard, between the device and the first facility.