Abstract: Particular embodiments provide a method for orchestrating an order fulfillment business process that includes a sub-process. In one embodiment, abstraction of business processes from an underlying information technology (IT) infrastructure is provided. An orchestration process can be designed using sub-processes such that the sub-process is assembled at run-time into an executable process. The sub-process may be defined in an interface as a single step. A plurality of services as then assembled as steps in the executable process at run-time.

Abstract: Systems, methods, and devices may be capable of allowing a player to purchase an instance of game play at a game system with a pre-paid ticket or with another item of value. The game system may determine a denomination of a unit of a currency and generate a session request indicative of the denomination. The game system may also determine a ticket code of a ticket and generate a session request indicative of the ticket code. A remote authorizer may provide the game system with game authorization indicative of a number of entertainment credits in response to receiving a session request.

Abstract: An embodiment defines access control allowing the expression of access control rules using ontology based semantics and references an ontology subset using XPath as the ontological expression. The access control rules or access criteria are defined by an access control statement and may be expressed using classification criteria and ontology classes. The access control statement comprises a structural description that is used to define an asset and a logical expression that may be used to express the classification criteria. The access control statement defines access policy for various assets.

Abstract: A user authentication method and system. A computing system receives from a user, a first request for accessing specified functions executed by a specified software application. The computing system enables a security manager software application and connects the specified software application to a computing apparatus. The computing system executes first security functions associated with the computing apparatus. The computing system executes second security functions associated with additional computing apparatuses. The computing system determines if the user may access the specified functions executed by the specified software application based on results of executing the first security functions and the second security functions. The computing system generates and stores a report indicating the results.

Abstract: An IC chip, an information processing apparatus, system, method, and program are provided. An IC chip includes an authentication control unit configured to authenticate a request using authentication information. The request and/or the authentication information is received from outside the IC chip.

Abstract: The execution of an image processing job is limited using a printing amount by an image processing job that has already been executed and a printing amount that is scheduled to be printed by an image processing job that has already been transmitted but not yet executed. To accomplish this, a multi-function peripheral manages a first printing amount that has already been printed by a executed print job and a second printing amount that is scheduled to be printed by a print job that has been transmitted from the multi-function peripheral to a printer and that has not yet been executed in association with a user ID, and determines, before transmitting the print job, whether or not the total of a third printing amount that is scheduled to be printed by the print job, the first printing amount and the second printing amount exceeds an upper limit amount.

Abstract: This invention discloses a novel system and method for distributing electronic ticketing such that the ticket is verified at the entrance to venues by means of an animation or other human perceptible verifying visual object that is selected by the venue for the specific event. This removes the need to use a bar-code scanner on an LCD display of a cell phone or other device and speeds up the rate at which human ticket takers can verify ticket holders. The system providing the service also can maintain a persistent communication channel with the user device in order to control the ticket verification process.

Abstract: An approach is provided for using multifactor authentication to access multiple services. A determination is made that a user equipment has been authenticated for an access network. An identifier corresponding to the user equipment is received. An alias identifier is generated based on the received user equipment identifier for use in combination with a universal user identifier to authenticate a user corresponding to the user equipment for accessing a plurality of services via the access network.

Abstract: A method for granting secure network access comprising requesting, by a mobile device, access to a network via an access point; receiving a passcode from the access point; sending a message including the passcode and an indicia back to the access point; and generating, by the access point, a secure key based on the indicia, the secure key providing network access to the mobile device.

Abstract: A method for using multiple channels to access a resource, wherein a first user requests a resource that requires an indication of approval from a second user, a token value is transmitted to the first user on the first channel, and the second user transmits the token value and a second authentication parameter over a second channel. The token value is used to associate the first authentication parameter to the second authentication parameter, whereby the first user is allowed access to the resource on the first. The first and second user may be independently authenticated in some implementations and not independently authenticated in other implementations.

Abstract: Apparatus and method for secure transactions between gaming machines and portable devices are described. The secure transactions may include a transfer of an amount of an indicia of credit with a cash value from the portable device to the gaming machine or a transfer of an amount of an indicia of credit with a cash value from the gaming machine to the portable device. A logic device, separate from a master gaming controller on the gaming machine and placed in the gaming machine, may be operable to authenticate a portable device, such as a smart card, and authorize transactions involving transfers of indicia of credit between the portable device and the gaming machine.

Abstract: A system and method for distributing mobile gift cards is described. One embodiment, a computer-server-based method, receives a selection of a merchant with which to associate a mobile gift card, receives an indication of a monetary amount for the mobile gift card, receives an electronic payment for the monetary amount, applies the monetary amount to the mobile gift card, associates the mobile gift card with a recipient's phone number, and transmits a notification of the mobile gift card to a mobile device associated with the recipient's phone number, the computer server acting as a server-side wallet for the mobile gift card, the mobile gift card being usable, through interaction with the computer server, by the recipient for the purchase of goods from the merchant associated with the mobile gift card.

Abstract: According to one embodiment, an apparatus may store a plurality of tokens. The apparatus may receive a subject token indicating an attempt to authenticate a user. The apparatus may determine at least one token-based rule based at least in part upon a token in the plurality of tokens and the subject token. The at least one token-based rule may indicate a plurality of attributes required to access a resource. The apparatus may determine a second plurality of attributes represented by the plurality of tokens and the subject token. The apparatus may determine at least one missing attribute, which may be in the plurality of attributes but not in the second plurality of attributes. The apparatus may then request the at least one missing attribute, and in response, receive at least one token representing the at least one missing attribute.

Abstract: This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.

Abstract: Embodiments of methods and apparatus for tag-based personalization of kiosk computing devices are disclosed. In embodiments, an authentication server/system may receive, from a mobile device, a plurality data packets having data associated with a display tag of a kiosk computing device. The authentication system/server may, in response, instruct the kiosk to activate an account-specific mode based on an account associated with the mobile device. Other embodiments may be described and/or claimed.

Abstract: A method, system, GUI, apparatus, and computer readable media for enabling a customer to access to a media file uploaded by a user are provided. A user profile may be generated using received login and profile information. The user profile may be hosted on, for example, a web site, SMS/MMS gateway, and a WAP site. A media file may be received from the user and may be upload to the user profile. The media file may be associated with a user account. A request to access the media file may be received from a customer. An account associated with the customer may be updated to indicate their requested access to the media file. The customer may then be enabled to access the media file. The user's account may be updated to indicate the transaction.

Abstract: A method is disclosed that includes receiving a request for a transaction from a customer at a seller server system via an electronic-commerce website and identifying a customer account stored at the seller server system based on an identity of the customer. A plurality of financial instruments is associated with the customer account. The plurality of financial instruments has a customer-specific sequence including at least a first financial instrument pre-selected by the customer and a second financial instrument. The method includes automatically attempting to collect a particular payment associated with the transaction from a first financial service provider corresponding to the first financial instrument and automatically attempting to collect the particular payment from a second financial service provider corresponding to the second financial instrument in response to data received at the seller server system indicating a denial of the payment.

Abstract: A security token includes (a) a personal data memory configured to store digital identity credentials related to personal data of a user; (b) an input appliance configured to check said personal data; (c) a key record data memory configured to store at least one identity credential of an authentication server or of an application operator; (d) a transmitter and receiver unit configured to create a secure channel directly or indirectly to said authentication server or application operator to handle said key record relating to said authentication server or application operator, respectively; (e) a control unit configured to control the transmitter and receiver unit and the key record data memory in view of said handling, wherein the control unit is configured to perform one of: interpreting, deciphering, creating, checking, renewing, withdrawing and further key record handling actions. A method for authentication of a user using the security token is also disclosed.

Abstract: The present invention relates to a system and method for a comprehensive account reconciliation process, which ensures a predictable level for the accuracy of the ledger account balance. The present account reconciliation process includes nine reconciliation methods both transactional and non-transactional. The account reconciliation processes are part of overall accounting accuracy methodology that includes five macro processes where reconciliation takes place during the execute macro process. The reconciliation methods cover the diverse interactions between the ledger accounts and supporting documents that are either externally or internally generated.

Abstract: The invention relates to an authentication and/or rights containing retrievable token such as an IC card comprising at least one physical channel of communication to at least one apparatus and at least two logical channels of communication with said at least one apparatus wherein each logical channel of communication is associated with a different execution environment.

Abstract: A system receives account access information from a user. The account is then accessed using the received access information. Data is harvested from a web page associated with the account or received from another financial data source. The user's ability to access the account is authenticated based on the obtained information.

Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.

Abstract: In one embodiment, a user device is configured to allow a user to select any one of a plurality of accounts associated with the user to employ in a financial transaction. In one embodiment, the user device includes a biometric sensor configured to receive a biometric input provided by the user, a user interface configured to receive a user input including secret information known to the user and identifying information concerning an account selected by the user from the plurality of accounts. In a further embodiment, the user device includes a communication link configured to communicate with a secure registry, and a processor coupled to the biometric sensor to receive information concerning the biometric input, the user interface, and the communication link.

Abstract: In general, the invention relates to a method for executing at least a portion of a server operation. The method includes providing an extension to a client connected to the server, where the extension includes a portable object connected to the client. The method further includes performing at least the portion of server operation by the extension, where performing at least the portion of the server operation includes executing a copy of at least a portion of server software stored on the portable object.

Abstract: In one embodiment, a user device is configured to allow a user to select any one of a plurality of accounts associated with the user to employ in a financial transaction. In one embodiment, the user device includes a biometric sensor configured to receive a biometric input provided by the user, a user interface configured to receive a user input including secret information known to the user and identifying information concerning an account selected by the user from the plurality of accounts. In a further embodiment, the user device includes a communication link configured to communicate with a secure registry, and a processor coupled to the biometric sensor to receive information concerning the biometric input, the user interface, and the communication link.

Abstract: An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user's personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption.

Abstract: An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user's personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption.

Abstract: Methods, apparatus and computer program products are provided for monitoring compliance in reporting unclaimed property. The method is capable of identifying both potential non-reporters and potential under-reporters. In this regard, potential under-reporters may be identified as a result of a multilevel review that may take into account the recent reporting history, both in terms of frequency and the type and quantity of unclaimed property that has been reported. The potential non-reporters and potential under-reporters may then be further evaluated, such as by means of an audit or other follow up procedure, to insure compliance.

Abstract: A method for converting coined money to another type of value proceeds by receiving a plurality of coins into a coin processing machine. The coins are processed with the coin processing machine to determine a value of the coins. An electronic record of the determined value is produced using the coin processing machine. Further, the record of the determined value is electronically transmitted from the coin processing machine to a remote storage location.

Abstract: This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.

Abstract: A method is disclosed that includes receiving a request for a transaction from a customer at a seller server system via an electronic-commerce website and identifying a customer account stored at the seller server system based on an identity of the customer. A plurality of financial instruments is associated with the customer account. The plurality of financial instruments has a customer-specific sequence including at least a first financial instrument pre-selected by the customer and a second financial instrument. The method includes automatically attempting to collect a particular payment associated with the transaction from a first financial service provider corresponding to the first financial instrument and automatically attempting to collect the particular payment from a second financial service provider corresponding to the second financial instrument in response to data received at the seller server system indicating a denial of the payment.

Abstract: A method of conducting real time, on-line financial transactions includes operating at least one communication network (12) which can communicate with first and second communication devices (14, 16) having first and second electronic addresses respectively, the communication network (12) being in communication with one or more databases (20) which contain details of first and second accounts, receiving information from the first communication device (14), which information includes details of transfer to be made into the second account from the first account, communicating a signal to interrogate the first account to determine if the transfer can be made, and if the transfer can be made, debiting the first account with the amount of the transfer, and crediting the second account with the amount of the transfer.

Abstract: This invention relates to a terminal device capable of communicating with an accounting center, an accounting system, and a data processing method. A point memory 45 of a recording/reproducing device 10 stores accounting point information. An HDD 15 stores information distributed from an external source. A CPU 11 updates the accounting point information stored in the point memory 45 and updates attributes of the distributed information when the distributed information is stored onto the HDD 15. Thus, such inconvenience that communication with a distribution/accounting center 1 is carried out every time information is distributed to the recording/reproducing device 10 is avoided.

Abstract: A virtual payment system for ordering and paying for goods, services and content over an internetwork is disclosed. The virtual payment system comprises a commerce gateway component (52) and a credit processing server component (53). The virtual payment system is a secure, closed system comprising registered sellers and buyers. A buyer becomes a registered participant by applying for a virtual payment account. Likewise, a seller becomes registered by applying for a seller account. A buyer can instantly open an account on-line. That is, the credit processing component (53) immediately evaluates the buyer's virtual payment card application and assigns a credit limit to the account. Once an account is established, a digital certificate is stored on the registered participant's computer. The buyer can then order a product, i.e., goods, services or content from a seller and charge it to the virtual payment account.

Abstract: A first account profile is on a first mobile communications device and a second account profile is on a second mobile communications device. User input of transactional information is accepted on the first mobile communications device. The first account profile on the first mobile communications device is modified based on the transactional information. A message is transmitted including the transactional information to the second mobile communications device.

Abstract: Each IC card 1 notifies a server 3 of the ID of the IC card and the connection information of a terminal device to which the IC card is connected. The server 3 stores the ID and the connection information in a database 4 while associating the ID and the connection information with each other. When an IC card 1 communicates with another IC card, the IC card 1 requests the connection information concerning the destination IC card from the server 3 while specifying the ID of this IC card. The server 3 searches the database 4 for the connection information corresponding to the ID specified by the request, and notifies the requesting IC card 1 of the acquired connection information. This enables communications between IC cards even if the terminal device to which a destination IC card is connected has been changed in the past.

Abstract: A personal communication apparatus is presented for generating a verifiable recording of a transaction, the transaction comprising an exchange of information. The apparatus includes a receiving component, a protection component, a memory and a recording component. The receiving component receives a transaction between a user of the apparatus and a remote person, and of receiving biometric data (BIOKY) of the remote person. The protection component protects the voice conversation with the biometric data (BIOKY). The recording component records the transaction protected with the biometric data on the memory. A communication apparatus is also presented that includes a memory and an authentication component. The authentication component provides access to a protected transaction stored on the memory.

Abstract: A system and method for the payment of petty cash disbursements is disclosed wherein a tree structure of linked purchasing cards is constructed according to a real-life organizational structure of persons able to authorized the expenditures of the petty cash. A central computer facility is used to maintain the structure and to facilitate the modification of the expenditure limits for the purchasing cards and the movement of cash between a master account and the accounts of each of the purchasing cards to cover purchased made thereby.

Abstract: A system and method for validating an identity of a user to enable or prevent an occurrence of an event is disclosed. In one embodiment, the system includes a first device including a wireless transmitter which is configured to transmit validation information, a second device including a wireless receiver configured to receive the validation information and to further transmit the validation information, and a secure system in communication with the second device. The secure system includes a database configured to receive the validation information transmitted from the second device, and to transmit additional information to the second device following a receipt of the validation information to assist the second device in either enabling or preventing the occurrence of the event.

Abstract: An electronic transit fare payment system is disclosed. The system comprises a plurality of mobile devices adapted to store a transit fare payment application and a server in wireless communication with the mobile devices. The transit fare payment application decrements a transit fare funds balance by a fare amount after completing a transit ride, wirelessly requests a top-up of the transit funds balance when the transit funds balance drops below a threshold, wirelessly receives a top-up instruction, increments the transit fare funds balance in response to executing the top-up instruction, and wirelessly transmits a top-up confirmation. The server receives the request for the top-up, charges the top-up to a credit card associated with the mobile device requesting the top-up, transmits the top-up instruction to the mobile device requesting the top-up, receives the top-up confirmation. When the top-up confirmation is not received, the server requests top-up confirmation from the mobile device.

Abstract: Downloading configuration data to program card terminals and providing real-time data of activity occurring at card terminals. A merchant can log on to a system server and enter information to program options for its card terminals such as via a web page on an Internet site. The system server formats the information into a file based upon a communication protocol and programming rules for the card terminal, and downloads the file to it as a data stream. The card terminal programs itself according to the configuration data. A merchant can also view data for activity occurring at its card terminals, possibly in real-time proximate to detection of the activity by the system server. In conjunction with processing transactions or other activity from the card terminals, the system server replicates the records for the activity and makes them available to merchants such as via a web page on an Internet site.

Abstract: A virtual payment system for ordering and paying for goods, services and content over an internetwork is disclosed. The virtual payment system comprises a commerce gateway component (52) and a credit processing server component (53). The virtual payment system is a secure, closed system comprising registered sellers and buyers. A buyer becomes a registered participant by applying for a virtual payment account. Likewise, a seller becomes registered by applying for a seller account. A buyer can instantly open an account on-line. That is, the credit processing component (53) immediately evaluates the buyer's virtual payment card application and assigns a credit limit to the account. Once an account is established, a digital certificate is stored on the registered participant's computer. The buyer can then order a product, i.e., goods, services or content from a seller and charge it to the virtual payment account.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: A method and system for preparing and managing real estate transfers and financing, including a system for preparation, production and storage of relevant documentation and the data contained therein; a system for coordinating, reconciling and transferring funds; and a system of analyzing and tracking the progress of numerous real estate transactions. The invention uses a database to minimize the redundancy involved in the preparation of all documentation needed for real estate closings. Information input into the database is used to generate the documentation necessary to complete real estate transfers, including all forms required by relevant financial institutions and government agencies. Such documentation includes handwritten signatures, which are digitally scanned and incorporated into the documents. Also, ancillary documentation can be scanned into the system and combined with other customer data and documentation.

Abstract: A method of confirming the identity of a user includes processing biometric credentials, generating a user configurable policy including identities of a plurality of authenticating entities, storing the user configurable policy in a device, presenting the device to an authenticating entity at an authentication station, and requesting biometric and personal data of the user from the device data. The biometric data corresponds to at least one biometric feature desired for authenticating the user and the requesting operation is performed by a workstation of the authenticating entity.

Abstract: Methods and systems for detecting fraud based on velocity counts are disclosed.

Abstract: The invention is a new generation of system of payments, designed for the millions of customers around the world who are victims of identity theft and fraud with credit card; because it is anonymous, prepaid, disposable, non-reloadable, non-refundable, and easy to doing any purchase online, telephone, mail or retailer. The invention has both features such as 1) is a prepaid debit card (expiration date & security code) and 2) is a prepaid phone card (PIN), with an amount assigned on every account/card, which is exhausted when the cash amount is expended and works with the same physical characteristics, electronic and financial mechanisms of a debit card as they do major credit cards, are an open loop. It is distributed by retailers (plastic card) or Internet (virtual account) and must be pre-activated for use after purchased.

Abstract: A communication system is disclosed comprising a communication network and a communication device. The communication device reads machine-readable information from a card, wherein the information on the card corresponds to data hosted by a content provider in the communication network. The communication device processes the information to locate the content provider, and transmits a request for the data and the information to the communication network. The communication network processes the information to translate the data hosted by the content provider to a format suitable for the communication device. The communication network also processes the information to handle a financial transaction for the data.

Abstract: E-commerce which may include delivery of a good ordered or purchased over a network (e.g., the Internet) to a purchaser/user, and/or arranging for electronic payment of the good is accomplished while securing private and personal information of purchasers/users, which may include the user's identity and address(and those of the user's computer), and financial information. Proxy software is provided for user computers, one or more proxy computers, or both, for users to communicate with vendors anonymously over the network, provide for delivery of an ordered good and provide for electronic payment, while securing the user's private information. The proxy software provides for a proxy party to deal with a vendor and arrange payment from a bank or credit card company to the vendor based on an account that the proxy party has with the bank. The proxy party is not required where the purchaser/user is provided with a transaction identity that masks the true identity of the purchaser.

Abstract: This invention provides a novel processing technique from customer authentication to order price claim in online sales of commodities and the like. First, upon receiving a customer authentication request from a shop computer, a first key is generated and transmitted to a customer terminal. Upon receiving the first key and authentication information for that customer, a legitimacy confirmation of the key and authentication processing are performed, and if both of the processing results are affirmative, a second key is generated and transmitted to the shop computer with an order identification number. In a case where the second key and shop authentication information are received from the shop computer, the legitimacy confirmation of the key, authentication processing of the shop, and credit processing of the customer are performed.