Abstract: A computer implemented method comprising operating a software container, the software container including a blockchain subsystem and a blockchain ledger, generating a blockchain entry by executing a hashing function on a current state of the software container and a last entry in the blockchain ledger, updating the blockchain ledger with the generated blockchain entry, and transmitting the generated blockchain entry to one or more connected software containers.

Abstract: In certain embodiments, probabilistic secondary token issuance on a blockchain may be facilitated based on a burning of a primary token of the blockchain. In some embodiments, a blockchain transaction associated with a user may be obtained. The blockchain transaction may indicate (i) an amount of a primary token of the blockchain (owned by the user) to be burned and (ii) a secondary token of the blockchain. Based on the blockchain transaction, (i) the amount of the primary token may be burned, and (ii) a portion of a key space may be allocated to the user. Based on a determination that a hash of at least a portion of a first block of the blockchain corresponds to the key space portion allocated to the user, an issuance of an amount of the secondary token to the user may be stored on a second block for the blockchain.

Abstract: A method for anonymously communicating data that defines a token from a source system to a destination system via a block-chain distributed database includes receiving, at a token distribution system, request information from a source system. The request information specifies source identifying information and an address for receiving one or more tokens. The token distribution system determines one or more tokens for allocation to the source system and communicates the allocated tokens to the address defined in the request information via a zero-knowledge transaction. The source system moves the tokens to a different address for communicating a block-chain transaction and communicates the tokens at the different address to a destination address associated with the destination system via a block-chain transaction.

Abstract: Systems and methods configured for monitoring and analyzing financial transactions on public distributed ledgers for suspicious and/or criminal activity are disclosed. Exemplary implementations may: access public third-party information for addresses involved in financial transactions; correlate a first portion of the public third-party information with transaction addresses; label the financial transactions and/or the addresses according to characteristics, such that individual ones of the addresses either have been labeled or are unlabeled; cluster the financial transactions and/or the addresses into a set of clusters that includes a first cluster; assign levels of risk for suspicious and/or criminal activity to the addresses and the financial transactions; and responsive to comparisons of levels of risk with a threshold, report transactions for suspicious and/or criminal activity.

Abstract: A distributed enhanced payment processing system includes a merchant point of sale (POS) terminal system and a remote payment management system. The POS terminal system initiates a transaction that includes receiving a payment amount, a purchaser account identifier, a virtual electronic payment indicator, and a merchant ID via a payment client. Subsequently, the POS terminal system outputs the transaction to the remote payment management system which generates a token for the transaction. The payment management system then provides the purchaser account identifier, a merchant account identifier, and the payment amount to a remote virtual electronic payment (VEP) entity system. Upon receiving a VEP entity system response, the payment management system outputs the response and token to the POS terminal system.

Abstract: The Point-to-Point Transaction Guidance Apparatuses, Methods and Systems (“SOCOACT”) transforms smart contract request, crypto currency deposit request, crypto collateral deposit request, crypto currency transfer request, crypto collateral transfer request inputs via SOCOACT components into transaction confirmation outputs. Also, SOCOACT transforms virtual wallet address inputs via SOCOACT (e.g., P2PTG) components into transaction confirmation outputs. In one embodiment, the P2PTG includes a point-to-point payment guidance apparatus, comprising, a memory and processor disposed in communication with the memory, and configured to issue a plurality of processing instructions from the component collection stored in the memory, to: obtain a target wallet identifier registration at a beacon. The SOCOACT then may register the target wallet identifier with the beacon and obtain a unique wallet identifier from a migrant wallet source associated with a user at the beacon.

Abstract: A method includes, after expiration of a first passcode, receiving, at an access point, a first access request from a first device. The first access request may be encrypted based on the first passcode. The method further includes determining whether an identifier of the first device is included in a device list associated with the first passcode. The device list includes identifiers of devices that accessed the access point using encryption based on the first passcode before the expiration of the first passcode. The method also includes, in response to a determination that the identifier of the first device is included in the device list generating, at the access point, data representing a second passcode by encrypting the second passcode using the first passcode. The method further includes sending the data representing the second passcode to the first device from the access point.

Abstract: Disclosed herein are methods and systems for enabling legal-intercept mode for a targeted secure element.

Abstract: A system includes circuitry for rewriting blockchains in a non-tamper-evident or tamper-evident operation using a key secret held in portions by multiple individually untrusted parties. The blockchains may include a series of blocks secured by integrity codes that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret or individually-untrusted parties in possession of only a portion of the key secret. In some cases, multiple individually-untrusted parties may combine their portions into the key secret. As a group, the multiple individually-untrusted parties may perform non-tamper-evident operation with respect to at least one integrity code within the blockchain.

Abstract: A method for managing fractional reserves of blockchain currency includes: storing, in a first central account, a fiat amount associated with a fiat currency; storing, in a second central account, a blockchain amount associated with a blockchain currency; storing a plurality of account profiles, each profile including a fiat currency amount, blockchain currency amount, account identifier, and address; receiving a transaction message associated with a payment transaction, the message being formatted based on one or more standards and including a plurality of data elements, including a data element reserved for private use including a specific address and a transaction amount; identifying a specific account profile that includes the specific address included in the data element in the received transaction message; and updating the blockchain currency amount included in the identified specific account profile based on the transaction amount included in the data element in the received transaction message.

Abstract: Aspects of the present invention provide systems and methods that allow for a generic, decentralized system that is independent of a centralized resource and allows for the reporting and protecting of all types of smart devices including smart phones, laptop, tablets, or smart packages, and the like. In embodiments, the device comprises a security module or modules that interface with a decentralized network that maintains a secure distributed transactional ledger, or block chain, in order to send and/or receive data via the block chain. In embodiments, the device may not operate when its ability to access a communication channel provided via secure distributed transactional ledger has been impeded or otherwise hindered.

Abstract: The present disclosure generally relates to financial data processing, and in particular it relates to lender credit scoring, lender profiling, lender behavior analysis and modeling. More specifically, it relates to rating lenders based on data derived from their respective consumers. Also, the present disclosure relates to rating consumer lenders based on the predicted spend capacity of their consumers.

Abstract: A system includes circuitry for rewriting blockchains in a non-tamper-evident or tamper-evident operation using a key secret held in portions by multiple individually untrusted parties. The blockchains may include a series of blocks secured by integrity codes that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret or individually-untrusted parties in possession of only a portion of the key secret. In some cases, multiple individually-untrusted parties may combine their portions into the key secret. As a group, the multiple individually-untrusted parties may perform non-tamper-evident operation with respect to at least one integrity code within the blockchain.

Abstract: A computer-implemented method for storing and transmitting sensitive data is disclosed including storing source data on a secure data storage of a secondary device connected to a computing device, wherein the computing device is configured to operate via an operating system with a central processor, and wherein the secure data storage is adapted to receive input unilaterally from the computing device and store it as source data, and transferring the source data from the secure data storage to a communications interface component that connects the computing device to a computer network, wherein the transferring is implemented via the secondary device while bypassing the central processor. A system is also provided.

Abstract: Various methods and systems are provided for capture and transmission of images to a secure repository. In one example, among others, a method includes capturing an image of a document as an image file using a mobile device, adding metadata to the image file, and securely transmitting the image file to a server. The image file can be stored in a secure repository. In another example, a mobile device includes a secure transfer application that causes the mobile device to capture an image as an image file, add metadata to the image file, and transmit the image file to a server via a secure connection. The server may store the image file in a secure repository. In another example, a non-transitory computer-readable medium includes a program that captures an image, adds metadata to the image file, and transmits the image file securely to a server.

Abstract: Networked authentication systems and methods are described including using a mobile network operator (MNO) agent in communication with an authentication system, a data storage, and a wireless handset via a network, the MNO agent configured to, receive a request for validated data denominations from the wireless handset via the network, generate data denomination corresponding to the requested denomination, retrieve, from the data storage, numbers of validator strings corresponding to the requested data denomination, wherein the validators are received from the authentication system prior to and/or after receiving the request, and append the corresponding number of validator strings to the requested data denominations.

Abstract: In a business where a database tracks customers and manages customer accounts, a method and system correctly link accounts with customers. The method entails reading customer information for a first customer and for a second customer, and then utilizing personal identification information obtained from other sources to determine if the first customer is the same as the second customer. If the first customer and the second customer are the same person, the first customer and the second customer are identified as being the same unique person. Accounts associated with the two customers are identified as belonging to the same unique person. Viewed another way, the method and system of the present invention takes an existing database of personal identification information, and cross-references that database against other sources of personal identification information to identify persons who appear to be separate persons, but who are actually one and the same individual.

Abstract: An electronic currency and authentication system and method. An electronic money validator is attached to electronic money. The electronic money validator authenticates the electronic money originated by electronic money issuer. The electronic money might be originated when cash or cash equivalent is received from a customer for deposit into the customer's account. The electronic money validator is retired when the electronic money is removed from circulation.

Abstract: A mobile payment network receives a payment request from a first user operating a first mobile device and identifies recipients of the payment request based at least in part on the proximity of other mobile devices to the first mobile device.

Abstract: Metering is enabled through an arrangement in which a metering certificate is communicated to a mobile device using an over-the-air protocol. A metering trigger provides the metering certificate that includes a location to which metering data is posted by the mobile device and a public key of a public-private key pair, or alternatively provides a link to such metering certificate. A metering helper passes the metering certificate to a DRM system on the mobile device which collects metering data associated with the metering ID and uses the public key to encrypt the metering data into a metering challenge. The metering helper posts the metering challenge to the location. The metering service extracts the metering data from the metering challenge using a private key and generates a metering response that is received by the metering helper which prompts the DRM system to reset at least a portion of a data store in which the metering data is stored.

Abstract: Methods and systems are provided for the exchange of digital cash employing protocols for various entities to separately certify the validity of the parties, values and transactions while maintaining the anonymity of the buyer or user of the digital cash. Encrypted connections are established allowing various parties to enter into transactions to buy, sell, exchange and recover digital cash using a secure method that protects the personal information and identity of the user. The parties exchange tokens for other value in a transaction of financial settlement between themselves and wherein they are the only parties with knowledge of the amount and description of the transaction and in this way mimics a traditional cash transaction.

Abstract: A method, device and system for service presentation, which includes: receiving a presentation request message; acquiring presentation information from the presentation request message; storing the presentation information; when the presentee accesses the presented content, receiving an authentication and rating request message transmitted from the service enabling component; performing authenticating and rating according to the authentication and rating request message and the stored presentation information. The present invention is applicable to presenting content type services and so on.

Abstract: A backup account recovery authentication of last resort using social authentication is described. The account holder requests trustees who have been previously identified to obtain an account recovery code. The account recovery system sends a communication to the trustee for information to verify the trustee as one of the previously identified trustees. The account recovery system then may transmit a link and code with instructions for the trustee to return the link. The account recovery system then transmits a situational query to the trustee to provide additional security. Finally, if all the communications have been completed for the required level of security, the account recovery code is transmitted to the trustee. The trustee sends the account recovery code to the account holder for access to an account.

Abstract: Systems and techniques for mediating user communications. A user persona manager maintains one or more user profiles and manages user interactions with other parties and with service providers based on user preferences associated with the user profile or profiles selected for a particular interaction. The persona manager receives a single set of user authentication information to establish the user identity, and provides previously stored information to other parties and service providers as appropriate, and otherwise conducts user interactions involving communications initiated by or on behalf of the user. The persona manager also examines interactions initiated by others, selects user profiles appropriate to the interactions, and routes and responds to the interactions based on information stored in the user profiles.

Abstract: A subscription-based system for providing commerce information for one or more mobile devices for one or more merchants. Some techniques employed feature a subscription-based method for presenting commercial resources to a mobile device. The method involves receiving mobile device user information relating to a geographic location to locate one or more merchants within a subscription-based shopping network, and receiving mobile device user information relating to a merchant type within the subscription-based shopping network. The method also involves receiving, from a database over a communication network, information for one or more merchants associated with the mobile device user information for the geographic location and the merchant type, and presenting the associated merchant information on the mobile device.

Abstract: Techniques for representation and verification of data are disclosed. The techniques are especially useful for representation and verification of the integrity of data (integrity verification) in safe computing environments and/or systems (e.g., Trusted Computing (TC) systems and/or environments). Multiple independent representative values can be determined independently and possibly in parallel for respective portions of the data. The independent representative values can, for example, be hash values determined at the same time for respective distinct portions of the data. The integrity of the data can be determined based on the multiple hash values by, for example, processing them to determine a single hash value that can serve as an integrity value.

Abstract: A system and method for verifying ownership of an electronic receipt in a communication system providing a public key infrastructure, the verification arising out of a series of messages being sent and received between a first party and a verifying party, the method comprising the steps of receiving a proof message from the first party, the proof message being derived from at least a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party and an electronic receipt that has been issued by electronically signing a request message with a second public key, determining whether or not the proof message was derived from the second public key.

Abstract: A secure payment method includes receiving, at a computer of a payment service, a request from a requester for a one time use transaction identification token for a transaction. The one time use transaction identification token is provided from the payment service computer to the requester. The one time use transaction identification token is received at the payment service from a merchant communications apparatus under the control of a merchant. Electronic payment information for the transaction is issued from the payment service to the merchant upon validating the one time use transaction identification token.

Abstract: A system is provided for a stored-value card account to serve as a platform to transfer funds in alternate currency. A prepaid cardholder may transfer to a recipient in a first currency from an account in a second currency. The prepaid cardholder selects the amount to be transferred, the recipient, and the currency to be provided to the recipient. An exchange rate is obtained automatically from a currency exchanger and once the prepaid cardholder authorizes the transfer, funds in the requested currency are transferred to the recipient and the prepaid cardholder account owner's prepaid cardholder account is debited the appropriate amount. Thus, currency conversion and delivery to a recipient is possible in an automated process.

Abstract: Responsibility can be established for specific copies or instances of copies of digitized multimedia content using digital watermarks. Management and distribution of digital watermark keys (e.g., private, semiprivate and public) and the extension of information associated with such keys is implemented to create a mechanism for the securitization of multimedia titles to which the keys apply. Bandwidth rights can be created to provide for a distributed model for digital distribution of content which combines the security of a digital watermark with efficient barter mechanisms for handling the actual delivery of digital goods. Distributed keys better define rights that are traded between transacting parties in exchanging information or content. More than one party can cooperate in adding distinguished watermarks at various stages of distribution without destroying watermarks previously placed in the content.

Abstract: Electronic currency consists of data in a form suitable to be stored in a user's data storage medium, comprising information on the data value, identification of each specific set of data or data point, and authentication information suitable to verify that said data has been generated by a specific Currency Issuing Authority (CIA). A method and a system for effecting currency transactions between two users over the Internet or other communication network are also described.

Abstract: In an embodiment, an apparatus includes a control logic to selectively audit transactions between the apparatus and a separate entity based on a type for the transactions. The apparatus also includes an encryption logic to encrypt an audit log that includes at least one attribute of one of the selectively audited transactions.

Abstract: A method for providing fast and secure access to MIFARE applications installed in a MIFARE memory being configured as a MIFARE Classic card or an emulated MIFARE Classic memory, comprises: keeping a repository of MIFARE memories and user identifications assigned to said MIFARE memories as well as of all MIFARE applications installed in the MIFARE memories, wherein, when a new MIFARE application is to be installed in a MIFARE memory identified by a user identification the present memory allocation of said MIFARE memory is retrieved, an appropriate sector of said MIFARE memory is calculated, a key is calculated for said MIFARE application and the MIFARE application together with the assigned sector and key are linked to the user identification and are stored in the repository.

Abstract: Methods, systems, and computer-readable media are disclosed for access control. A particular method receives a resource access identifier associated with a shared computing resource and embeds the resource access identifier into a link to the shared resource. The link to the shared resource is inserted into an information element. An access control scheme is associated with the information element to generate a protected information element, and the protected information element is sent to a destination computing device.

Abstract: Electronic currency consists of data in a form suitable to be stored in a user's data storage medium, comprising information on the data value, identification of each specific set of data or data point, and authentication information suitable to verify that said data has been generated by a specific Currency Issuing Authority (CIA). A method and a system for effecting currency transactions between two users over the Internet or other communication network are also described.

Abstract: A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer's configured virtual machine. The host machine creates an image from the customer's configured virtual machine. The host machine unwraps a sealed customer's symmetric key to form a customer's symmetric key. The host machine encrypts the customer's configured virtual machine with the customer's symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage.

Abstract: A personal digital key (e.g., which can be carried by a human) contains a memory having different service blocks. Each service block is accessible by a corresponding service block access key. As the personal digital key (PDK) moves around, it is detected by sensors. The sensors report position data, thus enabling location tracking of the PDK. The sensors also provide a data path to various applications. An application that has access to a service block access key can therefore access the corresponding service block on the PDK. The sensors themselves may also contain service block access keys.

Abstract: Particular embodiments provide a method for orchestrating an order fulfillment business process that includes a sub-process. In one embodiment, abstraction of business processes from an underlying information technology (IT) infrastructure is provided. An orchestration process can be designed using sub-processes such that the sub-process is assembled at run-time into an executable process. The sub-process may be defined in an interface as a single step. A plurality of services as then assembled as steps in the executable process at run-time.

Abstract: A system and method thereof, comprising means for: communicating through at least one computer network interface with each of (i) a plurality of providers of accountable resources, and (ii) a plurality of registrars which register clients, each client having access to accountable resources of providers, and maintain client-associated accounts therewith; generating a token verifying that a client is authenticated by a registrar; logging accountable transactions identifying a client-associated account and a transaction valuation, maintained by the registrar; and periodically accounting for the logged accountable transactions between respective registrars and respective providers; wherein a valuation of the accountable transaction is dependent at least on information conveyed in the token.

Abstract: The present invention provides a digitally originated check (DOC) through an electronic payment system (EPS) which captures payor metadata instructions regarding the intended payment to a payee. The metadata is stored in a database or the like for further processing instead of printing a paper check. The EPS is operable to clear the DOC through either paper or electronic Check 21 mechanisms.

Abstract: A cash recycler includes one or more universal cartridges storing cash which may be exchanged between different types of cash recyclers. The swapping of universal cartridges may allow for improved efficiency when a cash handling device is detected to have a need for additional currency, removal of surplus currency, removal of unfit currency, and other services.

Abstract: An embodiment defines access control allowing the expression of access control rules using ontology based semantics and references an ontology subset using XPath as the ontological expression. The access control rules or access criteria are defined by an access control statement and may be expressed using classification criteria and ontology classes. The access control statement comprises a structural description that is used to define an asset and a logical expression that may be used to express the classification criteria. The access control statement defines access policy for various assets.

Abstract: A user authentication method and system. A computing system receives from a user, a first request for accessing specified functions executed by a specified software application. The computing system enables a security manager software application and connects the specified software application to a computing apparatus. The computing system executes first security functions associated with the computing apparatus. The computing system executes second security functions associated with additional computing apparatuses. The computing system determines if the user may access the specified functions executed by the specified software application based on results of executing the first security functions and the second security functions. The computing system generates and stores a report indicating the results.

Abstract: This invention discloses a novel system and method for distributing electronic ticketing such that the ticket is verified at the entrance to venues by means of an animation or other human perceptible verifying visual object that is selected by the venue for the specific event. This removes the need to use a bar-code scanner on an LCD display of a cell phone or other device and speeds up the rate at which human ticket takers can verify ticket holders. The system providing the service also can maintain a persistent communication channel with the user device in order to control the ticket verification process.

Abstract: A method for granting secure network access comprising requesting, by a mobile device, access to a network via an access point; receiving a passcode from the access point; sending a message including the passcode and an indicia back to the access point; and generating, by the access point, a secure key based on the indicia, the secure key providing network access to the mobile device.

Abstract: A method for using multiple channels to access a resource, wherein a first user requests a resource that requires an indication of approval from a second user, a token value is transmitted to the first user on the first channel, and the second user transmits the token value and a second authentication parameter over a second channel. The token value is used to associate the first authentication parameter to the second authentication parameter, whereby the first user is allowed access to the resource on the first. The first and second user may be independently authenticated in some implementations and not independently authenticated in other implementations.

Abstract: A method of issuing electronic vouchers (Vi) which a user (U) may submit to a merchant (M) in exchange for goods or services comprises the steps of: an issuer (I) receiving an electronic declaration (Di?1) from the user (U), the issuer verifying the electronic declaration (Di?1), and the issuer issuing a new electronic voucher (Vi) for use with the merchant (M) only if the electronic declaration comprises a signature (SM) of a merchant on a previous electronic voucher (Vi?1). The vouchers (Vi) and declarations (Di?1) are preferably blinded by the user such that the user remains anonymous. However, the electronic vouchers (Vi) may contain the identity (Q) of the user (U), which identity may be revealed when a voucher is submitted more than once.

Abstract: An electronic money system and a payment-accepting apparatus that further facilitate the use of cards substituting cash money. The electronic money use fee is computed on the basis of the information about the timing with which the amount of money data equivalent to an amount of money used are withdrawn from an information card, thereby allowing the user owning the information card to use an electronic money system regardless of whether time zones having different profit rates. Consequently, the user owning the information card always may pay by the information card, thereby enhancing the effectiveness of the information card that substitutes cash money.

Abstract: According to one embodiment, an apparatus may store a plurality of tokens. The apparatus may receive a subject token indicating an attempt to authenticate a user. The apparatus may determine at least one token-based rule based at least in part upon a token in the plurality of tokens and the subject token. The at least one token-based rule may indicate a plurality of attributes required to access a resource. The apparatus may determine a second plurality of attributes represented by the plurality of tokens and the subject token. The apparatus may determine at least one missing attribute, which may be in the plurality of attributes but not in the second plurality of attributes. The apparatus may then request the at least one missing attribute, and in response, receive at least one token representing the at least one missing attribute.

Abstract: Digital cash token protocols use a combination of blind digital signatures and pseudonym authentication with at least two pairs of public and private keys. A user is provided with one master pair of private and public keys and as many pseudonym pairs of private and public keys as desired. The resulting digital cash token based hybrid protocols combine the advantages of blind digital signature and pseudonym authentication. Blind digital signatures based on the master pair of keys are used to withdraw digital cash from the user's bank account under the user's real identity. A pseudonym pair of keys is used for converting digital cash into digital cash tokens by a digital cash issuer. All pseudonyms can be used for spending the digital cash tokens. These protocols ensure anonymity when withdrawing digital cash from the user's account under the user's real identity in addition to providing pseudonym authentication when spending digital cash tokens under a pseudonym.