Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.

Abstract: Systems and methods are provided for data protection across connected, disconnected, attended, and unattended environments. Embodiments of the inventions may include differential encryption based on network connectivity, attended/unattended status, or a combination thereof. Additional embodiments of the invention incorporate “trust windows” that provide granular and flexible data access as function of the parameters under which sensitive data is accessed. Further embodiments refine the trust windows concept by incorporating dynamic intrusion detection techniques.

Abstract: A card actuated automated banking machine (10) is operative to carry out financial transactions responsive to data included on user cards. The machine includes a user interface (15) including a display (24). The user interface includes a card reader (16) which is operative to read data on user cards which identify at least one of user and a user's financial accounts. A fascia of the machine includes a keypad (404, 438, 458) through which users input confidential data. Covers (400, 422, 430) prevent unauthorized persons from viewing confidential inputs to the keypad. Authorization signals assure that the display is operating in a manner that provides appropriate user instructions. A visual indicator is operative to indicate to a user that keypad inputs are being encrypted.

Abstract: An automated banking machine controlled responsive to data bearing records includes a card reader that is operative to read data from user cards including identifying data and to authorize operation of an automated banking machine responsive to the identifying data. The automated banking machine includes a deposit accepting device. The deposit accepting device is operative to receive a stack of sheets and to separate each sheet from the stack through operation of a picker. Each sheet is aligned with the sheet path and analyzed by analysis devices including at least one magnetic read head, an imager and/or a validation device. Sheets determined not to have at least one property of a genuine sheet are returned to a user of the machine. Sheets determined to have at least one property of genuine sheets are processed and stored in the machine.

Abstract: Using information applied to a packet at an ingress port of a network for enhancing security such as user authentication for example. Such authentication may be applied in addition to (i.e., as an extension of) other authentication measures. The information applied to a packet may be “context information” which replaces at least some bits of layer 2 information (e.g., a header). Users or customers may define security policies. They may define different security policies for different types of transactions. They may also define security policies based on the location from which the transaction originated. If the customer is an organization with different classes of users, it may define different security policies based on the type of transaction, the location from which the transaction originated, and/or the class of user. The class of user may be identified based on at least a part of the “context information”.

Abstract: Live payment terminals employing payment system public keys are evaluated. Dedicated test payment cards are internally issued by an operator of the payment system. Presentation of at least one of the cards to at least one of the terminals is facilitated. Testing the at least one of the terminals for proper management of the payment system public keys is facilitated. The testing can be in a test transaction conducted when the at least one of the cards is presented to the at least one of the terminals. The steps of facilitating presentation and facilitating testing can be conducted substantially without auditing.

Abstract: One embodiment of the invention is directed to a method comprising receiving an authorization request message for a transaction conducted by a consumer with a merchant, sending the authorization request message to an issuer, receiving an authorization response message, modifying the authorization response message using a server computer to include receipt preference data, wherein the receipt preference data is derived from receipt preferences of the consumer or the merchant, and sending the authorization response message comprising the receipt preference data to the merchant, wherein the merchant generates a receipt for the consumer according to the receipt preference data.

Abstract: A server is operable to receive a media device identifying number (ID) and establish an association between a media device and a payment account and, in one embodiment, supports at least one of payment authorization and payment clearing based at least in part on the media device ID and the payment account. A network and system includes a payment card processor server that is operable to receive a payment authorization request and to determine if an authorized media device generated a purchase selection message and to determine to approve a received payment authorization request based, in part, if the media device was authorized for the purchase selection based upon a received media device ID. The system is further operable to perform a key rotation to protect payment account information.

Abstract: For an organization having a central station and a plurality of distributed outlets, each of the outlets having a cashier's terminal, each of the cashier's terminals coupled to a respective point-of-sale (POS) controller, a method of permitting a billee to pay an invoice issued by a biller is disclosed.

Abstract: A private and secure payment system has a portable wireless device belonging to party A with a payment function and a central system that is used to effect a private and secure payment transaction to a party B. At time of payment transaction from party A to party B, a party B identification and a payment amount is entered into the wireless device, a data record including at-least the party B's identification, the payment amount and the wireless device identification is transferred over the global network to the central system. The central system assembles payment transaction records from the party A pre-stored bank account data, to a central system bank and from the central system bank to a party B's bank account identification for submission to an automated clearing house and receives a payment approval record and sends a notification to the party A and party B's e-mail addresses.

Abstract: A method of authenticating a PSD and an initializing infrastructure that uses a secret key, a PSD public/private key pair and a provider public/private key pair. The infrastructure prepares a signed provider key record using the provider public key and the provider private key and a first MAC using the signed provider key record and the secret key. Both are sent to the PSD. The PSD authenticates the signed provider key record using the first MAC and the provider public key using the included digital signature. The PSD prepares a signed PSD key record using the PSD public key and the PSD private key and a second MAC using the signed PSD key record and the secret key. Both are sent to the infrastructure. The infrastructure authenticates the signed PSD key record using the second MAC and the PSD public key using the included digital signature.

Abstract: The present invention relates to a method for a cell phone based dating service. The method uses telecommunication in the form of phones, cell phones or email. The invention proposes a method or way to exchange the information of two people in a fast way by the Internet or telephone or cell phones, making it possible divide peoples personal information in small portions and to give out these portions step by step. In the invention proposes a system-administrator, the system, will coordinate the exchange of information between the meeting people. The invention uses a computer based partner service system in which a participant can order the system to give out its personalized information in defined modifications.

Abstract: Component removal detection may be accomplished by a variety of systems and techniques. In one embodiment, a system for component movement detection may include a payment module, a fuel dispenser, and a movement detection device. The fuel dispenser may receive the payment module and enclose the payment module at a first position defined by a fixed position of the payment module relative to the fuel dispenser. The movement detection device may be communicably coupled to the payment module and may detect a first value at the first position and a second value at a second position of the payment module, where the second position may be different from the first position. Further, the movement detection device may transmit the second value to the payment module, where the payment module may activate a security measure based upon a difference in the first and second values greater than an adjustable absolute limit.

Abstract: A portable device may include far field communication logic to receive identity information to establish a transaction between the portable device and a transaction device, to receive user information related to a user of the portable device, and to send updated user information, completed transaction information, or updated other information to a server for storage in an account related to the user. The portable device may include near field communication logic to send the identity information to the transaction device, to receive transaction information during a transaction, to send payment information to the transaction device, and to receive the completed transaction information.

Abstract: Systems and methods for electronic premises access are disclosed. Some method embodiments comprise receiving a credential at a portal to a secure premises, identifying an issuing authority of the credential, electronically validating the credential with the issuing authority, and permitting entry to the secure premises if the credential is valid. Other method embodiments comprise receiving an identity credential and information indicating that there is an emergency at a portal to a secure premises, performing a cursory validation of the identity credential, permitting entry to the secure premises if the identity credential appears valid, identifying an issuing authority of the identity credential, and electronically validating the identity credential with the issuing authority, wherein permitting entry to the secure premises occurs before identifying the issuing authority of and electronically validating the identity credential.

Abstract: Retail point-of-transaction systems, program products, and related computer implemented methods to provide a customized set of identification data to facilitate a retail sales point-of-sale transaction which includes the use of one or more electronic coupons is provided. The retail point-of-sale system can include a computer having memory and configured to facilitate one or more transactions each of which include the use of one or more electronic coupons through a retail point-of-transaction terminal positioned remote from, and adapted to be in communication with, the computer. The computer can also include a set of instructions that when executed by the computer cause the computer to redeem one or more electronic coupons for one or more retail transactions responsive to a customized set of identification data provided by the computer responsive to a data profile derived from a set of personal data of at least one of a plurality of remotely positioned users.

Abstract: A distributed system (10) for issuing official stamps and/or titles (25), particularly stamps, comprising a central control unit or Service Centre (12), a plurality of local terminals (11) distributed throughout the land for materially issuing the official stamps and/or titles (25), and a plurality of smart cards (21) assigned to the operators of the local terminals (11), in which an initialization programme (40) is provided for initialising, in combination, a given local terminal (11) and a given smart card (21) of the system (10), in order to establish between that given terminal (11) and that given smart card (21) a bi-unequivocal type relationship of correspondence and cooperation, so that the given local terminal (11) and the given smart card (21), once initialised, are enabled within the system (10) to cooperate uniquely between one another to the exclusion of all other terminals and all other smart cards.

Abstract: A transportable recording medium includes an area for storing encrypted cookie information. The same cookie information is thus easy to use in different terminals and the cookie information becomes unique to respective users instead of respective terminals. A Web site reads the encrypted cookie information, decrypts the encrypted cookie information using a secret key stored in the Web site, customizes a requested service according to the decrypted cookie information, and provides the customized service to a terminal. If the Web site stores non-encrypted user information, the recording medium stores a media identification. The Web site stores the user information so that the user information of the user assigned to the recording medium is searched for according to the media identification. The Web site reads the media identification from the recording medium, searches for user information corresponding to the media identification, and customizes a requested service according to the user information.

Abstract: Method and apparatus for device authentication with multiple factors. In one embodiment a combination of attributes and/or identifying values known by the device and the authenticator are presented for authentication. The combination of attributes may be presented together, or separately. Invalidity of one of the combination of attributes may result in a more restricted than may be granted for validity of all factors of the authentication.

Abstract: A system and method for conducting a financial transaction using an integrated circuit device issued by a card issuer and capable of conducting off-line and on-line transactions with a payment card network. The method includes utilizing the card for conducting a transaction and reading from the card a pre-authorized balance, a pre-authorized limit, and an account number. The method also includes requesting on-line authorization in the event the value of the transaction is greater than the difference between the pre-authorized limit and the pre-authorized balance. Finally, the method includes receiving authorization to conduct the transaction and updating by the card the pre-authorized balance and the pre-authorized limit, wherein the card issuer, through the integrated circuit device, is able to continually update the pre-authorized limit based on various factors including the transaction and account activity.

Abstract: A system and method verify a user's identity in an Internet-related transaction. One system and method use a personal computer having identification information, a card reader, and a personal identification card having access information, to verify a user's identity using the access information and the identification information. Another system and method use a personal computer, a card reader, and a personal identification card having access information, wherein the card reader is included as part of a mouse coupled to the personal computer and wherein a user's identity is verified using the access information. Another system and method use a personal computer, a device coupled to the personal computer having identification information, a card reader, and a personal identification card having access information to verify a user's identity using the access information and the identification information.

Abstract: Provided are a shared key transmission apparatus, an automatic teller machine (ATM), and a controlling method thereof. The shared key transmission apparatus may include: a reception unit receiving, from the ATM, a first cryptogram where a random number is encrypted; a description unit restoring the random number from the first cryptogram; an encryption unit encrypting the shared key using the restored random number; and a transmission unit transmitting the encrypted shared key to the ATM. The ATM may include: an encryption unit generating a random number and encrypting the random number to generate a first cryptogram; a transmission unit transmitting the first cryptogram to the shared key transmission apparatus; a reception unit receiving, from the shared key transmission apparatus, a shared key that is encrypted using the restored random number; and a decryption unit restoring the shared key from the encrypted shared key using the generated random number.

Abstract: Apparatus and method for purchasing an item via a self-service checkout at a merchant store. The item is associated with a bar code and an anti-theft device. A customer uses their phone to establish communication with the store's transaction host. The phone includes a camera and a programmable memory. The memory includes customer account data. The camera is used to capture and transmit an image of the bar code to the host. The host determines the item's cost from the received bar code image. The customer can wirelessly transmit their account data from the phone to an in-store terminal. The terminal can transmit the account data to the host. The host can accept and use the account data in payment for the item. After customer payment for the item, the host causes the anti-theft device to be neutralized.

Abstract: A system includes a processing component; a communication interface receiving transaction data when a mobile device is coupled to the system; at least one data capture input element receiving payment data from an item external to the system and the mobile device; and a display displaying at least the transaction data.

Abstract: A transaction server for performing a transaction over a network using a virtual smart card the server comprising, a virtual smart card database having a plurality of records each record including a virtual card identification and a value corresponding to a single virtual smart card; a security module; an emulator for emulating a smart card, the emulator for receiving smart card commands and processing the commands in conjunction with the virtual smart card database and the security module; and a virtual card reader module for receiving the smart card commands and relaying the commands to the smart card emulator whereby transactions are performed over the network using one or more the records and the virtual smart card database.

Abstract: A method and system for obtaining ATM device services utilizes a service provider framework in which data is received by an ATM application that indicates there is a need for the performance of an ATM device function. The ATM application issues a request to an XFS manager to get the ATM device service by making a sub-routine call to the XFS manager to get the ATM device service from a service provider. The XFS manager translates the sub-routine call as an entry point into the service provider for processing by the service provider, and a request object associated with the request is instantiated. The service provider is implemented by instantiating an instance of the service provider framework XFS service provider base class and one or more instances of the service provider framework request objects required to process the request. After processing the request, the service provider returns a result to the ATM application.

Abstract: The payment system according to the present invention comprises an electronic payment device (2) and an authentication device (1) connected (3) together; the payment device (1) comprises a bank card reader (27); the authentication device (1) comprises a fingerprint reader (16) and is adapted to make fingerprint comparisons. When the payment device (2) carries out a payment, in addition to the usual operations, it reads user identification information from a bank card (5) associated to the bank card reader (27) and it authenticates the identity of the user carrying this bank card by means of the authentication device (1) connected thereto.

Abstract: A server is operable to receive a media device identifying number (ID) and establish an association between a media device and a payment account and, in one embodiment, supports at least one of payment authorization and payment clearing based at least in part on the media device ID and the payment account. A network and system includes a payment card processor server that is operable to receive a payment authorization request and to determine if an authorized media device generated a purchase selection message and to determine to approve a received payment authorization request based, in part, if the media device was authorized for the purchase selection based upon a received media device ID. The system is further operable to perform a key rotation to protect payment account information.

Abstract: A server is operable to receive a media device identifying number (ID) and establish an association between a media device and a payment account and, in one embodiment, supports at least one of payment authorization and payment clearing based at least in part on the media device ID and the payment account. A network and system includes a payment card processor server that is operable to receive a payment authorization request and to determine if an authorized media device generated a purchase selection message and to determine to approve a received payment authorization request based, in part, if the media device was authorized for the purchase selection based upon a received media device ID. The system is further operable to perform a key rotation to protect payment account information.

Abstract: A system to provide a customized set of identification data to facilitate a transaction and related methods, are provided. The system can include a computer in communication with a database to store personal control IDs and sets of personal data associated with personal control IDs identifying a selected different person for use by a selected one of one or more providers identified by provider ID, and program product to perform the operations of receiving a set of personal data from a remotely positioned user, requesting and receiving a personal control ID from the user to associate with a set of personal data, storing the personal control ID and the set of personal data in the database, receiving a request for at least a portion of the set of personal data of the user, and providing customized information based on a data profile derived from the set of personal data of the user.

Abstract: Fuel dispensing transactions may be accomplished by a variety of systems and techniques. A fuel dispensing device may include a payment module, a data entry device, and a customer display. The payment module may receive a first communication from a point of sale device requesting an encrypted response and receive a second communication from the point of sale device requesting an unencrypted response. The module may match the first communication to a first corresponding library entry, match the second communication to a second corresponding library entry, determine a user response based on one of the first corresponding library entry or the second corresponding library entry, where the user response defines one of the encrypted response based on the first corresponding library entry or the unencrypted response based on the second corresponding library entry, and use the corresponding library entry to generate a visual customer display requesting the user response.

Abstract: A method of operating a self-service terminal and a network of self-service terminals. The method comprises: receiving notification that a maintenance operation has been performed on the terminal; performing a compliance check on the terminal; and issuing a code in the event that the compliance check is successful. The code can be used to audit and/or validate that the maintenance operation was performed successfully and that the terminal was left in working order.

Abstract: This invention relates to a terminal device capable of communicating with an accounting center, an accounting system, and a data processing method. A point memory 45 of a recording/reproducing device 10 stores accounting point information. An HDD 15 stores information distributed from an external source. A CPU 11 updates the accounting point information stored in the point memory 45 and updates attributes of the distributed information when the distributed information is stored onto the HDD 15. Thus, such inconvenience that communication with a distribution/accounting center 1 is carried out every time information is distributed to the recording/reproducing device 10 is avoided.

Abstract: A system and method to verify a user's identity in an Internet-related transaction. One system and method use a personal computer having identification information, a card reader, and a personal identification card having access information, to verify a user's identity using the access information and the identification information. Another system and method use a personal computer, a card reader, and a personal identification card having access information, wherein the card reader is included as part of a mouse coupled to the personal computer and wherein a user's identity is verified using the access information. Another system and method use a personal computer, a fingerprint reader, a card reader, and a personal identification card having access information to verify a user's identity using the access information and the data of the fingerprint reader.

Abstract: A system is proposed for performing transactions with terminals which fundamentally allow a plurality of different transactions to be performed. The terminals (10, 11) are connected for this purpose via a terminal network (30) with at least one node computer (40, 41) via which they can be set up for performing a transaction. The suitability for performing a further, hitherto unprepared transaction can be provided later anytime without any special setup measures. A terminal (10, 11) requests for this purpose data providing the functionality required for performing the further transaction from a node computer (40, 41) following a trigger signal designating the further transaction. The transaction is then performed in interaction between a terminal (10, 11) and a node computer (40, 41).

Abstract: A method and apparatus is provided for secure terminals that facilitate secure data transmission and are compliant with the payment card industry (PCI) data security requirements. A security processor is combined with an application processor and a display into a secure display control unit (SDCU) that provides tamper resistance and other security measures. Modular secure I/O devices are interfaced to the SDCU via a wired, or wireless, medium so as to facilitate secure data transfer to the SDCU during a point-of-sale (POS) transaction or other transaction that requires secure data entry. The secure I/O devices implement one-time-pad (OTP) encryption, where the random keys, or pads, are generated by a derived unique key per transaction (DUKPT) generator. Other embodiments facilitate interconnection of the secure I/O devices to a hardware security module (HSM) or a personal computer (PC) while maintaining a high level of data security.

Abstract: The present invention discloses systems and methods for enabling cashless fueling transactions through the use of vehicle-based decal sticker RFID tags. The tags store a unique customer identification number as well as other frequent purchase information. When read by a reader installed at the fuel dispenser, the tag information is sent to the network host via the Point of Sale (“POS”) system, where it is linked to a customer's account for transaction processing and subsequent activation of the fuel dispenser. Several tags may be read by a single interface unit, avoiding the need to connect a tag reader to each fuel dispenser.

Abstract: A method for contractors working in single or multiple buildings or facilities to have a standardized card that would contain all information required by facilities personnel. This card allows facilities personnel to obtain the necessary personal, licensing, insurance, and other required information to pull building permits from local government building departments without requiring contractors to interview and complete paperwork. This provides an advantage to both building personnel and contractor over present methods. The contractor procures the card from a granting agency. The card can be designed for use either in secure or non-secure facilities. The secure card would be read at access terminals located at facility entry points. That card would contain all information required for access or application for building permits. This would save the considerable time spent by both the contractor and security personnel in gathering the information for temporary workers.

Abstract: A card activated cash dispensing automated banking machine (12, 200, 302) is provided. The machine may be operative to install a terminal master key (TK) therein in response to at least one input from a single operator. The machine may include an EPP (204) that is operative to remotely receive an encrypted terminal master key from a host system (210, 304). The machine may authenticate and decrypt the terminal master key prior to accepting the terminal master key. The machine may further output through a display device (30) of the machine a one-way hash of at least one public key associated with the host system. The machine may continue with the installation of the terminal master key in response to an operator confirming that the one-way hash of the public key corresponds to a value independently known by the operator to correspond to the host system.

Abstract: A system for facilitating secure transactions between a purchaser and a vendor is provided. The system might include a purchaser token data capture device for reading token data into the system, an encryption module for encrypting the token data and a network based vendor input form for communicating the encrypted token data to the vendor. The system might further include a purchaser terminal for routing the encrypted token data to a transaction processing network or a vendor for providing payment and confirmation to the vendor of an authorized token.

Abstract: An automated banking machine (12, 200, 302) is provided. The machine may be operative to install a terminal master key (TK) therein in response to at least one input from a single operator. The machine may include an EPP (204) that is operative to remotely receive an encrypted terminal master key from a host system (210, 304). The machine may authenticate and decrypt the terminal master key prior to accepting the terminal master key. The machine may further output through a display device (30) of the machine a one-way hash of at least one public key associated with the host system. The machine may continue with the installation of the terminal master key in response to an operator confirming that the one-way hash of the public key corresponds to a value independently known by the operator to correspond to the host system.

Abstract: A cryptographic device comprises a data stream interceptor, a main controller receiving input from the data stream interceptor, and a pair of data generating and storage controllers adapted to perform data transfer protocols with corresponding peer controllers of a data generating device and a data storage device, respectively, on command from the main controller. The cryptographic device further comprises a cipher engine programmed to transparently encrypt and decrypt data streams flowing between the data generating device and data storage device on command from the main controller. The cryptographic device does not utilize system resources associated with the data generating and storage devices during operation.

Abstract: A system and method for authorizing certain aspects of network based transactions between a customer and a merchant is disclosed. At a credit card authorization system, merchant information, transaction information, and a credit card number of a customer is received from an e-commerce merchant. An authorization form at the credit card authorization system that contains the transaction information is created. An internet browser associated with the customer is caused to display the authorization form. A signature phrase is received from the customer via the authorization form. The received signature phrase is verified that it corresponds to a signature phrase stored in a credit card account associated with the credit card number. The internet browser associated with the customer is caused to be transferred to a web site associated with the e-commerce merchant.

Abstract: A data storage medium has a first memory area that is read-only and stores first certification data that is unique to the data storage medium, a second memory area that stores data and second certification data supplied from the outside, an identity circuit for determining whether or not the first and second certification data are identical with each other, and a switch circuit for providing the data stored in the second memory area to the outside only when the identity circuit determines that the first and second certification data are identical with each other. If data is written into the data storage medium with illegal certification data, the data storage medium disables the reading of the written data from the data storage medium, thereby preventing the illegal copying of digital data.

Abstract: A clear text security method has a table of secure prompts stored in memory of a transaction terminal, such as memory of a PIN entry device, that is connected to a remote device. A data entry prompt in a display command is received by the transaction terminal followed by a command for entry of data into the transaction terminal to be transmitted as clear text data. Before accepting the data entry command, the transaction terminal compares the data entry prompt to prompts stored in a table of secured prompts. The transaction terminal accepts the data entry command only if the prompt included in the most recent display command received by the transaction terminal is a secure prompt. The transaction terminal determines that the data entry prompt is a secure prompt if it matches a prompt in the secure prompt table, matches only a portion of any secure prompt in the secure prompt table, or a any prompt in the secure prompt table matches only a portion of the data entry prompt.

Abstract: The present invention relates to a digital contents selling system for selling digital contents. Identification information of digital contents selected by a customer is received. Personal digital contents are generated by setting identification information for identifying the customer in the selected digital contents as status information for permitting the customer to replay the selected digital contents. The generated digital contents are sold. Thereby, a technique is provided for preventing the illegal use of the sold digital contents.

Abstract: A system and method of configuring value cards which facilitates selection of personalized limits on value card use in transactions. The value card configuration system includes a display for displaying value card configuration options, an input device for recording customer selections of the value card configuration options, and a computer for controlling the display and the input device, for assigning a value card identification number to the value card, for dispensing the value card, for establishing a connection to a value card host computer, and for sending the selections to the value card host computer via the connection for later retrieval during a transaction in which the value card is used for payment.

Abstract: The present invention is to provide a memory rental service system in an intelligent authentication unit, the system allowing an application operating entity to setup or change any application freely and easily at a reduced cost of operating the application. In other words, the system is to separately lease one or more specific areas of a memory in the intelligent authentication unit (IAU) for independently authenticating personal identification such as fingerprints, to one or more operators who operate specific applications. A write API distributed to the operator is used to write the contents such as data or a program written in a specific area, while a read/write API is used to authenticate personal identification so as to read the written contents such as the data or program stored in the specific area and operate the application specified by the APL.

Abstract: A personal data/time notary device is embodied in a token device such as a “smart card”. The portable notary device includes an input/output (I/O) port, which is coupled to a single integrated circuit chip. The I/O port may be coupled to a conventional smart card reading device which in turn is coupled to a PC, lap-top computer or the like. A tamper resistant secret private key storage is embodied on the chip. The private key storage is coupled to the processor which, in turn, is coupled to a permanent memory that stores the program executed by the processor. At least one clock is embodied on the card. A second clock 14 and a random value generator 10 are also preferably coupled to the processor. The device combines digital time notarization into a digital signature operation to ensure that a time stamp is always automatically present. The user does not need to be involved in any additional decision making as to whether time stamping is necessary.

Abstract: An offline code-based reload device and method for adding value to a reconfigurable memory storage means in a portable storage medium. Reload is effected using a reload device not directly connected by telephone or any other communication network to a value supplier. The system uses a “one time use number” (“OTN”) generated by a computer program containing an algorithm containing information on the value to be added and a transaction sequence number (“TSN”). Upon presentation of the portable storage medium to the reload device and entry of the OTN into a numeric keypad, the reload device decodes or disassembles the OTN to verify its authenticity, validate that it was created for the specific portable storage medium presented to the reload device and to verify through the TSN that the OTN has not been previously used to add value from the receiving reload device or any other reload device.