Abstract: A system for conducting a financial transaction in e-commerce on the internet includes objects prepared by a seller and a buyer. The seller's object includes a clear text header file (advertisement), an encrypted overhead file which contains verification data pertaining to the financial transaction, and an encrypted content file containing the subject matter for sale by the seller. With a purchase solicitation from the buyer, an overhead key can be used by a transaction agency to ensure there is a compliance between the purchase solicitation and the verification data of the overhead (from seller's object). Next a revelation key is provided to give the buyer access to the content when such compliance has been ensured.

Abstract: Distributing content markings includes receiving, from a first entity, marking content corresponding to Internet content and author presentation instructions associated with the marking content. When a request to view the Internet or marking content is received from a second entity, the received author presentation instructions are used to determine whether the second entity is approved to view marking content associated with the requested Internet content. Dependent on whether the second entity is approved to view the marking content, presentation of the information associated with the marking content concurrently with the requested Internet content is enabled.

Abstract: A commercial transaction method is disclosed. The method first establishes a secure link over a first air interface by a purchasing device. This secure link is between the purchasing device and a point of sale device. The method further identifies a second air interface, which is different from the first air interface, and the second air interface is used to conduct a secure commercial transaction.

Abstract: Systems and methods are provided for secure transactions according to one or more embodiments. According to an embodiment, a method for providing secure transactions comprises initiating a transaction via a point of sale device having a one time password generator. The method also comprises generating at least one password by the point of sale device. The method further comprises associating the at least one password with account information. The method further comprises transmitting the password associated with the account information to a remote location. If the transmitted password matches predetermined associated information at the remote location, the method further comprises confirming the transaction.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: A method may include allocating a number of public keys, where each respective public key is allocated to a respective entity of a number of entities; storing a number of private keys, where each respective private corresponds to a respective public key; storing one or more decryption algorithms, where each respective decryption algorithm is configured to decrypt data previously encrypted using at least one encryption algorithm of the encryption algorithms. Each respective encryption algorithm may be configured to encrypt data using at least one public key. Each respective decryption algorithm may be configured to decrypt data using at least one private key. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key and a first encryption algorithm, and the encrypted data is provided over a network.

Abstract: A system and method for depositing and processing checks using an ATM is provided. The method includes capturing the image data of the check with a reading unit, transmitting the image data to a web service based on an open API (Application Programming Interface) without resorting to standard protocols of ATMs. The method also includes processing the image data with the web service so that the text data on the check is recognized. When calling the API, version information is transmitted to ensure that the web service is a correct web service. When a version indicated by the version information is not supported, an error is reported to the ATM and transmission is reattempted for a predetermined number of times. The method also includes booking the recognized data on the basis of account information determined from a credit card by a magnetic card reader.

Abstract: A method may include allocating a number of public keys, where each respective public key is allocated to a respective entity of a number of entities; storing a number of private keys, where each respective private corresponds to a respective public key; storing one or more decryption algorithms, where each respective decryption algorithm is configured to decrypt data previously encrypted using at least one encryption algorithm of the encryption algorithms. Each respective encryption algorithm may be configured to encrypt data using at least one public key. Each respective decryption algorithm may be configured to decrypt data using at least one private key. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key and a first encryption algorithm, and the encrypted data is provided over a network.

Abstract: Particular embodiments provide a method for orchestrating an order fulfillment business process that includes a sub-process. In one embodiment, abstraction of business processes from an underlying information technology (IT) infrastructure is provided. An orchestration process can be designed using sub-processes such that the sub-process is assembled at run-time into an executable process. The sub-process may be defined in an interface as a single step. A plurality of services as then assembled as steps in the executable process at run-time.

Abstract: Systems, methods and computer-readable media for facilitating the presentation of content associated with a financial transaction are disclosed. The content may be identified by a requestor or a party to the financial transaction on whose behalf a request associated with the financial transaction is received. A content location identifier that identifies a location where the content is stored may be identified or generated and may be included in or otherwise provided in association with a debit or credit instruction. The content location identifier may be presented by a user interface associated with a financial institution in conjunction with other transaction information and may facilitate access to the content and presentation of the content to a user.

Abstract: The invention generally relates to the field of biometric authentication methods. The invention specifically relates to a method for authenticating first communication equipment by means of second communication equipment. Compared with the known biometric authentication methods of the prior art, the invention enables an increase to be achieved in the number of exchanges in authenticating (2) the first equipment by means of the second equipment and in opening (3) a secure communication channel between said two pieces of equipment, therefore saving time, said authentication and channel-opening operations taking place in the biometric authentication methods between, on the one hand, a detection (1) of the first equipment by the second equipment, and a biometric authentication (5) of the user and a selection of an application and an application-related transaction between the two pieces of equipment on the other hand.

Abstract: A wagering game system and its operations are described herein. In embodiments, the operations can include managing multiple instances of gaming applications associated with a wagering game client device and determining event data from the multiple instances of gaming applications. The operations can further include aggregating the event data into an event repository and determining that a requesting application requests some portion of the event data. The operations can further include opening a communication channel between the event data repository and the requesting application, formatting the requested portion of the event data in a format understandable to the requesting application, and communicating the requested portion of the event data to the requesting application via the communication channel.

Abstract: An online service providing system, a method, a server, and a mobile device thereof, and a computer program product are provided. The method includes sending a verification link corresponding to a user account that is not verified; after receiving a verification request corresponding to the verification link, determining whether a device identification sent by the mobile device that has logged in the user account is received; when receiving the device identification, confirming whether the user account is verified according to the device identification; after confirming that the user account is verified, when receiving a service request sent by a terminal device logging the user account into a service website, determining a homepage of the service website according to the device identification, and providing the online service corresponding to the mobile device to the terminal device through the service website.

Abstract: Embodiments of a system and method for receiving task requests from unregistered devices are described. Embodiments may include a communication interface service configured to receive from a communication device a message indicative of a request to perform a task. The communication interface service may determine that the communication device is not registered with an existing account that provides information for performing said task. The communication interface service may obtain identification and authentication information for an existing account via a communication channel. The existing account may be an account for that is accessible via a network-based interface. The communication channel through which the identification and authentication information is received by the communication interface service may be any communication channel that does not include the network-based interface of the existing account.

Abstract: A system and method are disclosed for creating groups associated with defined geographical neighborhoods for the purpose of providing and distributing information to members of the neighborhood groups, and soliciting assistance from members of the neighborhood groups. For example, an alert concerning a missing child may be sent from a user device (e.g., smart phone) to a server located on the Internet for distribution to user devices of members of a neighborhood groups. The notified members, in turn, using their respective user devices, may send notifications to the alert-originating user (as well as other members) of their participation in the search for the missing child. Additionally, the notified members may send notifications to the alert-originating user of the finding of the lost child. Such features may also apply to other alerts and/or notifications sent to members of a neighborhood group.

Abstract: Vending machine circuitry adapted to interface with vending machine electronics so as to provide data communications between a handheld device, preferably a wireless handheld device operated by a potential consumer, and the vending machine electronics, with the handheld device providing the network communications connectivity for transmitting and receiving information to and from remote data centers, data bases, and/or servers.

Abstract: A system, device and method for encrypting plaintext information securely. The system includes a transmitting agent to generate and synchronize a first cipher stream using the plaintext information and a first key, to generate and synchronize a second cipher stream using a second key and a randomizing function to randomize and synchronize a controllable plaintext stream to form a second synchronized cipher stream, and to operate on the plurality of first and second cipher streams using an exclusive disjunction operator to obtain a ciphertext stream; and a receiving agent to decrypt the ciphertext stream.

Abstract: In at least one embodiment of an ecommerce system, payment data is divided into proper subsets and distributed among multiple data processing systems, and each of the data processing systems stores less than all of the subsets of the payment data after the subsets of payment data are distributed and until at least sending the payment data to a payment authorization system for processing. In at least one embodiment, distributing proper subsets of the payment data among multiple data processing systems enhances security of the payment data by limiting an amount of time and the locations in which a complete set of payment data is persisted.

Abstract: An execution log generation apparatus generates an execution log upon receiving, for each job operation, job operation data indicating content of a job operation performed in a job procedure from a job processing apparatus that performs job processes through job procedures. The execution log generation apparatus includes a definition file holding unit that holds a definition file in which job operations performed in the job procedures are defined along a flow of the job processes and the job procedures, and in which output items to be output as execution logs for the each job operation are listed in a common format; and an execution log output unit that selects, from the definition file, an output item corresponding to a job operation contained in the job operation data, and outputs, as an execution log, the same output item as the selected output item from the job operation data.

Abstract: A system for implementing a method that books and pays a retailer having a POS connected to a transaction server storing confidential user information including a retailer identification, a user code, and a user wireless device phone number. The method includes: receiving at the transaction server, from the user wireless device which can be a cell phone, an SMS containing a retailer identification; reading at the transaction server the phone number of the wireless device communicated by the carrier transporting the SMS; authentifying the phone number and retailer identification with the stored confidential user information; sending the user confidential information to the retailer POS. The user enters on the POS the user code. The POS reads and authentifies the user code with the user confidential information received from the transaction server. The retailer enters the payment information on the POS and sends it with user information to the transaction server.

Abstract: An artist or a music company creates multimedia music contents using interactive media creating tools on their computer and upload to a fans club server. The fans club server maintains all fans registration information and client uploaded multimedia music/songs contents. An interactive media description module on the fans club server generates the interactive media using the multimedia contents provided by the client or the artist as its input. The generated interactive media will be distributed among the fans of the respective artist for playing on their mobile phones and review their contents online for a feedback before the songs being released in the market. The interactive media also prompts mobile phone user for purchasing the songs online. The mobile phone user can also purchase trial songs, and download on their mobile phone and make the online payment.

Abstract: Systems and methods are provided for performing transactions and managing communications using a trusted third party. In one embodiment, a sender transfers an encrypted version of a file (such as a digitally encoded audio track, movie, document, or the like) to someone who wishes to receive it. The receiver computes a first hash of at least a portion of the encrypted data content, and sends the first hash to a third party configured to compare at least a portion of the first hash to at least a portion of a second hash. The receiver receives a file decryption key from the third party, and decrypts at least the portion of the received encrypted data content with the decryption key. In some cases, multiple hashes of the encrypted data content may be computed, each using a different portion of the encrypted data content.

Abstract: According to one embodiment of the present invention, a method for generating conditional offers for semi-anonymous trading participants is provided. According to one embodiment of the present invention, a method comprises associating a trading entity with an identifier; acquiring trade history information including a history of trading transactions associated with said identifier; and receiving an offer from a Liquidity Provider based on said trade history information, said offer being only made to the trading entity associated with one of said identifiers.

Abstract: Various embodiments of a system and method for in-band transaction verification are described. The system and method for in-band transaction verification may include a transaction verification component. The transaction verification component may be configured to provide a transaction confirmation request that includes one or more machine readable resistant security media objects to indicate one or more transaction details for a transaction as well as a confirmation code for confirming the transaction. The transaction verification component may also be configured to receive a response to the confirmation request, such as a response from the user that submitted the transaction request. If the response includes a response code that is the same as the confirmation code, the transaction verification component may complete the transaction. If the response includes a response code that is different than the confirmation code, the transaction verification component may abort the transaction.

Abstract: A device is configured to allow a user to select any of a plurality of accounts to employ in a financial transaction. The user device includes a biometric sensor configured to receive a biometric input, a user interface configured to receive a user input including secret information known to the user and identifying information concerning an account selected by the user from the plurality of accounts. The user device includes a communication link configured to communicate with a secure registry, and a processor coupled to the biometric sensor to receive information concerning the biometric input, the user interface, and the communication link. The processor is configured to generate a non-predictable value and encrypted authentication information from the non-predictable value, the identifying information, and at least one of the information concerning the biometric input and the secret information, and communicate the authentication information via the communication link to the secure registry.

Abstract: Embodiments of the present invention provide a method, system and computer program product for cash management optimization method for payment processing. In an embodiment of the invention, a cash management optimization method for payment processing can include receiving a transaction profile for a proposed transaction as payment for a purchase by a purchaser from a merchant at a card processing terminal configured to identify a card number for a card. The method further can include comparing the transaction profile to merchant-specified preferences mapping different transaction profiles to different payment processors. A payment processor for the proposed transaction can be selected based upon the comparison of the transaction profile to the merchant-specified preferences. Thereafter, the proposed transaction can be routed over a computer communications network to the selected payment processor for payment processing.

Abstract: A method, apparatus and program product provide a mechanism for managing the execution of electronic documents using electronic signatures. Documents requiring electronic signatures are automatically identified, mined, trimmed and split from a printer control data language stream. Status information pertaining to needed data, signatories, signature completions and authentication attempts is related to users during and after an electronic signing sequence.

Abstract: A first server device is configured to receive an authentication request from a second server device; add the authentication request to a queue associated with a user; and provide a representation of the queue to a mobile device of the user. The representation of the queue includes an entry for the authentication request. The first server device is further configured to receive, from the mobile device, authentication information, provided by the user, for the authentication request; determine that authentication, of the user, for the authentication request is successful based on the authentication information; generate an authentication response that indicates that the authentication, of the user, for the authentication request is successful; and transmit, by the first server device, the authentication response to the second server device.

Abstract: One embodiment provides a system that facilitates an electronic transaction between a set of entities. During operation, the system discovers a potential interaction between the entities and verifies a set of shared electronic transfer capabilities between the entities. Next, the system facilitates the electronic transaction between the entities by notifying one or more of the entities of the shared electronic transfer capabilities.

Abstract: In general, the subject matter described in this disclosure can be embodied in methods, systems, and program products. A first third-party application program that was developed by a first entity receives a first request to purchase a first product for use within the first third-party application program. In response to receiving the first request, a purchasing user interface is customized to include first details that are specific to the first product. The purchasing user interface that includes the first details is displayed. A second request to purchase a second product for use within the second third-party application program is received from a second third-party application program that was developed by a second entity. In response to receiving the second request, the purchasing user interface is customized to include second details that are specific to the second product. The purchasing user interface that includes the second details is displayed.

Abstract: A method and system for making transactions with at least one merchant site through an electronic portable device which can be connected to a communication network, comprising a connection of an electronic device to an intermediary site through the communication network. The said intermediary site being connectable to at least one merchant site, and a transmission to the said electronic portable device of information coming from at least one merchant site in a format which is adapted to the resources of the said electronic portable device.

Abstract: An embodiment defines access control allowing the expression of access control rules using ontology based semantics and references an ontology subset using XPath as the ontological expression. The access control rules or access criteria are defined by an access control statement and may be expressed using classification criteria and ontology classes. The access control statement comprises a structural description that is used to define an asset and a logical expression that may be used to express the classification criteria. The access control statement defines access policy for various assets.

Abstract: Systems and methods for increasing user trust by authenticating an electronic commerce server over an electronic communications channel using information received through an out-of-band communication in a physical communications channel are described. In one configuration, a paper bill is sent to a user by physical mail delivery and it includes challenge and response data used to authenticate the electronic commerce server over the electronic communications channel.

Abstract: A method for authenticating a financial transaction at a point of sale (POS) includes storing an application program in a first secure element of a mobile phone. The application is configured to generate instruction codes to effect the financial transaction upon verification of a user's identity. The user's credentials are stored in a second SE of the phone, which is operable to verify the user's identity from a biometric trait of the user input to the phone and to generate data authenticating the financial transaction in response to the verification of the user's identity. At the POS, the user invokes the application and then inputs a biometric trait to the phone. The second SE verifies the user's identity, and upon verification, generates data authenticating the transaction. The financial transaction data, including the instruction codes and the authenticating data, are then transmitted from the phone to the POS.

Abstract: In one embodiment, a method for promoting the sale of a substitute product at the point of sale (POS). Upon the presentation of an original product for purchase by a consumer at a POS terminal, various manufacturers may decide to offer a substitute product to the consumer, prior to completing the purchase of the original product. If the customer accepts the offer, the point of sale terminal completes the sale of the substitute product.

Abstract: A cryptographic system that continuously identifies both the client and server applications/systems without the need for long term secret keying material or traditional encryption techniques. This system continuously derives its keying material from the previous transactionally bound conversation between the client and the server as well as nonces from the server. Because the primary keying material is derived by both the client and server from the transactionally bounded conversation, you can not spoof either the client or the server. The provides for a method for both the client and the server to assure that they are talking to the appropriate peer. All attacks that attempt to copy, forge, or replay the keying material are detected and bound.

Abstract: A utilization method and system within a communication network comprises at least one service provider and at least one service consumer. In particular, a there is license contract method and system for validating web services during runtime. At least one parameter is provided to define, if and how many meter event requests associated with service requests may be stored in a cache memory. The parameter is predefined and may be contained in the license contract. Further, a counter may be provided for counting the service requests. The actual status of the counter is sent to the service consumer and/or the service provider.

Abstract: An electronic transaction evidence archive apparatus and method archives electronic transaction evidence, such as public key based electronic transaction evidence on behalf of a first party. The apparatus and method determines redundant electronic transaction evidence and removes the redundant electronic transaction evidence prior to archival. In one embodiment, the electronic transaction evidence archive apparatus and method indexes received electronic transaction evidence and archives the indexed data elements thereof. When a subsequent archival request is made, the apparatus and method evaluates the index data to determine redundant electronic transaction evidence and discards redundant information to save memory resources. The first party provides the electronic transaction evidence in, for example, an archive evidence bundle, which includes data elements related to a single transaction.

Abstract: According to one aspect, the invention provides a system for authenticating identities of a plurality of users. In one embodiment, the system includes a first handheld device including a wireless transceiver which is configured to transmit authentication information, a second device including a wireless receiver, where the second device is configured to receive the authentication information.

Abstract: At a terminal assembly associated with a physical access point, payment device data is obtained from a reduced-functionality payment device, and the data is identified as emanating from such a device. In response, the payment device data emanating from the reduced-functionality payment device is converted into an authorization request or an access request, of a format consistent with full-functionality payment devices. The authorization request or access request is dispatched into a payment infrastructure which is configured to handle same, but is not configured to handle the reduced-functionality payment device.

Abstract: Methods and systems are disclosed for capturing consumer voice signatures. The methods and systems synchronize voice signatures with display of the terms and conditions of a transaction to the consumer in real time during a phone conversation. In one implementation, mobile devices with text display capability may be used to display the terms/conditions of the transaction while the consumer is talking to a customer service representative or an interactive voice response system. The terms/conditions may be displayed as a scrollable document on the mobile device to which the consumer may then agree during the phone conversation. The consumer may then “voice sign” by reading the displayed terms/conditions, or some portion thereof, during the phone conversation to manifest his/her knowing consent. Such an arrangement helps promotes the use of voice signatures by consumers in a manner that complies with the requirements of the federal E-Sign Act.

Abstract: Method and apparatus for monitoring identity misrepresentation by a user on a network are described. In one example, validated identity information for the user is received from a trusted source. Data exchanged between a network client on a device associated with the user and the network is monitored. An identity misrepresentation by the user is detected based on the validated identity information. A notification of the identity misrepresentation is sent to the trusted source.

Abstract: A method and mechanism for protecting a website against defacement are provided. A content owner may associate content with a digital signature. The digital signature allows a recipient of the content to verify that the content originated from the content owner, and that the content has not been defaced. The digital signature may be comprised within the content, or stored external to the content, e.g., in a repository accessible to a Web cache server serving the content. To construct the digital signature, initially, the content owner creates a content validity value for a portion of content, the content validity value is encrypted to create the digital signature. The Web cache server may use the digital signature to determine whether the content has been defaced.

Abstract: An electronic card is disclosed including circuits of the protected zone include at least one control circuit. The electronic card further includes another zone defining a non-protected environment; the circuits of this zone do not need to comply with the distance constraint. The communication between the circuits of the protected zone and the non-protected environment is carried out by a communication circuit allowing or not allowing the electrical signals to pass. The passage of the electrical signals in the communication circuit is conditioned by an electrical control signal sent by the control circuit. Also disclosed is a method allowing the control circuit to be blocked if the electrical status of the signal controlling the passage of the signals does not correspond to the status imposed by the control circuit.

Abstract: Verifiable authentication credentials are provided to foreign systems without passing an id and password to the protected resource. A user wishing to access a secure remote site is prompted for credentials, the credentials are authenticated locally and a digitally signed token is created. The token is redirected to the secure remote site by the user's browser using HTTP redirection. The digital signature is verified by the secure remote site preferably by a digital signature web service. The remote site establishes communications with the user if the digital signature is valid.

Abstract: The invention is a cryptographic server providing interoperability over multiple algorithms, keys, standards, certificate types and issuers, protocols, and the like. Another aspect of the invention is to provide a secure server, or trust engine, having server-centric keys, or in other words, storing cryptographic keys on a server. The server-centric storage of keys provides for user-independent security, portability, availability, and straightforwardness, along with a wide variety of implementation possibilities.

Abstract: One embodiment of the present invention provides a system that facilitates the transfer of a software license from a first client to a second client. The system operates by receiving a request at the first client to deactivate the software license for an associated application installed on the first client. The system then receives a deactivation request that includes an identifier for the license at a license activation server from the first client. Next, the system validates the identifier on the license activation server to determine if the identifier is a valid identifier. If so, the system sends a deactivation message to the first client, receives a deactivation response from the first client, and increments a count of license instances available for the identifier on the license activation server.

Abstract: A system and method for facilitating electronic transactions using an intelligent instrument is disclosed. An authorization server enables users to obtain authorization credentials through the use of the intelligent instrument by issuing a challenge to an intelligent token of the intelligent instrument. The intelligent token generates a challenge response and transmits the challenge response to the authorization server, which assembles credentials including a key for the electronic transaction upon validating the response. The authorization server sends the assembled credentials to the intelligent instrument and the intelligent instrument transmits the assembled credentials to the authorization server during a subsequent transaction. The authorization server validates the assembled credentials and provides authorization for the transaction in response to the validating the assembled credentials.

Abstract: A method and system for verifying a check that is being used for an on-line transaction, utilizes a hash code value either printed directly on the check, or obtained from an insert card provided by a check printer. To conduct an on-line transaction using a check, the customer enters in data obtained from a MICR line of the check, whereby the data includes a one-way hash value that is based on the data provided on the MICR line as well as private data not provided on the MICR line. A web server of an e-tailer for which the customer seeks to make the on-line transaction, receives the data entered by the customer. The web server of the e-tailer transmits, to a check verifier, the data entered by the customer. The check verifier verifies whether or not the check is valid, by comparing the hash code value entered in by the customer with a hash code value that is separately calculated by the check verifier, based on private data of the customer obtained by the check verifier from a database.