Abstract: Disclosed are systems and methods for managing transactions in which an order is specified online and payment is received at a point of sale (POS). Methods are disclosed for managing payment for such transactions at a POS, including transactions involving payment for both in-store purchases and online orders. Methods are also disclosed for managing inventory and price changes for such transactions where payment can occur at any time in a pay period following order creation. Also disclosed are methods for processing refunds for online orders for which payment was made at a POS. Finally, methods for preventing fraud and abuse as well as restricting the availability of this payment method for certain items are disclosed.

Abstract: Data is generated in a client based on events at a client, wherein each event is associated with a first dimension, a second dimension and a quantity. A random value is generated for each interval of the first dimension and each instance of the second dimension. The quantity of each event is modified using the random value to determine a modified quantity. A running total for each interval of the first dimension and each instance of the second dimension is determined using the modified quantities and transmitted to an untrusted third party. An exact result of processing the modified quantities and the running totals by the untrusted third party can then be received and decoded by the client.

Abstract: A cryptographic method is provided of a type with public key over a non-supersingular elliptic curve E, determined by the simplified Weirstrass equation y2=x3+a·x2+b over a finite field GF(3n), with n being an integer greater than or equal to 1. The method includes associating an element t of said finite field with a point P? of the elliptic field. The step of associating includes: obtaining a pre-determined quadratic non-residue ? on GF(3n); obtaining a pre-determined point P=(zP, yP) belonging to a conic C defined by the following equation: a·?·z2?y2+b =0; obtaining a point Q=(zQ, yQ), distinct from the point P belonging to the conic C and a straight line D defined by the following equation: y=t·z+yP?t·zP; obtaining the element ? of GF(3n) verifying the following linear equation over GF(3): ??·?=(?2·zQ)/a; and associating, with the element t of the finite field, the point P? of the elliptic curve, for which the coordinates are defined by the pair (?·zQ/?, yQ).

Abstract: As individuals increasingly engage in different types of transactions they face a growing threat from, possibly among other things, identity theft, financial fraud, information misuse, etc. and the serious consequences or repercussions of same. Leveraging the ubiquitous nature of wireless devices and the popularity of (SMS, MMS, etc.) messaging, an infrastructure that enhances the security of the different types of transactions within which a wireless device user may participate. The infrastructure may optionally leverage the capabilities of a centrally-located Messaging Inter-Carrier Vendor.

Abstract: For solving the problem that multiple Universal Serial Bus (USB) Keys are required to be taken to realize multiple network payments in the conventional art, the provides a method and a mobile terminal for realizing network payment. The method includes: a mobile terminal selects a network payment system which is needed to implement current network payment from a plurality of network payment systems according to an instruction input by a user; when the user is confirmed to be a legal user according to the digital certificate, the mobile terminal logs on the selected network payment system and implements the network payment. The selects a network payment system which is needed to implement the current network payment from a plurality of network payment systems, thus it is not needed to take multiple USB Keys.

Abstract: In one embodiment, a user device is configured to allow a user to select any one of a plurality of accounts associated with the user to employ in a financial transaction. In one embodiment, the user device includes a biometric sensor configured to receive a biometric input provided by the user, a user interface configured to receive a user input including secret information known to the user and identifying information concerning an account selected by the user from the plurality of accounts. In a further embodiment, the user device includes a communication link configured to communicate with a secure registry, and a processor coupled to the biometric sensor to receive information concerning the biometric input, the user interface, and the communication link.

Abstract: Techniques for automated mobile transaction processing are provided. A consumer traverses to a web portal or other type of enterprise terminal device of an enterprise and proceeds to shop. During checkout, the portal contacts a transaction service and is delivered back an identifying barcode or Quick Response (QR) code. The consumer uses a mobile device to scan the code and send it to the transaction service. Previously registered payment details of the consumer are located and payment is received from the consumer. The portal is notified that payment is completed by the transaction service.

Abstract: Virtual account based digital cash protocols employ two pairs of private and public keys. Each public key is certified separately and the protocols do not use any blind signature schemes. As a result, the virtual account based digital cash protocols provide strong protection of the user privacy by using two certified public keys instead of a blind signature. One pair of certified keys consists of one master user private key and one master user public key. A second pair of certified keys consists of one pseudonym user private key and one pseudonym user public key. The use of a master key pair and a pseudonym key pair circumvents the need for blind signatures. As a result, the proposed protocols do not require blind signatures and do not add additional overhead and security requirements necessitated by conventional blind signature schemes.

Abstract: A business object model, which reflects data that is used during a given business transaction, is utilized to generate interfaces. This business object model facilitates commercial transactions by providing consistent interfaces that are suitable for use across industries, across businesses, and across different departments within a business during a business transaction. In some operations, software creates, updates, or otherwise processes information related to a number range, a number range profile, a payment card payment authorization, and/or a product template template business object.

Abstract: The present invention relates to a roaming electronic transaction terminal. It also relates to a secure system for electronic transactions comprising one or more roaming terminals. The terminal (1) has an application package support (2) and a coupler (3) for carrying out the read and write operations on a medium that are required for the electronic transactions in conjunction with the application package. The coupler (3) comprises means for creating a write time window and a read time window on the basis of a secure input signal, all writing and all reading being disabled outside of the corresponding windows. The invention applies notably for the securing of terminals carrying out checks and contractual transactions on supports equipped with processors and memories, it being possible for these supports to be through contactless read and write cards comprising for example transport entitlements, payment means or any other entitlements to be turned to account.

Abstract: A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity.

Abstract: A fraud management system is configured to store rules for detecting fraud, receive a transaction from a merchant, process the transaction using a first subset of rules to generate a fraud score for the transaction, and output information regarding the fraud score to the merchant to assist the merchant in determining whether to accept, deny, or fulfill the transaction. The fraud management system is further configured to receive, after outputting the information regarding the fraud score to the merchant, additional information relating to the transaction, re-process the transaction using a second subset of rules to generate an update fraud score, and output information regarding the updated fraud score to the merchant to assist the merchant in determining whether to accept, deny, or fulfill the transaction.

Abstract: A computer device comprises a calibration module adapted to detect an input frequency for at least one input mode of a digitizer device. The calibration module is configured to determine whether the input frequency is within a frequency tolerance band corresponding to the at least one input mode.

Abstract: A portable consumer device includes a base, and a computer readable medium on the base. The computer readable medium comprises code for an issuer verification value and a supplemental verification value. The issuer verification value is used by an issuer to verify that the portable consumer device is authentic in an on-line transaction and the supplemental verification value is used to verify that the portable consumer device is authentic in an off-line transaction.

Abstract: Systems and methods for determining a reliability of a transaction involving an account identifier identifying a chargeable account are disclosed. In accordance with an exemplary embodiment of the present invention, the system receives an account identifier and optionally at least one candidate personal detail. A reliability indicator provider provides at least one reliability indicator indicating an estimated likelihood that at least one stored personal detail associated with the chargeable account was submitted fraudulently. According to particular embodiments, fraudulently submitted stored personal details are indicative that a proposed transaction involving a buyer and a seller is fraudulent.

Abstract: A method of preventing fraud at a self-service terminal is described. The method comprises: receiving a signal from an electromagnetic sensor located in the vicinity of an electromagnetic signal transmitter; monitoring a drive signal being delivered to the electromagnetic signal transmitter; and comparing the drive signal with the electromagnetic sensor signal. The method then ascertains if a state of the electromagnetic sensor signal is inconsistent with a state of the drive signal; and triggers an alarm when the state of the electromagnetic sensor signal is inconsistent with a state of the drive signal.

Abstract: A method of dispensing registration that includes entering identifying information in an input module on a registration dispensing system. The identifying information is associated obtaining a registration. At least item is displayed on a display module associated with the registration dispensing system for which the registration may be obtained using the registration dispensing system. Registration payment information for the registration is received into the input module. The identifying information and the registration payment information are communicated with a database maintained by or on behalf of an entity issuing the registration. Registration information is received from the database. The registration information is formatted. The formatted registration information is printed on a registration document. The registration document is dispensed.

Abstract: Transaction processing involves receiving data from an access transaction application of a portable consumer device, wherein the received data comprises data from an access transaction data string that includes a transit verification value wherein, with the exception of the transit verification value, the access transaction data string is substantially similar to a retail data string comprising retail data, wherein the access application data string is adapted for use with an access transaction processing system and the retail data string is adapted for use with a retail processing system. The transaction processing involves processing access transaction application data for selective authorization of the transaction.

Abstract: The present invention introduces methods and apparatus of encrypting/decrypting three-dimensional (3D) video content. The inventive methods and apparatus can achieve a flexible payment/authorization mechanism for the 3D video content. A user can choose to view only 2D images corresponding to the video content, or pay an authorization fee that allows the user to view the entire 3D video content.

Abstract: A user identification method and a system thereof. A user device delivers a certificate packet with a unique serial number to a certificate server, and receives a reply packet with a password from a password server. The user device then uses the password and the unique serial number to produce a user terminal identification code, and then delivers an identification packet with the user terminal identification code to the certificate server. After receiving the certificate packet, the certificate server delivers an inquiry packet with the unique serial number to the password server, and then the password server inquires about password and expiration time thereof according to the unique serial number. After receiving the identification packet, the certificate server verifies the validity of the user terminal identification code and the expiration time with a database to determine if the user is admitted to proceed to the subsequent transaction.

Abstract: A user identification method and a system thereof are provided. A user device delivers a certificate packet with a user identification number to a certificate server, and receives a reply packet with a code from a password server. The user device uses the code to produce a user terminal identification code, and delivers an identification packet with the user terminal identification code to the certificate server. After having received the certificate packet, the certificate server delivers an inquiry packet with the user identification number to the password server, for the password server to inquire about the password and expiration time according to the user identification number. After having received the identification packet, the certificate server verifies the validity of the user terminal identification code and the expiration time with a database to determine whether the user is allowed to proceed to the subsequent transaction.

Abstract: A method for minimizing risk of a consumer performing a fraudulent Internet purchase transactions using a transaction card is disclosed herein, the method comprising receiving an enrollment verification request for a transaction from a merchant's website, transmitting the enrollment verification request to an access control server; receiving an enrollment verification response from the access control server, determining whether the transaction is risky based on at least a portion of the enrollment verification request, if the transaction is not risky, forwarding the enrollment verification response to the merchant website and it the transaction is risky, modifying the enrollment verification response to denote the transaction is risky and forwarding the modified enrollment verification response to the merchant's website.

Abstract: A method, computer program product, and computer system for receiving a first scan of an identifier from a first computing device is disclosed. The identifier is associated with a financial transaction. A second scan of the identifier is received from a second computing device. The financial transaction is processed based upon, at least in part, receiving the second scan of the identifier from the second computing device.

Abstract: An architecture for a contactless smart card or payment device, where the smart card is intended for use in both commerce transaction payment and transit fare payment (or other venue access) environments. The payment device may function as both an electronic wallet for commerce transactions and as a transit system card, for access to and fare payment of transit services. Implementation of both functions may be achieved by use of a dynamic memory management system that permits data for both the payment and transit applications to be stored on the card, with the transit data and storage locations isolated from those used to store data intended for use in paying for commerce transactions. The transit application specific data may include access control data (keys, passwords, identification data) or data required for fare calculations (rates, historical data on system use), for example.

Abstract: Various embodiments of the present invention are directed to methods and systems for distributing digitally encoded information. In one embodiment of the present invention, a licensee desiring to purchase digitally encoded information from a copyright owner posts collateral with a third party entity. The third party entity then provides authentication information to the licensee. The licensee transmits proof of knowledge of authentication information to the copyright owner. The copyright owner sends proof of the licensee's knowledge of authentication information and digital media to the third-party entity. The third-party entity embeds the authentication information in the digitally encoded information, and delivers the digitally encoded information with embedded authentication information to the licensee.

Abstract: A method for partially verifying the legitimacy of a remote purchase request based on a card number from a card issuing financial institution. The method includes receiving and storing a first purchase request information set including an origin and a card number. Further, the origin and the card number are sent to the card issuing financial institution to determine if the origin matches an origin on file for the card number at the card issuing financial institution.

Abstract: A method and system for providing geographic location notifications of payment transactions is disclosed. One embodiment of the invention is directed to a method including receiving an authorization request message associated with a transaction, the transaction associated with a portable consumer device and an access device at a merchant. A geographic location of the transaction is determined. It is determined whether a notification message indicating that the transaction is occurring is required. Upon determining that the notification message is required, the notification message is sent to a notification device operated by a consumer and the notification device receives the notification message substantially simultaneously with the merchant's receipt of an authorization response message. A graphical depiction of the notification message is displayed on a map on the notification device.

Abstract: A fraud detection and protection method and system are disclosed. The method and system utilize a fraud detection and protection server to monitor online commercial transactions between a webserver and a client computer, and generate a risk assessment of a user associated with the client computer. The system and method further utilize a number of beacon servers geographically dispersed in an area. Each beacon server is configured to receive packet header information associated with the online commercial transactions, analyze the packet header information for authenticating information, and send the authenticating information to the fraud detection and protection server for the risk assessment.

Abstract: A system and method are provided for use in establishing secure end-to-end communication links over a VPN gateway via a network interface unit. Illustrative embodiments include establishing and providing secure communication relationships between users (customers) and companies for e-commerce and other business purposes. Each company's data and linkage to users remaining private and secure from the other participating companies as well as from the general public over the Internet. Login by user with network interface units, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Required authentication exchanges and required encryption key exchanges facilitate the secure communications. Financial arrangements regarding the provisioning and use of network interface units are also disclosed.

Abstract: A computer-implemented method represents a list of informational items using a bit array. The method converts an informational item to a cryptographic value using a cryptographic algorithm and extracts a plurality of n-bit samples from the cryptographic value. The n-bit samples includes at least a first field and a second field. The first field identifies a group of bits of the bit array and the second field identifies one or more individual bits within the group of bits. The individual bits are set to a pre-determined value according to the first field identifying the group of bits and the second field identifying the individual bits within the group of bits.

Abstract: A mobile device includes a housing and an antenna mounted in or on the housing. The antenna is for transmitting and receiving transaction signals to and from a point of sale (POS) terminal. The device also includes at least one user interface element mounted on the housing and a transceiver mounted in the housing and coupled to the antenna. Still further, the device includes a secure element mounted in the housing. The secure element is coupled to the transceiver and stores a payment application program. The payment application program is for handling exchanging of the transaction signals with the POS terminal. A tick counter is operated within the secure element. The tick counter is for enforcing at least one time-out period with respect to transactions handled by the payment application program.

Abstract: There is provided a system and method for quality assured media file storage. There is provided a method for use by a processor to verify quality of a new media file by transcoding a master media file into a first media file, determining a quality of the first media file, applying a first quality assurance scheme to the first media file for an assured quality, calculating a first hash value using a hash function for the first media file, storing the first hash value in a memory, transcoding the master media file into a new media file, calculating a test hash value using the hash function for the new media file, and searching the memory for the test hash value to decide whether the new media file has the assured quality, without having to apply the first quality assurance scheme again to the new media file.

Abstract: Transmitting category codes to payment instruments in proxy card transactions comprises receiving a first payment request to authorize a proxy card transaction, the first payment request identifying a proxy account of a user for payment of the transaction and a merchant category code associated with the merchant; selecting a financial account associated with the proxy account to fund the transaction; communicating a second payment request to authorize the transaction to a financial account system associated with the selected financial account, the second payment request comprising the merchant category code associated with the merchant; receiving an authorization for the transaction from the financial account system to fund the transaction using the selected financial account; and communicating an authorization for the transaction to the merchant computing device in response to receiving the authorization for the transaction from the financial account system to fund the transaction using the selected financia

Abstract: Manufactured goods are marked or labeled with a secure unique identifier. A central checking center allows users to verify the authenticity of a particular good such as a cigarette pack or carton via any convenient interface such as the internet or a cell phone. A system of secret sharing allows secure authentication of each item and prevents code breaking or misuse.

Abstract: In general, techniques are described for authenticating a parcel consignee. A device including an imaging module, processors, and an output module may implement the techniques. The imaging module images a first indicia of a parcel and a second indicia that is separate from the first parcel to obtain representations of the first and second indicia. The processors process the representations of the first and second indicia to determine a first key specified by the first indicia and a second key specified by the second indicia. The processors also determine whether the second key corresponds with the first key, and authenticate a consignee that provided the second indicia as an authorized recipient of the parcel based on the determination of whether the second key corresponds with the first key. The output module then indicates whether the one or more processors authenticate the consignee as the authorized recipient of the parcel.

Abstract: A computer system having a transaction based file system is disclosed. The computer system includes file system software that manages the file data and the file system structure of files stored on a persistent data storage device and maintains a transaction file that includes a plurality of transaction records. The file system software executes a startup process in which a reconstructed file system is generated in random access memory from the transaction records. The startup process may skip verification of some of the transactions. The file system software may error check at least one of the skipped transactions in response to a request to access a file identified by a file node record in the reconstructed filed system after the startup process is completed.

Abstract: A security component may be associated with a network-enabled application. The security component may initiate the display of an embedded region of a window drawn according to display information received from a relying party. The security component may define at least a portion of the appearance of the embedded region; the relying party may not define this portion. The embedded region may include customization information configured by a user, and “Card” information received from an assertion provider, indicating how to authenticate user credentials in order to gain access to relying party restricted content. The security component may request authentication of user credentials from the assertion provider, which may be trusted by the relying party. The security component may receive an assertion token from the assertion provider indicating the credentials are authentic. The security component may forward the assertion token to the relying party to gain access to the restricted content.

Abstract: In a computing system, in response to an order placed by a customer, a request for verification information is received from a merchant. Customer information is communicated to an issuing organization associated with the customer, while the information is withheld from the merchant. The merchant is connected for communication with the issuing organization for verification of information associated with the order.

Abstract: In one embodiment, transferring payment between a first user and a second user of a communication system includes displaying a contact list in a user interface of a client executed at a user terminal of the first user, the contact list including the second user. The client retrieves and displays at least one page from a payment provider responsive to the first user selecting the second user from the contact list. The client transmits, to the payment provider, information related to the payment entered into the page by the first user, which causes the payment provider to transfer the payment from an account of the first user to an account of the second user.

Abstract: The present invention generally relates to a computer security system for use in the identification and authentication of a user prior to an on-line transaction. In one aspect, a method for enrolling a user in a system configured to identify and authenticate the user is provided. The method includes collecting a username and password to identify the user. The method further includes extracting device data from a user machine to uniquely identify the machine. The method also includes generating a user profile based upon the device data and the username and password. Additionally, the method includes transmitting the user profile to a server machine to be stored. In another aspect, a computer-readable medium including a set of instructions that when executed by a processor cause the processor to enroll a user in a system configured to identify and authenticate the user is the provided. In yet a further aspect, a system for identifying and authenticating a user is provided.

Abstract: Facilitating transactions using non-traditional devices and biometric data to activate a transaction device is disclosed. A transaction request is formed at a non-traditional device, and communicated to a reader, wherein the non-traditional device may be configured with an RFID device. The RFID device is not operable until a biometric voice analysis has been executed to verify that the carrier of the RFID equipped non-traditional device is the true owner of account information stored thereon. The non-traditional device provides a conduit between a user and a verification system to perform biometric voice analysis of the user. When the verification system has determined that the user is the true owner of one or more accounts stored at the verification system, a purchase transaction is facilitated between the verification system. Transactions may further be carried out through a non-RF device such as a cellular telephone in direct communication with an acquirer/issuer or payment processor.

Abstract: Data is transmitted between a first user and a second user via an information technology communications network, in a method comprising the steps of: generating a first hash value for a selected one of the data items; digitally signing and encrypting the first hash value with a secret identifier associated with the first user; transmitting to a second user the encrypted first hash value; receiving and storing the transmitted encrypted first hash value for audit purposes and generating a second hash value for the received encrypted first hash value; encrypting the second hash value with a private identifier associated with a second user and a public identifier associated with the first user; and returning the encrypted second hash value to the first user.

Abstract: A_system and method for verification of a person identifier received online is described. The method includes receiving a request for verifying a person identifier (PI1); and estimating whether (a) PI1 identifies the same person as another person identifier (PI2), (b) sender of PI1 is the same person as sender of PI2, and (c) PI2 identifies the sender of PI2.

Abstract: A framework is provided for reducing the number of locations modified when hiding data, such as a digital watermark, in binary data. The framework complements data hiding techniques, such as digital watermarking techniques. After determining potential embedding locations according to an underlying technique, a data structure is created with values associated with those locations. A parity calculation is performed on the values in the data structure. The calculated parity is compared with hidden data to determine locations for modifications. Manipulations are then performed to reduce the total number of modifications needed to represent the hidden data. Modifications are made to the binary data according to the underlying technique. During decoding of the hidden data, the same locations can be determined, the same data structure can be created with the modified values, and a parity calculation is then performed to decode the hidden data.

Abstract: A process for authenticating an end user. A first pattern of colored quadrilaterals is generated. A second pattern of multiple colored nodes that include a first subset of nodes is generated. The first and second patterns are sent to the end user. If a transparent credit card is overlaid by the end user on top of the second pattern, then a second subset of nodes in the credit card would match in color and location the first subset of nodes. The authenticity status of the end user is determined by determining whether each node of a third subset of nodes within the second subset of nodes (i) corresponds to a unique node of the multiple colored nodes and (ii) has a color that matches a specific color in one quadrilateral of the colored quadrilaterals. The determined authenticity status is sent to the end user via an output device.

Abstract: A method for verifying permission to use a payment system such as an electronic credit card, using a hand held communication device such as a smart phone, where the customer presents the communication device to a merchant who extracts account information from the hand held device, and the hand held device generates a transaction code that is shared with the merchant and sent by both to a financial institution. The financial institution sends a new random code to the user and the merchant, which can be compared to verify the user's account and the financial institution's approval of the transaction.

Abstract: Authentication mechanisms are disclosed herein that authenticate user access to enterprises. For example, either an enterprise associated number or a social security number (SSN) can be provided to the enterprise to enter a first level. Then, any one of a ZIP code number, a device calling/contacting number, a date of birth, and a portion of the SSN can be provided to access applications in the first level. Lastly, a PIN can be provided to enter a second level of the enterprise. Additionally, these authentication mechanisms can be added and/or changed. In the former case, if a user used a SSN to enter the mentioned first level of the enterprise, then a date of birth can be used to update an authentication mechanism. Alternatively, if a user used an enterprise number to gain such access, then part of the SSN can be used for the update. If the user wants to change the authentication mechanism, the date of birth can be used for the update.

Abstract: A system for conducting a financial transaction in e-commerce on the internet includes objects prepared by a seller and a buyer. The seller's object includes a clear text header file (advertisement), an encrypted overhead file which contains verification data pertaining to the financial transaction, and an encrypted content file containing the subject matter for sale by the seller. With a purchase solicitation from the buyer, an overhead key can be used by a transaction agency to ensure there is a compliance between the purchase solicitation and the verification data of the overhead (from seller's object). Next a revelation key is provided to give the buyer access to the content when such compliance has been ensured.

Abstract: Distributing content markings includes receiving, from a first entity, marking content corresponding to Internet content and author presentation instructions associated with the marking content. When a request to view the Internet or marking content is received from a second entity, the received author presentation instructions are used to determine whether the second entity is approved to view marking content associated with the requested Internet content. Dependent on whether the second entity is approved to view the marking content, presentation of the information associated with the marking content concurrently with the requested Internet content is enabled.

Abstract: A commercial transaction method is disclosed. The method first establishes a secure link over a first air interface by a purchasing device. This secure link is between the purchasing device and a point of sale device. The method further identifies a second air interface, which is different from the first air interface, and the second air interface is used to conduct a secure commercial transaction.