Abstract: A method is provided for completing an authenticated commercial transaction over an internet protocol (IP) network (40) for an account holder (60) engaged in the transaction via a non-IP based telecommunications platform (30).

Abstract: A method and apparatus for providing radio communication with an electronic object in a local environment are disclosed. For example the method receives via a mobile endpoint device of a user at least one first digital certificate associated with the local environment from a trusted source, and a second digital certificate from the electronic device deployed in the local environment via a wireless connection. The method then authenticates the electronic device using the at least one first digital certificate and the second digital certificate.

Abstract: One particular implementation of the present invention may involve a control unit of an ionic foot bath or other health product. The control unit may be connected to a network or the Internet such that the control unit may be monitored or controlled by a third party, such that the third party may provide programming updates, adjust the programming of the control unit to conform to the user's preferences and provide flexibility to a practitioner with several foot bath systems. The control unit may also provide the functionality of a pay-per-use method for use of the ionic foot bath. The method may allow a user or an operator of the product to purchase operational time that is desired to use the product. Once the operating time is purchased, the product may be operated for the purchased amount of time, at which point, more usage time may be purchased.

Abstract: A method to enable transactions comprising transmitting, by a vendor server, a request message to the e-commerce system for a token. Receiving a token in response to the request message. Generating an offer message including a mailto hyperlink, wherein the offer message is an email message including a mailto hyperlink is configured to generate an email reply message include the token. Transmitting the offer message to an email address associated with the customer. Receiving a response message from the e-commerce system, the response message including transaction details that confirm the token was validated by the e-commerce system. Transmitting a payment processing request message to a payment processor, wherein the payment processing request is based on the transaction details. Receiving a notification from the payment processor, that payment processing has been completed. Transmitting an email message to the email address of the customer, that payment has been processed.

Abstract: A gateway device and methods performed therein to prevent unauthorized client devices from connecting to the host network of the gateway device is described. The gateway device does not respond right away to an individual client message sent to the gateway device. Instead, the gateway device only responds to a predetermined sequence of the client messages, which is only known to the gateway device and authorized client devices. Because the gateway device will not respond to random client messages and the likelihood that an unauthorized client device can correctly guess the predetermined sequence of the client messages is low, the risk of a malicious party being able to hack into the host network, for example, by using port scanning techniques, can be mitigated.

Abstract: A system for presentation of multiple NFC credentials via an NFC baseband in a portable communication device during a single NFC transaction. The system comprises a secure element having a directory of available NFC credentials stored therein, wherein the ordering of the available NFC credentials usually indicates the priority. The system further comprises a pre-determined multiple-credential start Application ID (AID) wherein the directory includes a plurality of NFC credentials after the pre-determined multiple-credential start AID. A method for presenting multiple NFC credentials during a single NFC transaction is also disclosed.

Abstract: A method of performing a transaction using first and second computing devices is described. A local data connection is established between the first computing device and the second computing device. An amount to transfer is identified at either the first computing device or the second computing device. A first account is identified at the first computing device and a second account at the second computing device. Credentials are provided at the first computing device to authorize the transaction, and encrypted and authenticated transaction data is sent to a payer account provider for value transfer between the first account provider and a second account provider. Confirmation of the completed transaction is then provided to the first computing device and the second computing device. Suitable computer program products and computing devices are provided. This method is particularly effective for providing local person to person value transfers in real time.

Abstract: Methods, apparati, and computer-readable media for providing authorization and other services. In a preferred embodiment, an authorization service includes both a messaging specification and a set of rules that govern its use. A first customer wishing to use the authorization service prepares a request that complies with the service's messaging specification and transmits it to a first participant. The first participant transmits the request to a second participant, which processes the request according to authorization information provided by a second customer and rules that have been specified for the service. The second participant then prepares a response that complies with the service's messaging specification.

Abstract: A vehicle computing system includes a processor programmed and configured to establish communication with a wireless device brought into proximity of a vehicle. The processor may use the wireless device to receive an identifier from a vehicle rental administrative system. The identifier is configured with the processor to activate a vehicle during a prescribed rental period. The processor may receive user input to activate the vehicle for a rental period. The processor may compare the user input to the received identifier and enable a keyless drive-away of the vehicle if the user input corresponds to the identifier.

Abstract: A system and method of using Electronic Funds Transfer (EFT) to complete payment for goods and services. An example method of operating a transaction terminal includes identifying items selected by a customer for purchase, determining a required payment amount for the items, obtaining identification information from the customer, obtaining contact information and payment information, including bank account information and bank routing number information, from a customer profile associated with the identification information, creating a check image, sending a request for payment message providing access to the check image and the payment information to a mobile communication device of the customer using the contact information in the customer profile, and receiving a reply message from the mobile communication device authorizing payment for the items via electronic funds transfer and including a 2D barcode containing the check image and the payment information.

Abstract: Methods and apparatus for conducting electronic transactions such as commerce transactions or purchases and exchanging related information. In one aspect, a robust and integrated apparatus and associated method is provided whereby a purchaser can securely provide transaction data and/or information in an electronic format to another party such as a vendor. In one exemplary embodiment, the purchaser can authenticate his or her right to use the billing information contained therein to complete a purchase without actually having to disclose the billing information in a human readable format, thereby enabling the vendor to obtain and authenticate the purchaser's identity and billing information while still protecting the purchaser's privacy, and without requiring disclosure of the purchaser's billing information to the vendor's employees or any other parties. In another aspect, the vendor can provide information about the transaction in an electronic form that can be authenticated and verified for accuracy.

Abstract: A system for providing a driver, having a driver communication device, access to a vehicle using an electronic key, the system comprising a fleet control center, comprising an asset application and a database, configured to, allow creation of a reservation for the vehicle for the driver and store the reservation in the database, create a keyless asset tag to allow the driver to access the vehicle, communicate the keyless asset tag to the driver computing device, and a vehicle computing device, proximate to the vehicle, and configured to, obtain the keyless asset tag from the driver computing device, determine if the keyless asset tag is valid for the vehicle, and cause a vehicle door to be unlocked to provide the lessee access to the vehicle.

Abstract: Described herein is a mobile-device-to-machine payment system and method for facilitating a cashless transaction for purchase of at least one product or service by a user from a payment accepting unit.

Abstract: An information processing apparatus includes a receiving unit configured to receive a utilization request for one of plural services provided by a computer; a service attribute information storage unit configured to store service attribute information of each of the services, the service attribute information including information indicating a type of the service and information indicating an evaluation of a content of the service; and a service recommending unit configured to search the service attribute information storage unit for the service attribute information corresponding to the type of the requested service, and determine a utilization-recommended service based on the evaluation information in the service attribute information retrieved from the service attribute information storage unit.

Abstract: A method for mobile payment includes generating, by a financial institution, a unique credential based on user access information and media binding information that is cryptographically bound to media using a unique media identification. The financial institution stores the credential and media binding information in the form of authentication code in a memory used by an electronic device. The stored credential and media binding information is accessed using the user access information for a payment transaction. A digital certificate is generated using the credential and media binding information. The digital certificate is presented to the financial institution for the payment transaction. The memory is authenticated and binding of the credential to the memory is verified prior to completing the payment transaction.

Abstract: The present invention provides a system, including a method and apparatus, for verifying, with a very high degree of certainty, the identity of an individual who desires to execute an online transaction for the purchase of goods or services. System function embodies a number of interconnected basic features. The first involves enabling a personal computerized device to be identified via user input data. The second involves the creation of a central, third-party identification database containing authentication information and having an authentication protocol. The third involves the provision of an individualized electronic certificate, which ties the identification of an individual computer or device user to the third-party identification database.

Abstract: Techniques for sharing virtual machine (VM) resources are provided. A relative location for a resource within a VM is created; the relative location dynamically resolves to a particular physical location when a principal requests access to the resource at runtime. The principal is located outside an environment associated with the VM. Authentication and access restrictions are dynamically enforced against the requests made by the principal before a connection is permitted between the principal and the resource (the resource located within the environment of the VM).

Abstract: A method and system for performing transactions between a client and a server. The client sends to the server a transaction request for performing a transaction, and receives from the server a transaction policy. The client displays a first representation of the transaction policy depicting transaction policy options for fulfilling the transaction policy. After the user selects a first transaction policy option, the client displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client depicts evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client sends to the server transaction enablement information that includes evidence dictated by the selected evidence options.

Abstract: A method is provided for completing an authenticated commercial transaction over an internet protocol (IP) network (40) for an account holder (60) engaged in the transaction via a non-IP based telecommunications platform (30).

Abstract: Embodiments of the present invention provide a method and system, including a client and security token, for reducing a size of a security-related object stored in the token. The object is stored in a storage structure that is indexed according to an identity reference to a certificate associated with the object and a private key identifier identifying a private key assigned to an owner of the token. A request to access an encrypted data object results in accessing the private key identifier in the storage structure using only the identity reference as an index.

Abstract: A system for verifying and authenticating the identity of a user in a transaction or attempt to access a restricted resource. The user's identity is authenticated through the user's computer, tablet computer, mobile computing device, web browser (as a web-page, or as a plug-in for the browser), or other computing device by means of a single-use, time sensitive, system-generated transaction token and user selected system PIN and/or biometric information. The user presents the transaction token to the vendor or merchant, which forwards a request for authentication to the system. The system prompts the user to confirm the transaction and enter the PIN into the device and/or provide biometric information through the device used to generate the transaction token. Upon confirmation, the transaction is completed or access to the restricted resource is allowed.

Abstract: A user makes a purchase request through a merchant app on a mobile device, such as by selecting an item for purchase. A mobile SDK of a payment provider is installed in the merchant app. The payment request includes the phone number for the mobile device. The payment provider verifies the phone number of the user and requests approval of the payment from a mobile operator providing wireless communication services on the mobile device. If the request is approved, the payment is charged to the user mobile operator account. The user simply taps a button to select an item to purchase and selects another button to confirm the purchase. Once processing is done, the user is notified on the mobile device of a successful payment.

Abstract: One method herein includes forwarding an invoice for a purchase agreement made between a seller and a buyer. The method includes receiving a service selection indicating that the invoice is to be paid using an escrow system. The service selection includes a token for verification of a buyer's signatory. The method receives funding confirmation that the buyer has deposited funds into an escrow account. Based on funding confirmation, notification to ship the goods is sent. The method receives shipping confirmation confirming that the goods have been shipped. Upon receipt of the goods, a receiver is authenticated as the authorized signatory using the verification system. This authentication is based on the stored token matching a provided token. Based on verification of the receiver, the goods are released and the deposited funds from the escrow account are deposited into the seller's account.

Abstract: Systems and methods for managing and providing content and services on a network system. Aspects of the invention include location-based determination of network content and services that may be provided to client computers. Other aspects of the invention include authorization and authentication components that determine access rights of client computers. Additional aspects include systems and methods for redirecting client computers to different network content. The disclosed systems and methods may be used in numerous network system applications.

Abstract: A system and method for buying and selling securities based on volatility and liquidity rather than other fundamentals is demonstrated. The method involves: providing at least one decision model to buy and sell a security; inputting real-time data into the decision model; and automatically generating an order and executing transactions to buy and sell the security based in response to the decision model. The method continues in buying and selling the security based in response to decision model until the method is stopped.

Abstract: An information processor transmits and receives electronic information via a network, and includes an electronic information encrypting unit which encrypts the electronic information. A storage unit stores the electronic information and the encrypted electronic information data encrypted by the electronic information encrypting unit. An electronic credit generating unit generates a letter of credit to erase the electronic information from the storage unit and to transmit the encrypted electronic information data to the other information processor. An electronic information communicating unit transmits and receives the encrypted electronic information data and the electronic letter of credit to and from the other information processor.

Abstract: Concepts and technologies are disclosed herein for providing an electronic document processing system, an electronic document generation mechanism, an encrypted digital certificate generator, a tool for coordinating the processing of electronic documents, a packaging mechanism for finalizing and authenticating electronic documents, a tracking log for recording relevant electronic document information, and a transferring protocol for transferring the ownership of electronic documents. The present disclosure also is directed to an electronic authentication system including an electronic document authentication watermark seal or signature line for confirming a document's signing within the view.

Abstract: Embodiments of the present invention provide a method for voice approval, where the method includes: receiving voice approval request information sent by an enterprise application server; establishing a voice communication connection with the terminal according to the contact information of the approver terminal; sending approval content audio information corresponding to the voice approval request information to the approver terminal; receiving feedback information, and obtaining approval result information according to the feedback information; and sending the approval result information to the enterprise application server. Embodiments of the present invention also provide a device and system for voice approval. In the embodiments of the present invention, the enterprise application server and the enterprise gateway are combined and improved to enable an approver to approve, in voice mode, an approval request raised by an applicant, thereby increasing the approval efficiency.

Abstract: The present invention provides methods and apparatuses for obtaining selected metadata from a user device. The user device has a metadata engine that stores and accesses metadata in response to a metadata query. A metadata broker verifies the authenticity of the metadata query from a service provider and returns selected metadata if the service provider has rights to obtain the metadata. The user device has a communications interface that sends a service request that is indicative of the selected service over a communications channel and receives the metadata request that is indicative of the selected metadata. An authorization center receives a metadata request from a service provider, accesses a rule set to determine selected metadata in accordance with predetermined rights, and returns a signed metadata request to the service provider. The signed metadata request has an electronic signature of an authorizing party and is indicative of the selected metadata.

Abstract: Embodiments of the invention can provide systems and methods for on-line credit card transactions. According to one example embodiment of the invention, a method can be provided. The method can include receiving, from a data manager, credit card information of a user; storing, on a secure element, the credit card information of the user; requesting a transaction with a merchant; receiving, from the merchant, a request for the credit card information; and sending, to the merchant, the credit card information of the user and a card-present indicator.

Abstract: Guest user are enabled to access network resources through an enterprise network using a guest user account. A guest user account may be created for a guest for a limited time. Guest account credentials of the guest account may be provided to the guest to use the guest account using any of a variety of techniques described herein, for example, by scanning a guest access card, credit card or mobile telephone of guest user, and providing the guest account credentials to the user based on the information obtained. A guest access management server may be configured to generate and maintain guest accounts, authenticate guest users, and track and log guest activity. A VLAN technology may be used to separate guest traffic from host enterprise traffic on the host enterprise network. After a guest user is authenticated, communications to and from the guest user may be routed to a guest VLAN.

Abstract: A method and a system for processing an online financial transaction executed at least partially by a computing device coupled to a communications network, comprising a rule-module nexus for processing an online financial transaction, an on-line verification platform, an online user account registry, wherein the on-line financial transaction comprises a payor-payee transaction, wherein the user is the payor and a merchant is the payee, and comprising at least one of the following: (a) the user and the payee are each directly and independently connected to the rule-module nexus during simultaneous logon sessions via a communication network, and wherein upon the user clicking on a website widget of the payee, the rule-module nexus transmits secure socket layer data directly to the user interface apparatus for display to the user via a pop-up window, without requiring application programming interface integration with a website of the payee and without requiring a form re-direct of the user away from the website

Abstract: A system for processing transaction data is provided. The system includes a transaction data format system receiving transaction data and generating transaction data format error data, such as when the transaction data is not in compliance with a transaction data format. The system also includes a transaction data rules system receiving the transaction data and generating transaction rule error data, such as when the transaction data is in the proper format but nevertheless violates a rule of one or more financial processing system.

Abstract: A novel system and methodology for conducting financial and other transactions using a wireless device. Credentials may be selectively issued by issuers such as credit card companies, banks, and merchants to consumers permitting the specific consumer to conduct a transaction according to the authorization given as reflected by the credential or set of credentials. The preferred mechanism for controlling and distributing credentials according to the present invention is through one or more publicly accessible networks such as the Internet wherein the system design and operating characteristics are in conformance with the standards and other specific requirements of the chosen network or set of networks. Credentials are ultimately supplied to a handheld device such as a mobile telephone via a wireless network. The user holding the credential may then use the handheld device to conduct the authorized transaction or set of transactions via, for example, a short range wireless link with a point-of-sale terminal.

Abstract: A network communication device, such as an electricity meter, is configured to communicate with devices on a circuit internal to a site via power line communication (PLC), even when electricity service to the site is disconnected. The network communication device is configured to monitor one or more circuits internal to the site and to receive power line communications from the device(s) coupled to the circuit internal to the site when the site is disconnected from electricity service. A PLC module of the network communication device may include a switch-based or capacitor-based monitor that maintains a PLC coupler electrically connected with the circuit internal to the site even when electricity service to the site is disconnected.

Abstract: Disclosed are systems and methods for managing transactions in which an order is specified online and payment is received at a point of sale (POS). Methods are disclosed for managing payment for such transactions at a POS, including transactions involving payment for both in-store purchases and online orders. Methods are also disclosed for managing inventory and price changes for such transactions where payment can occur at any time in a pay period following order creation. Also disclosed are methods for processing refunds for online orders for which payment was made at a POS. Finally, methods for preventing fraud and abuse as well as restricting the availability of this payment method for certain items are disclosed.

Abstract: A context for a service request made by a service consumer can be used to establish a constraint rules set that is applied by a service provider. A context associated with a first service request can be received from a service consumer. An identity of the service consumer can be verified. A constraint value request associated with the service request can be received from a service provider responding to the service request. One or more constraints can be derived from the first context. An identity of a service provider that will fulfill the service request can be verified. The one or more constraints can be provided to the service provider. Related systems, apparatus, methods, and/or articles are also described.

Abstract: Systems and methods are provided for authenticating a user. In one implementation, a computer-implemented method is provided. According to the method, transaction history information for each one of a set of users is maintained in a storage device. The method provides identifiers associated with items for display and receives, from one of the users, a selection of one or more of the identifiers. The method further authenticates the user as a function of the selection and a transaction history of the user.

Abstract: A system for managing license files comprises a memory operable to store a socket module. The system further comprises a processor communicatively coupled to the memory and operable to receive a command to open a license file, wherein the command is associated with a first user identifier. The license file is stored in a first remote node and is associated with a second user identifier. If the second user identifier matches the first user identifier, the processor is further operable to use the socket module to establish a socket connection with the first remote node. The processor is further operable to, using the socket connection, retrieve from the first remote node a file descriptor associated with the license file. The processor is further operable to apply an update to the license file, wherein the update is addressed according to the file descriptor. If the second user identifier does not match the first user identifier, the processor is further operable to prevent the updating of the license file.

Abstract: Systems and methods for hiding details associated with orders in an electronic commerce system are disclosed. An order is submitted by a user associated with a user account, and the order is processed by the electronic commerce system. A security measure can be imposed on the order and/or products associated with the order. An additional authentication layer can be enforced with regard to the order and/or products associated with the order.

Abstract: A digital downloading jukebox system including a mechanism for delivering custom services to a recognized user, including services for creating playlists, communicating with others, accessing other features, etc. is provided. In some exemplary embodiments, after a user is recognized, the jukebox system allows users to access a special front-end via an Internet-enabled device or on an actual jukebox. Then, the user may, for example, create playlists, share songs with friends, send messages to friends, and access other value-added content. Such a system preferably learns about networks of friends, and enables managers to send similar messages to regular customers and/or others known to the system. In some exemplary embodiments, changes via a first user interface on a first device are reflected on second user interface on other properly-configured devices.

Abstract: A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.

Abstract: A system for managing digital interactions comprising an identity module for creating an identity, wherein the identity includes a unique identifier associated with a first party and a plurality of proposed terms for a relationship with a second party; and a relationship module, in communication with the identity module, for receiving and evaluating the plurality of proposed terms, including accepting or rejecting the plurality of proposed terms and, if accepted, for allowing the first party to communicate with the second party in accordance with the plurality of proposed terms.

Abstract: Systems, methods and computer program products for enabling a holder of a transaction account linked to a financial transaction instrument to delegate management of the transaction account to an assistant. Information relating to the transaction account, including at least identification information relating to the holder of the transaction account, is stored in a database. The database stores financial transaction data relating to financial transactions performed using the financial transaction instrument. A designation of at least one assistant to manage the transaction account on behalf of the holder is accepted and stored. Assistant management authentication data associated with the transaction account is established, to be used by the assistant to execute management instructions at a designated level of management access. An instruction from the assistant is accepted to access transaction data associated with the transaction account.

Abstract: A system and method for interconnecting multiple point of sale devices creating a mesh-like network structure which reduces connectivity costs while providing greater reliability due to multiple network paths is disclosed. By linking point of sale devices within a virtual network, the need for individual connections to a point of sale controller is eliminated and alternative network paths are provided, thereby ensuring maximum up-time and optimal connection speeds.

Abstract: An electronic registry stores information relating to a transferable electronic record and the controller of an authoritative copy of the transferable electronic record. The electronic registry includes information for authenticating a true copy of the authoritative copy of the transferable electronic record. The electronic registry also facilitates registration of the transferable electronic record and transfer of legal rights associated therewith.

Abstract: Computer software, systems and methods preventing automatic deductions/credits to a User's financial account from being interrupted when a User changes the account. A User inputs information for one or more of their financial accounts into a record stored on a server database that is accessible from the User's electronic communications device. When the User changes information within the System database for one of their financial accounts, the System will automatically or periodically perform updates of the information on a Third Party database; or the Third Party server will request the updated information, wherein the Third Party is authorized to electronically debit or credit the account. Therefore, the User is not required to individually contact each Third Party with their updated account information, such as for monthly membership deductions, direct deposit of paychecks and retirement account contributions, and stored credit cards for online shopping.

Abstract: A method and system for renewing certificates stored on tokens is described.

Abstract: A mobile communication device with security mechanisms is provided for enabling wireless personal information transfer with increased security. In another embodiment of the invention, a mobile communication device is used to confirm a transaction.

Abstract: A network communication service with an improved subscriber model. In one embodiment, a mobile user (MU), also referred to as a subscriber, may access the network service through a portable computing device (PCD) using a wireless (or wired) network interface card. Access points (APs) for the network may be widely distributed in various facilities. In one embodiment, the APs are arranged at known geographic locations and may provide geographic location information regarding the geographic location of the mobile user (MU). A digital certificate may be stored on the mobile user's PCD in order to allow access to the network. The digital certificate may store sponsorship information, including information regarding programs or entities in which the mobile user is a member or is affiliated. Each mobile user (subscriber) to the network service may have a “value bucket” which determines the amount of network access or service available to the user. Billing for access to the network communication service, i.e.