Abstract: A method of providing security as a service in a cloud storage environment includes storing, through a cloud manager of the cloud storage environment, a security level of access of a storage controller associated with a customer of the security as a service, and receiving a request from the customer to access security information of the storage controller associated therewith. The method also includes providing, through the cloud manager, security information of the storage controller associated with the customer in accordance with the request and the stored security level of access of the storage controller associated with the customer.

Abstract: The present invention validates provenance dates of electronic documents. A document version date may be determined by creating a unique checksum for the document and having the document's owner digitally sign it with a private key. The checksum and digital signature are securely stored by an authorization entity along with a timestamp fixing the date/time. A unique resource identifier is returned to the user. Subsequently, if the document's date needs to be proved to a third party, a verification program is applied to the original document to create a new checksum. The unique resource identifier is used to retrieve the signed checksum from the authorization entity. Upon verification of matching checksums, the timestamp provided by the authorization entity proves the date/time the document existed. In addition, the public key provided by the document owner proves that the checksum was signed by the owner's private key, proving their ownership.

Abstract: Disclosed are an electronic payment method, system and device wherein, in a process for executing an electronic payment, a user's login information is verified in order to determine whether or not the user is a customer having excellent connection frequency, and then the buyer's payment means information and/or preferred payment means information is provided on the basis of the result of the determination, and thus the buyer is able to execute the payment in a more convenient manner.

Abstract: An electronic document management program, an electronic document management method and an electronic document management apparatus acquire a plurality of pieces of part identification information respectively identifiably expressing a plurality of parts of document information and a digital signature corresponding to the document information, acquire the preparation type, the preparer's name and the time and date of preparation of the document information as tracing information of the document information, manage the part identification information, the digital signature and the tracing information in association with each other and present information relating to the tracing information to the user in response to a request from the user. Additionally, they acquire new document information and tracing information according to a directive from the user.

Abstract: A security component may be associated with a network-enabled application. The security component may initiate the display of an embedded region of a window drawn according to display information received from a relying party. The security component may define at least a portion of the appearance of the embedded region; the relying party may not define this portion. The embedded region may include customization information configured by a user, and “Card” information received from an assertion provider, indicating how to authenticate user credentials in order to gain access to relying party restricted content. The security component may request authentication of user credentials from the assertion provider, which may be trusted by the relying party. The security component may receive an assertion token from the assertion provider indicating the credentials are authentic. The security component may forward the assertion token to the relying party to gain access to the restricted content.

Abstract: A system and method provide an enablement scheme that accommodates small bandwidth channels and does not rely on shared secrets between parties. This is accomplished by storing a table of messages on a vendor server and a table of hashes of the message on client machines. A process is used by the vendor to select a message from the table to use for a validation code for enablement, and an identical process is used by the client to find a corresponding hash in the hash table. By comparing the hash in the hash table to a hash of the validation code received, the client can verify the validation code. The system includes software portions for enabling the method.

Abstract: In various embodiments, a central server grants access to a plurality of anonymous one-time-usable, time-sensitive encrypted tokens that identify consumer purchase orders. A plurality of certified merchant servers are certified by being provided with an application to securely connect the certified merchant servers to the central server for, among other things, transmitting purchase order data to the central server for use in generating the tokens. A plurality of financial institution servers can also be certified by being configured for use with an application that enables secure connection to the central server for, among other things, requesting the tokens.

Abstract: A utility meter implementing the ANSI C12.19 standard is able to bypass security processing using Decade4 security tables for a single data access operation. The meter includes a procedure that is executed by a processor in the meter to process requests for security keys. Data internal to the meter is used to generate a security key. The security key is used by the requesting external device and the procedure to generate an access key. The external device sends its access key to the procedure so it may be compared to the internally generated access key. If both access keys are the same, a data access operation performed by the external device is allowed without reference to the Decade4 security tables. Once a timeout or data access operation is performed, subsequent data access operations are subject to processing in accordance with the Decade4 security tables unless another security key is requested for repetition of the process.

Abstract: In one embodiment, transferring payment between a first user and a second user of a communication system includes displaying a contact list in a user interface of a client executed at a user terminal of the first user, the contact list including the second user. The client retrieves and displays at least one page from a payment provider responsive to the first user selecting the second user from the contact list. The client transmits, to the payment provider, information related to the payment entered into the page by the first user, which causes the payment provider to transfer the payment from an account of the first user to an account of the second user.

Abstract: This document describes tools capable of authorizing or enabling authorization of multiple payment transactions without requiring that a buyer or seller authorize each transaction separately. The tools may do so by enabling a buyer or seller to select aggregate constraints, such as a total price or number of transactions. Based on these selected constraints, the tools may authorize every payment transaction that meets the aggregate constraints without requiring the buyer to authorize every transaction separately.

Abstract: A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided.

Abstract: Facilitating transactions using non-traditional devices and biometric data to activate a transaction device is disclosed. A transaction request is formed at a non-traditional device, and communicated to a reader, wherein the non-traditional device may be configured with an RFID device. The RFID device is not operable until a biometric voice analysis has been executed to verify that the carrier of the RFID equipped non-traditional device is the true owner of account information stored thereon. The non-traditional device provides a conduit between a user and a verification system to perform biometric voice analysis of the user. When the verification system has determined that the user is the true owner of one or more accounts stored at the verification system, a purchase transaction is facilitated between the verification system. Transactions may further be carried out through a non-RF device such as a cellular telephone in direct communication with an acquirer/issuer or payment processor.

Abstract: A_system and method for verification of a person identifier received online is described. The method includes receiving a request for verifying a person identifier (PI1); and estimating whether (a) PI1 identifies the same person as another person identifier (PI2), (b) sender of PI1 is the same person as sender of PI2, and (c) PI2 identifies the sender of PI2.

Abstract: A Secure Virtual Point of Service (SVPOS) that coordinates the authentication, authorization, and identity, settlement, arbitration and non-repudiation for an electronic commercial transaction. For each commercial transaction, both the buyer and merchant authenticate itself to the SVPOS and create two unique transaction encryption keys, one for the buyer and one for the merchant. The merchant uses both encryption keys to encrypt a package that include at least product identification. The merchant and buyer calculate a hash of the package and transmit the calculated hash to the SVPOS for comparison to prevent repudiation. If the calculated hash is identical the buyer receives the merchants encryption key and decrypts the package. Payment is released by the SVPOS if the buyer is satisfied with the package via a Parlay system. If the buyer is not satisfied, said SVPOS performs arbitration between the buyer and merchant to determine if the package is correct.

Abstract: A method includes receiving by an OpenID network device a user log in; logging in, by the OpenID network device, the user to an OpenID account; receiving, by the OpenID network device and from a third party service provider network device, a request to authenticate the user and a request to receive user data associated with the user; providing, by the OpenID network device, a user interface to an end device to allow the user to confirm his/her sign-in to the third party service provider network device and release of the user data; receiving, by the OpenID network device, a confirmation with regard to the user's sign-in to the third party service provider network device and release of the user data; and sending, by the OpenID network device and to the third party service provider network device, a message indicating that the user is authenticated and the user data.

Abstract: One method herein includes forwarding an invoice for a purchase agreement made between a seller and a buyer. The method includes receiving a service selection indicating that the invoice is to be paid using an escrow system. The service selection includes a token for verification of a buyer's signatory. The method receives funding confirmation that the buyer has deposited funds into an escrow account. Based on funding confirmation, notification to ship the goods is sent. The method receives shipping confirmation confirming that the goods have been shipped. Upon receipt of the goods, a receiver is authenticated as the authorized signatory using the verification system. This authentication is based on the stored token matching a provided token. Based on verification of the receiver, the goods are released and the deposited funds from the escrow account are deposited into the seller's account.

Abstract: The invention is a system and method for accessing an online user account registry, comprising: a) Approving access to an online user account registry via a verification platform comparing a bid verification data, comprising a unique user code provided from a nexus access token, with a registered verification data; b) Accessing the online user account registry via a rule-module invoked from a rule-module nexus, said online user account registry comprising a plurality of financial accounts of the user; Whereby an online account registry, comprising a plurality of financial accounts, is accessed via a unique user code provided from a nexus access token.

Abstract: Token rules that facilitate determining whether to generate a token for use in a mobile transaction are stored in a memory. The memory also stores token criteria associated with a user. A processor, communicatively coupled to the memory, accesses the token rules and determines whether to generate the token by applying at least a portion of the token rules to the token criteria associated with the user. The token is generated upon a determination to generate the authorized token, and the token is generated before the mobile transaction begins. An interface, communicatively coupled to the processor, communicates the token to a mobile device associated with the user.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: Electronic documents corresponding to executed paper documents are certified. A certifying agent receives an electronic document and a corresponding paper document that had been executed pursuant to some transaction. The certifying agent compares the information contained in the paper to that in the electronic mortgage document. If the paper adequately corresponds to the electronic document and is otherwise sufficient, then the certifying agent certifies the electronic document so that other parties can reliably engage in transactions involving the electronic document without having to possess or otherwise inspect the executed paper document. Certification involves application of some form of indicia of certification to the electronic document, such as updating the value of a field corresponding to certification in the electronic document and/or applying a digital or electronic signature corresponding to the certifying agent to the electronic document.

Abstract: Methods, systems, and computer program products for storing usual order preferences associated with a point of sale transaction involving an identification article. In one embodiment, the method includes receiving an initial order involving the use of an identification article for purchasing at least one good or service. As part of receiving the initial order, a query asking if the initial order is to be designated as a usual order is issued. The method also includes registering the initial order as the usual order if a received response to the query indicates a usual order designation and storing an indication of the usual order in a storage medium.

Abstract: Particular embodiments provide a method for orchestrating an order fulfillment business process that includes a sub-process. In one embodiment, abstraction of business processes from an underlying information technology (IT) infrastructure is provided. An orchestration process can be designed using sub-processes such that the sub-process is assembled at run-time into an executable process. The sub-process may be defined in an interface as a single step. A plurality of services as then assembled as steps in the executable process at run-time.

Abstract: When providing cloud-based software services to a print customer or print shop for executing a print job, information related to one or more vendors that supply downloadable software that satisfies a print consumer's specified print job requirements is obtained and software from a selected vendor is downloaded. The downloaded software is inserted at a selected point in a print job workflow, and the print job is executed. The print consumer is charged on per-use basis for use of the downloaded software by providing a hashed payment word for each subsequent use of the downloaded software. A payment word chain comprising the initial hashed payment word and each successive hashed payment word is then provided to the vendor of the downloaded software, who performs a hash algorithm to verify the payment words and redeems the payment words for micro-payments.

Abstract: Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input.

Abstract: An audiovisual reproduction system triggered by payment from a user is developed around a microprocessor device. The system includes memory containing, in compressed digital form, audio and visual information, and a display and digital audio reproduction unit, for creating a multimedia environment. The display includes a video monitor and an interactive user interface which reacts to external events and translates the external events for a multitasking operating system as events activating, via a graphical module of a library of integrated tools and services, a display of windows or frames providing control of physical operating parameters of the audiovisual reproduction system. The external events includes at least a down-event where the user contacts a representation displayed on the touch screen, selecting a parameter to modify, and an up-event where the use breaks contact with the screen, which triggers modification of the selected parameter, saving the parameter in the memory.

Abstract: A network clearinghouse may be provided that brings together organizations (subjects) requiring outsourcing of a service and service providers (operators). The clearinghouse manages the bidding and awarding of contracts, by collecting and authorizing requests for proposals (RFPs), sending bid invitations to operators that meet the requirements of the subject, sending a notification that the contract has been awarded, and collecting payment from the subject and paying the operator.

Abstract: A method to access financial data. The method includes redirecting, by a computer processor and based on an input of a user, the user to a website of a financial institution (FI), wherein the user submits a request via the website to access the financial data, obtaining, in response to the user submitting the request, a token identifying the request, identifying, by the computer processor, a financial data structure in a remote repository based on the token, wherein the FI stores a financial data record in the financial data structure in response to the request, and retrieving, without user intervention, the financial data record from the financial data structure, wherein the financial data record is used by a financial management application to prepare a financial management report for the user.

Abstract: A system and method are provided for managing financial market information. According to certain embodiments, the system includes a computer having a memory, processor, and display. The processor is capable of generating a graphical depiction of the financial market information on the display. The graphical depiction includes a multidimensional representation of a broad range of market information for at least two financial instruments. The graphical depiction resides in a single window on the display. The financial instruments may include multiple different classes of financial instruments, such as treasuries and futures. Different instruments may be selected and information, including basis information, relevant to the selected instruments may be displayed in a second window.

Abstract: A wearable identification token includes a housing, a transmitter for transmitting user identification data to a proximity reader, a switch for switching the identification token between an enabled state and a disabled state, and a sensor for detecting removal of the housing from the user's body. The switch is responsive to the sensor to switch the identification token from the enabled state to the disabled state in response to the housing being removed from the user's body, and is responsive to a signal received from a trusted electronic device to switch the identification token from the disabled state to the enabled state.

Abstract: An online electronic wallet system and method provide secure storage and transmission of payment instrument information for use in completing online purchases initiated from a client device. A payment instrument's verification code is stored in an encrypted form in local storage on a client device and retrieved and re-encrypted along with other payment instrument information stored on the system using a merchant-specific key. An API library is used to integrate the online electronic wallet system with a registered merchant's purchase flow, including the ability to ensure receipt of an electronic receipt prior to communicating payment instrument information to a merchant server.

Abstract: A digital signature system and method are disclosed. The digital signature system may include a remote certificate server for storing and maintaining at least one digital certificate of a user by a service provider and a digital signature printer driver loaded on the user's computer for communicating with the service provider via a network, such as the Internet. The digital signature printer driver may obtain verification of the user's identity from the service provider via the network and electronically place on a printable document a digital signature of the user based on the remotely stored digital certificate. The system may further include a remote storage server for storing a digital copy of the digitally signed document. The digital signature may include a unique identifier for subsequent validation of the digital signature by the service provider.

Abstract: In at least one embodiment of an ecommerce system, payment data is divided into proper subsets and distributed among multiple data processing systems, and each of the data processing systems stores less than all of the subsets of the payment data after the subsets of payment data are distributed and until at least sending the payment data to a payment authorization system for processing. In at least one embodiment, distributing proper subsets of the payment data among multiple data processing systems enhances security of the payment data by limiting an amount of time and the locations in which a complete set of payment data is persisted.

Abstract: A digital downloading jukebox system including a mechanism for delivering custom services to a recognized user, including services for creating playlists, communicating with others, accessing other features, etc. is provided. In some exemplary embodiments, after a user is recognized, the jukebox system allows users to access a special front-end via the Internet or on an actual jukebox. Then, the user may, for example, create playlists, share songs with friends, send messages to friends, and access other value-added content. Other exemplary embodiments allow users to become certified, charging them for services without requiring constant inputting of coinage or credit card information. Such a system preferably learns about networks of friends, and enables managers to send similar messages to regular customers and/or others known to the system.

Abstract: An artist or a music company creates multimedia music contents using interactive media creating tools on their computer and upload to a fans club server. The fans club server maintains all fans registration information and client uploaded multimedia music/songs contents. An interactive media description module on the fans club server generates the interactive media using the multimedia contents provided by the client or the artist as its input. The generated interactive media will be distributed among the fans of the respective artist for playing on their mobile phones and review their contents online for a feedback before the songs being released in the market. The interactive media also prompts mobile phone user for purchasing the songs online. The mobile phone user can also purchase trial songs, and download on their mobile phone and make the online payment.

Abstract: A method to authorize a mobile payment for a transaction. The method includes receiving a facial image of a consumer who requests the mobile payment for the transaction using account information stored in a mobile device of the consumer, wherein the facial image is provided by a point-of-sale (POS) device while initiating the transaction on behalf of the consumer, receiving a verified facial image of an account holder, comparing the facial image of the consumer and the verified facial image of the account holder based on a pre-determined criterion to verify the consumer as the account holder, generating, in response to verifying the consumer as the account holder, an authorization of the mobile payment based on the account information, and sending the authorization to the POS device to complete the transaction.

Abstract: A device is configured to allow a user to select any of a plurality of accounts to employ in a financial transaction. The user device includes a biometric sensor configured to receive a biometric input, a user interface configured to receive a user input including secret information known to the user and identifying information concerning an account selected by the user from the plurality of accounts. The user device includes a communication link configured to communicate with a secure registry, and a processor coupled to the biometric sensor to receive information concerning the biometric input, the user interface, and the communication link. The processor is configured to generate a non-predictable value and encrypted authentication information from the non-predictable value, the identifying information, and at least one of the information concerning the biometric input and the secret information, and communicate the authentication information via the communication link to the secure registry.

Abstract: A transaction security code database and a method and apparatus for generating the transaction security code database. The transaction security code database is comprised of multiple transaction security codes, each transaction security code constituting a transaction code generated based upon a transaction initiated by a user, which is appended to or linked to a security code which is based upon a biometric sensor code generated by a biometric sensor from a biometric presentation of a biometric feature of the user.

Abstract: Systems and methods for increasing user trust by authenticating an electronic commerce server over an electronic communications channel using information received through an out-of-band communication in a physical communications channel are described. In one configuration, a paper bill is sent to a user by physical mail delivery and it includes challenge and response data used to authenticate the electronic commerce server over the electronic communications channel.

Abstract: A permission level associated with an associate's web access is identified. A relationship ticket is obtained from an authentication server and a request is generated to set the identified permission level. The request and the relationship ticket are sent to a Web server and a success code is received from the Web server if the requested permission level is established.

Abstract: An embodiment defines access control allowing the expression of access control rules using ontology based semantics and references an ontology subset using XPath as the ontological expression. The access control rules or access criteria are defined by an access control statement and may be expressed using classification criteria and ontology classes. The access control statement comprises a structural description that is used to define an asset and a logical expression that may be used to express the classification criteria. The access control statement defines access policy for various assets.

Abstract: A method and apparatus for attesting the configuration of a computing platform to a verifier. A signature key (SK) is bound to the platform and bound to a defined configuration of the platform. A credential (C(SK), CDAA(SK)) for the signature key (SK) is obtained from an evaluator. This credential (C(SK), CDAA(SK)) certifies that the signature key (SK) is bound to an unspecified trusted platform configuration. The platform can then demonstrate to the verifier the ability to sign a challenge from the verifier using the signature key (SK), and demonstrate possession of the credential (C(SK), CDAA(SK)) to the verifier, thereby attesting that the platform has a trusted configuration without disclosing the platform configuration to the verifier.

Abstract: A method for authenticating a financial transaction at a point of sale (POS) includes storing an application program in a first secure element of a mobile phone. The application is configured to generate instruction codes to effect the financial transaction upon verification of a user's identity. The user's credentials are stored in a second SE of the phone, which is operable to verify the user's identity from a biometric trait of the user input to the phone and to generate data authenticating the financial transaction in response to the verification of the user's identity. At the POS, the user invokes the application and then inputs a biometric trait to the phone. The second SE verifies the user's identity, and upon verification, generates data authenticating the transaction. The financial transaction data, including the instruction codes and the authenticating data, are then transmitted from the phone to the POS.

Abstract: A method for registering biometric information for use in a transponder-reader system is disclosed. The method includes steps of detecting, verifying and storing a proffered biometric sample. During detecting, a sensor detects a proffered biometric to obtain a biometric sample. During the verifying step, the biometric sample is compared with other stored samples and/or other information. During the storing step, the biometric sample is stored on a database, for use by the transponder-reader system in authorizing transactions.

Abstract: In one embodiment, a method includes sending by an endpoint a request for information about available services to a network device; receiving by the endpoint a message from the network device, the message including information associated with a first service provider; determining by the endpoint whether the first address is certified by a trusted third party as being associated with the first service provider; if the first address is certified by the trusted third party, communicating by the endpoint with the first service provider using the information; and, in response to communicating with the first service provider using the information, receiving by the endpoint access to a service from the first service provider through the network device.

Abstract: Value tracking of automated clearing house (“ACH”) payments processed by an ACH operator includes receiving an ACH file for ACH processing. The ACH file comprises ACH payments originated by a remote sending point on behalf of a sending customer. A sum value of the ACH payments is added to a value of prior payments processed for the sending customer during a specified time period to obtain an accumulated payment value. The accumulated payment value is compared to a pre-established payment cap to determine whether the accumulated payment value exceeds the payment cap. The ACH payments are processed in response to a determination that the accumulated payment value does not exceed the payment cap. Whether to override the payment cap can be determined in response to a determination that the accumulated payment value exceeds the payment cap.

Abstract: A system and method facilitating purchase transactions over a computer network, including the purchase of electronically storable items. The embodiments herein encrypt “customer identifier string” in an encryption stream and cause the encryption stream to be transferred from the customer to a merchant in the purchase transaction. A verification entity receives the encryption stream which is sent by the merchant for identity verification and payment authorization. Then, the verification entity verifies the identifiers contained in the encryption stream and transfers an identity verification and payment authorization from the verification entity to the merchant.

Abstract: Systems and methods for conducting contactless payments using a mobile device and a magstripe payment card are provided. One such method includes receiving, at the mobile device and prior to a requested financial transaction, a dynamic authentication token from a server, the dynamic authentication token indicative of a predetermined authentication of a magstripe payment card based on data obtained during a swipe of the magstripe payment card; wirelessly transmitting, in response to a request to facilitate a financial transaction, the dynamic authentication token from the mobile device to a contactless payment terminal; and sending the dynamic authentication token and information related to the requested financial transaction to the server for authorization of the requested financial transaction.

Abstract: A method and apparatus for protecting against attacks from outside content is described. In one example, a request is received from a user to access content from a second domain. An active session for the user with the second domain is searched for. If no active session is found, then an active session with a related first domain is searched for. If an active session is found with the first domain, then a session is established with the second domain based on the active session with the first domain. The requested content is then provided to the user based on the established session with the second domain.

Abstract: A computer-implemented method of identifying a mobile device for carrying out a transaction includes receiving from a mobile device a purchase request, providing to the mobile device a redirect message to direct the mobile device to a device number identification service, and obtaining an identifier for conducting commerce with the device and using the identifier to request a transaction authorization from a billing service associated with the device.