Abstract: An electronic device and permission control method are disclosed. The electronic device includes a display, a communication circuitry, a memory and a processor. The processor implements the method, including: receiving a first evaluation regarding usage of an access permission by at least one application from a server, via the communication circuitry, generating usage information indicating historical usage of the access permission by the at least one application, generating a second evaluation of the access permission granted to the at least one application, based at least on the usage information, determining an evaluation result based on at least one of the first evaluation or the second evaluation, and determining whether to display a user notification regarding the access permission, based on the evaluation result.

Abstract: A technique for remote access via a computing device is discussed. In one embodiment, a computing device receives data indicative of a card number associated with a bank-issued debit card. The debit card is associated with a bank account at a bank that issued the bank-issued debit card. The computing device also receives data indicative of an amount of cash to be deposited into the account based on an amount of cash provided at the computing device location. Encrypted data indicative of the card number and the data indicative of the amount of cash is routed to a gateway vendor server and is further routed to a payment network server for deposit of an amount corresponding to the data indicative of the amount of cash into the bank account associated with the card number.

Abstract: In general, embodiments of the present invention provide methods, apparatus, systems, computing devices, computing entities, and/or the like for performing scalable dynamic data transmissions. Certain embodiments of the present invention utilize systems, methods, and computer program products that perform scalable dynamic data transmission using structured data responses that include structured response extensions, where the structured response extensions may include dynamic extension response fields generated based on a structured request header of a corresponding structured data request.

Abstract: A method for generating a cryptographic promissory note for posting to a blockchain includes: receiving an authorization request for a payment transaction, the authorization request being a transaction message formatted based on one or more standards that includes a plurality of data elements including a first data element configured to store a blockchain address and a second data element configured to store a transaction amount; generating a promissory note including the transaction amount; digitally signing the generated promissory note with a private key; encrypting the signed promissory note with a symmetric key; wrapping the symmetric key with a public key corresponding to the private key and a public key associated with an acquirer involved in the payment transaction; and electronically transmitting a blockchain transaction to a blockchain network that includes the encrypted promissory note, each symmetric key, and the blockchain address.

Abstract: An open framework for mobile payments to vending machines (VM) comprises a namespace and a payment bus: the namespace provides unique IDs for VMs, and the payment bus enables payers to pay any VM through any payment service of their choice. Embodiments describe how this invention caters to online VMs with a wide-area data connection and offline VMs with no data connection. Described herein is a VM module that enables traditional VMs to be retrofitted. The twin goals of our invention are (a) to give customers and vending machine operators a universal payment platform and (b) to enable vending machine operators to reduce their capital and operational costs.

Abstract: This disclosure enables various computing technologies for smart contracts to be audited in ways that improve on conventional auditing approaches mentioned above. These technologies improve functioning of computers by enabling large language models to review bytecodes executable on distributed ledgers to determine whether those bytecodes enable smart contracts on those distributed ledgers and then acting accordingly.

Abstract: An electronic device, in disclosed embodiments, includes an antenna, transceiver circuitry coupled to the antenna, a memory configured to store a first operation key and instructions, and a processor coupled to the transceiver and to the memory. The processor is configured to execute the instructions stored in the memory to cause the electronic device to, in response to receiving a first transmission containing an encrypted version of a second operation key that is encrypted by the first operation key, decrypt the encrypted version of the second operation key using the first operation key to recover the second operation key, store the second operation key in the memory, transmitting, by a transmitter of the electronic device, a second transmission that contains the first operation key and a command.

Abstract: Described are a signature verification method, apparatus, and system. The method includes: encrypting a third-party payment identifier and payment information according to a first key to obtain a first signature; encrypting a third-party client identifier and first signature information according to a second key to obtain a second signature; and providing the third-party client identifier, the first signature information, and the second signature to a client server for verification.

Abstract: Expedited transaction processing using a database of integrated in-store and online transactions is described. First transaction information associated with a first transaction conducted in a physical store of a merchant and second transaction information associated with a second transaction conducted via an online store of the merchant can be received. The first transaction can be processed based at least partly on the first transaction information and a record of the first transaction can be stored in the database. Based at least partly on the record, the second transaction can be processed using at least a portion of the second transaction information by (i) sending, to a card authorization service, the second payment information and (ii) generating an indication that the first payment information was authorized for the first transaction at the physical store. A computing device of the online store can be notified that the second transaction is allowed.

Abstract: Described herein are systems and techniques in which a service provider may determine one or more capabilities of an authorization provider. To do this, the service provider may, upon receiving a request to determine authorization provider capabilities that includes at least an account identifier and an indication of a transaction type, identify a prototype message template associated with the indicated transaction type from a plurality of prototype transaction templates. The service provider may then overwrite a number of default data values with data values specific to the transaction to generate a prototype message for the transaction, which it may then send to the authorization provider. Upon receiving a response from the authorization provider, the service provider may determine whether the authorization provider is capable of conducting a transaction of the indicated transaction type based on information included within the received response.

Abstract: A system and method of operating a digital financial system to extend access to digital banking to those individuals that never had a financial or digital currency account. Users are able to share their internet with other users of the digital banking app of this invention, who are nearby and have no internet connection, to conduct financial transactions by sharing the internet between them. This increases social and financial inclusion to allow unbanked that have a smartphone to have access to the internet and to affordable digital banking. It also improves on the prior art with legal compliance of country of residence verification aided by technology rather than relying solely on information provided by the users. Thereby requesting stricter verification documents to such very small minority of users who are flagged as potentially non-compliant and leave the vast majority alone enjoying their digital banking experience without exhaustive or annoying processes.

Abstract: A method includes transmitting one or more segments of a security certificate on a wireless advertising channel of a peripheral device, where at least one of the segments of the security certificate identifies an authentication server, participating in a public key exchange between the peripheral device and a host device by transmitting a signed public key of the peripheral device, where the signed public key is signed in the security certificate, and transmitting one or more encrypted messages from the peripheral device to the host device via a first secure connection established based on the public key.

Abstract: A compromised data exchange system extracts data from websites using a crawler, detects portions within the extracted data that resemble personally identifying information (PII) data based on PII data patterns using a risk assessment module, and compares a detected portion to data within a database of disassociated compromised PII data to determine a match using the risk assessment module. A risk score may be assigned to a data item within the database in response to determining the match. In some embodiments, URL data may also be detected in the extracted data. The detected URL data represents further web sites that can be automatically crawled by the system to detect further PII data.

Abstract: Fuel dispensing transactions may be accomplished by a variety of systems and techniques. A fuel dispensing device may include a payment module, a data entry device, and a customer display. The payment module may receive a first communication from a point of sale device requesting an encrypted response and receive a second communication from the point of sale device requesting an unencrypted response. The module may match the first communication to a first corresponding library entry, match the second communication to a second corresponding library entry, determine a user response based on one of the first corresponding library entry or the second corresponding library entry, where the user response defines one of the encrypted response based on the first corresponding library entry or the unencrypted response based on the second corresponding library entry, and use the corresponding library entry to generate a visual customer display requesting the user response.

Abstract: A technique for remote access via a computing device is discussed. In one embodiment, a computing device receives data indicative of a card number associated with a bank-issued debit card. The debit card is associated with a bank account at a bank that issued the bank-issued debit card. The computing device also receives data indicative of an amount of cash to be deposited into the account based on an amount of cash provided at the computing device location. Encrypted data indicative of the card number and the data indicative of the amount of cash is routed to a gateway vendor server and is further routed to a payment network server for deposit of an amount corresponding to the data indicative of the amount of cash into the bank account associated with the card number.

Abstract: Method for online advertising auction on a peer-to-peer network includes: deploying a smart contract to publish a need from a consumer; receiving encrypted ad bids by the smart contract; storing the received ad bids in a hash function; reducing a number of ads that can be displayed by the consumer; transmitting the ad price to the consumer via the peer-to-peer computer network, when the hashed verification code is received from the consumer verifying that the consumer has viewed the ad content within an ad-viewing period of time; transmitting a difference between the advance payment and the ad price to the advertiser, by the smart contract via the peer-to-peer network; and ending the online advertising auction.

Abstract: A computer-implemented method for prepaid card funding for a single transaction includes receiving, from a client, a request for funding a single transaction using a payment vehicle, providing funds for the single transaction with the payment vehicle, notifying the client that the funds are available for the single transaction with the payment vehicle, receiving notification from the client that the single transaction with the payment vehicle has been completed, and unloading remaining funds from the payment vehicle, such that no funds remain with the payment vehicle.

Abstract: Protecting PII submitted through a browser. In some embodiments, a method may include detecting multiple PII of a user submitted to multiple organization websites through a browser. The method may also include encrypting each of the PII. The method may further include storing each of the encrypted PII along with an identifier of the organization website to which the PII was submitted. The method may also include receiving a request to view the PII along with an indicator of the organization website to which the PII was submitted. The method may further include retrieving each of the encrypted PII along with the identifier of the organization website to which the PII was submitted. The method may also include decrypting each of the encrypted PII. The method may further include displaying each of the PII along with the indicator of the organization website to which the PII was submitted.

Abstract: An apparatus comprises at least one integrated circuit. The apparatus has a size and shape substantially similar to an ordinary Subscriber Identification Module (SIM) card. The at least one integrated circuit comprises a memory storing first software that, when executed, causes the card to communicate with second software stored on the device. The second software, when executed, causes the device to provide both a SIM and Payment Security Application Module (PSAM) functionality to a user of the device.

Abstract: A computer-implemented method for determining a level of confidence that a payment transaction is not fraudulent is provided. The method is implemented using an assurance exchange (AE) computer device in communication with a memory. The method includes receiving authentication data associated with a candidate payment transaction being conducted by a cardholder via a website associated with a merchant from the merchant, storing the authentication data, receiving an authorization request message for the candidate payment transaction from a payment processor, retrieving the authentication data for the candidate payment transaction based on the authorization request message, and calculating an assurance level score based on the authentication data and the authorization request message. The assurance level score represents a level of confidence that the candidate payment transaction is not fraudulent.

Abstract: Embodiments of the invention are directed to a system and method for providing a high-volume transaction queueing, reserve ecommerce solution that automatically engages and queues transactions when a primary back-end transaction processing system becomes unresponsive or unstable. Through machine learning algorithms, embodiments of the invention control transaction submission rates by queuing them and throttling the rate at which they are processed based on self-awareness and constant monitoring, feedback and health checks of the primary system. When metrics indicate that the third-party system can begin accepting transactions again, the system automatically feeds the queued transactions along with real-time orders at a rate that the third-party system can successfully manage.

Abstract: An improved computer system and method for the publication of business content using a metadata framework that provides for rapid development, encapsulated and extensible functionality, and simplified communication with a wide variety of systems, each of which may support multiple data formats. The system includes an interface and formatting engine configured for identifying data related to a service in data fields in a service request and a control engine for selecting and executing at least one executable code module based on the service request and generating a user interface for display at a client system. The user interface includes a financial transaction field, an amount-of-transaction field, a payee field, a payor field, and a date field.

Abstract: A method for establishing an index of usability associated with a replacement payment card is provided. The method may include receiving a payment card replacement request in a vending facility. The method may further include identifying at least one possible risk factor associated with a user utilizing the replacement payment card. The method may also include creating a risk assessment based on the at least one identified possible risk factor. The method may further include establishing an index of usability for the replacement payment card based on the created assessment, whereby a value of the index of usability correlates to a plurality of restrictions placed on using the replacement payment card. The method may also include storing the established index of usability in a database.

Abstract: Systems and methods for programmatic access of a financial institution system. A normalized API request provided by an application system specifies user information corresponding to at least one account endpoint of an external financial institution system. Responsive to the request, at least one application proxy instance associated with the normalized API request is used to collect transaction information from a corresponding financial institution system by providing the financial institution system with a proprietary API request that specifies at least account credentials associated with the user information. The transaction information is included in at least one proprietary API response provided by the financial institution system. A normalized API response is generated based on the collected transaction information and provided to the application system.

Abstract: A payment processing device can implement a monitoring system to detect for tamper attempts at a chip card interface. The monitoring system can establish a baseline when no chip card is present in the chip card interface, or in some embodiments, when it is known that an authentic chip card 14 is present in the slot 21. During subsequent evaluations of the chip card interface by the monitoring system, a response received by the monitoring system that deviates from the baseline can indicate that a tamper attempt at the chip card interface may have occurred. If a tamper attempt is determined by the monitoring system, a remedial or corrective action can be taken.

Abstract: The application provides a method, apparatus, and electronic device for implementing blockchain-based transactions.

Abstract: Systems and methods for detecting attacks using a handshake request are provided. A plurality of devices can receive a plurality of handshake requests to establish TLS connections that include a respective application request. At least one of the plurality of handshake requests can include a first application request. The plurality of devices can record each of the respective application requests to a registry of application requests. A first device of the plurality of devices can receive a subsequent handshake request to establish a subsequent TLS connection that includes the first application request. The first device can query, prior to accepting the first application request, the registry for the first application request. The first device can determine whether to accept or reject the first application request responsive to identifying from the query that the first application request has not been or has been recorded in the registry.

Abstract: A system for receiving cash deposits at a point of sale includes a processor; a product inventory database; a communication interface; a product inventory item reader; and a purchase instrument reader. The processor is configured to receive a product code from the product inventory item reader; access the product inventory database to recognize the product code as a deposit product code; receive signals indicating an amount of a deposit associated with the deposit product code; receive signals from the purchase instrument reader identifying an account for the deposit; and send signals to a transaction processing network via the communication interface to thereby effect the deposit of the amount into the account.

Abstract: Systems and methods for facilitating payments are disclosed. In one embodiment, a method for facilitating a transaction may include (1) a customer selects a good or service to purchase from a merchant; (2) the customer being authenticated with a financial institution; and (3) the financial institution associating a unique identifier for the customer's merchant account with the customer's financial institution account. In another embodiment, a method for facilitating a transaction may include (1) a customer selecting a good or service to purchase from a merchant; (2) the customer being authenticated with a financial institution; (3) the financial institution provisioning a merchant-specific identifier for the merchant; and (4) the financial institution providing the merchant-specific token to the merchant.

Abstract: Systems and methods for implementing mobile payments. In an aspect of in-store purchase, a merchant sends a payment amount and merchant account info to transaction center. A buyer sends a code and buyer account info to transaction center. The code represents the merchant. In an aspect of online purchase, an e-commerce merchant provides options for a buyer to use names other than a first name plus a surname. In one embodiment, a buyer submits a shortened name or nickname for online purchases when a given payment service is used as a payment method.

Abstract: Systems and methods for controlling distributions by an automated electronic networked central clearinghouse are disclosed. Exemplary implementations may: receive an exchange request that indicates a first user offers a first digital asset for a reversible exchange on a fiat-currency-based online exchange platform; obtain asset-specific distribution rights for the first digital asset; receive exchange information regarding the reversible exchange with an exchanging user; monitor, during a waiting period, whether any actions taken by the exchanging user determine reversibility of the reversible exchange, or whether the waiting period for reversibility times out; based on a time-out or a determination regarding reversibility, either (i) transfer the ownership of the first digital asset to the first user, or (ii) clear the reversible exchange by non-temporarily transferring the ownership to the exchanging user, and by distributing benefits in accordance with the asset-specific distribution rights.

Abstract: Systems and methods for enhanced shopping using a mobile device are disclosed. In one embodiment, a method for enhanced shopping using a mobile device may include (1) a mobile application executed by a mobile electronic device associating with a merchant system, the mobile electronic device comprising at least one computer processor, a memory, an optical input, and a display; (2) the mobile application receiving an item identifier associated with an item; (3) the mobile application receiving item data for the item from the merchant system based on the item identifier; (4) the mobile application receiving purchase confirmation for the item; and (5) the mobile application communicating payment information for the item to the merchant system.

Abstract: A networking system for transmitting a data message from one or more remote client devices to a central processing hub is provided. The system includes a plurality of communications networks each connecting the central processing hub with the one or more remote client devices. The plurality of communications networks includes at least two separate communications networks. The system also includes at least one interface processor and a communication routing (CR) computing device connected to each of the communications networks. The CR computing device is configured to receive a data message from the one or more remote client devices, and direct the data message to one of the communications networks for transmission to the central processing hub. The data message is a payment transaction data message.

Abstract: A method and system for on-demand authorization of access to protected resources are presented. The method comprises associating a primary user device with at least one secondary user device, the primary device having access privileges at a first degree of privilege; changing any access privileges assigned to the primary user device for accessing protected resources to a lesser degree of privilege; and reinstating the access privileges of the primary user device to the first degree of privilege, upon receiving a verification message from the at least one secondary user device.

Abstract: Systems and methods for programmatic access of a financial institution system. A normalized API request provided by an application system specifies user information corresponding to at least one account endpoint of an external financial institution system. Responsive to the request, at least one application proxy instance associated with the normalized API request is used to collect transaction information from a corresponding financial institution system by providing the financial institution system with a proprietary API request that specifies at least account credentials associated with the user information. The transaction information is included in at least one proprietary API response provided by the financial institution system. A normalized API response is generated based on the collected transaction information and provided to the application system.

Abstract: An application delivery controller for improving remote healthcare services is disclosed. The application delivery controller may be configured to provide improved service routing and security. In some implementations, the application delivery controller may receive a service request from a client device. The application delivery controller may determine routing parameters based on a requested service of the service request, authenticate access from the client device based on the requested service, a security zone of the requested service, and a token, and route the requested service to the client device based on the routing parameters and the authenticated access.

Abstract: A set of cryptographic keys are synchronized across a set of HSMs that are configured in an HSM cluster. The set of cryptographic keys is maintained in a synchronized state by HSM cluster clients running on client computer systems with corresponding client applications. If the HSM cluster becomes unsynchronized, an HSM cluster client attempts to lock the HSM cluster and reestablish synchronization of the cryptographic keys across the HSM cluster. HSMs within the HSM cluster are able to establish an encrypted communication channel to other HSMs without revealing the contents of their communications to their respective host computer systems. Individual HSMs in the HSM cluster may include features that assist the HSM cluster client in determining whether each HSM is up-to-date, identifying particular keys that are not up-to-date, and copying keys from one HSM to another HSM within the HSM cluster.

Abstract: Systems and methods for providing a transaction authorization from a funds facilitation system for a transaction requested by a user to a merchant system such that the user is not required to input any user authentication information in excess of authentication information required by the merchant system are provided. A system and method can include receiving a transaction request from the merchant system containing a merchant ID, a merchant user ID, and a transaction amount. The system identifies a funds facilitation system user ID based on the merchant ID and the merchant user ID and determines satisfaction of a funds facilitation system user authentication requirement based on the merchant system having a trusted status with the funds facilitation system. A transaction authorization message or transaction denial message is provided to the merchant system based on account information associated with the user and the transaction amount.

Abstract: Examples of the disclosure enable the recalculation of device chaining in a user interface. In some examples, a first element representing a first hardware device is received at a design surface of a computing device user interface. A second element representing a second hardware device is received at the design surface. A selection of an output associated with the first element is received. A function that binds a property of the second element to a property of the output associated with the first element is automatically generated. Aspects of the disclosure enable the automatically generated function to be displayed at the design surface.

Abstract: A method and apparatus for providing radio communication with an electronic object in a local environment are disclosed. For example the method receives via a mobile endpoint device of a user at least one first digital certificate associated with the local environment from a trusted source, and a second digital certificate from the electronic device deployed in the local environment via a wireless connection. The method then authenticates the electronic device using the at least one first digital certificate and the second digital certificate.

Abstract: A virtual payment system for paying for goods, services and content ordered over an internetwork is disclosed. The virtual payment system includes a commerce gateway. Buyers and sellers becomes registered participants by applying for virtual payment buyer and seller accounts. Once an account is established with the commerce gateway, a digital certificate is stored on the registered participant's computer. A buyer can then order a product, i.e., goods, services or content from a seller and charge it to the virtual payment account. When the product is shipped, the seller notifies the commerce gateway, which applies the charges to the buyer's virtual payment account. The buyer can settle the charges using a prepaid account, a credit account, or by using reward points earned through use of the virtual payment account. A buyer may create sub-accounts.

Abstract: The APPARATUSES, METHODS AND SYSTEMS FOR A PUBLISHING AND SUBSCRIBING PLATFORM OF DEPOSITING NEGOTIABLE INSTRUMENTS (hereinafter “PS-PLATFORM”) provides a negotiable instrument data publish and subscribe framework, whereby financial institutions may exchange negotiable instrument deposit data and/or validation information within the publish and subscribe framework. In one embodiment, the PS-PLATFORM may register a financial institution as a subscriber and provide financial transaction information to the financial institution based on the subscription.

Abstract: A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as with the use of tokens. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder's authenticity has been verified. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages via the Internet are described. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages through voice and messaging channels is also described.

Abstract: A download manger running on a computer system identifies an in-progress download of content by the computer system directly from a content system. The download manager causes the computer system to join a peer-to-peer network in which the content is being shared. The computer system starts to receive data blocks of the content from peer-to-peer network, as it continues the download from the content system. Based on the receipt of the content from the peer-to-peer network and from the content system, the download manager determines whether the computer system should rely primarily on the peer-to-peer network instead of the content system for receiving the content. If a determination is made to rely on the peer-to-peer network instead of the content system, the download manager terminates the download from the content system and continues receiving data blocks of the content from the peer-to-peer network.

Abstract: Systems and methods for programmatic access of a financial institution system. A normalized API request provided by an application system specifies user information corresponding to at least one account endpoint of an external financial institution system. Responsive to the request, at least one application proxy instance associated with the normalized API request is used to collect transaction information from a corresponding financial institution system by providing the financial institution system with a proprietary API request that specifies at least account credentials associated with the user information. The transaction information is included in at least one proprietary API response provided by the financial institution system. A normalized API response is generated based on the collected transaction information and provided to the application system.

Abstract: A distributed search system includes a central server having an index of data, wherein the index of data is also available on a plurality of computing devices in a distributed computing network, the plurality of computing devices being distinct from the central server, each the computing device having a cache in which the computing device automatically stores data generated during the course of the computing device's access to another computing network distinct from the distributed computing network.

Abstract: An Internet telephony system (ITS) comprising an enclosure, an interface to a packet switched computer network; a communications processor, configured to implement a voice over Internet Protocol communication, to execute at least a client portion of a telephony control application supporting at least a coordinated delivery of data presented to the user through a user interface and a conversation using the voice over Internet Protocol communication; and to execute a web browser; and at least one manual control input.

Abstract: Disclosed are systems and methods for responding to the arrival of a person within a defined geographic area after receiving a virtual presence by applying discounts at a point-of-sale are defined. A mobile electronic device stores user profile and consumer incentive data and periodically outputs a unique device identification number and position data. A host server monitors the position data and when it is within the defined geographic area, the user profile and consumer incentive data is received from the mobile electronic device and transmitted to a servers and a point-of-sale for enhanced customer services and savings. When the user leaves the defined geographic area, the profile data is removed.

Abstract: A method and system for authentication of sites in a land mobile radio (LMR) system and encryption of messages exchanged by the sites. In some embodiments, the method includes transmitting a certificate created by a trusted authority by applying a function to a first site public key using the trusted authority's private key to generate a reduced representation, which is encrypted with the trusted authority's private key. Other sites may receive the certificate, decrypt it using the trusted authority's public key, and authenticate the first site. The method may further include generating a session key, encrypting it with the public key of the first site, and transmitting the encrypted session key to the first site. The first site decrypts the encrypted session key with the first site's private key, and transmits a message encrypted with the shared session key to other sites for decryption using the session key.

Abstract: A method for decoupling user authentication and data encryption on mobile devices includes generating an encryption key (“EK”) for encrypting data and a key encryption key (“KEK”) for encrypting the EK, obtaining an encrypted EK by encrypting the EK using the KEK, storing the encrypted EK on a data container device (“DCD”), and storing the KEK on a key vault device (“KVD”) that is distinct from the DCD. Neither the EK nor KEK are generated using a user authentication secret as a seed. The DCD may fetch the KEK from the KVD as desired to decrypt the EK and to encrypt and decrypt data stored on the DCD. Examples of the DCD include a memory stick, smartphone, or tablet computer, while examples of the KVD include a dongle, smartphone, or tablet computer.