Abstract: A data processing system is provided that includes applications, databases, encryption engines, and decryption engines. Encryption and decryption engines may be used to perform format-preserving encryption on data strings stored in a database. Encryption and decryption engines may include embedded-format-preserving encryption and decryption engines. Embedded-format-preserving encryption engines may be used to encrypt data strings and embed information in data strings. Information corresponding to a format-preserving encryption operation of a data string may be embedded in an associated data string. The associated data string may be encrypted before or after embedding the information in the associated data string. The embedded information may include key management data that corresponds to a managed encryption key that was used to encrypt the data string.

Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.

Abstract: An embodiment of an electronic access control system includes an electronic access apparatus, an electronic lock, and an access control administration program. The electronic access apparatus provides a wireless power signal and a wireless digital data signal to the electronic lock. The wireless power signal can be the only source of power used by the electronic lock to actuate an electronic lock mechanism. In some embodiments, the lock mechanism includes a piezoelectric latch.

Abstract: Embodiment of the invention are directed to passing a plurality of communications directly from a merchant to a payment processing network. A first communication may include payment information in an authorization request, while a second transaction may include non-payment transaction data. The communications may be linked with a transaction identifier. In other embodiments, a capture file process is disclosed where capture files are generated by the payment processing network, and transactions are subsequently cleared and settled.

Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.

Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.

Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.

Abstract: A customer engagement device (CED) may receive a payment token associated with a transaction from a point of sale (POS) system. The CED may retrieve transaction details associated with the transaction from a gateway. The CED may prompt a customer to provide payment information for the transaction and may collect payment information from the customer. The CED may provide the payment information and may obtain a transaction authorization from the gateway. The CED may inform the POS system regarding the transaction authorization.

Abstract: A method for conducting PIN authorized EMV payments using an ordinary mobile phone. The credit card payment is conducted using a merchant's device comprising a card reader and a mobile phone a payment server and a buyer's mobile phone. A PIN entry request is sent from the merchant's device to the buyer's device via the payment server. A secure application in the buyer's device is executed and a PIN code may be entered securely. The entered PIN code is either verified, via the payment server, against the credit card in said merchant's device or against a bank server. Thus, secure credit card payments can be performed using an ordinary unsecure mobile device's.

Abstract: Described herein is a mobile-device-to-machine payment system and method for facilitating a cashless transaction for purchase of at least one product or service by a user from a payment accepting unit.

Abstract: A bank (or merchant) hosts and operates an online money transfer service (or “portal”). A sender logs into the portal and enters payment card and money transfer details and then submits the transaction. An authentication window appears displaying the sender's transaction details and the sender is prompted to enter his or her password. Upon successful authentication, the bank seeks authorization from the card issuer. Upon successful authorization, the bank credits the recipient's local bank account or existing payment card. The recipient can also receive a check, a draft, a prepaid card or cash. The money transfer service is used both cross-border and domestic to effect person-to-person money transfer. The money transfer service uses the “Verified by Visa” authentication service and VisaNet for authorization. Messages over VisaNet are used to deliver funds to a recipient.

Abstract: A method is provided for completing an authenticated commercial transaction over an internet protocol (IP) network (40) for an account holder (60) engaged in the transaction via a non-IP based telecommunications platform (30).

Abstract: Request processing within a computing environment is facilitated. Request processing and analytics processing for the request are performed substantially concurrently in order to improve efficiency of request execution. The analytics processing is at least commenced, and may complete, prior to receiving an indication of success or failure of the request processing. If request processing fails, analytics processing ceases, if not already complete, and results of the analytic processing are not used.

Abstract: Methods, systems, and devices for secure transaction management are provided. Embodiments include a method for providing secure transactions that include receiving an identifier of a financial account at a payment processor system. A token may be generated that is linked with the identifier of the financial account at the payment processor system. The identifier of the financial account and the token may be stored securely at the payment processor system. The token may be transmitted without the identifier of the financial account to at least a recipient system or a recipient device where the token replaces the identifier of the financial account.

Abstract: A data processing system for distributing and authenticating documents from a plurality of parties to a recipient data processing apparatus is disclosed. The system comprises a plurality of document distribution devices each configured to generate an original hash value from the content of a file containing a document to be distributed. A recipient data processing apparatus is configured to generate an original super hash value from the plurality of the original hash values, and to distribute the original super hash value to each of the document distribution devices. The system provides assurance that distributed documents have not been tampered with during communication, by an unscrupulous distributing party, or by an unscrupulous recipient by only submitting a hash value of the document to be distributed. The hash value provides for assurance at the eventual recipient of the document that no changes to the document have been made.

Abstract: Embodiments of the present invention provide a method for voice approval, where the method includes: receiving voice approval request information sent by an enterprise application server; establishing a voice communication connection with the terminal according to the contact information of the approver terminal; sending approval content audio information corresponding to the voice approval request information to the approver terminal; receiving feedback information, and obtaining approval result information according to the feedback information; and sending the approval result information to the enterprise application server. Embodiments of the present invention also provide a device and system for voice approval. In the embodiments of the present invention, the enterprise application server and the enterprise gateway are combined and improved to enable an approver to approve, in voice mode, an approval request raised by an applicant, thereby increasing the approval efficiency.

Abstract: Systems and methods for performing settlement of token access transactions are provided. In one embodiment, the invention provides for batch processing bank card transactions, including receiving transaction records for a plurality of bank card transactions, wherein at least some of the transaction records include encrypted token information; determining whether the transaction records contain encrypted token information; decrypting the encrypted token information for a transaction record that is determined to have encrypted token information; and providing clear text token information obtained by decrypting the encrypted token information for a transaction record for transaction settlement.

Abstract: A system and method for initiating a deposit transaction, where the depositor is a banking customer located at a remote location, and where the item to be deposited is a financial instrument, such as a paper check from a third party, payable to the depositor. The enabling system features a Remote Customer Terminal (RCT) with certain input devices, connected to a bank system. An image and/or other data of the financial instrument are transmitted from the RCT to the Bank of First Deposit (BOFD) where the data may be processed by conversion to Electronic Funds Transfer (EFT), via Electronic Check Presentment (ECP), or via check reconstruction. The deposit transaction can be accomplished without physical transfer of the financial instrument to or through the bank system. The system and method provide convenience and improved transaction processing speed compared to other deposit transactions of financial instruments.

Abstract: The invention concerns a method of making a payment transaction by a customer including steps of receiving, by a mobile device (402) of the customer, merchant data; transmitting, by the mobile device to a remote server (408), a payment transaction request including the merchant data; determining, by the remote server, the identity of the customer based on the request and the identity of the merchant based on the data; and implementing the payment transaction between bank accounts of the customer and the merchant.

Abstract: Disclosed are systems and methods for managing transactions in which an order is specified online and payment is received at a point of sale (POS). Methods are disclosed for managing payment for such transactions at a POS, including transactions involving payment for both in-store purchases and online orders. Methods are also disclosed for managing inventory and price changes for such transactions where payment can occur at any time in a pay period following order creation. Also disclosed are methods for processing refunds for online orders for which payment was made at a POS. Finally, methods for preventing fraud and abuse as well as restricting the availability of this payment method for certain items are disclosed.

Abstract: Transaction management for processing payment-related aspects of transactions is facilitated. According to an example embodiment of the present invention, a transaction management approach involves the processing of payments on behalf of a buyer or other owing party. These payments are made, e.g., in connection with accounts payable or other functions implemented by the buyer/owing party. In some applications, the payment processing involves a trade credit approach, wherein payment is made on behalf of the buyer/owing party against a credit-type account.

Abstract: A method of preventing fraud at a self-service terminal is described. The method comprises: receiving a signal from an electromagnetic sensor located in the vicinity of an electromagnetic signal transmitter; monitoring a drive signal being delivered to the electromagnetic signal transmitter; and comparing the drive signal with the electromagnetic sensor signal. The method then ascertains if a state of the electromagnetic sensor signal is inconsistent with a state of the drive signal; and triggers an alarm when the state of the electromagnetic sensor signal is inconsistent with a state of the drive signal.

Abstract: A method for transmitting data between a mobile communication device and a server. The method includes running a mobile application on the mobile communication device. The mobile application is hosted on the mobile communication device through the server as a Software as a Service (SaaS). The method further includes transmitting data associated with the mobile application between the mobile communication device and the server, in which transmission of the data between the mobile communication device and the server is monitored through the server.

Abstract: Disclosed embodiments provide systems and methods of processing payment authorisation requests for payment transactions to be conducted via a data communications network. The method allows identification of an issuing bank from a plurality of issuing banks as one which is to be utilised in a given transaction and facilitate a user specifying, in real time in relation to the given transaction, a particular bank account that is to be used to deduct funds for that transaction.

Abstract: A firewall cluster having three or more firewall processing nodes sharing the same shared IP address. Port numbers are assigned to the firewall processing nodes within the cluster and are used to distinguish between traffic sent to the cluster. Each network connection is assigned a destination port number. Each node receives the network connection and its assigned port number and determines if the assigned destination port number matches one of its assigned port numbers. If so, the node processes the network connection. If the assigned destination port number does not match one of its assigned port numbers, the network connection is discarded.

Abstract: A security component may be associated with a network-enabled application. The security component may initiate the display of an embedded region of a window drawn according to display information received from a relying party. The security component may define at least a portion of the appearance of the embedded region; the relying party may not define this portion. The embedded region may include customization information configured by a user, and “Card” information received from an assertion provider, indicating how to authenticate user credentials in order to gain access to relying party restricted content. The security component may request authentication of user credentials from the assertion provider, which may be trusted by the relying party. The security component may receive an assertion token from the assertion provider indicating the credentials are authentic. The security component may forward the assertion token to the relying party to gain access to the restricted content.

Abstract: In one embodiment, transferring payment between a first user and a second user of a communication system includes displaying a contact list in a user interface of a client executed at a user terminal of the first user, the contact list including the second user. The client retrieves and displays at least one page from a payment provider responsive to the first user selecting the second user from the contact list. The client transmits, to the payment provider, information related to the payment entered into the page by the first user, which causes the payment provider to transfer the payment from an account of the first user to an account of the second user.

Abstract: Facilitating transactions using non-traditional devices and biometric data to activate a transaction device is disclosed. A transaction request is formed at a non-traditional device, and communicated to a reader, wherein the non-traditional device may be configured with an RFID device. The RFID device is not operable until a biometric voice analysis has been executed to verify that the carrier of the RFID equipped non-traditional device is the true owner of account information stored thereon. The non-traditional device provides a conduit between a user and a verification system to perform biometric voice analysis of the user. When the verification system has determined that the user is the true owner of one or more accounts stored at the verification system, a purchase transaction is facilitated between the verification system. Transactions may further be carried out through a non-RF device such as a cellular telephone in direct communication with an acquirer/issuer or payment processor.

Abstract: Methods and systems for providing items of content over a peer-to-peer system are described. Items of content are requested from a central server by a downloading peer, and the central server determines uploading peers from whom the downloading peer may request parts of the content item.

Abstract: There is provided a method and device for providing personal data of first party to a second party. The personal data is stored in an electronic device comprising a mechanism for locking and unlocking access to the personal data and/or condition data stored therein associated with conditions for accessing said personal data. The second party receives the personal data dependent on whether the personal data is in a locked state and/or whether the conditions associated with the condition data are satisfied.

Abstract: A method may include allocating a number of public keys, where each respective public key is allocated to a respective entity of a number of entities; storing a number of private keys, where each respective private corresponds to a respective public key; storing one or more decryption algorithms, where each respective decryption algorithm is configured to decrypt data previously encrypted using at least one encryption algorithm of the encryption algorithms. Each respective encryption algorithm may be configured to encrypt data using at least one public key. Each respective decryption algorithm may be configured to decrypt data using at least one private key. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key and a first encryption algorithm, and the encrypted data is provided over a network.

Abstract: A method may include allocating a number of public keys, where each respective public key is allocated to a respective entity of a number of entities; storing a number of private keys, where each respective private corresponds to a respective public key; storing one or more decryption algorithms, where each respective decryption algorithm is configured to decrypt data previously encrypted using at least one encryption algorithm of the encryption algorithms. Each respective encryption algorithm may be configured to encrypt data using at least one public key. Each respective decryption algorithm may be configured to decrypt data using at least one private key. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key and a first encryption algorithm, and the encrypted data is provided over a network.

Abstract: Particular embodiments provide a method for orchestrating an order fulfillment business process that includes a sub-process. In one embodiment, abstraction of business processes from an underlying information technology (IT) infrastructure is provided. An orchestration process can be designed using sub-processes such that the sub-process is assembled at run-time into an executable process. The sub-process may be defined in an interface as a single step. A plurality of services as then assembled as steps in the executable process at run-time.

Abstract: A wagering game system and its operations are described herein. In embodiments, the operations can include managing multiple instances of gaming applications associated with a wagering game client device and determining event data from the multiple instances of gaming applications. The operations can further include aggregating the event data into an event repository and determining that a requesting application requests some portion of the event data. The operations can further include opening a communication channel between the event data repository and the requesting application, formatting the requested portion of the event data in a format understandable to the requesting application, and communicating the requested portion of the event data to the requesting application via the communication channel.

Abstract: A secure transaction system including a content delivery network defining edge gates for secure communication with entities outside the network, each edge gate including at least one of encryption and decryption functionality, the encryption functionality being operative to encrypt customer payment card information into no payment card zone (NPCZ) capsules and the decryption functionality being operative to decrypt the NPCZ capsules into customer payment card information securely supplied to at least one of a plurality of payment processing entities, the content delivery network defining a NPCZ, and a plurality of seller entities within the NPCZ which conduct transactions with a plurality of customers and with at least one of the payment processing entities, and receive, process and transmit customer payment information using the NPCZ capsules, the plurality of seller entities not having access to unencrypted payment card information and not having the ability to decrypt encrypted payment card information.

Abstract: A system and method are provided for managing financial market information. According to certain embodiments, the system includes a computer having a memory, processor, and display. The processor is capable of generating a graphical depiction of the financial market information on the display. The graphical depiction includes a multidimensional representation of a broad range of market information for at least two financial instruments. The graphical depiction resides in a single window on the display. The financial instruments may include multiple different classes of financial instruments, such as treasuries and futures. Different instruments may be selected and information, including basis information, relevant to the selected instruments may be displayed in a second window.

Abstract: An electronic infrastructure consisting a plurality of client mobile devices, a distribution server and a media creator computer, wherein the client mobile devices present interactive media upon user request. The plurality of client mobile devices support dynamic screen display and, contain a plurality of soft keys. The media creator is a personal computer that generates interactive media and sends them to the distribution server for distribution. The distribution server processes and sends the interactive media to the client mobile device and the client mobile devices presents the interactive media in a series of screens to the user. The client mobile devices interactively send the user responses back to the distribution server.

Abstract: The present invention supports a method for transmitting information packets across network firewalls. A trusted entity is provisioned with an address designation for a pinhole through the firewall during setup of a communication session between two communication devices. This pinhole address is used throughout the communication session between the two communication devices to transmit information packets onto and out of the communication network. Information packets addressed to the communication device inside the firewall are received by the trusted entity, which replaces address header information in the information packet with the address for the pinhole. The information packet is routed to the pinhole where it passes onto the network for routing to the communication device inside the firewall. Information packets transmitted from the network are also routed to the trusted entity for routing toward the communication device outside the firewall.

Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server based on network information, and using the proxy network address to establish a server side session. The proxy network address is selected such that a same processing element is assigned to process data packets from the server side session and the host side session. The network information includes a security gateway network address and a host network address. By assigning processing elements in this manner, higher capable security gateways are provided.

Abstract: Techniques for dynamically configuring security mechanisms in a network can construct security perimeters that satisfy security needs at any given time while also efficiently spreading security functions among network elements and systems. In one technique, a network element comprises security function modules. Systems toward which the network element forwards data packets also comprise security function modules. A particular security function module on the network element begins in a state of deactivation. The network element determines whether a corresponding security function module on one of the systems is functioning in a satisfactory manner. If not, then the network element activates the particular security function module. While activated, the particular security function module may perform at least some of the security function operations that the corresponding security function module would have performed if the corresponding security function module was satisfactory.

Abstract: In at least one embodiment of an ecommerce system, payment data is divided into proper subsets and distributed among multiple data processing systems, and each of the data processing systems stores less than all of the subsets of the payment data after the subsets of payment data are distributed and until at least sending the payment data to a payment authorization system for processing. In at least one embodiment, distributing proper subsets of the payment data among multiple data processing systems enhances security of the payment data by limiting an amount of time and the locations in which a complete set of payment data is persisted.

Abstract: Access control methods include receiving an access authorization message from an authentication server computer at a blocking device that connects a first network to a second network, modifying access criteria of a transparent firewall at the blocking device responsive to the received access authorization message and operating the transparent firewall according to the modified access criteria to control transfer of messages between the first and second networks. The invention may also be implemented as apparatus and computer readable media.

Abstract: A device is configured to allow a user to select any of a plurality of accounts to employ in a financial transaction. The user device includes a biometric sensor configured to receive a biometric input, a user interface configured to receive a user input including secret information known to the user and identifying information concerning an account selected by the user from the plurality of accounts. The user device includes a communication link configured to communicate with a secure registry, and a processor coupled to the biometric sensor to receive information concerning the biometric input, the user interface, and the communication link. The processor is configured to generate a non-predictable value and encrypted authentication information from the non-predictable value, the identifying information, and at least one of the information concerning the biometric input and the secret information, and communicate the authentication information via the communication link to the secure registry.

Abstract: In a method and system for routing packets between clients, a packet is received from a first client connected to a secure sockets layer virtual private network (an SSL/VPN) network appliance. An identification is made, responsive to an inspection of the received packet, of i) a type of connection required for transmission of the received packet to a destination address identified by the received packet and ii) a second client connected via an SSL/VPN connection to the SSL/VPN network appliance and associated with the identified destination address. A request is made for establishment by the second client of a connection of the identified type within the SSL/VPN connection. The received packet is transmitted to the second client via the established connection of the identified type.

Abstract: An embodiment defines access control allowing the expression of access control rules using ontology based semantics and references an ontology subset using XPath as the ontological expression. The access control rules or access criteria are defined by an access control statement and may be expressed using classification criteria and ontology classes. The access control statement comprises a structural description that is used to define an asset and a logical expression that may be used to express the classification criteria. The access control statement defines access policy for various assets.

Abstract: According to one aspect, the invention provides a system for authenticating identities of a plurality of users. In one embodiment, the system includes a first handheld device including a wireless transceiver which is configured to transmit authentication information, a second device including a wireless receiver, where the second device is configured to receive the authentication information.

Abstract: An electronic infrastructure comprising a plurality of client mobile devices, a distribution server and a media creator computer, wherein the client mobile devices present interactive media upon user request. The plurality of client mobile devices support dynamic screen display and, contain a plurality of soft keys. The distribution server supports delivery of interactive media to the client mobile devices. The media creator is a personal computer that generates interactive media and sends them to the distribution server for distribution. The electronic infrastructure is used to provide innovative group communication solutions for real-estate vendors and their customers. Vendors send real estate related information via the distribution server and the downloadable client components in the client mobile devices interactively send the user responses back to them via the distribution server.

Abstract: A method for data security policy enforcement including inspecting incoming and outgoing data packets from a server computing device for attributes in accordance with a data security policy, processing the data packets in accordance with the security policy based on the inspected attributes, and routing the data packets in accordance with the security policy based on the inspected attributes, wherein incoming and outgoing data from the server computing device composed of the data packets is processed and routed in accordance with the security policy on a per-packet basis. A system and computer program product is also provided.

Abstract: A system, method, and computer program product for managing limited-use software on a host computer having an operating system is disclosed. A software application can be installed in the operating system as a virtualized application using light weight virtualization technology. Rights usage information for the software application is received, the rights usage information comprising a rule describing permitted use of the software application on the host computer. A determination is made whether to enable the virtualized application based at least in part on the rights usage information. Responsive to the determination, the virtualized application is enabled to be executed on the host computer.

Abstract: In some embodiments, a process for performing transaction tasks using a virtual terminal comprises: presenting functions to a user, receiving a selected function, and performing the selected function. The presented functions may comprise: (a) activating at least one card; (b) deactivating a card; (c) generating a PIN; (d) inserting value; (e) generating an End of Day report; and (f) managing users.