7480 results about "Smart card" patented technology

A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient. The security architecture allows upgrade of credentials for a given session. This capability is particularly advantageous in the context of a single, enterprise-wide log-on. An entity (e.g., a user or an application) may initially log-on with a credential suitable for one or more resources in an initial resource set, but then require access to resource requiring authentication at higher trust level. In such case, the log-on service allows additional credentials to be provided to authenticate at the higher trust level. The log-on service allows upgrading and/or downgrading without loss of session continuity (i.e., without loss of identity mappings, authorizations, permissions, and environmental variables, etc.).

An RFID token apparatus has a connection module for interfacing with an appliance capable of communicating and interacting with remote servers and networks, a translation module for moving signals between a USB interface and a smart card interface, a processor module which may be capable of operating as a dual-interface (DI) chip; and an input/output module having at least one RF antenna and a modulator. An RFID-contactless interface according to ISO 14443 & ISO 15693 and/or NFC. A wireless interface according to Zigbee, Bluetooth, WLAN 802.11, UWB, USB wireless and/or any similar interface. An RFID reader apparatus has a housing; a slot for a contact or contactless fob; and a USB stick alternately protruding from the housing and retracted within the housing.

A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are associated with trust levels and a log-on service obtains credentials for an entity commensurate with the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

The invention combines cryptographic key management technology with various authentication options and the use of a companion PKI system in a web-centric cryptographic key management security method and apparatus called PXa3(TM) (Precise eXtensible Authentication, Authorization and Administration). The PXa3 model uses a security profile unique to a network user and the member domain(s) he/she belongs to. A PXa3 server holds all private keys and certificates, the user's security profile, including credentials and the optional authentication enrollment data. The server maintains a security profile for each user, and administrators simply transmitted credential updates and other periodic maintenance updates to users via their PXa3 server-based member accounts. Domain and workgroup administrators also perform administrative chores via a connection to the PXa3 web site, rather than on a local workstation. A member's security profile, containing algorithm access permissions, credentials, domain and maintenance values, a file header encrypting key, optional biometric templates, and domain-specific policies is contained in one of two places: either on a removable cryptographic token (e.g., a smart card), or on a central server-based profile maintained for each member and available as a downloadable "soft token" over any Internet connection.

An Internet-based purchase credit award interchange center is described which interfaces with a credit award exchange center for conversion of any form of merchant or purchase credit award resulting from customer purchase of goods or services to investment in a mutual fund and/or investment vehicle utilizing computer data processing methods. Preassigned purchase credit accumulations earned by a consumer are exchanged from a merchant or creditor through or combination of credit cards, co-branded credit cards, PIN cards, debit and smart cards, coupons, stamps, proof of purchase, rebates, or any form of purchase award of merchant or creditors choice for an investment in a mutual fund or other investment vehicle. A specific implementation is described wherein a credit card account having investment credit awards is issued through the Internet to a customer. While inputting information through the Internet necessary for establishing the credit card account, the customer also provides any information needed to authorize the purchase of investment vehicles on his or her behalf. Any forms that need to be signed by the customer to authorize purchase of the investment vehicles may be printed out by the customer. The customer may also select, via the Internet, particular investment vehicles out of a group of possible investment vehicles. Subsequent use of the credit card by the customer automatically results in accrual of credit award accumulations in the selected investment vehicle.

A smart card authenticates a cardholder. The smart card includes a substrate, a sensor module, a wireless transceiver module, and a power circuit. The sensor module includes (a) a biometric sensor adapted to detect biometric information from a person's body, (b) a processor unit adapted to authenticate the person in response to the detected biometric information and generate an authentication signal representing an authentication result, and (c) a memory adapted to store biometric information of a specific individual associated with the smart card. The wireless transceiver module transmits signals received from the processor unit and receives a wirelessly-transmitted power signal. The power circuit generates at least one supply voltage from the received power signal and provides the supply voltage to the sensor module. An electronic passport is embedded with the smart card, and a terminal module is used for wirelessly transmitting power to and receiving signals from the electronic passport.

A system loads, authenticates and uses a virtual smart card for payment of goods and/or services purchased on-line over the Internet. An online purchase and load (OPAL) server includes a virtual smart card data base that has a record of information for each smart card that it represents for a user at the behest of an issuer. The server includes a smart card emulator that emulates a smart card by using the card data base and a hardware security module. The emulator interacts with a pseudo card reader module in the server that imitates a physical card reader. The server also includes a client code module that interacts with the pseudo card reader and a remote payment or load server. A pass-through client terminal presents a user interface and passes information between the OPAL server and a merchant server, and between the OPAL server and a bank server. The Internet provides the routing functionality between the client terminal and the various servers. A merchant advertises goods on a web site. A user uses the client terminal to purchase goods and/or services from the remote merchant server. The payment server processes, confirms and replies to the merchant server. The payment server is also used to authenticate the holder of a virtual card who wishes to redeem loyalty points from a merchant. To load value, the client terminal requests a load from a user account at the bank server. The load server processes, confirms and replies to the bank server.

A system generally for personalizing and synchronizing smartcard data in the context of a distributed transaction system is disclosed. A dynamic smartcard synchronization system comprises access points configured to initiate a transaction in conjunction with a smartcard, an enterprise data collection unit, and a card object database update system. An exemplary dynamic synchronization system (DSS) preferably comprises various smartcard access points, a secure support client server, a card object database update system (CODUS), one or more enterprise data synchronization interfaces (EDSI), an update logic system, one or more enterprise data collection units (EDCUs), and one or more smartcard access points configured to interoperably accept and interface with smartcards. In an exemplary embodiment, DSS comprises a personalization system and an account maintenance system configured to communicate with CODUS. Personalization of multi-function smartcards is accomplished using a security server configured to generate and/or retrieve cryptographic key information from multiple enterprise key systems during the final phase of the smartcard issuance process.

A system for generating and transmitting summary transaction data includes a computer database from which information is compiled and forwarded to a requesting party automatically, i.e., without the need to interface with a human operator. A party having access to a prepaid transaction account number may access the host computer from a remote location and interactively request transaction information pertaining to the account using virtually any communication modality. The computer is suitably configured to communicate with one or more of the foregoing communication modalities and to automatically compile and transmit the summary data to a requested destination, for example, to a PC. The computer may further be configured to allow the requesting party to select among various formats to configure the form of the summary data. Summary transaction data may be generated and transmitted for virtually any type of prepaid transaction card, including phone cards, travel, credit cards, stored value (e.g., smart cards) cards, and the like.

A mobile navigation system implemented as an embedded system in a vehicle is easy to use, does not detract the driver's attention from the road, and limits the number of choices presented to the user of the navigation system according to a predetermined set of preferences or personalized information. Choices are filtered according to a set of driver preferences, according to the vehicle's geographic position, direction of motion, and the driver's intended itinerary. The itinerary, including intermediate stops, is calculated on an external computing system. The information is downloaded from the computing system to a memory device such as, for example, a smart card. The information is then transferred from the smart card to the embedded vehicle navigation system. In one application of the invention, a kiosk located at a car rental agency may be used to create and store personalized navigation information onto a smart card which the customer then inserts into the vehicle navigation system that is installed in the rental car.

Systems and methods for tracking, differentiating and awarding loyalty credits to patrons of a gaming establishment are disclosed. Tracking can be facilitated by and loyalty credits can be stored on patron issued loyalty credit instruments such as printed tickets, magnetic-striped cards, room keys, portable wireless devices and smart cards. Loyalty credits can be awarded for and combined with other loyalty credits awarded for gaming activities involving wagers, game play, and possible monetary awards, as well as purchasing activities involving the procurement of food, lodging, entertainment, transportation, merchandise or services. Theoretical all expenditures profiles can be established for patrons based upon the gaming activities and purchasing activities of the patrons. Customized comps can be awarded on the initiative of the gaming establishment and without any specific request from a patron. Such comps can be based on tracked information on gaming activities and purchasing activities of the patrons.

A method of controlling access to resources on a smart card, the method involving: providing a list of n questions for presentation to the user, where n is an integer; receiving from the user answers to questions among the list of n questions; determining how many of the received answers are correct; and if a sufficient number of the n questions was answered correctly, granting access to the resources on the smart card.

A system and method for conducting electronic commerce are disclosed. In various embodiments, the electronic transaction is a purchase transaction. A user is provided with an intelligent token, such as a smartcard containing a digital certificate. The intelligent token suitably authenticates with a server on a network that conducts all or portions of the transaction on behalf of the user. In various embodiments a wallet server interacts with a security server to provide enhanced reliability and confidence in the transaction. In various embodiments, the wallet server includes a toolbar. In various embodiments, the digital wallet pre-fills forms. Forms may be pre-filled using an auto-remember component.

A smart card stores monetary values and selectively transfers monetary values to and receives monetary values from a compatible smart card. The smart card includes a data storage device that stores data representing monetary values. Control circuitry controls the transfer of the monetary values into the data storage device and controls the transfer of the monetary values out of the data storage device. A data transfer interface couples directly to a like interface on the compatible card to enable data to be transferred between the smart card and the compatible card. A system for electronic transfer of monetary values includes first and second smart cards. Each of the first and second smart cards includes a data storage device that stores data representing monetary values.

A satellite TV security system including a TV satellite operated by a satellite TV provider directed to a television set of a satellite TV subscriber that defends the satellite TV provider from illegal reception of TV signals from a TV satellite. An addressable integrated receiver/decoder (IRD) positioned in the TV set top box has an assigned identification number and a smart card positioned in the IRD has an assigned identification number. A security module is provided that is integrated with the IRD. Upon command of the satellite TV provider or automatically, the security module makes a periodic verification of a match of the two identification numbers. Lack of verification of a match triggers a signal from the security module to the IRD to stop transmitting TV signals to the subscriber television. As an alternative verification, the security module initiates periodic verifications of the operability of the telephone line connection between the satellite TV provider and the IRD of the subscriber. Lack of verification of the operability of the telephone line triggers a signal from the security module to the IRD to stop transmitting TV signals to the subscriber TV. The two systems of verification can be operated independently or simultaneously. The subscriber telephone number can be added as an assigned identification number, so that a three-way verification of identification numbers by the security module is required for continued transmission of TV signals to the subscriber television.