Activation of service using algorithmically configured key

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to activation of services using algorithmically configured keys. The method of user subscription to the service comprises: identification in the computer of issuer of the user who is authorized for subscription to a service on the basis of a criteria determined by an issuer; extraction by a computer of the issuer of data associated with the user and shared data element which is shared by the issuer computer and the service provider computer; formation of the first activation code by the issuer computer and sending the first activation code to the user; and the user sends the first activation code and data associated with the user to the service provider computer; and the service provider computer forms the second activation code and authorizes the user for subscription to service, if the first and the second activation codes are identical.

EFFECT: prevention of violation of security of data processing system.

20 cl, 9 dwg

 

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims the priority of patent application U.S. No. 61/185,924 (register number 016222-049000US), filed on 10 June 2009, which is incorporated herein by reference in its entirety for all purposes.

The LEVEL of TECHNOLOGY

Activation keys, as implied by the name, are used to activate something. For example, some software can be installed on the computer, but the software may be inactive until it is activated using the activation key. The software vendor may provide the activation key only to those authorized to use the software. Activation keys can also be used to verify that the person registering for the service, it really is authorized for this action. For example, a person may register in the system for the local utility to view your home through energy consumption interactively through the web site of the energy company. Before granting access energy company can send a letter in the mail containing the activation key, the home address of the subscribers. If the caller can enter an activation key, then access will be granted. This scheme allows energy �comp anies with a certain degree of confidence to conclude, the party really lives at that address, as he has access to email sent to this address.

Activation keys can also be used to limit the availability of the selected group. For example, the seller can send to your best customers with advertising, which includes a promo code that will give customers the right to a discount when buying. Promo code is an activation key that activates a discount. The seller may not want to offer each client, thus, through the use of the activation key clause can be restricted to only those who are selected to participate in the promotion.

Activation keys are useful when verifying that the person is authorized to use the product or service that are activated. Activation keys can also be used to confirm the attributes, like the address, people who are registering for the services. The distribution of the activation key can also be restricted to selected people, which provides a way to limit who can access the product or service.

Disclosure of the INVENTION

The disclosed system and method for service activation using algorithmically defined keys. A consumer who has a relationship with the first party may wish to subscribe to the service provided by a third party. PE�curve can provide management of this subscription by using algorithmically defined keys. Algorithmically these keys also allow the third-party provider to verify the data provided by the consumer, as the corresponding data stored by the first party. The third party may manage your subscription, limiting the subscription to only those who provide the data that correspond to the data used to generate algorithmically specified keys. Check sync data without requiring that the third party had access to the data processing systems of the first party.

One variant of implementation is directed to a method of user subscription service. The method begins with the identification of the user who is authorized to subscribe to the service. The first activation code is generated using the first server computer. First, an activation code based on data associated with the user. First the activation code back to the user. The user sends the first activation code and the data associated with the user, the second server computer. The second server computer generates a second activation code based on data associated with the user. The second server computer authorizes to subscribe to the service if the first and second activation codes are the same.

Another embodiment of the method aims to subscribe the user�'el for the service. The data associated with the user are received from the user on the first server computer. The activation code is accepted on the first server computer. The activation code is generated based on data associated with the user. The first server computer generates the activation code confirmation, based on data associated with the user. The user authorizes the first server computer to subscribe to the service if the activation code and the activation code to confirm the same.

Another variant implementation is directed to a method of subscription to the service. The activation code is accepted from the first server computer. The activation code is generated based on data associated with the user. The activation code is sent to the second server computer. The data associated with the user are sent to the second server computer. Then the service can be subscribed only if the activation code confirmation generated by the second server computer is the same as the activation code.

These and other embodiments of the invention are described in more detail below.

BRIEF description of the DRAWINGS

Fig.1 depicts one illustrative system of the present disclosure.

Fig.2 depicts activation of the service at a high level.

Fig.3 depicts a list�th services at a lower level.

Fig.4 depicts a block diagram of the formation of the activation keys at a high level.

Fig.5 depicts a block diagram of a subscription to the service using an activation key at a high level.

Fig.6 depicts a block diagram of a subscription to the service.

Fig.7 depicts another illustrative system of the present disclosure.

Fig.8 depicts an illustrative computer system in which can be implemented in various embodiments of the disclosure.

Fig.9 depicts a block diagram of a mobile device.

The IMPLEMENTATION of the INVENTION

All of the examples above use the activation key of the service have one thing in common. An object that wishes to control access to the service is also the same entity that provides the service. Embodiments of the present disclosure provide an advantageous use of activation keys for the rooms, when the object that controls access to the service differs from the object providing the service. A control advantageously supports the management by which subscribers are given the opportunity to subscribe to the service through support to control the distribution of activation keys. The service provider is in turn advantageously can verify that subscribe to the service is authorized to subscribe to the service. In addition, Varian�s implementation of the disclosure advantageously allow the facility management and service provider to ensure the validated data synchronization between the databases of the control object and database service provider. This synchronization is advantageously achieved without requiring that either party had direct access to the data storage systems of the other parties. Isolation of the data storage system advantageously prevents the violation of system security data from either side of the cascade effect of a breach of the data processing systems of the partners.

You may experience many situations in which a person associated with the organization, may request or be invited to subscribe to the service provided by the service provider that differs from the organization. For example, a person may have a credit card that was issued by the Bank. The Bank may invite the client to subscribe to the service of remittances (MT), which is provided by a third party. The money transfer service may allow the client, which can also be referred to as the card holder, to transfer funds from the account of his credit card on some other account. Although the credit card provided by the Bank, which can also be referred to as the Issuer, the Issuer is not a provider of money transfer services.

The previous example is only illustrative and not intended to limit the application of embodiments of the disclosure. Any situation in which the first object wants to control access through�m second object to the service, provided by the third object, similarly, would benefit from embodiments of the present disclosure. For purposes of simplicity of explanation, the remainder of the disclosure will be described in the following terms. "Issuer" is the object that wants to control access to the service. "Card holder", "client" or "consumer" is the object to be signed up for the service and typically has an established relationship with the Issuer. "Service provider" is the object that provides the service and usually has a relationship with the Issuer, although the ratio may not be completely confidential. The service provider typically does not have an existing relationship with the client. These definitions are given in order of ease of explanation and not intended to limit.

The provision of services such as money transfer services, as described above, can cause numerous problems. First, the Issuer may wish to maintain a certain degree of control on how exactly of his customers will be allowed to subscribe to the service provided by the service provider. The Issuer may decide to extend the offer to subscribe to the service only to the chosen set of clients that match the criteria defined by the Issuer or the Issuer may require that the client requested bit�decision from the Issuer before subscribing to the service. In any case, the Issuer may wish to maintain a level of control on how customers will be allowed to subscribe to the services provided by the service provider.

Another problem that can occur is that the service provider may require specific information about a client trying to subscribe to the service. For example, the service provider may need to know the home address of the client. Such information may be contained in a database of customers of the Issuer. The Issuer could provide the service provider with access to the database or copy of all the information listed there. However, the Issuer may not want to allow direct access of the service provider to the data for any of many reasons. The Issuer may decide that granting such access could allow data leakage, which would disclose potentially sensitive customer information. The Issuer may decide that the service provider needs to have access to the data only for customers who actually subscribe to the service and not for all clients. In the simplest case the Issuer for any reason may not trust the service provider to the extent required for direct access customer data.

Similarly, the service provider may be unwilling to take responsibility for the data in�ex clients of the Issuer, when in fact the service provider requires information only about the specific customers that subscribe to the service. Regardless of the reasons why the service provider has no access to the database of customers of the Issuer, the service provider must still obtain the required information about the client in such a way to have some kind of assurance that the information is correct.

Another problem that can occur is that the client can be required to enter information about yourself as part of the subscription process at the service provider. Since the client is given the opportunity to subscribe to the service only on the basis that he is a client of the Issuer, the service provider may require to verify that the information provided is the same that has been provided to the Issuer. As mentioned above, the Issuer may be unwilling to share information database customers with a service provider. The service provider is thus placed in the position of receiving client information from the client without any mechanism to verify that the information entered matches the one that was provided to the organization.

Embodiments of the present disclosure provide systems and methods in which the Issuer may maintain subscription management client for the service provided by�taxicam services. The Issuer must not provide direct access to the database service provider, at the same time allowing the service provider to be sure that the data provided by the client is accurate.

Fig.1 depicts one illustrative system of the present disclosure. The example presented with respect to the system 100, given from the point of view of the organization, which may be a Bank that issues credit cards, and thus, the organization is referred to as the Issuer 102. However, it should be understood that embodiments of the disclosure are applicable in all situations and is not limited to credit card Issuer. The Issuer 102 may have data about your customers stored in the database 104 of customer data. Examples of such data are depicted in table 106. The Issuer may store data on behalf of the client, his address, his account number or any other data required by the Issuer to conduct business.

The vendor 108 can be any of several services such as money transfer services, the client 110 of the Issuer 102. From the point of view of this example, the client 110 of the Issuer 102 will be a man holding a credit card issued by the Issuer 102, and will be referred to as the holder 110 of the card. This is again done only for the sake of explanation, because any client of any organization can also use the options osushestvlenie� of the present disclosure.

In the initial installation of the system, the Issuer 102 120 may share data password with the supplier 108 services. The password can also be referred to as a passphrase. It should be understood that the password information is typically a string of alphanumeric characters which are known only to the Issuer 102 and the service provider 108 services. The Issuer 102 may store the password in the repository 112 password data. Similarly, the supplier 108 to store the password in the repository 114 data passwords. Usually the password is stored in some encrypted format, and thus is prevented that employees of the Issuer provider 102 or 108 directly saw the password. The password is decrypted by the system only when used.

As would be clear to anyone who is familiar with the security of electronic systems, it is usually necessary to periodically change the password. For example, the agreement between the supplier 108 and facilities to the Issuer 102 may require that the password was changed every 3 months. Thus, if the password is hacked, it will be valid only for a certain period of time, which limits the potential harm that can be done by an attacker who owns the password. As an additional security measure, a password may be required to have a certain length, e.g., greater than 6, 8 or 12 characters. A password may be required soda�to press the letters the letters and numbers or only letters, numbers and special characters. Such security measures may limit the ability of an attacker to randomly guess the password, because the number of potential passwords is increased by means of the length and types of characters.

The system may be required to support more than one password at any time, as older passwords may be needed for the proper functioning of the system, as will be explained in more detail in relation to Fig.2. Suffice it to say that the Issuer 102 and the provider 108 may store multiple passwords. To distinguish passwords, the Issuer 102 and the provider 108 may store an identifier associated with each password, as shown in table 116 and table 118. It should be understood that the exchange password is independent from the holder 110 of the card trying to subscribe to the service provider 108 services. You should also understand that the exchange can be done through any suitable means. For example, either the Issuer 102 or the service provider 108 may provide a web page or other electronic interface, where the password can be entered. Alternatively, the password may be transmitted between the Issuer 102 and supplier 108 via phone, email or regular paper letters Should understand the Issuer 102, and the provider 108 services have access to the password and the authentication mechanism specific version of the password.

In addition, as part of the initial installation of the system 100, the Issuer 102 and the service provider 108 will need to agree which parts of the data holder 106 maps will be used to generate activation code. Specific parts of card holder data used to generate the activation code, define the data provider 108 services can confirm as being the same as the data stored in the data about the clients 104 of the Issuer. The reason for this will become clearer with reference to Fig.2.

Fig.2 depicts activation of the service at a high level. When the system 100 is set so that there have been exchange of the password holder card 110 may be invited by the Issuer 102 to subscribe to the service provider 108 services. The Issuer 102 may choose a holder 110 cards for invitations to subscribe to the service. As part of the invitation, the Issuer 102 can generate an activation code, which is based on data from 106 of the card holder. As will be explained in more detail in relation to Fig.3, the activation code is closely tied to the data card holder 106. Then the Issuer 122 may send the activation code to the holder 110 of the card. The activation code can be sent to the holder of the card 110 via any suitable communication channel. For example�EP, the activation code can be sent to the holder 110 of the card paper in the letter inviting him to subscribe to the service. Alternatively, the activation code can be sent in e-mail to the holder 110 of the card. Suffice it to say that the activation code is accepted by the holder of the card 110.

Although the above description is given from the point of view of the Issuer 102, 110 selects card holder for invitation to subscribe to the service, it is made only for purposes of explanation. In some embodiments, the holder 110 cards can make a subscription request for the service by querying the activation code from the Issuer 102. For example, the Issuer may provide a website where the holder 110 of the card can go to request an activation code. Alternatively, the holder 110 of the card can make phone call service representative customer of the Issuer 102 for receiving the activation code. Sending 122 activation code from the Issuer to the holder 102 of 110 cards includes instructions that the Issuer 102 actually generates the activation code and, thus, has the final determination, any holder 110 cards you can accept the activation code. As will become clear as the example, this advantageously allows the Issuer 102 to determine which card holders can sign up for the service, as the Issuer 102 may simply privileges denied�atsya to give the holder 110 of the card activation code.

When the holder 110 of the card received the activation code from the Issuer 102, it can continue subscribing to the service provider 108 services. Supplier 108 services can provide a web site where the holder 110 cards can go for the subscription, although embodiments of the disclosure are not limited to the subscription network. The subscription can also be performed via other interfaces, such as paper forms for subscription or phone call to the representative of the customer service provider 108 services. As part of the subscription process, the holder 110 of the card 124 may provide the supplier 108 services information on the holder 110 of the card. As a minimum this information will include the activation code that is sent to the holder 110 of the card from the Issuer 102. Additional information will include any information of a card holder, which was used by the Issuer 102 to form an activation code. As explained above, this information, which was agreed by the Issuer 102 and supplier of 108 services. Finally, the information may include any other information which the supplier 108 services requests for subscription holder 110 cards to the service.

For example, the provider 108 services can provide a website subscription for the holder 110 cards to subscribe to the service. The website may invite the holder 110 to enter your card code Akti�ation. The website also may invite the holder 110 to enter your credit card data, which were agreed by the Issuer 102 and supplier of 108 services. The website also may invite the cardholder to enter information that is necessary only provider 108 services for other purposes, such as additional verification of the card holder. For example, the card holder can be invited to enter a value for verification of the card holder (CVV) is a three digit number that is printed on the back of his credit card. This may allow the service provider to verify that the card holder actually has the credit card.

Supplier 108 services can then use the information provided by the holder of the card 110 to regenerate the activation code. Regenerated activation code may also be referred to as an activation code confirmation. If the regenerated activation code corresponds to the activation code provided by the holder 110 card provider 108 services can be sure that the holder of the card 110 has been authorized by the Issuer 102 to subscribe to the service. This is true because the holder 110 of the card would not be valid activation code, if it was not taken from the Issuer 102. In addition, the supplier 108 services can be sure that at least for information agreed upon originally and used to form a code list�and, information provided by the holder 110 of the card is exactly the same, which is contained in the data about the clients 104 of the Issuer. The reasons for this will be explained in more detail in relation to Fig.3. Supplier 108 services can then sign holder 110 cards to the service. As part of the subscription information of the card holder can be stored in the database 126 of the subscriber data associated with the supplier 108 services.

Fig.3 depicts the activation of the service at a lower level. The process may begin with the extraction Issuer 102 information agreed upon by the Issuer 102 and supplier of 108 services, 104 from the data about the clients of the Issuer. For example, consistent data can contain the name of the account owner, his address and his account number. This should not imply that these data represent all of the information stored by the Issuer 102 104 in the data about customers, and they represent information that was originally agreed upon. The Issuer 102 may store any other information which it requires in data 104 about the clients.

The Issuer 102 can then put the agreed information in the unit of data 130. The Issuer can then be inserted in block 130 data password that is valid at the moment. In this example, the coordinated information includes customer name, address and account number. Password 'qwerty' can be a password�, which is valid at the moment. Then block 130 data can be processed by the algorithm 132 hashing. The illustrative algorithm 132 hash is a secure hash algorithm -1 (SHA1), but can also be used any other hashing algorithm.

As is known in the specialist field of security data, the hashing algorithm such as SHA1, takes, as its input, a data block, which may contain a sequence of alphanumeric characters. Based on these input data, the algorithm will produce a message digest (a convolution of the message), fixed length. Usually the profile is represented by a number that is 128 bits or more. The numerical value generated by the SHA1 algorithm, can be represented by a sequence of alphanumeric characters 134. A well designed hash algorithm, such as SHA1, ensures that if the data block is changed in any way, even if changed a single character, the resulting message digest will contain a different value. The possibility that two different data blocks will form one and the same profile message goes beyond statistical probability.

The Issuer 102 may add the identifier 136 version password to the profile 134 messages that might give a result� code 138 activation. As explained above, there may be several versions of the password, and the correct version of the password needs to be identified later in the process, as will become more clear as the example. In alternative implementation before adding a version ID password profile the messages can be truncated. For example, if the profile messages are 16 alphanumeric characters, it can be truncated to only 6, 8 or 10 alphanumeric characters. This truncation can be done for the convenience of the holder 110 of the card, which will have to enter the activation code. The longer the code, the greater the likelihood that the holder 110 of the card can incorrectly enter activation code. Although the truncation of the message profile can reduce the security, the probability of two data blocks that are hashed to the same truncated message digest may be low enough that the supplier 108 and facilities to the Issuer 102 were willing to take risks for the sake of convenience of the holder 110 of the card.

Code 138 activation can then be sent to the holder 140 110 card through any of the mechanisms that were discussed above. The holder 110 of the card can then continue 142 subscribe to the service provider 108 services. As part of this subscription holder 110 card 146 may provide the supplier 108 services the activation code and at least all the information�Oia 144 of the holder 110 cards which was used in the process of forming an activation code. As will be understood, in addition to the activation code data provided by the holder 110 of the card are the information that the holder 110 of the card is expected to know (such as his home address). In addition, the supplier 108 to receive any other information from the holder 110 of the card, which is necessary for the subscription, although can be checked only data that were used in the formation of an activation code. Holder card 110 may subscribe to the service via any of the mechanisms described above.

Supplier 108 services can take 146 activation code 144 and data provided by the card holder. The service provider may investigate activation code to specify the version ID of the password that is used to generate activation code. Using the version identifier, the service provider can obtain the corresponding password from the repository 114 data passwords. The service provider may then create a block 148 data that includes the data elements provided by the card holder 144 and are also data elements that were agreed to by the Issuer 102 and supplier of 108 services. The extracted password 114 can also be added to the block 144 data. The data block can then be processed 150 �eat the exact same algorithm 132 hash such as SHA1, which was used to build a profile 134 messages. Processing will result in a new profile 152 messages. The activation code with the remote version ID password can then be compared with the new shaped profile 152 messages. In embodiments in which the activation code is truncated before sending it to the holder 110 maps generated activation code will be truncated before comparison.

If the new generated profile 152 of the message is the activation code without version ID password provider 108 services may be certified in several issues. First, the supplier 108 services can be sure that the activation code was actually generated by the Issuer 102. This is true because the attacker would be nearly impossible to generate an activation code, which would match the profile 152 of the message, if the attacker does not know the password. Since the password should be known only to the Issuer 102 and the service provider 108 services, it is very unlikely that this will happen. Thus, the supplier 108 services best way is to certify that the holder of the card 110 has been approved by the Issuer 102 to subscribe to the service, otherwise, the Issuer 102 simply refused to provide the holder 110 of the card activation code.

Secondly, the supplier 108 services also makes sure that in�ormala, at least coordinated the information provided by the holder 110 of the card, matches the one stored in the data about the clients 104 of the Issuer 102. Because the Issuer 102 generates an activation code based on data stored in the data about the clients 104, if the card holder does not provide exactly the same information, we generated a profile 152 of the message will not match the activation code. This advantageously allows the supplier 108 services know that their data correspond to the data of the Issuer 102, but do not require provider 108 services had access to data about the clients 104 of the Issuer 102. Supplier 108 services may then store provided accurate information in the storage 126 of the subscriber data. Cardholder data that is stored in the storage 126 data signing advantageously synchronized with the data stored in the data about the clients 104 of the Issuer, without the requirements to the service provider 208 to have direct access to the data about the clients 104 of the Issuer.

Above described embodiment of the disclosure, which uses a shared password to perform a hash over the data block. Alternative options for implementation may use other mechanisms depending on the level of security required between the Issuer 102 and supplier of 108 services. For example, the shared PA�ol may not be used when creating a message profile. Such an implementation option eliminates the need to establish the exchange of information about the password between the Issuer 102 and supplier of 108 services, however, reduces security, because anyone who knows the used hash algorithm, can generate an authentication code.

In yet another embodiment, the implementation instead use a shared password information, can be used platform encryption with open/private keys. As is known in the specialist field of engineering, in the encryption system with a pair of open/closed data keys that have been encrypted using the private key can only be decrypted using the corresponding public key. The public key can be issued to anyone, not taking into account its security, while the private key is securely stored in secret. Thus, it is guaranteed that the data decrypted using the public key, encrypted using the private key, which should have only an authorized user. The data block is used to generate a message profile, can eliminate the shared password. The resulting message digest may then be encrypted using the private key of the Issuer 102, forming an activation code. Pic�Avdic 108 services can then create your own profile messages using data provided the holder of the card 110. Accepted the activation code may be decrypted using the public key of the Issuer, and if the decrypted activation code matches the code generated by the provider 108 services, you can confirm that the Issuer 102 has really shaped the activation code using the same data that were provided to the supplier 108 services.

Fig.4 depicts a block diagram of the formation of the activation keys at a high level. The process may begin at step 402 by identifying the user who will be authorized to subscribe to the service. The user may be identified by any of the criteria set by the Issuer. For example, the Issuer may wish to authorize all users who have a good credit rating, to subscribe to the service. Specific criteria used by the Issuer to identify users, are relatively unimportant. In some embodiments, the user requires authorization to subscribe to the service, but it still allows the Issuer to make the final determination on whether the user is permitted to subscribe to the service.

In step 404 retrieves the data associated with the user. As explained above, these data are usually izvlekat�Xia from its own data store of the Issuer. This data may include information such as addresses and social security numbers. Data will typically be provided as part of the user relationship with the Issuer. As explained above, the Issuer may store a lot of information about the user, but in step 404 are extracted only the information that agreed with the Issuer and the service provider.

In step 406 retrieves a data item that is shared with the service provider. This data element may also be referred to as a password or passphrase. As described above, in some embodiments, saved multiple versions of a shared data item, and can be extracted version that is valid at the moment. In step 408 is formed, an activation code based on data associated with the user and extracted in step 404, and the shared data item obtained in step 406. The activation code is formed using such functions as the hash function, which would not allow them to recover from an activation code, the data used to generate the activation code.

In step 410, the activation code may be sent to the user. The user can then use the activation code for a subscription to a service provided by the service provider, by sending set�the IR service activation code and data associated with the user. The service provider, using the provided data and the shared data item can regenerate the activation code, and if the regenerated activation code and received the activation code are the same, the user may be subscribed to the service.

Fig.5 depicts a block diagram of a subscription to the service using an activation key at a high level. The process may begin in step 502 with receiving the subscription request from the user. As part of the subscription process in step 504 may be taken data associated with the user. Such data may include items such as the user's name and address. In step 506 the user may be adopted as the activation key. As described above, the possession of a valid activation key is an indication that the user is authorized to subscribe to the service.

In step 508 retrieves the shared data item that is used to generate activation code. In some embodiments, the implementation of the adopted activation code contains an indicator that allows you to extract the correct shared data item. When the correct shared data item is received, the activation code confirmation can be generated in step 510. Code activation confirmation may be SF�Mirova using the shared data item and data associated with a user taken at step 504. As described above, the specific data elements that will be used to generate an activation code and an activation code confirmation, determined in advance. In step 512 compares the activation code and activation code for confirmation.

If the codes are not identical, the process goes to step 514 and the user is rejected. If the codes are the same, the process moves to step 516 and the user is allowed to subscribe to the service. In step 518 can be saved data received in step 504. At least part of the data used to generate the activation code of the confirmation in step 510, it is checked, because the same data were used in the formation of an activation code.

Fig.6 depicts a block diagram of a subscription to the service on the highest level. In step 602, the user can accept or request authorization to subscribe to the service. As described above, in some embodiments, the Issuer will select which users will be prompted to subscribe to the service, while in other embodiments, the user may request authorization to subscribe to the service. In step 604, the activation key is accepted from the Issuer. In step 606, the activation key is provided to the service provider. In step 608, the subscriber provides post�recall data services, associated with the subscriber.

In step 610, the service provider generates an activation code, and if the generated activation code is the same as the activation code, adopted in step 606, the process moves to step 612, and subscribed to the service is permitted. If the activation codes do not match, step 614 rejects the subscription.

Fig.7 depicts another illustrative system of the present disclosure. Cell phones became ubiquitous. Cell phones popular types contain a camera, can play music, can be used to check e-mail and provide any number of other functions. One specific application for mobile devices such as cell phones is their use in conducting a payment transaction. Some types of mobile devices include wireless short-range transmitter, such as an RFID element that can be used to store the account number debit or credit card. The consumer conducting the transaction can simply wave their mobile device in front of a reader, able to receive transmissions, and to make a transaction without having to hold their payment card on the reader. In some cases, a mobile device is quite complex, which provides them with happy you enjoyed the ability to execute an application program, what can be found on a standard computer. These apps can be used in connection with the payment transaction.

Regardless of the specific application program to the user 704 may have a mobile device that provided the ability to use his credit or debit accounts. The consumer 704 generally must obtain the consent of the Issuer 702 your account before securing their mobile device to conduct a transaction. Additionally, the network 708 payment cards, such as Visa, will be the subject of actually offering application programs that run on the consumer's mobile device and, thus, to be a service provider. This is the situation in which the service is offered by a service provider such as the network 708 payment cards. The consumer 704 will take advantage of the service. The Issuer 702 need to provide the consumer 704 authorization for service of your mobile device for the service.

The system 700 may include the Issuer 702. The Issuer usually 702 may be a Bank or some other institution that issues payment account. The system also may include a user 704. The user 704 may wish to serve your mobile device 706 to the mobile device 706 can be applied to the may�of the transaction to the network 708 of payment processing. The illustrative network of payment processing is a network that offer Visa payment system. For the consumer 704 to serve your mobile device 706 for use of the account issued by the Issuer 702 in the network 708 payment processing require a permit for such services.

In some embodiments, the user 704 may send a request 710 service on their mobile device 706 to the Issuer. The request may be in any form such as email, access a website, send a text message, phone call or any other communication channels. The Issuer 702 can accept a request 712 to determine whether the consumer 704 allow to serve your mobile device. For example, the Issuer may limit the service to mobile users of a certain type (for example, only the holders of platinum cards) or mobile devices of a certain type (e.g. smartphones).

If the Issuer 702 decides that the user should be allowed to serve his mobile device 706, the Issuer will calculate code 712 activation, as described above. The activation code will use customer information 704, which is known to the Issuer 702. The activation code can then be transmitted 714 the user 704. The user 704 may then initiate the service process o� mobile device network 706 708 payment processing.

As part of the service process consumer 704 716 can send information about a consumer to the network 708 payment processing. Such information will minimally include the same information that was used by the Issuer 702 to calculate the activation code, but may also include additional information. Network 718 payment processing can then use the received information 716 of the consumer to calculate the instance activation, which can also be referred to as an activation code confirmation.

Then the Issuer may take code 720 activation from the user. Accepted activation code 722 is compared with the instance 718. If the two codes match, the network payment processing is to certify that the Issuer 702 allowed the user 704 to serve your mobile device 706. The network of payment processing also certify that the information 716 of the consumer, adopted from the user 704 is the same which is stored by the Issuer 702.

Fig.8 depicts an illustrative computer system in which can be implemented in various embodiments of the disclosure. Any of the elements depicted in the figures, can be implemented on the computer system shown in Fig.8. Computer system 800 may embody a tangible machine-readable medium that stores commands that allow the processor to�Mandu to perform any of steps of various embodiments of the disclosure.

The various participants and elements in the figures may operate or use one or more computing devices to provide the features described here. Any of the elements in the figures (e.g., the Issuer 102, the supplier 108 services, the holder 110 cards, etc.) may use any suitable number of subsystems that provide the features described here. Examples of such subsystems or components shown in Fig.8. Subsystems shown in Fig.8, are connected via the system bus 875. Shown with additional subsystems such as a printer 874, keyboard 878, hard disk 879 (or other memory containing machine-readable media), monitor 876, which is attached to the display adapter 882, and others. Peripherals and input devices/output (I/O), which are attached to the controller 871 input/output, can be connected to a computer system by any means known in the art, such as a serial port 877. For example, a serial port or 877 external interface 881 can be used to connect a computer device with a global network such as the Internet, a mouse device or scanner. Connection via system bus allows the Central processor 873 to communicate with each subsystem and to control the execution of commands from the system memory 872 or hard disk 879 and �apolnet the exchange of information between subsystems. System memory 872 and/or the hard disk 879 may embody computer-readable media.

Fig.9 depicts a block diagram of the mobile devices and subsystems that may be present in computer systems in accordance with the variants of implementation of the disclosure.

A mobile device used in embodiments of the disclosure may be in any suitable form. For example, suitable mobile devices can be handheld and compact so that they could fit in wallet and/or pocket of the consumer (for example, the size of the pocket). They may include smart cards, ordinary credit or debit cards (with a magnetic strip and without a microprocessor), a device for wearing on a chain for keys (such as the device Speedpass™ commercially available from Exxon-Mobil Corp.) etc Other examples of mobile devices include cell phones, smartphones, pocket computers (PDA), pagers, payment cards, security cards, access cards, smart media devices, transceivers, etc. Mobile devices can also be debit devices (e.g., debit card), credit devices (such as a credit card or prepaid device (e.g., card).

Illustrative mobileyouth 902 in the form of phone may contain a machine-readable medium and a body, as shown in Fig.9. Fig.9 shows several components, and a mobile device in accordance with the variants of implementation of the disclosure may include any suitable combination or subset of such components. Machine-readable medium 906 may be present in the housing 920, or may be detachable from it. The housing 920 may be in the form a plastic substrate, housing, or other structure. Machine-readable medium 906 may be a memory that stores data and may be in any suitable form including a magnetic stripe, a memory chip, an encryption algorithm, a private or public keys, etc. the Memory is also preferably stores information such as financial information, transit information (e.g., on a ticket on the subway or train ticket), information about access (such as omissions), etc., the Financial information may include information such as Bank account information, Bank identification number (BIN), information about the number of credit or debit card information on the account balance, expiration date, consumer information such as name, date of birth, etc.

Information in memory can also be in the form of data tracks that are traditionally related to credit cards. Such tracks include track 1 and Dorozhko. Track 1 ("international air transport Association") stores more information than track 2, and contains the cardholder's name and account number and other arbitrary data. This track is sometimes used by the airlines when securing the reservation with a credit card. Track 2 ("American banking Association") is generally used at the present time. This is the track that is read by automated teller machines (ATM) and credit card security. The American banking Association (ABA) designed the specifications of this track and all world banks must abide by them. It contains the account of the cardholder, the encrypted PIN, and other arbitrary data.

The mobile device 902 may further include a contactless element 918, which is typically implemented as a semiconductor chip (or other storage element) with the corresponding element of the wireless transmission (e.g., data transmission), such as an antenna. Contactless element 918, associate (e.g., integrated) with a portable consumer device 902, and the data or control commands transmitted via a cellular network may be applied to contactless element 918 via the contactless interface element (not shown). The contactless interface element enables the exchange of� data and/or control commands between the schema of the mobile device (and, therefore, a cellular network) and an optional contactless element 918.

Contactless element 918 is capable of sending and receiving data using wireless near field (NFC) (or wireless environment short range) typically in accordance with a standardized Protocol or data transfer mechanism (e.g., ISO 14443/NFC). Wireless connectivity near field is an ability to communicate at a close distance, such as RFID, Bluetooth™, infrared radiation or other data that can be used to exchange data between the mobile device 902 and device polling. Thus, the mobile device 902 is able to interact and transfer data and/or control commands via both a cellular network and using a wireless near field.

The portable consumer device 902 may also include a processor 908 (e.g., a microprocessor) for processing the functions of the portable consumer device 902 and the display 910 to give the consumer a possibility to see phone numbers and other information and messages. The mobile device 902 may further include elements 912 input to give the consumer the opportunity� to enter information into the device speaker 914 to allow the consumer to hear voice communication, music, etc., and a microphone 922 to allow the consumer to transfer their speech through the mobile device 902. The mobile device 902 may also include an antenna 904 for wireless data transmission.

Embodiments of the disclosure described above is not limited to variants of implementation. For example, although separate functional blocks are shown for an Issuer, service provider and the card holder, some facilities perform more than one of these functions and may be included in embodiments of the disclosure. Server server computer may be a single device or a combination of multiple computers working together to provide the functionality of a single device.

Provided specific details concerning some of the above mentioned aspects. Specific details of specific aspects may be combined in any suitable manner without deviation from the essence and scope of embodiments of the disclosure. For example, the service provider and the Issuer may be combined in some embodiments of the disclosure. However, other embodiments of the disclosure may be directed to a specific implementation options, relevant to each from�individual aspect or specific combinations of these individual aspects.

It should be understood that the present disclosure described above can be implemented in the form of the control logic using software, a modular or integrated manner. Based on the facts described here and ideas specialist in engineering to know and understand other ways of implementing the present invention using hardware and a combination of hardware and software.

Any of the software components or functions described in this application can be implemented as software code that will be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object-oriented methods. Software code may be stored as a sequence of commands on a computer readable medium such as random access memory (RAM; RAM), read only memory (ROM; ROM), magnetic media such as hard disk or floppy disk, or optical media such as CD-ROM, read only (CD-ROM). Any such computer-readable media may reside in a single computing device and may be present in a variety of computing devices within the system or network.

Powered by CSR chipset� above description is illustrative and is not limiting. Many modifications of the disclosure will become apparent to experts in the field of technology, after reviewing the disclosure. Therefore, the scope of the disclosure should be determined not with respect to the above description, but instead, it should be defined in relation to the claims along with their full scope or equivalents.

One or more features from any embodiment may be combined with one or more signs of any other variants of implementation without deviation from the scope of disclosure.

Used only the number of terms implies the meaning of "one or more" unless specifically indicated otherwise.

All patents, patent applications, publications and the above-mentioned descriptions are incorporated herein by reference in their entirety for all purposes. None of them can relate to the preceding technical field.

1. Method user subscription service, the method includes:
identifying, in the computer of the Issuer, the user who is authorized to subscribe to the service, on the basis of certain of the Issuer of the criteria that were established by the Issuer associated with the Issuer computer;
retrieving, by the Issuer computer, the data associated with the user, and shared data element that is shared computer�'erom the Issuer and the computer of the service provider, when the user is authorized to subscribe to the service;
the formation of the first activation code through the computer of the Issuer, and the first activation code based on data associated with the user, and shared data element; and
sending the first activation code to the user; and the user sends the first activation code and the data associated with the user, computer service provider, and the computer service provider generates a second activation code based on data associated with the user, and shared data item, and wherein the computer of the service provider authorizes the user to subscribe to the service if the first and second activation codes are the same.

2. A method according to claim 1, wherein forming the first and second activation codes includes processing data associated with the user, by using an algorithmic function that is known to the Issuer computer and the computer of the service provider, but not known to the user.

3. A method according to claim 2, wherein the algorithmic function additionally takes, as input, a shared data item that is shared between the Issuer computer and the computer of the service provider.

4. A method according to claim 3, wherein the first activation code includes an identifier in�rsii, which determines the version of a shared data element that was used to form the first activation code.

5. A method according to claim 4, wherein the step of forming the first activation code contains:
create a text block containing the data associated with the user;
Supplement the shared data item to a text block;
processing the text block using the SHA1 algorithm to form a message authentication code; and
additive version identifier that identifies the version of a shared data item code message authentication.

6. A method according to claim 1, wherein the data associated with the user, which are used to form the first activation code retrieved from the database associated with the computer of the Issuer, and not accepted from the user, and data associated with a user to form a second activation code, taken from the user.

7. A method according to claim 6, further comprising storing the data associated with the user in a database associated with the computer service provider and computer service provider to certify that the data associated with the user received from the user are the same as the data associated with the user, stored�s in the database associated with the computer of the Issuer.

8. The tangible machine-readable media containing embodied therein computer-readable program code and computer readable program code configured to be executed by the processor for implementing the method according to claim 1.

9. The server computer that contains the processor, and machine-readable medium according to claim 8, connected to the processor.

10. Method user subscription service, the method includes:
receiving, in the computer of the service provider from the user, the data associated with the user;
receiving, in the computer of the service provider, the activation code and an activation code based on data associated with the user, and the activation code generated by the computer of the Issuer to the user when the user is authorized to subscribe to the service on the basis of certain of the Issuer of the criteria that were established by the Issuer associated with the Issuer computer;
forming, using the computer of the service provider, the activation code confirmation, based on data associated with the user, and shared data element; and
authorization, using the computer of the service provider, the user subscription to the service, if the activation code and activation code confirmation are the same.

11. A method according to claim 0, in which the activation code is generated by the computer of the Issuer using data associated with the user that is obtained from the database associated with the computer of the Issuer.

12. A method according to claim 11, in which the activation code and activation code confirmation are formed by processing data associated with the user, by using an algorithmic function that is known to the computer of the service provider and the computer of the Issuer, but not known to the user.

13. A method according to claim 12, in which algorithmic function additionally takes as input the shared data item that is shared between the computer service provider and the computer of the Issuer.

14. A method according to claim 13, in which the activation code includes a version identifier that identifies the version of a shared data element that was used to form the first activation code.

15. A method according to claim 14, wherein the step of forming the activation code confirmation contains:
create a text block containing the data associated with the user and received from the user;
add a shared data item, identified by version ID, to a text block; and
processing the text block using the SHA1 algorithm for FD�a strong message authentication code.

16. A method according to claim 15, further comprising storing the data associated with the user and received from the user in a database associated with the computer service provider and computer service provider to certify that the data associated with the user and received from the user are the same as the data associated with the user stored in the database associated with the computer of the Issuer.

17. The tangible machine-readable media containing embodied therein computer-readable program code and computer readable program code configured to be executed by the processor for implementing the method according to claim 10.

18. The server computer containing the processor and machine-readable medium according to claim 17 connected to the processor.

19. Method user subscription service, the method includes:
receiving an activation code from the computer of the Issuer, and the activation code is generated based on data associated with the user when the user is authorized to subscribe to the service on the basis of certain of the Issuer of the criteria that were established by the Issuer associated with the Issuer computer;
sending an activation code to the computer of the service provider;
sending data associated with a user, the computer of the service provider; and
�ispolnenie subscription to the service, suggested by the computer of the service provider;
and subscribed to the service is allowed only if the activation code confirmation generated by the computer of the service provider, is the same as the activation code.

20. A method according to claim 19, in which the activation code and activation code confirmation are generated using data associated with the user, and shared data item known to the computer of the service provider and the computer of the Issuer, but not known to the user.



 

Same patents:

FIELD: radio engineering, communication.

SUBSTANCE: wireless transmission protection system and method relate to wireless communication. The method of transmitting secure messages by a transmitting device includes encoding a message using a secret code for generating L output code words, where L is an integer value greater than 1, wherein the secret code includes a first security code and a second security code, transmitting one of the L output code words to a communication device if the channel quality between the transmitting device and the communication device satisfies a certain criterion, repeating transmission for each of the remaining L-1 output code words.

EFFECT: transmitting secure messages.

9 cl, 7 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to communication engineering. The method of obtaining a security key in a relay system, wherein a node in a relay system obtains an initial key, in accordance with the initial key, the node obtains a root key of the security key of the radio interface between the node and another node adjoining said node, and in accordance with the root key, the node obtains a security key of the radio interface between the node and said other adjoining node. Therefore, in accordance with the initial key, each lower-level node obtains a root key of the security key of the radio interface between each lower-level node, such that UE data on an interface link Un can be secured accordingly.

EFFECT: effective data security in each radio interface segment.

12 cl, 11 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to controlling access to scrambled content during hierarchical encoding. The hierarchical access control method includes: receiving and transmitting to a protective processor second cryptograms (CWi)Ki for i, ranging from 1 to k-1, obtained by encoding control words CW1-CWk-1 using corresponding keys K1-Kk-1, built using at least part of an array formed by data residing in ECMk, and an operational key CEk; decoding the second cryptograms (CWi)Ki, only if access conditions CAk, obtained in the ECMk message, correspond to access rules TA, and without preliminary comparison of access conditions CAi with access rules TA for i, strictly less than k, and, otherwise, blocking decoding of the second cryptograms (CWi)Ki, if access conditions CAk do not correspond to access rules TA.

EFFECT: controlling access to content which is encoded and scrambled on component elements in a hierarchical manner with less computational power compared to existing methods.

11 cl, 8 dwg

FIELD: information technology.

SUBSTANCE: method comprises steps of: encoding a digital program to link said digital program with an authentication agent by packing the digital program and authentication agent into single digital content. Said authentication agent includes a program code executed by a device, wherein the device can reproduce said digital program and execute the program code. The program code is configured to authenticate the device when executed in the device; and provide said device with digital content which includes said digital program and said authentication agent. Said digital program is encrypted via a first encryption algorithm, and the decryption key of the fist encryption algorithm is encrypted via a second encryption algorithm and is stored in the authentication agent.

EFFECT: performing device authentication and authorisation independent from an authentication server.

14 cl, 7 dwg

FIELD: information technology.

SUBSTANCE: recipient receives content from a publisher. Some content is managed by an access server. The access server controls the recipient's use of managed content through interaction with a trusted agent at the recipient. The content is encrypted on a content key, and the content is associated with policy information. The policy information includes the content key for decrypting the content. The policy information is encrypted on an access server key allowing the policy information to be decrypted by the access server. The content key is received from the access server. The content key is encrypted on a trusted agent key. The content key is further encrypted on additional factor(s) defining additional content protection beyond that provided by trusted agent. The content key is decrypted using the trusted agent key and the at least one additional factor. The content is decrypted using the content key.

EFFECT: high reliability of content protection.

20 cl, 4 dwg

FIELD: radio engineering, communication.

SUBSTANCE: method of negotiating encryption algorithms comprises steps of: obtaining information that a plug-in card of the mobile station (MS) does not support a first encryption algorithm; deleting the first encryption algorithm from an encryption algorithm list permitted by a core network element according to the information that the plug-in card of the MS does not support the first encryption algorithm; sending the encryption algorithm list excluding the first encryption algorithm to an access network element, so that the access network element selects an encryption algorithm according to the encryption algorithm list excluding the first encryption algorithm and the MS capability information sent from the MS and sends the selected encryption algorithm to the MS.

EFFECT: fewer data transmission errors.

9 cl, 9 dwg

FIELD: information technologies.

SUBSTANCE: transmitting device codes voice superframes DMR using coding parameters, and sends coding parameters in at least one of voice superframes with the help of the following: identification of a selected number of bits from multiple frames of a vocoder of a voice superframe; replacement of each of identified bits with an appropriate bit of the first coding parameter; placement of at least one coding parameter in the field of inbuilt alarm of the voice superframe; and transmission of a voice superframe with coding parameters into a receiving device. The receiving device extracts coding parameters, which may be an identifier of a key, an identifier of a logic and an initialisation vector for use in decoded messages from the transmitting device.

EFFECT: expansion of functional possibilities due to transfer of coding parameters, which may be implemented in a DMR system.

15 cl, 8 dwg

FIELD: information technology.

SUBSTANCE: image forming apparatus comprises: a main housing and a detachable unit. The main housing has a main controller which controls operation of the image forming apparatus. The detachable unit is connected to the main housing and is configured to perform the image forming operation with the main housing. The detachable unit comprises: a memory unit and a central processing unit (CPU). The memory unit stores an initialisation program, unique information associated with the detachable unit, and status information on use of the detachable unit. The CPU performs initialisation using the initialisation program independent of the main housing. The main controller carries out a process of authenticating the detachable unit.

EFFECT: high reliability of data stored in the memory unit built into image forming apparatus; users are protected from use of an uncertified unit.

42 cl, 7 dwg

FIELD: information technology.

SUBSTANCE: method of generating and verifying an electronic digital signature (EDS) involves generating an elliptic curve (EC), given over a prime field GF(p), where p is a prime number of the form p=2k±µg2g±µh2h±1, where k≥99; 0<g<k; 0<h<g; µg∈{0,1};µh∈{0,1}, in form of a set of points, each given by two multidigit binary numbers (MDN) - its abscissa and ordinate; n>2 secret keys are generated in form of MDN k1, k2,…, kn; n public keys are generated from the secret keys in form of points P1, P2,…, Pn; the electronic document (ED) represented by MDN N is received; a collective public key is generated in form of points P of the EC, generated depending on points pα1, pα2,…, pα, where α1, α2,…, αm are natural numbers, 2≤m≤n, αj≤n and j=1, 2,…, m, depending on the received ED from values kα1, kα2,…, kα,m and from points P, EDS Q is generated in form of two MDN e and s; first A and second B verification MDN are generated. At least one of the verification MDN is generated depending on the collective public key P, and MDN A and B are compared. The EDS is authentic if their parameters match.

EFFECT: shorter time for generating and verifying authenticity of a collective electronic digital signature without reducing its stability.

3 cl, 1 app

FIELD: information technology.

SUBSTANCE: disclosed is a content download system comprises: a content supplying device, a content receiving device, a download apparatus designed to download encrypted content and playing control data necessary for playing said content from said content supplying device according to user operations; obtaining apparatus to confirm the existence of a license which includes a key for decrypting said encrypted content based on said playing control data when playing said downloaded content, and to obtain said license according to the confirmation result; and playing apparatus to play said encrypted content using said obtained license. Playing control metafile describes <content_title>, <drm_server_uri>, <license_id>, <license_type>, <license_description>, <user_confirmation>, <user_messsage>, and <price>. In the case when multiple licenses are set for a single content, the items <license_id> through <price> describe only the number of set licenses.

EFFECT: design of a system which provides different content downloading service modes.

17 cl, 45 dwg

FIELD: medicine.

SUBSTANCE: invention relates to medical working process of visualisation. System contains: control unit (114), containing processor (116); and multitude of processing executives (102), connected with it, with processor (116) realising control of realisation with feedback of plane of medical visualisation working process by means of multitude of processing executives (102), and processor (116) is made with possibility of inquiring electronic medical information, dealing with and/or not dealing with visualisation from one or more processing executives; formation of plan of visualisation procedure working process by means of visualisation procedure, based on information inquired; reception of signal, indicating due date of planned visualisation procedure; downloading visualisation protocol, corresponding to visualisation procedure, into visualisation system, used for visualisation procedure; realisation of scanning by means of visualisation system; and updating plan of visualisation procedure working process.

EFFECT: increased reliability of patient diagnostics.

15 cl, 9 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to systems and methods of conducting a transaction to acquire available goods or services using stored means associated with designation. The methods include: receiving, at a point of sale, identifiers of goods or services selected for acquisition, and designation; determining if the goods or services comprise available goods or services; calculating the sum required to acquire the available goods or services; determining if the stored means are enough to acquire the available goods or services; using the stored means to acquire the available goods or services; and using an additional funding source provided by the customer to acquire any goods or services which are not available goods or services. The system implements said methods.

EFFECT: high accuracy and reliability of a transaction, which includes an additional alternative source.

18 cl, 9 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to a computer-readable data medium of a web configuration system, a method of customising a welding system and a web configuration system for customising a welding system. The web configuration system includes at least one processor and one or more tangible, computer-readable media at least collectively including or storing instructions executable by the at least one processor. The instructions include instructions to limit configuration options for a welding system based on user selection of a power source for the welding system, instructions to calculate a weld cable size for the welding system based on the user selection of the power source and user selection of input voltage, instructions to assign weld cable characteristics based on the weld cable size and a user selected cable length, and instructions to assemble a welding system order based at least on the user selection of the power source and the weld cable characteristics.

EFFECT: obtaining a computer-readable data medium of a web configuration system.

20 cl, 10 dwg

FIELD: medicine.

SUBSTANCE: invention relates to control of sugar level in blood. Method contains the following stages: multitude of measurements of glucose level in user's blood is carried out by means of microprocessor; multitude of measurements of glucose level in blood is stored in memory device; it is determined whether the last measurement of glucose level in blood, performed at specified moment of time during the day, is lower than the first threshold, which constitutes about 70 mg of glucose per decilitre of blood, or higher than the second threshold, which constitutes about 150 ml of glucose per decilitre of blood; it is estimated by means of microprocessor if, at least, one measurement of glucose level from multitude of measurements, carried out in time interval approximately 3-hour long relative to specified time, at which the last measurement of glucose level in blood for previous days, was lower the first threshold or higher than second threshold; it is notified that for the same time period for previous days multitude of measurements of glucose level in blood shows the tendency of reduction of glucose level in blood relative to the first threshold or of increase of glucose layer relative to the second threshold.

EFFECT: increased accuracy of determination of user's state for control of diabetes course.

24 cl, 17 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to technology of automatic selection of extra data, for example, ad, guide data, extra data, data on operating performances. Thus, processing, storage and/or transmission resources can be saved. This device for automatic selection of extra data to be included in content comprises classifier connected with user profile and selection means connected with extra data base. Extra data of definite category is placed in appropriate or contrasting context depending on used interest in thus goods category. Profiles of user are automatically classified as profiles with either pronounces or weak interest in this category.

EFFECT: adapted selection of extra data to be included in the content for twofold decrease in total volume of extra data.

11 cl, 2 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention describes a system, an apparatus and a method of processing payment transactions performed using a mobile device having a contactless component, such as a microchip. The method is carried out using a wireless (cellular) network as a channel for transmitting data by an issuer to a mobile device, which is particularly advantageous in cases when the contactless component has no communication with a reading device or a point of sale terminal in which a near-field wireless communication means is used. Data transmitted between the mobile device and the issuer may be encrypted or decrypted to provide additional security and protection of data from access by other users or applications. If encryption keys are used for encryption or decryption, the keys may be allocated by a key allocation server or another suitable object through a mobile gateway which participates in data encryption and decryption operations.

EFFECT: invention enables to update, correct or synchronise data on operations, which are supported by an issuer, with data stored in the device.

27 cl, 6 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to prompting message update for a network client device user. The method includes: determining, by a client device, the number of update prompting symbols according to the number of updated messages provided by a server; generating the update prompting symbols according to the determined number of prompting symbols; adjusting state parameters of the generated update prompting symbols; displaying the update prompting symbols according to the adjusted state parameters on the display of the client device; determining if at least one updated message has been viewed, and if it is determined that neither of said updated messages is viewed, updating, by the client device, adjusted state parameters, otherwise changing the number of updated messages according to the determined number of viewed messages.

EFFECT: high efficiency of prompting message update to a network client device user.

13 cl, 6 dwg

FIELD: medicine.

SUBSTANCE: invention relates to medical monitoring. Method contains stages, at which: with application of medical device (10) in time interval obtained are patient's data which contain patient's data (50) before the interval, followed in time by time interval (52), during which patient's data are not obtained, and following in time patient's data (54) after said interval; received are one or more recordings (56, 58) of patient's ID with time labels, associated with obtained patient's data; information of first patient's ID is associated with patient's data before interval; and information of second patient's ID is associated with patient's data after interval; operations of association are based on time positions of one or more recordings (56, 58) of patient's ID with time labels, associated with patient's data, relative to time interval, with operations of association being performed by digital processor.

EFFECT: reduction of patient's data loss, as well as of medical mistakes, conditioned by ambiguity of patient's identifier (ID).

12 cl, 5 dwg

FIELD: personal use articles.

SUBSTANCE: method of virtual selection of clothes is performed based on at least two photos of the body of the subject dressed in a elastic template with the reference marking. When computer processing of photos, a mathematical three-dimensional model of the subject's body is obtained, which is entered into a database under its identification number, available to the buyer, the seller and the manufacturer of clothing. The method is suitable for the selection of clothes to both humans and animals. The individual graphic elements of a certain shape are applied on the elastic template with the reference marking, based on the measured ratio between which the three-dimensional model of the subject's body is formed. The models of clothes are selected from the databases of clothes, which match the parameters of the three-dimensional model of the subject. The consumer gets the three-dimensional images of its body in selected models of clothes on the computer screen.

EFFECT: creation of a virtual three-dimensional dummy with the individual proportions of the subject, selection of clothing suitable in size and type of figure from the databases from different manufacturers.

7 cl, 9 dwg

FIELD: instrumentation.

SUBSTANCE: invention relates to the device for execution of customs check. The device contains a housing, buttons connected to sensors for reading of psychophysical parameters of a person, an electronic unit and a power unit, an electronic board, and also at least two buttons for the device switching-on fixed on the housing with additional function of setting of service language, a dialog box with a possibility of displaying of questions which are answered by means of buttons with labels in various languages "yes" and "no" connected to the sensors for reading of psychophysical parameters of a person and transmission of their signals to the electronic unit of reception, storage, analysis, comparison and display of results, and by each pressing of the named buttons the electronic unit saves the data on a psychophysical state of a person transmitted from the sensors connected with this unit for reading of psychophysical parameters of a person connected with the respective buttons with labels "yes" and "no" in the memory for further comparison of psychophysical state of a person when answering neutral questions and specific questions on participation in a crime, a window of results.

EFFECT: improvement of reliability of the received results of the conducted survey due to receiving of information from sensors of psychophysical state of a person during interrogation and the analysis of these data by means of computer.

2 cl, 1 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to a media device and a system for controlling access of a user to media content. Disclosed is a device (100, 200) for controlling access of a user to media content, the device comprising: an identification code output (102, 103, 202) for providing an identification code to the user, the identification code identifying the media device; a control code generator (104, 204) for generating a control code depending on the identification code and an access right; an access code input (106, 107, 206) for receiving an access code from the user. The access code is generated depending on the identification code and the access right by a certain access code device, and an access controller (108, 208) enables to compare the access code to the control code, and when the access code matches the control code, grants the user access to the media content in accordance with the access right.

EFFECT: managing user access to media content, wherein access is granted specifically on the selected media device.

14 cl, 6 dwg

Up!