Abstract: This present disclosure relates to computer-implemented methods for use in electronic fraud detection systems, and to data processing apparatus, computer programs, and computer readable storage media for performing the same. One such computer-implemented method comprises accessing a data structure comprising a plurality of transaction records; and executing one or more decision processes sharing a common ruleset, each decision process being configured to use the ruleset to output fraud decisions for transaction records, wherein a fraud decision for a transaction record is a prediction based on the ruleset as to whether the transaction to which the transaction record relates is fraudulent; wherein for each decision process, executing the decision process comprises: reading one or more transaction records for a predetermined historical period from the data structure; and determining, using the ruleset, fraud decisions for the one or more transaction records read from the data structure.

Abstract: A method of securely processing data in a third party cloud environment is provided. Third party computer executable code is executed in a secure portion of the third party cloud environment. An external data request for external data to be received from an external data provider is then processed whereby the external data request comprises at least a portion of the secure data. The third party cloud environment determines whether to authorise the first external data request, and if the request is so authorised the request is sent to the external data provider and the external data is received from the external data provider.

Abstract: Method and system for providing access to information comprising the steps of receiving a request for information derived from data from a requester having one or more requester properties. Determining if the one or more requester properties meet one or more predetermined criteria associated with the data, if the one or more requester properties meet the predetermined criteria then providing the requested information to the requester. Storing data describing the request within a blockchain. In another aspect, there is provided a method and system for anonymizing data comprising the steps of at a first source of data determining one or more parameters of a procedure for dividing a first data set into subsets of data, such that each subset of data meets one or more criteria. Providing the parameters to a second source of data. At the second source of data amending the parameters such that the procedure will divide a second data set data into subsets of data that each meet the one or more criteria.

Abstract: A one-time transaction token is requested by a user from a payment provider system for a payment transaction initiated by the user. The one-time transaction token is stored by the payment provider system. The one-time transaction token is provided to the user, and the user provides the one-time transaction token to a transaction processing system and from there to an acquirer processing system. Based on the one-time transaction token received, the acquirer processing system identifies the payment provider system which generated the one-time transaction token and transmits it to the identified payment provider system. Upon receipt of the one-time transaction token, the identified payment provider system validates the received one-time transaction token with the one-time transaction token previously generated by the identified payment provider system.

Abstract: This disclosure relates to a computer-implemented method, a data processing apparatus, a computer program, and a computer-readable storage medium for processing encrypted data. There is provided a computer-implemented method for processing a first ciphertext, C1, wherein the first ciphertext is data encrypted with a plurality of keys, k1 . . . kn, the method comprising: receiving a first key, k1, wherein the first key is one of the plurality of keys; receiving the first ciphertext, C1; and performing an exclusive OR operation on the first ciphertext, C1, and the first key, k1, to produce a second ciphertext, C2, such that the second ciphertext, C2, is the data encrypted with the plurality of keys k2 . . . kn, and not with the first key, k1.

Abstract: Systems and methods for managing data security are described. In an embodiment, the method comprises receiving a data access request from a first application that runs in a first operating environment of a mobile device, wherein the authentication request contains credentials of the first application, communicating with a second application that runs in a second operating environment in parallel to the first environment of the mobile device, wherein the second application is a trusted application that runs in a secure environment, and wherein the communicating includes transferring the credentials of the first application to the second application, and receiving data from the trusted application responsive to the data access request, based on the credentials of the first application.

Abstract: There is provided a method of securely processing data in a third-party cloud environment, and a secure portion of a third-party cloud environment configured to perform the method.

Abstract: A computer implemented method for resolving a Domain Name System, DNS, query received at a third party cloud computing environment comprises: receiving a DNS query at the third party cloud computing environment. The DNS query is forwarded to a sinkhole DNS server if the DNS query comprises an unauthorised domain name. The DNS query is forwarded to a default DNS server of the third party cloud computing environment if the DNS query does not comprise an unauthorised domain name.

Abstract: This disclosure relates to a computer-implemented method, a data processing apparatus, a computer program, and a computer-readable storage medium for processing encrypted data. There is provided a computer-implemented method for processing encrypted data, comprising receiving a swap key, wherein the swap key is the product of an exclusive OR operation performed on a first key and a second key; receiving a first ciphertext, wherein the first ciphertext is encrypted with the first key and not encrypted with the second key; and performing an exclusive OR operation on the swap key and the first ciphertext to produce second ciphertext, such that the second ciphertext is encrypted with the second key and not encrypted with the first key.

Abstract: A pipeline for securely validating computer executable code in a third-party cloud environment is provided. The pipeline comprises an on-boarding account and a run account. The on-boarding account is configured to allow the user to access computer executable code input into the third-party cloud environment from the user and prevent the user from accessing the protected data input into the third-party cloud environment from a secure provider. The on-boarding account is also configured to transmit the computer executable code from the on-boarding account to another account in the third-party cloud environment if a first predetermined criterion is met. The run account is configured to allow the user to execute the computer executable code with the protected data and prevent the user from accessing the computer executable code. Moreover, a process for generating the pipeline and a method of securely validating computer executable code in a third-party cloud environment using the pipeline is provided.

Abstract: This disclosure is in the field of data leakage prevention and relates to computer-implemented methods for identifying data leakage and for enabling identification of data leakage, and data processing apparatus, computer programs, and computer readable storage media for performing the same. There are provided computer-implemented methods of constructing and querying a first Bloom filter, formed from a plurality of representations of sensitive data, wherein the plurality of representations have been generated from underlying sensitive data using a mapping function.

Abstract: A computer-implemented method for automatically testing a cloud-hosted application is disclosed. A test object is defined for at least one service of the cloud-hosted application. The test object comprises an API request configured to be transmitted to the at least one service of the cloud-hosted application via an API interface or a service call configured to invoke the at least one service directly. The test object is transmitted to the at least one service of the cloud-hosted application. The test object is processed at the at least one service of the cloud-hosted application to generate an API formatted response and associated service log data. The cloud-hosted application is validated based on the API formatted response and the associated service log data.

Abstract: Method and system for securely communicating data, the method comprising the steps of: initiating a secure communication between a mobile device and a requester using a cryptographic key to verify the user of the mobile device. Receiving, using the secure communication, at a mobile device a request from the requester, the request including an indication of one or more requested data attributes associated with a user of the mobile device. At the mobile device, querying a data store for the requested one or more data attributes and a verification attribute.

Abstract: A computer-implemented method for securing a user device is disclosed. A signed device authentication key is requested and received from a user application executing on the user device. The signed device authentication key is obtained via a software module installed on the user device and associated with a secure data processing provider. A device setup request is transmitted from the user device to the secure data processing system using the signed device authentication key. The device setup request comprises the signed device authentication key. The authenticity of the device setup request is verified at the secure data processing system based on the signed device authentication key.

Abstract: Method and system for securely communicating data, the method comprising the steps of: initiating a secure communication between a mobile device and a requester using a cryptographic key to verify the user of the mobile device. Receiving, using the secure communication, at a mobile device a request from the requester, the request including an indication of one or more requested data attributes associated with a user of the mobile device. At the mobile device, querying a data store for the requested one or more data attributes and a verification attribute.

Abstract: Systems and methods for managing data security are described. In an embodiment, the method comprises receiving a data access request from a first application that runs in a first operating environment of a mobile device, wherein the authentication request contains credentials of the first application, communicating with a second application that runs in a second operating environment in parallel to the first environment of the mobile device, wherein the second application is a trusted application that runs in a secure environment, and wherein the communicating includes transferring the credentials of the first application to the second application, and receiving data from the trusted application responsive to the data access request, based on the credentials of the first application.

Abstract: A client system comprises processing circuitry configured to receive, from a user device, a first access request comprising a first instruction to access a protected resource; transmit a token request for an access token to be used for accessing the protected resource; and receive an access token in response to the token request, the access token having a corresponding time to expire. The client system comprises a token storage unit configured to store the access token. The processing circuitry is further configured to receive a rejection message indicating that the access token is not valid for receiving the protected resource; and store, at the token storage unit, an invalidation flag associated with the stored access token, in response to receiving the rejection message.

Abstract: Systems and methods for managing data security are described. In an embodiment, the method comprises receiving a data access request from a first application that runs in a first operating environment of a mobile device, wherein the authentication request contains credentials of the first application, communicating with a second application that runs in a second operating environment in parallel to the first environment of the mobile device, wherein the second application is a trusted application that runs in a secure environment, and wherein the communicating includes transferring the credentials of the first application to the second application, and receiving data from the trusted application responsive to the data access request, based on the credentials of the first application.

Abstract: A client system comprises processing circuitry configured to receive, from a user device, a first access request comprising a first instruction to access a protected resource; transmit a token request for an access token to be used for accessing the protected resource; and receive an access token in response to the token request, the access token having a corresponding time to expire. The client system comprises a token storage unit configured to store the access token. The processing circuitry is further configured to receive a rejection message indicating that the access token is not valid for receiving the protected resource; and store, at the token storage unit, an invalidation flag associated with the stored access token, in response to receiving the rejection message.

Abstract: A computer-implemented method for managing a secure data item that is jointly accessible by the first user and the second user. In the method a first system receives a data request comprising an instruction to transmit the secure data item to a second system. The first system identifies that the secure data item is jointly accessible by the first user and the second user, and in response transmits an authorisation request to the second user device. The authorisation request comprises a prompt for the second user to authorise the data request. The first system receives a grant message indicative of the second user granting the authorisation request and in response transmits the secure data item to the second system. The secure data item is prevented from being sent to the second system, if the grant message is not received.