Abstract: A transaction processing system for sending user information data to a personal device, and an associated method are provided. The system comprises: a personal device, such as a balance display card; an interface device, such as a card reader for transmitting data to and from the card; a communications network connecting to the interface device; an issuer processor connected to the communications network; and a trusted network processor (TNP) processor connected to the communications network, interposed between the interface device and the issuer processor. The TNP processor is arranged to receive a transaction request message from a card user and to transmit a response message back to the personal device, the response message typically being a transaction authorization together with information for display on the card.

Abstract: A method for authenticating a computing device includes: storing an account profile, the profile including data related to a service account including an alphanumeric code; generating a session identifier and a seed value; computing a first hash using the session identifier; computing a second hash using the session identifier and the alphanumeric code; computing a third hash using the second hash and a utilized seed value; transmitting the session identifier to a computing device via a first communication protocol; transmitting the session identifier and first hash to a remote notification service for transmission to the computing device via a second communication protocol; receiving a fourth hash and the session identifier from the computing device via the first communication protocol; validating the fourth hash based on a comparison of the fourth hash and the computed third hash; and transmitting a validation result to the computing device based on the validation step.

Abstract: A mobile computing device has at least one processor and at least one memory together providing a first execution environment and a second execution environment logically isolated from the first execution environment. The following approach is taken to manage data items for an application executing the first execution environment. A trust relationship is established between a trust client in the second execution environment and a remote trusted party and the trust client receives one or more data items from the remote trusted party. On executing the application in the first execution environment, the trust client provides the data items or further data items derived therefrom to the application 213. Provision of these data items may be conditional upon a user authentication process. A suitable mobile computing device is also described.

Abstract: A transaction processing system for sending user information data to a personal device, and an associated method are provided. The system comprises: a personal device, such as a balance display card; an interface device, such as a card reader for transmitting data to and from the card; a communications network connecting to the interface device; an issuer processor connected to the communications network; and a trusted network processor (TNP) processor connected to the communications network, interposed between the interface device and the issuer processor. The TNP processor is arranged to receive a transaction request message from a card user and to transmit a response message back to the personal device, the response message typically being a transaction authorization together with information for display on the card.

Abstract: A mobile computing device has a processor and a memory. The processor is programmed with a mobile transaction application 101. The memory comprises a local database 102 to hold data items for use by the mobile transaction application 101. The mobile transaction application 101 is adapted to encrypt data items for storage in the local database 102 and to decrypt data items stored in the local database 102 using white-box cryptographic techniques.

Abstract: Instead of requiring key exchange between a trusted biometric application in a TEE and an external application outside of the TEE that provides access to a secured function, the trusted application is preconfigured with security data such as (in a first implementation) authentication credentials (e.g. a PIN) or (in a second implementation) a cryptographic key. This security data is then used to authenticate a biometric validation obtained by the trusted application to the external application.

Abstract: A method for building an advanced storage key includes: storing, in a mobile device, at least (i) device information associated with the mobile device, (ii) program code associated with a first program including an instance identifier, and (iii) program code associated with a second program including a first key; generating a device fingerprint associated with the mobile device based on the device information via execution of the code associated with the first program; generating a random value via execution of the code associated with the first program; building a diversifier value based on the generated device fingerprint, the generated random value, and the instance identifier included in the code associated with the first program; and decrypting the built diversifier value using the first key stored in the code associated with the second program via execution of the code associated with the second program to obtain a storage key.

Abstract: A method for receiving and processing a data message includes: storing at least an encryption key; receiving a data message, the data message including at an encrypted message and a message authentication code, the message authentication code generated using at least a portion of the encrypted message; generating a reference authentication code using at least a portion of the encrypted message included in the received data message; validating the received data message based on a check of the message authentication code included in the received data message against the generated reference authentication code; and decrypting the encrypted message included in the received data message using the stored encryption key to obtain a decrypted message.

Abstract: A method for generating payment credentials in a payment transaction includes: storing, in a memory, at least a single use key associated with a transaction account; receiving, by a receiving device, a personal identification number; identifying, by a processing device, a first session key; generating, by the processing device, a second session key based on at least the stored single use key and the received personal identification number; generating, by the processing device, a first application cryptogram based on at least the first session key; generating, by the processing device, a second application cryptogram based on at least the second session key; and transmitting, by a transmitting device, at least the first application cryptogram and second application cryptogram for use in a payment transaction.

Abstract: A method for authenticating a computing device includes: storing an account profile, the profile including data related to a service account including an alphanumeric code; generating a session identifier and a seed value; computing a first hash using the session identifier; computing a second hash using the session identifier and the alphanumeric code; computing a third hash using the second hash and a utilized seed value; transmitting the session identifier to a computing device via a first communication protocol; transmitting the session identifier and first hash to a remote notification service for transmission to the computing device via a second communication protocol; receiving a fourth hash and the session identifier from the computing device via the first communication protocol; validating the fourth hash based on a comparison of the fourth hash and the computed third hash; and transmitting a validation result to the computing device based on the validation step.

Abstract: A system and method for generating an authentication token which is used by an issuer associated with a integrated circuit card to authenticate a transaction. A personal card reader receives data, including an authentication cryptogram, from the integrated circuit card. The personal card reader uses the data received from the integrated circuit card to select one of at least two default bitmaps stored in a memory portion of the personal card reader. The personal card reader uses the selected default bitmap and the authentication cryptogram to build the authentication token.

Abstract: The present invention relates to a method and system for synchronising a personal identification number (PIN) value stored in a mobile computing device, with a PIN value stored on a remote server. The remote server receives a request from the mobile computing device to record a PIN value, the request comprising the PIN value. The PIN value is recovered from the received request and stored at the remote server. An instruction set arranged to record the PIN value in a secure hardware element comprised within the mobile computing device is generated and transmitted to the mobile computing device. The instruction set executes on the mobile computing device in order to record the PIN value on the secure hardware element.

Abstract: Systems, methods, apparatus and computer program code are provided for operating a mobile device to conduct a transaction which include obtaining, by a mobile device operating a mobile payment application, a transaction payload from a merchant, extracting a payment gateway identifier from the transaction payload and establishing a secure communication channel with a payment gateway identified by the payment gateway identifier, receiving, from the payment gateway, item data associated with the transaction, the item data obtained by the payment gateway from the merchant, and receiving, from a user operating the mobile device, a confirmation to complete the transaction using a payment account associated with the user and transmitting the confirmation to the payment gateway with payment account credentials associated with the payment account.

Abstract: A service card image repository and directory is described. A process includes receiving a request to store at least one service image and related data, determining that the service image has been approved, and then uploading the service image and related data. The method also includes assigning a unique identifier to the service image and related data, and storing the service image and related data in an image repository. Some embodiments include receiving a request to download a service image and related data, locating the requested service image, determining that the requested service image requires transcoding and/or scaling, and then transcoding and/or scaling the requested service image to form a modified service image. The modified service image is then transmitted to an entity.

Abstract: A method for generating and provisioning payment credentials to a mobile device lacking a secure element includes: generating a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier; provisioning, to a mobile device lacking a secure element, the generated card profile; receiving, from the mobile device, a key request, wherein the key request includes at least a mobile identification number (PIN) and the profile identifier; using the mobile PIN; generating a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction; and transmitting the generated single use key to the mobile device.

Abstract: Example embodiments include methods and apparatus for exchanging, using a contactless interface included in a portable device, transaction information associated with an electronic merchant device when the portable device is brought into close proximity to a contactless interface associated with the electronic merchant device, with the information identifying the electronic merchant device and identifying a handover wireless network connected to the electronic merchant device and with information including security credentials required to form a secure connection, establishing a persistent, secure wireless connection with the electronic merchant device, using a wireless network interface in the portable device and the transaction information, over the handover wireless network and exchanging transaction messages between the portable device and the electronic merchant device over the persistent, secure wireless connection during a shopping interval.

Abstract: A transaction processing system for sending user information data to a personal device, and an associated method are provided. The system comprises: a personal device, such as a balance display card; an interface device, such as a card reader for transmitting data to and from the card; a communications network connecting to the interface device; an issuer processor connected to the communications network; and a trusted network processor (TNP) processor connected to the communications network, interposed between the interface device and the issuer processor. The TNP processor is arranged to receive a transaction request message from a card user and to transmit a response message back to the personal device, the response message typically being a transaction authorization together with information for display on the card.

Abstract: A system and method for generating an authentication token which is used by an issuer associated with a integrated circuit card to authenticate a transaction. A personal card reader receives data, including an authentication cryptogram, from the integrated circuit card. The personal card reader uses the data received from the integrated circuit card to select one of at least two default bitmaps stored in a memory portion of the personal card reader. The personal card reader uses the selected default bitmap and the authentication cryptogram to build the authentication token.