Abstract: A device facilitating script deployment through service provider servers includes at least one processor configured to receive, from a service provider, a request to perform a transaction directly with a device secure element on which a credential is provisioned, where the request includes a credential identifier corresponding to the credential. The at least one processor is further configured to identify, based at least in part on the credential identifier, the device secure element. The at least one processor is further configured to verify that the service provider is authorized to interact directly with the device secure element. The at least one processor is further configured to instruct, responsive to the verifying, the device secure element to communicate directly with a service provider server to perform the transaction. The at least one processor is further configured to receive, from the device secure element, a result associated with the transaction.

Abstract: A device facilitating script deployment through service provider servers includes at least one processor configured to receive, from a service provider, a request to perform a transaction directly with a device secure element on which a credential is provisioned, where the request includes a credential identifier corresponding to the credential. The at least one processor is further configured to identify, based at least in part on the credential identifier, the device secure element. The at least one processor is further configured to verify that the service provider is authorized to interact directly with the device secure element. The at least one processor is further configured to instruct, responsive to the verifying, the device secure element to communicate directly with a service provider server to perform the transaction. The at least one processor is further configured to receive, from the device secure element, a result associated with the transaction.

Abstract: A system and methodology for policy enforcement during authentication of a client device for access to a network is described. A first authentication module establishes a session with a client device requesting network access for collecting information from the client device and determining whether to authenticate the client device for access to the network based, at least in part, upon the collected information. A second authentication module participates in the session with the client device for supplemental authentication of the client device for access to the network. The supplemental authentication of the client device is based, at least in part, upon the collected information and a policy required as a condition for network access.