Abstract: Secure registration of a new application with a server system is provided. An old application has been registered with the system. A first link between the new application and the system establishes a first key and first check data is communicated from the system to the new application and passed to the old application. A second link between the old application and the system establishes a second key based on input of a credential to the old application; the first check data is communicated from the old application to the system. Enciphered second check data is communicated from the system to the old application over the second link and further encrypted by the old application using a third key. This generates doubly-enciphered check data which is passed to the new application and decrypted using the first key and a fourth key, generated at the new application based on the first check data and input of the credential to the new application.

Abstract: A method and device are described for maintaining software components in a portable electronic device. The device includes memory storing software components executable from the device, with associated pairs of logical storage partitions for storing different versions of the software components, a data interface for coupling the device to a host computer, a contactless interface for receiving payment token data from a contactless payment token, and a cellular network interface for communication of data over a cellular network. An upgrade process is initiated when the device is coupled to the host computer. Data including a different version of at least one of said software components is received, installed and executed to initiate a payment transaction with a remote system. Payment token data is received via the contactless interface means and transmitted to the remote system.

Abstract: A computer-implemented biometric identity verification method including the steps of storing a database of registered users, including data identifying profile attributes of each registered user and a respective plurality of stored biometric signatures, each stored biometric signature associated with a corresponding one or more of the profile attributes. A predicted biometric signature is derived for a requesting user when it is determined that a period of time has elapsed since the requesting user's stored biometric signature was last updated, by adapting the stored biometric signature based on biometric variances derived from a biometric peer group of registered users with at least one profile attribute in common with the requesting user. The predicted biometric signature is used to verify the identity of the requesting user.

Abstract: In a credential recovery process, a user is authenticated using an application running on a mobile communications device, and requests recovery of a credential. The application generates a session key encrypted with the public key of a gateway, and sends the encrypted key to the gateway. The gateway recovers the credential from a depository, encrypted using a symmetric key shared with the depository. The gateway decrypts the credential and re-encrypts the credential using the session key. Preferably, the decryption and re-encryption is performed within a hardware secure module within the gateway. The re-encrypted credential is sent to the application, which decrypts the credential and outputs it to the user. In this way, the credential is provided securely to the user and may be made available for use immediately, or nearly so.

Abstract: A method of user authentication by an application (1a) on a mobile telephony device (1) comprises authenticating the user by interaction with the application (1a), communicating with a remote authentication service (4) to receive a call identifier; and sending the call identifier within a telephone call to the remote telephony service (9), by means of which the user is authenticated to the remote telephony service (9). The mobile telephony device may receive a service code linked to the remote telephony service, and the call identifier may be based on this code. The service code may be captured or entered manually into the mobile device, or obtained from an application on the mobile device (1), such as a mobile banking application. The call identifier may be hidden within the call using audio steganography. The authentication service (4) may link the user to a remote service account ID, which is sent to the remote server.

Abstract: A user inputs a pattern consisting of a plurality of lines. The lines are classified by relative length, overall direction and degree of curvature. Where a line is started from a new position, the direction from the previous starting point is taken into account. The series of lines is then serialized into a key value, which may then be used to decrypt data stored on a device. This enables data to be securely stored since the key is supplied by the user at runtime and is not itself stored on the device.

Abstract: A method and system are described that facilitate efficient and secured management of a mobile payment account by an electronic wallet on a user portable electronic device, the electronic wallet for conducting payment transactions with a merchant point of sale terminal over a contactless communications link. In an aspect, the electronic wallet provides for the real-time addition of one or more users authorized to use the mobile payment account associated with the electronic wallet from their own respective portable devices, in a secure and efficient manner.

Abstract: A mobile payment system and method are described that facilitates the secure and real time user authentication and activation of a mobile payment account for a user portable electronic device over a communications network.

Abstract: An encryption service system comprises an API for receiving requests from one or more calling applications. Each request comprises information identifying the operations to be performed on data to be processed and information identifying the origin and target of the data. The encryption service system further comprises a cryptographic server for processing the requests and determining, for each request, an encryption policy to be applied.

Abstract: A method of operating a display device, such as a tablet device, comprises displaying a plurality of covers corresponding to respective different data items, such as financial information, and selecting at least one cover and displaying the corresponding data item or data items.

Abstract: The present disclosure relates to electronic device comprising one or more processors that perform at least one secure multiparty cryptographic process using a plurality of modules that jointly generate authentication data based on input data, wherein each of said modules performs that module's part of said secure multiparty cryptographic process using secure data that is not shared outside that module; and update the respective secure data of at least two of the modules, wherein the respective secure data of a first module of the at least two of the modules is updated using a modification value, and wherein the respective secure data of a second module of the at least two of the module is updated using the modification value, and wherein the updated secure data is arranged so that, for each possible value of the operation data, performance of the secure multiparty computation using the updated secure data generates the same authentication data as performance of the secure multiparty computation using the sec

Abstract: A mobile electronic device comprising an input interface that receives an authorisation challenge from a terminal; one or more processors implementing at least two modules, jointly performing a secure multiparty cryptographic process to generate an authorisation request cryptogram (ARQC); and an output interface that transmits an authorisation response comprising the ARQC to the terminal for use in authorising the mobile electronic device, wherein each of the modules performs that module's part of the secure multiparty cryptographic process based on secure data that is not shared outside that module; a first module of the at least two modules is programmed in a first programming language; a second module of the at least two modules is programmed in a second programming language; and the first programming language is different to the second programming language.

Abstract: A system for processing mobile payment transactions is described, the system includes a mobile electronic device having a mobile wallet module for initiating payment transactions from a mobile payment account associated with a payment service provider and operable to communicate with the payment service provider via a data network to settle the payment transaction. The mobile electronic device receives and stores data defining an off-line enabled merchant interface when the mobile electronic device is connected to the data network, processes an off-line payment transaction through the stored merchant interface when the mobile electronic device is not connected to the data network, and communicates details of the off-line payment transaction to the payment service provider when the mobile electronic device is re-connected to the data network.

Abstract: An electronic device that implements each module of a plurality of modules to jointly perform a secure multiparty cryptographic process to generate authorisation data based on input data, the authorisation data being suitable for use in authorising the electronic device, wherein each module uses secure data that is not shared outside that module to generate intermediate data for use in the secure multiparty cryptographic process to generate authentication data.

Abstract: An automated application test system comprises a plurality of clients (3) providing test interfaces to corresponding users, and a network of test nodes (4a) connected to the clients (3); wherein each said test node (4a) comprises one or more test devices locally connected to the test node (4a); and an agent (6) arranged to execute one or more test applications on the locally connected test devices (4b) in accordance with requests from the clients (3).

Abstract: Secure registration of a new application with a server system is provided. An old application has been registered with the system. A first link between the new application and the system establishes a first key and first check data is communicated from the system to the new application and passed to the old application. A second link between the old application and the system establishes a second key based on input of a credential to the old application; the first check data is communicated from the old application to the system. Enciphered second check data is communicated from the system to the old application over the second link and further encrypted by the old application using a third key. This generates doubly-enciphered check data which is passed to the new application and decrypted using the first key and a fourth key, generated at the new application based on the first check data and input of the credential to the new application.

Abstract: A computer-implemented method of providing authenticated delivery of a purchase to an authorised recipient comprises: a. authorising (S2-1) a purchase, including designating an authorised recipient for the purchase; b. providing (S2-3) corresponding delivery tokens (4a, 4b) to a recipient device (3) of the authorised recipient and to a delivery device (13) associated with delivery of the purchase; c. at the point of delivery, determining (S2-7) whether the delivery token (4a) of the recipient device (3) matches the delivery token (4b) of the delivery device (13); and, if so: d. confirming (S2-9) that delivery of the purchase is authorised.

Abstract: Method and system of registering a user of a mobile device comprising: obtaining data identifying a user. Obtaining account data. Retrieving data uniquely identifying a mobile device. Authenticating the user with the mobile device. Validating the user with the account using the data identifying the user and the account data.

Abstract: A merchant web site automatically detects whether a customer device has a registered payment application; if so, the web site generates a custom protocol message that is triggered on checkout to initiate payment via the payment application. Details of the transaction are passed to the payment application via a payment server so that the user can authorise the transaction within the payment application.

Abstract: In a secure computing environment, a method, system and device are provided for loading stored encryption key data from a protected non-volatile memory of a portable device. A boot loader program is initiated after the portable device is powered on, encryption key data is loaded from the protected non-volatile memory of the portable device, and access to the protected non-volatile memory is disabled after a predetermined time after the portable device is powered on. In this way, the encryption key data is loaded from the protected non-volatile memory of a portable device before the boot operating system is loaded.