Abstract: Method and system for securely communicating data, the method comprising the steps of: initiating a secure communication between a mobile device and a requester using a cryptographic key to verify the user of the mobile device. Receiving, using the secure communication, at a mobile device a request from the requester, the request including an indication of one or more requested data attributes associated with a user of the mobile device. At the mobile device, querying a data store for the requested one or more data attributes and a verification attribute.

Abstract: Systems and methods for managing data security are described. In an embodiment, the method comprises receiving a data access request from a first application that runs in a first operating environment of a mobile device, wherein the authentication request contains credentials of the first application, communicating with a second application that runs in a second operating environment in parallel to the first environment of the mobile device, wherein the second application is a trusted application that runs in a secure environment, and wherein the communicating includes transferring the credentials of the first application to the second application, and receiving data from the trusted application responsive to the data access request, based on the credentials of the first application.

Abstract: An electronic device that implements each module of a plurality of modules to jointly perform a secure multiparty cryptographic process to generate authorisation data based on input data, the authorisation data being suitable for use in authorising the electronic device, wherein each module uses secure data that is not shared outside that module to generate intermediate data for use in the secure multiparty cryptographic process to generate authentication data.

Abstract: A client system obtains an access token for accessing a protected resource stored at a resource system. A storage resource of the system stores a plurality of grant method code portions, a plurality of authentication method code portions and a configurable database. The client system comprises processing circuitry configured to receive an access request from a user device. The access request comprises an instruction for the client system to access a protected resource and a request identifier indicative of an authorization system for authorizing access to the protected resource. The client system uses the configurable database and code portions to execute the grant and authentication methods supported by the authorization system. The client system receives the access token from the authorization sever, in response to executing the grant and authentication methods.

Abstract: A client system comprises processing circuitry configured to receive, from a user device, a first access request comprising a first instruction to access a protected resource; transmit a token request for an access token to be used for accessing the protected resource; and receive an access token in response to the token request, the access token having a corresponding time to expire. The client system comprises a token storage unit configured to store the access token. The processing circuitry is further configured to receive a rejection message indicating that the access token is not valid for receiving the protected resource; and store, at the token storage unit, an invalidation flag associated with the stored access token, in response to receiving the rejection message.

Abstract: A client system comprises processing circuitry configured to receive, from a user device, a first access request comprising a first instruction to access a protected resource; transmit a token request for an access token to be used for accessing the protected resource; receive an access token in response to the token request, the access token having a corresponding time to expire indicative of a time at which the access token will not be valid for obtaining the protected resource; and transmit the access token to a resource system and, in response, receive the protected resource. The client system further comprises a token storage unit configured to store the access token.

Abstract: A client system comprises processing circuitry configured to receive, from an authorisation system, a first grant token for identifying the client system at the authorisation system, the first grant token having a corresponding time to expire indicative of a time at which the first grant token will not be valid for obtaining a protected resource from a resource system. The client system transmits, to the authorisation system, a refresh request for a second grant token for identifying the client system at the authorisation system, wherein the refresh request is transmitted based on the expiry time of the first grant token; and receives the second grant token at the client system, in response to the refresh request.

Abstract: An electronic device includes one or more processors that perform at least one secure multiparty cryptographic process using a plurality of modules that jointly generate authentication data based on input data. Each of the modules performs that module's part of the secure multiparty cryptographic process using secure data that is not shared outside that module. The processors update the respective secure data of at least two of the modules. The respective secure data of a first module of the at least two of the modules is updated using a modification value, and the respective secure data of a second module of the at least two of the module is updated using the modification value. The updated secure data is arranged so that, for each possible value of the operation data, performance of the secure multiparty computation using the updated secure data generates the same authentication data as performance of the secure multiparty computation using the secure data prior to the step of updating.

Abstract: A computer-implemented method for sharing user data associated with a first user. The method comprises receiving, from a second system, a first access message associated with a request for access to the user data stored at a first system. The first access message comprises a second system label indicative of an identifier of the second system. In response to receiving the first access message, the second system label is compared with a plurality of authorised entity labels and a plurality of unauthorised entity labels. In response to identifying that the second system label matches an authorised entity label and that the second system label does not match an unauthorised entity label, a grant message is transmitted indicative that the request for access is granted.

Abstract: A computer-implemented method for managing a secure data item that is jointly accessible by the first user and the second user. In the method a first system receives a data request comprising an instruction to transmit the secure data item to a second system. The first system identifies that the secure data item is jointly accessible by the first user and the second user, and in response transmits an authorisation request to the second user device. The authorisation request comprises a prompt for the second user to authorise the data request. The first system receives a grant message indicative of the second user granting the authorisation request and in response transmits the secure data item to the second system. The secure data item is prevented from being sent to the second system, if the grant message is not received.

Abstract: An automated application test system comprises a plurality of clients (3) providing test interfaces to corresponding users, and a network of test nodes (4a) connected to the clients (3); wherein each said test node (4a) comprises one or more test devices locally connected to the test node (4a); and an agent (6) arranged to execute one or more test applications on the locally connected test devices (4b) in accordance with requests from the clients (3).

Abstract: A system and method of authenticating a payment transaction between a merchant and a customer in an electronic payment system are described. Transaction details presented by the merchant are received at a mobile electronic device, the customer is authenticated by means of an authentication token presented by the customer at an authentication terminal, and the geo-location of the mobile electronic device and the authentication terminal are compared to verify that the device and terminal are within a predefined geographical distance at the time the payment transaction is processed.

Abstract: In an exemplary embodiment, a method of registering online payment transaction details in an online banking system is described, the method comprising receiving data associated with an online payment transaction from a user, and storing data defining the online payment transaction after verifying the user's identity. In an initial mode of operation, the system enforces a restriction on the online transaction, and in a subsequent mode of operation, the system removes the restriction. A two-stage method of registering a user for access to an application on a mobile handset is also provided, whereby access is initially restricted until subsequent re-authentication of the user using a different channel.