Abstract: A method of payment using tokens issued by a third party comprising the steps of: a. A transaction management unit receives a request to perform a service for which payment with tokens is required; b. The management unit checks whether there are yet unused tokens available; If an unused token was found, go to step (c); If there are no available tokens, then indicate that, then END; c. The management unit requests information on an available token from a database. The status of the used token is changed to “used”; d. During the subsequent transaction, the management unit sends information relating to the token now used. A system for managing and monitoring the use of tokens, comprising: a. a transactions management unit using tokens, wherein the unit is activated when a local user requires to perform a service for which payment using tokens is required; b. a tokens database which includes information on tokens acquired from the third party; c.

Abstract: A system and method for secure communication is provided. A first hash-based message authentication code is generated from a shared secret and a first counter value stored in storage of a computing device. A second hash-based message authentication code is generated from such shared secret and a second counter value. An encryption key is derived from a function of the first hash-based message authentication code and the second hash-based message authentication code. A message is encrypted using the encryption key, and communicated via a network interface of the computing device.

Abstract: The invention consists of a method of handling permits, comprising the steps of: (a) providing a user with a user permit linked to a user authentication token, the user permit defining permissions granted to the user and the user token containing identity authentication information for the user; (b) presenting the user token to a gatekeeper to confirm the user's identity; (c) validating the user permit based on the permit issuer's digital signature; and, (d) granting the user access based on said permissions within the user permit.

Abstract: A method and system for authenticating a user of a mobile device is provided. A first message is received from a mobile device, the message including a mobile device identifier identifying said mobile device. An association between the mobile device identifier in the first message and a registered user is confirmed. A second message is generated and transmitted to the mobile device. The second message includes a user identifier identifying the registered user. A request for a service is received, the request including the user identifier.

Abstract: The invention comprises a method of authenticating and encrypting a client-server communication, comprising the steps of: a) generating a first one-time password (OTP1) and a second one-time password (OTP2) from a cryptographic token; b) generating an encryption key (K_ENC) and a MAC key (K_MAC) based on OTP2; c) preparing and protecting the client data using K_ENC and K_MAC; d) sending a request message from the client to the server, the request message containing the protected client data, a cryptographic token identifier (TID) and OTP1; e) validating OTP1 at the server, and generating OTP2 at the server upon successful validation; f) deriving K_ENC and K_MAC from OTP2 at the server; g) processing the request message and generating result data h) encrypting the result data using K_ENC and creating a digest using K_MAC; i) sending the encrypted result data to the client; and i) decrypting the result data at the client using K_ENC and verifying the authenticity of the result data using K_MAC.

Abstract: A system and method for recovering a security credential is provided. A security credential stored in the storage of a computing device is encrypted using a first encryption key generated by a server. A first decryption key for decrypting the security credential and a second encryption key for re-encrypting the security credential are received. The first decryption key and the second encryption key are generated by the server. The security credential is decrypted using the first decryption key. The security credential is communicated to a user of the computing device. The security credential is re-encrypted in the storage of the computing device using the second encryption key.

Abstract: A system and method for processing healthcare payments is provided. A payment request is received for a charge for healthcare services provided by a healthcare provider via a communications interface of a computer system. The payment request identifies an end-user receiving the healthcare services. A first payment is received from at least one healthcare insurance plan covering at least a portion of the charge for the end-user. A second payment is received from at least one funding account of the end-user from which the remainder of the charge is to be paid. A third payment is transferred to a financial account associated with the healthcare provider for the charge.

Abstract: According to an aspect of the present invention there is provided a method of binding a security element to a device, comprising: generating a passkey to encrypt the security element, the passkey being a combination of attributes, and one of the attributes being a Device ID associated with said device. Preferably, the device is a mobile device. The combination of attributes may include the following: a) a build secret, the build secret consisting of a string which is generated when the software application is created; b) a salt, the salt consisting of a random string; wherein the build string and the salt are stored as non-printable strings within encryption code of the passkey.

Abstract: A system and method for secure communication is provided. A first hash-based message authentication code is generated from a shared secret and a first counter value stored in storage of a computing device. A second hash-based message authentication code is generated from such shared secret and a second counter value. An encryption key is derived from a function of the first hash-based message authentication code and the second hash-based message authentication code. A message is encrypted using the encryption key, and communicated via a network interface of the computing device.

Abstract: A system and method for secure communication is provided. Outgoing messages to another computing device are encrypted using a first shared key shared with said other computing device, and a first counter, said first shared key and said first counter being stored in storage of a computing device. Incoming messages from said other computing device are decrypted using said first shared key and a second counter stored in said storage of said computing device.

Abstract: A system and method for sharing data is provided. A request is received from a mobile device to transfer a set of data to a recipient. The set of data is stored by a server and controlled by a user of the mobile device. The request is authenticated, and the data is encrypted. The set of data is transmitted to a recipient specified by the user via the mobile device.

Abstract: A method and system for delivering a command to a mobile device is provided. A one-time password is generated using a token shared with a mobile device and one of a challenge and an input string. The one-time password and a command are transmitted, along with the challenge or the input string, to the mobile device for execution thereon.

Abstract: A method and system for authenticating a user of a mobile device is provided. A first message is received from a mobile device, the message including a mobile device identifier identifying said mobile device. An association between the mobile device identifier in the first message and a registered user is confirmed. A second message is generated and transmitted to the mobile device. The second message includes a user identifier identifying the registered user. A request for a service is received, the request including the user identifier.

Abstract: A system, apparatus and method for enabling interaction between a mobile device and a dynamic list of remotely hosted applications. A mobile device is provided with a removable module implementing a virtual machine defined by a set of instructions. The mobile device requests an initial application from an application server. The application server generates a message, including a set of commands and any parametric information, such as text to be displayed, which is then compiled into executable code. The executable code is then forwarded to the mobile device for execution. The mobile device interprets the executable code and runs it, possibly causing text or a menu to be displayed. In a first embodiment, the mobile device requests a list of currently available applications and is provided with such a list by a first application server. The user is then able to select from the list of applications, some which can be located on other servers.

Abstract: A system and method for authorizing transactions via mobile devices is provided. The system includes a mobile device executing a transaction authorization application. The transaction authorization application generates a transaction code for a transaction upon request by a user. The transaction authorization application includes a presentation module for presentation of the transaction code on the mobile device, and a communication module for communicating at least a part of the transaction code over a first channel. A server is in communication with the mobile device over the first channel for receiving the at least partial transaction code. The server is also in communication with a merchant system over a second channel for receiving a transaction request for the transaction. The transaction request includes the transaction code.

Abstract: A system and method for authorizing transfers via mobile devices are provided. The system includes a first mobile device and a server. The first mobile device executes a transfer authorization application that allows a user to enter transfer information for a transfer. In response, the transfer authorization application generates and communicates a transfer request for the transfer. The transfer information includes an identifier associated with a recipient and a transfer amount. The server has a data store storing account details for a first account of the user. The server receives the transfer request from the mobile device, verifies that the user has resources in the first account for the transfer request, and sends a notification to a second mobile device associated with the identifier of the recipient. The server then transfers the transfer value from the first account to a second account of the recipient.

Abstract: The invention consists of a method of automatically detecting and classifying a device, comprising: a) receiving information from the device; b) looking up the information in a device directory to identify the device; c) applying a series of identity rules if the information is not found in the device directory; and d) identifying the device from the identity rules. Preferably, the device is a mobile device.

Abstract: A method for collecting payment over a distributed digital computerized communication environment by a third party for services using digital tokens issued by a third party. The services may be provided by the third party or another party. The tokens are acquired by the user and stored in its database. The user cancels the tokens itself as it uses the provided services. The second party can monitor and report on the cancellation of tokens by the user. Fraud is reduced or eliminated by providing an open system that permits other parties to observe the user's cancellation of its tokens.

Abstract: The invention presented herein consists of systems and methods of secure storage for sensitive and confidential data, such as personal identity data, along with methods of securely accessing that data, and transferring information from that data, as necessary.

Abstract: A system and method for a certificate verifier to make a request to a certificate distribution server for a copy of another entity's digital certificate and to have the certificate distribution center validate it. The certificate distribution center can request the appropriate certificates and validation thereof from a number of certificate authorities or may alternatively obtain copies from a certificate cache and validate the copies against a revocation list server.