Abstract: The present invention relates to the field of securing electronic transactions and more specifically to methods to indicate and verify the approval of the risk level of a transaction and to apparatuses for generating transaction risk level approval codes. In a method according to the invention transactions are classified into a limited number of categories. A user submitting a transaction to a server is requested to also generate and submit a dynamic transaction category approval code for the submitted transaction. On the server side a corresponding verification value is generated for the received transaction. In an alternative method according to the invention transactions are assigned one of a limited number of risk levels. A user submitting a transaction to a server is requested to also generate and submit a dynamic risk level approval code for the submitted transaction. On the server side a corresponding verification value is generated for the received transaction.

Abstract: The present invention defines a strong authentication token for generating different dynamic credentials for different application providers comprising an input interface providing an output representing an application provider indicator; a secret key storage for storing one or more secret keys; a variability source for providing a dynamic variable value; a key providing agent for providing an application provider specific key as a function of said application provider indicator using one or more keys stored in said secret key storage; a cryptographic agent for cryptographically combining said application provider specific key with said dynamic variable value using symmetric cryptography; a transformation agent coupled to said cryptographic agent for transforming an output of said cryptographic agent to produce a dynamic credential; and an output interface to output said dynamic credential.

Abstract: The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKI private keys such as PKI-enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In other words a digital connection that would allow an application to submit data to the card for signing by the card's private key and that would allow retrieving the entire resulting signature from the card is not required. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g.