Abstract: There is described a method for transmitting a transaction message from a transaction device having a transaction device identifier. The method involves encrypting, at a transaction device, a transaction device identifier, generating, at the transaction device, a transaction message for a transaction system, the transaction message including, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data, and sending the transaction message to a transaction processing system. The generation of the transaction message includes providing data in the first data field of the transaction message that does not identify the transaction device and providing the encrypted transaction device identifier in the second data field of the transaction message.

Abstract: A method is disclosed. The method includes receiving a first session key different from a Master Key from a remote entity, the first session key based on the Master Key. The first session key is usable for a limited number of transactions. In response to receiving the first session key, the method includes provisioning a payment application in the user device with the first session key. The method includes receiving, at the payment application, a request for an application cryptogram from a point-of-sale terminal. In response to the receiving the request for the application cryptogram, the method includes generating the application cryptogram using the first session key, transmitting the application cryptogram to the point-of-sale terminal, and receiving a second session key from the remote entity. The second session key is based on the Master Key.

Abstract: There is described a method for transmitting a transaction message from a transaction device having a transaction device identifier. The method involves encrypting, at a transaction device, a transaction device identifier, generating, at the transaction device, a transaction message for a transaction system, the transaction message comprising, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data, and sending the transaction message to a transaction processing system. The generation of the transaction message comprises providing data in the first data field of the transaction message that does not identify the transaction device and providing the encrypted transaction device identifier in the second data field of the transaction message.

Abstract: Embodiments of the present disclosure comprise methods, apparatus and computer readable instructions for establishing a relationship between user accounts. A first account association request message in relation to a first user account in an account based system is received. A first source account identifier which corresponds to the first user account and a first target account identifier which corresponds to the second user account are identified. A second account association request message in relation to the second user account is received. Based on the second account association request message, a second source account identifier which corresponds to the second user account and a second target account identifier which corresponds to the first user account are identified. Responsive to a determination of whether the source account identifiers and target account identifiers relate to the same user account, a relationship is established between the first user account and the second user account.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. An ICC Master Key corresponding to the payment application is held by a trusted authority, such as the issuing bank. The trusted authority is adapted generate time-limited session keys on the basis of the ICC Master Key and distribute session keys to the payment application. Receipt of a session key by the payment application enables the payment application to conduct an EMV payment transaction. The session key is used to authorize a single EMV payment transaction.

Abstract: Method and apparatus for transmitting credentials to a transaction processing system, the credentials arranged in sets and a set including a unique identifier and verification data elements. Credentials are activated and are then available for use in at least one subsequent transaction. In the transaction, in response to receiving authorization from a user, the unique identifier and verification data elements from a set are transmitted to the transaction processing system for the user. The credentials are activated using an activation mode selected from at least a first activation mode and a second activation mode. In the first activation mode, additional user input for the verification data elements associated with the unique identifier is received from the user. In the second activation mode, the user is authenticated, and verification data elements are received via a data communications network are received from a trusted data processing system remote from the user.

Abstract: Embodiments of the present disclosure comprise methods, apparatus and computer readable instructions for establishing a relationship between user accounts. A first account association request message in relation to a first user account in an account based system is received. A first source account identifier which corresponds to the first user account and a first target account identifier which corresponds to the second user account are identified. A second account association request message in relation to the second user account is received. Based on the second account association request message, a second source account identifier which corresponds to the second user account and a second target account identifier which corresponds to the first user account are identified. Responsive to a determination of whether the source account identifiers and target account identifiers relate to the same user account, a relationship is established between the first user account and the second user account.

Abstract: Systems, methods and computer programs for transferring data in a communication system are described. The communication system has a first node arranged to send data to a plurality of second nodes using a first protocol. The first protocol allows the transfer of data of a first type. At least one of the second nodes additionally requires data of a second type, which is not included in the data sent according to the first protocol. First data, of the first type, is transferred to a plurality of the second nodes using the first protocol. Second data, of the second type, is stored in a memory. Subsequently, in response to a request, access to the second data is provided to the second node.

Abstract: Systems, methods and apparatus for enabling access to secure data. A first module is arranged to generate a limited use passcode and make the passcode available to a user. A second module and a third module are arranged to communicate whereby to enable detection of the third module being in proximity to the second module. A fourth module is arranged to receive a passcode via user input. The apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. The payment application is associated with a certificate and a corresponding hash. The hash is adapted to be generated on the basis of an application expiration date parameter, which is adapted to comprise data indicative of an expiration date of day level granularity associated with the certificate. During processing of the EMV transaction, the point-of-sale terminal verifies the hash, thereby establishing the authenticity of the application expiration date, and hence the validity of the certificate.

Abstract: There is disclosed a method of authorising an electronic transaction, the method involving a server receiving transaction details for the electronic transaction and an identifier for a participant in the electronic transaction. The server sends the transaction details to the participant in the electronic transaction, and in return receives authorisation data from the participant, the authorisation data including authentication data authenticating the identity of the participant. The server then determines an account code identifying an account associated with the participant based on the identifier, and proceeds with the electronic payment transaction using the account code.

Abstract: A program for running on a processor of a portable payment device is adapted for carrying out a payment interaction and permitting ticket storage in a memory of the portable payment device. The program is configured to interact with an access point and includes a set of instructions, a first code portion and a second code portion. The set of instructions, when executed by the processor, causes the portable payment device to perform the steps of: responsive to a first message from said access point, executing the first code portion; and responsive to a second message from the access point, executing the second code portion. The first code portion includes first instructions corresponding to the payment interaction. The second code portion includes instructions corresponding to the payment interaction and second instructions corresponding to the ticket interaction.

Abstract: Methods, apparatus and computer programs for authorizing transactions are described. A server system receives, from a first computing device, verification information relating to a verification process for verifying a user associated with the first computing device. A verification status associated with the user is set in a memory of the server system, based on the verification information. The server system receives an authorization request for a payment transaction from a payment terminal, the request including an identifier associated with the user, and having been provided to the payment terminal by a payment device different from the first computing device. Responsive to receipt of the authorization request, the verification status associated with the user is identified, and a determination as to whether to authorize the payment transaction is made at least partly on the basis of the identified verification status.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. An ICC Master Key corresponding to the payment application is held by a trusted authority, such as the issuing bank. The trusted authority is adapted generate time-limited session keys on the basis of the ICC Master Key and distribute session keys to the payment application. Receipt of a session key by the payment application enables the payment application to conduct an EMV payment transaction. The session key is used to authorize a single EMV payment transaction.

Abstract: Embodiments of the invention provide a method of processing payment authorization requests for payment transactions to be conducted via a data communications network; the payment authorization requests are conducted as a result of orders by financial account holders via a plurality of different online merchant systems, and the financial account holders hold accounts with a plurality of different issuing banks. These embodiments of the invention provide a means of identifying an issuing bank from a plurality of issuing banks as one which is to be utilized in a given transaction and facilitate a user specifying, in real time in relation to the given transaction, a particular bank account that is to be used to deduct funds for that transaction.

Abstract: There is disclosed a method of authorising an electronic transaction, the method involving a server receiving transaction details for the electronic transaction and an identifier for a participant in the electronic transaction. The server sends the transaction details to the participant in the electronic transaction, and in return receives authorisation data from the participant, the authorisation data including authentication data authenticating the identity of the participant. The server then determines an account code identifying an account associated with the participant based on the identifier, and proceeds with the electronic payment transaction using the account code.

Abstract: Measures, including methods, apparatus and computer software are provided for processing electronic tokens. An authorization request is received in relation to processing of an electronic token. An identifier for a user terminal associated with the electronic token, and an account, are determined on the basis of the authorization request. In some arrangements, a location query for the user terminal is performed on the basis of the determined identifier, whereby to determine a location of the user terminal on the basis of a proximity of the user terminal to one or more base stations in a cellular telecommunications network. In some arrangements, a challenge message is sent to the user terminal, to establish a confidence that the transacting user terminal is the designated user terminal. Processing of the electronic token in relation to the account is selectively authorized on the basis of the result of the location query or challenge response.

Abstract: There is disclosed a system for performing a validity check of a user device having an application stored thereon. The apparatus comprises a coupling device operable to communicate with the user device via near field communication, a processor, and memory storing program code for execution by the processor and validity check data. The program code comprises executable instructions to receive a determinate user device identifier from the user device via the coupling device and to receive application data from the user device via the coupling device, the application data being characteristic of the application stored on the user device. The program code processes the user device identifier and the application data to generate a test token, and determines whether the test token is a valid token using the validity check data.

Abstract: There is discussed a method of authorising an electronic transaction in which a user device receives a shared secret and a shared secret identifier. Subsequently, on receipt of transaction data from a transaction terminal, the user device calculates a one-way hash of data comprising the shared secret to generate a hash value, generates authentication data comprising the hash value and the shared secret identifier, and transmits the authentication data to the transaction terminal.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. An ICC Master Key corresponding to the payment application is held by a trusted authority, such as the issuing bank. The trusted authority is adapted generate time-limited session keys on the basis of the ICC Master Key and distribute session keys to the payment application. Receipt of a session key by the payment application enables the payment application to conduct an EMV payment transaction. The session key is used to authorize a single EMV payment transaction.