Abstract: Embodiments of the invention provide a method of processing payment authorization requests for payment transactions to be conducted via a data communications network on behalf of online merchants, the payment authorization requests are conducted as a result of orders by financial instrument holders via a plurality of different online merchant systems. Each of the online merchants has an online merchant identity. The method is conducted by a trusted central intermediary system which is arranged to transmit payment authorization requests to each of a plurality of different online merchant Internet Payment Service Provider (IPSP) systems. Each merchant IPSP system is arranged to transmit payment authorization requests to at least one of a plurality of acquiring bank payment processor systems, and each of said plurality of acquiring bank payment processor systems is responsible for processing payment authorizations for at least one of said acquiring banks.

Abstract: Trust is established between a service provider (20) and a client (10) of the service provider (20). The client (10) is associated with a party that is known by an identity provider (50), and the identity provider (50) is trusted by the service provider (20). The identity provider (50) contacts (70) the party (80) via a predetermined medium, and requests the party to identify itself. The identity provider (50) determines whether the identity of the identifying party (80) corresponds to an identity held by the identity provider (50) for the party and shares a secret (100) with the identifying party (80) in the event that the identity provider (50) has determined that the identity of the identifying party (80) is the same as said identity held by the identity provider (50).

Abstract: A system for verifying a request for access to data is provided, the system comprising a first module and a second module. The first module is arranged to generate a password, and the second module is arranged to receive a password associated with a request for data (received at step), validate the received password, and enable access to the requested data. The system is such that the first and second modules share a secret that has been uniquely assigned thereto, the shared secret being for use in generation and validation of a said password. Furthermore, the first module is communicatively disconnected from the second module.

Abstract: Embodiments of the invention provide a method of processing payment authorization requests for payment transactions to be conducted via a data communications network on behalf of online merchants. The payment authorization requests are conducted as a result of orders by financial instrument holders via a plurality of different online merchant systems, each of said online merchants having an online merchant identity. The method is conducted by a trusted central intermediary system which is configured to transmit payment authorization requests to each of a plurality of different online merchant Internet Payment Service Provider (IPSP) systems. In some embodiments, a user may select a payment method on a per transaction basis, while removing the requirement for the user to provide payment details to individual online merchant systems or to their merchant IPSP systems by having the user submit their respective payment details to a separate, trusted entity.

Abstract: Disclosed embodiments provide systems and methods of processing payment authorisation requests for payment transactions to be conducted via a data communications network. The method allows identification of an issuing bank from a plurality of issuing banks as one which is to be utilised in a given transaction and facilitate a user specifying, in real time in relation to the given transaction, a particular bank account that is to be used to deduct funds for that transaction.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. The payment application is associated with a certificate and a corresponding hash. The hash is adapted to be generated on the basis of an application expiration date parameter, which is adapted to comprise data indicative of an expiration date of day level granularity associated with the certificate. During processing of the EMV transaction, the point-of-sale terminal verifies the hash, thereby establishing the authenticity of the application expiration date, and hence the validity of the certificate.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. An ICC Master Key corresponding to the payment application is held by a trusted authority, such as the issuing bank. The trusted authority is adapted generate time-limited session keys on the basis of the ICC Master Key and distribute session keys to the payment application. Receipt of a session key by the payment application enables the payment application to conduct an EMV payment transaction. The session key is used to authorize a single EMV payment transaction.

Abstract: A program for running on a processor of a portable payment device is adapted for carrying out a payment interaction and permitting ticket storage in a memory of the portable payment device. The program is configured to interact with an access point and includes a set of instructions, a first code portion and a second code portion. The set of instructions, when executed by the processor, causes the portable payment device to perform the steps of: responsive to a first message from said access point, executing the first code portion; and responsive to a second message from the access point, executing the second code portion. The first code portion includes first instructions corresponding to the payment interaction. The second code portion includes instructions corresponding to the payment interaction and second instructions corresponding to the ticket interaction.

Abstract: Trust is established between a service provider (20) and a client (10) of the service provider (20). The client (10) is associated with a party that is known by an identity provider (50), and the identity provider (50) is trusted by the service provider (20). The identity provider (50) contacts (70) the party (80) via a predetermined medium, and requests the party to identify itself. The identity provider (50) determines whether the identity of the identifying party (80) corresponds to an identity held by the identity provider (50) for the party and shares a secret (100) with the identifying party (80) in the event that the identity provider (50) has determined that the identity of the identifying party (80) is the same as said identity held by the identity provider (50).

Abstract: Trust is established between a service provider (20) and a client (10) of the service provider (20). The client (10) is associated with a party that is known by an identity provider (50), and the identity provider (50) is trusted by the service provider (20). The identity provider (50) contacts (70) the party (80) via a predetermined medium, and requests the party to identify itself. The identity provider (50) determines whether the identity of the identifying party (80) corresponds to an identity held by the identity provider (50) for the party and shares a secret (100) with the identifying party (80) in the event that the identity provider (50) has determined that the identity of the identifying party (80) is the same as said identity held by the identity provider (50).

Abstract: A program for running on a processor of a portable payment device is adapted for carrying out a payment interaction and permitting ticket storage in a memory of the portable payment device. The program is configured to interact with an access point and includes a set of instructions, a first code portion and a second code portion. The set of instructions, when executed by the processor, causes the portable payment device to perform the steps of: responsive to a first message from said access point, executing the first code portion; and responsive to a second message from the access point, executing the second code portion. The first code portion includes first instructions corresponding to the payment interaction. The second code portion includes instructions corresponding to the payment interaction and second instructions corresponding to the ticket interaction.

Abstract: Embodiments of the invention provide a method of processing payment authorization requests for payment transactions to be conducted via a data communications network on behalf of online merchants, the payment authorization requests are conducted as a result of orders by financial instrument holders via a plurality of different online merchant systems. Each of the online merchants has an online merchant identity. The method is conducted by a trusted central intermediary system which is arranged to transmit payment authorization requests to each of a plurality of different online merchant Internet Payment Service Provider (IPSP) systems. Each merchant IPSP system is arranged to transmit payment authorization requests to at least one of a plurality of acquiring bank payment processor systems, and each of said plurality of acquiring bank payment processor systems is responsible for processing payment authorizations for at least one of said acquiring banks.

Abstract: Embodiments of the invention provide a method of processing payment authorization requests for payment transactions to be conducted via a data communications network; the payment authorization requests are conducted as a result of orders by financial account holders via a plurality of different online merchant systems, and the financial account holders hold accounts with a plurality of different issuing banks. These embodiments of the invention provide a means of identifying an issuing bank from a plurality of issuing banks as one which is to be utilized in a given transaction and facilitate a user specifying, in real time in relation to the given transaction, a particular bank account that is to be used to deduct funds for that transaction.

Abstract: Disclosed embodiments provide systems and methods of processing payment authorisation requests for payment transactions to be conducted via a data communications network. The method allows identification of an issuing bank from a plurality of issuing banks as one which is to be utilised in a given transaction and facilitate a user specifying, in real time in relation to the given transaction, a particular bank account that is to be used to deduct funds for that transaction.

Abstract: Embodiments of the invention provide a method of processing payment authorisation requests for payment transactions to be conducted via a data communications network on behalf of online merchants. The payment authorisation requests are conducted as a result of orders by financial instrument holders via a plurality of different online merchant systems, each of said online merchants having an online merchant identity. The method is conducted by a trusted central intermediary system which is configured to transmit payment authorisation requests to each of a plurality of different online merchant Internet Payment Service Provider (IPSP) systems. In some embodiments, a user may select a payment method on a per transaction basis, while removing the requirement for the user to provide payment details to individual online merchant systems or to their merchant IPSP systems by having the user submit their respective payment details to a separate, trusted entity.