Abstract: The invention provides a method and system for providing financial details from a mobile device of a user for use in a transaction. The method is performed on a mobile device of the user and includes the steps of generating, on a token generating component, a session-specific token by applying an algorithm requiring a dynamic key; providing financial details for use in a transaction; incorporating the session-specific token and the financial details into a modified form the financial details; and transferring the modified form of the financial details from the mobile device to initiate the transaction. A corresponding method and system for validating financial details received, at a server of an issuing authority, is also provided.

Abstract: A mobile device of a consumer can have a mobile-based credential stored in a secure memory thereof and an associated alias. Techniques for conducting a transaction with the mobile device may involve receiving a request for the mobile-based credential from a remotely accessible server in response to a requestor device receiving the alias from the consumer. The mobile-based credential can be accessed from the secure memory and transmitted to the remotely accessible server. The mobile-based credential is then usable at the remotely accessible server in combination with a server-based credential stored thereat for obtaining payment credentials to complete the transaction.

Abstract: Systems and methods for securely managing biometric data are provided. In a method conducted at a secure element which is directly connected to a biometric input, biometric data is received directly from the biometric input. A biometric signature based on the biometric data is obtained. A seed value specific to the biometric data is accessed by obtaining the seed value from the biometric data or biometric signature. The biometric signature is encoded using an obscured algorithm and the seed value to generate a token which is output for secure storage within the secure element or secure transmission to a secure server for registration or authentication of the biometric data. Obtaining the seed value from the biometric data or biometric signature can be repeated reliably to obtain the same the seed value.

Abstract: A computer-implemented method for establishing a secure communication tunnel between a device and a server is provided. The method comprises the server receiving a session request from the device to establish a secure tunnel. A handshake procedure is carried out to set up an encryption/decryption key for the secure tunnel. The handshake procedure uses a first communication channel from the server to the device. The method also includes sending a component of the handshake procedure to the device via a second communication channel. This component is required by the device to continue the handshake procedure or to commencing use of the secure tunnel established by the handshake procedure.

Abstract: Systems and methods for securely managing biometric data are provided. In a method conducted at a secure element which is directly connected to a biometric input, biometric data is received directly from the biometric input. A biometric signature based on the biometric data is obtained. A seed value specific to the biometric data is accessed by obtaining the seed value from the biometric data or biometric signature. The biometric signature is encoded using an obscured algorithm and the seed value to generate a token which is output for secure storage within the secure element or secure transmission to a secure server for registration or authentication of the biometric data.

Abstract: The invention provides a method and system for providing financial details from a mobile device of a user for use in a transaction. The method is performed on a mobile device of the user and includes the steps of generating, on a token generating component, a session-specific token by applying an algorithm requiring a dynamic key; providing financial details for use in a transaction; incorporating the session-specific token and the financial details into a modified form the financial details; and transferring the modified form of the financial details from the mobile device to initiate the transaction. A corresponding method and system for validating financial details received, at a server of an issuing authority, is also provided.

Abstract: Embodiments of the invention disclose a remote control device for operating a media device that can be used to conduct financial transactions. The remote control device includes a user interface to accept user input, and a communication interface to communicate with the media device. The remote control device also includes a hardware security module that is coupled to the user interface and the communication interface. The hardware security module includes a secure processing unit, and a public processing unit that is configured to selectively request the secure processing unit to encrypt user input based on a function that is being performed on the media device.

Abstract: Systems and methods for securely managing biometric data are provided. In a method conducted at a secure element which is directly connected to a biometric input, biometric data is received directly from the biometric input. A biometric signature based on the biometric data is obtained. A seed value specific to the biometric data is accessed by obtaining the seed value from the biometric data or biometric signature. The biometric signature is encoded using an obscured algorithm and the seed value to generate a token which is output for secure storage within the secure element or secure transmission to a secure server for registration or authentication of the biometric data.

Abstract: The invention provides a method and system for providing financial details from a mobile device of a user for use in a transaction. The method is performed on a mobile device of the user and includes the steps of generating, on a token generating component, a session-specific token by applying an algorithm requiring a dynamic key; providing financial details for use in a transaction; incorporating the session-specific token and the financial details into a modified form the financial details; and transferring the modified form of the financial details from the mobile device to initiate the transaction. A corresponding method and system for validating financial details received, at a server of an issuing authority, is also provided.

Abstract: A method and system for provisioning payment credentials usable by a mobile device in conducting a payment. The method is conducted at a provisioning system and comprises the steps of: receiving payment credentials from a receiving device, the payment credentials having been obtained from a portable payment device presented by a consumer at the receiving device; receiving, from the receiving device, an identifier entered by the consumer; identifying a mobile device or a secure element corresponding to the identifier; and communicating the payment credentials or a derivation of the payment credentials to the identified mobile device or the secure element to be securely stored in association with the mobile device. The method may include: encrypting the received payment credentials, the encrypted payment credentials having a unique decryption key; and wherein communicating a derivation of the payment credentials communicates the unique decryption key.

Abstract: A method and system for provisioning payment credentials usable by a mobile device in conducting a payment. The method is conducted at a provisioning system and comprises the steps of: receiving payment credentials from a receiving device, the payment credentials having been obtained from a portable payment device presented by a consumer at the receiving device; receiving, from the receiving device, an identifier entered by the consumer; identifying a mobile device or a secure element corresponding to the identifier; and communicating the payment credentials or a derivation of the payment credentials to the identified mobile device or the secure element to be securely stored in association with the mobile device. The method may include: encrypting the received payment credentials, the encrypted payment credentials having a unique decryption key; and wherein communicating a derivation of the payment credentials communicates the unique decryption key.

Abstract: A dynamic object tag for a product and systems and methods relating thereto is disclosed. The dynamic object tag comprises a hardware security module, including an electronic storage module, and a communication module for communicating with an interrogation device. The hardware security module is adapted to establish a secure communication channel with the interrogation device, to exchange dynamic authentication parameters with the interrogation device, and to communicate product information stored on the electronic storage module to the interrogation device over the secure communication channel.

Abstract: Systems and methods for verification conducted at a secure element are disclosed. In a method of verification conducted at a secure element interacting with a mobile device, the secure element receives at least one of an identifier of a universal integrated circuit card (UICC) and an identifier of the mobile device. The secure element then compares each of the received at least one identifiers against a registered identifier of corresponding form stored in a non-volatile memory of the secure element. If the received at least one identifiers match corresponding registered identifiers stored in the non-volatile memory, the secure element permits further interaction with the mobile device. If at least one of the received identifiers do not match corresponding registered identifiers stored in the non-volatile memory, the secure element denies further interaction with the mobile device.

Abstract: A computer-implemented method for establishing a secure communication tunnel between a device and a server is provided. The method comprises the server receiving a session request from the device to establish a secure tunnel. A handshake procedure is carried out to set up an encryption/decryption key for the secure tunnel. The handshake procedure uses a first communication channel from the server to the device. The method also includes sending a component of the handshake procedure to the device via a second communication channel. This component is required by the device to continue the handshake procedure or to commencing use of the secure tunnel established by the handshake procedure.

Abstract: A system and method for initiating payments in favour of a payee entity are provided. In a method conducted at a payment processor, an account creation request, the request including an identifier of a consumer is received from a payee entity. A financial account is registered for the payee entity in association with the consumer identifier and a consumer-specific account identifier of the financial account is provided. The consumer-specific account identifier is linked to the payee entity and consumer identifier and transmitted to a communication device of the consumer directly or via the payee entity so as to permit the consumer to initiate a payment in favour of the financial account of the payee entity by generating a transaction request message including the consumer-specific account identifier.

Abstract: Systems and methods for securely managing biometric data are provided. In a method conducted at a secure element which is directly connected to a biometric input, biometric data is received directly from the biometric input. A biometric signature based on the biometric data is obtained. A seed value specific to the biometric data is accessed by obtaining the seed value from the biometric data or biometric signature. The biometric signature is encoded using an obscured algorithm and the seed value to generate a token which is output for secure storage within the secure element or secure transmission to a secure server for registration or authentication of the biometric data.

Abstract: A cryptographic expansion device that can be attached to a communication component of a communication device to enable the communication device to perform cryptographic operations on communications sent to and from the communication device is described. The cryptographic expansion device can be a small-form factor cryptographic expansion device that can be used with a small-form factor communication component such as a micro-SIM (subscriber identity module) card. When used with a communication device, the cryptographic expansion device enables the communication device to send and received end-to-end secure encrypted communications. The end-to-end secure communications enabled by the cryptographic expansion device can be utilized by a user of the communication device to perform financial and/or banking transactions.

Abstract: Systems and methods for authorizing a transaction are disclosed. In a method a remotely accessible server receives biometric data from a communication device. The biometric data is gathered directly by the communication device from an individual at a merchant's premises. The server receives environmental data unique to the merchant and having been obtained at the merchant's premises. The server identifies a stored individual's profile associated with a biometric data record substantially matching the received biometric data and verifies the received environmental data against stored environmental data. If a stored individual's profile is identified and the environmental data is verified, the server authorizes the transaction.

Abstract: Systems, methods and devices for providing digital certificates are disclosed. In a method conducted at a remotely accessible server, a request, including an identifier, for a digital certificate is received. A communication address of a mobile device, having a certificate store module in communication therewith, associated with the identifier is then obtained. A request for a digital certificate is transmitted to the certificate store module via the mobile device and the certificate store module is configured to prompt a user thereof, via the mobile device, for a passcode before releasing the certificate. The digital certificate is received from the certificate store module via the mobile device in response to entry of a passcode into the certificate store module which corresponds to an offset stored in the certificate store module. The digital certificate is then transmitted to a communication device for use in digitally signing or encrypting a data message.

Abstract: The invention provides systems, methods and devices for performing passcode authentication. In one embodiment of the invention, a method of performing passcode authentication conducted at a mobile device is provided which comprises the steps of: receiving an authentication request from a security gateway; receiving a passcode entered by a user of the mobile device; comparing the entered passcode to a passcode offset securely stored in a hardware security module (HSM) coupled to the mobile device; and, if the entered passcode corresponds with the passcode offset, generating a secure authentication confirmation message and transmitting the confirmation message to the security gateway; or, if the entered passcode does not correspond with the passcode offset, generating a secure authentication denial message and transmitting the authentication denial message to the security gateway.