Abstract: There is provided a transaction device comprising a chip enclosure comprising a readable reference code; a chip embedded in the chip enclosure, the chip having the reference code stored therein; wherein the chip is configured to generate a cryptographically signed version of the reference code stored in the chip upon receipt of a request message, such that the reference code can be retrieved from the cryptographically signed version of the reference code for comparison with the readable reference code. There is also provided a method of a manufacturing a transaction device, wherein the method comprises storing a reference code in a chip; positioning the chip on a chip enclosure; embedding the chip in the chip enclosure; and applying the reference code to the chip enclosure in a readable format.

Abstract: A method for secured receipt and usage of payment credentials using a commercial-off-the-shelf (COTS) device includes: storing, in the COTS device, a secure application program and cryptographic keys; establishing, by the program, a secure communication channel with a back-end system inaccessible by any application program or component in the COTS device; exchanging attestation data between the program and the back-end system using the communication channel; receiving payment credentials from a payment card by a near field communication (NFC) interface in the COTS device; transmitting the payment credentials to the program by the NFC interface; enciphering, by the program, the payment credentials; and transmitting, by the program of the COTS device, the enciphered payment credentials to the back-end system using the secure communication channel.

Abstract: A method for secured receipt and usage of payment credentials using a commercial-off-the-shelf (COTS) device includes: storing, in the COTS device, a secure application program and cryptographic keys; establishing, by the program, a secure communication channel with a back-end system inaccessible by any application program or component in the COTS device; exchanging attestation data between the program and the back-end system using the communication channel; receiving payment credentials from a payment card by a near field communication (NFC) interface in the COTS device; transmitting the payment credentials to the program by the NFC interface; enciphering, by the program, the payment credentials; and transmitting, by the program of the COTS device, the enciphered payment credentials to the back-end system using the secure communication channel.

Abstract: A method for secured receipt and usage of payment credentials using a commercial-off-the-shelf (COTS) device includes: storing, in the COTS device, a secure application program and cryptographic keys; establishing, by the program, a secure communication channel with a back-end system inaccessible by any application program or component in the COTS device; exchanging attestation data between the program and the back-end system using the communication channel; receiving payment credentials from a payment card by a near field communication (NFC) interface in the COTS device; transmitting the payment credentials to the program by the NFC interface; enciphering, by the program, the payment credentials; and transmitting, by the program of the COTS device, the enciphered payment credentials to the back-end system using the secure communication channel.

Abstract: A method for authentication facilitated via a trusted execution environment includes: reading payment credentials in a first application program stored in a first memory area of a computing device; transmitting an authentication request to a second application program stored in a trusted execution environment of the computing device separate from the first memory area; displaying a prompt for authentication data based on an instruction supplied by the second application program; receiving authentication data; transmitting the received authentication data to an external computing device; receiving, by the second application program of the computing device, an authentication result from the external computing device; and transmitting, by the second application program of the computing device, the authentication result to the first application program in response to the authentication request.

Abstract: There is provided a transaction device comprising a chip enclosure comprising a readable reference code; a chip embedded in the chip enclosure, the chip having the reference code stored therein; wherein the chip is configured to generate a cryptographically signed version of the reference code stored in the chip upon receipt of a request message, such that the reference code can be retrieved from the cryptographically signed version of the reference code for comparison with the readable reference code. There is also provided a method of a manufacturing a transaction device, wherein the method comprises storing a reference code in a chip; positioning the chip on a chip enclosure; embedding the chip in the chip enclosure; and applying the reference code to the chip enclosure in a readable format.

Abstract: A method of refreshing key material is described for use in a trusted execution environment logically protected from a regular execution environment. The trusted execution environment further comprises a key identifier. New key material is received at the trusted execution environment to replace existing key material. The key identifier is set to a new value to indicate that new key material is present. The new value of the key identifier is provided directly or indirectly to other parties in association with cryptographic outputs provided by the trusted execution environment using the refreshed key material. This approach is described in connection with an application executing securely on a mobile device.

Abstract: A phone-based electronic wallet providing authenticated transactions across multiple channels of commerce. The electronic wallet may be used for point-of-sale payments, remote mobile payments and/or web-based payments, and may use authentication tools such as offline PINs, SecureCode PINs and/or online PINs.

Abstract: A phone-based electronic wallet providing authenticated transactions across multiple channels of commerce. The electronic wallet may be used for point-of-sale payments, remote mobile payments and/or web-based payments, and may use authentication tools such as offline PINs, SecureCode PINs and/or online PINs.

Abstract: A method for secured receipt and usage of payment credentials using a commercial-off-the-shelf (COTS) device includes: storing, in the COTS device, a secure application program and cryptographic keys; establishing, by the program, a secure communication channel with a back-end system inaccessible by any application program or component in the COTS device; exchanging attestation data between the program and the back-end system using the communication channel; receiving payment credentials from a payment card by a near field communication (NFC) interface in the COTS device; transmitting the payment credentials to the program by the NFC interface; enciphering, by the program, the payment credentials; and transmitting, by the program of the COTS device, the enciphered payment credentials to the back-end system using the secure communication channel.

Abstract: A dedicated transaction device is provided. The device includes a processor, a memory, and a touch screen display for providing a user interface for the computing device. The memory holds a transaction application. The processor is adapted to perform the transaction application and therein obtain user input from the touch screen display in staging a transaction. A method of staging a transaction using such a device is also provided.

Abstract: There is provided a method of authenticating data, comprising the following elements. Firstly, a voice biometric system is trained to identify a user from a message spoken by the user. Then a spoken message is received from the user, the spoken message comprising word content to be authenticated. The word content is then authenticated by using the voice biometric system to identify the user, and thereby authenticating the word content in the spoken message as word content spoken by the identified user. Suitable apparatus and systems are also disclosed.

Abstract: A method for authentication facilitated via a trusted execution environment includes: reading payment credentials in a first application program stored in a first memory area of a computing device; transmitting an authentication request to a second application program stored in a trusted execution environment of the computing device separate from the first memory area; displaying a prompt for authentication data based on an instruction supplied by the second application program; receiving authentication data; transmitting the received authentication data to an external computing device; receiving, by the second application program of the computing device, an authentication result from the external computing device; and transmitting, by the second application program of the computing device, the authentication result to the first application program in response to the authentication request.

Abstract: A method of refreshing key material is described for use in a trusted execution environment logically protected from a regular execution environment. The trusted execution environment further comprises a key identifier. New key material is received at the trusted execution environment to replace existing key material. The key identifier is set to a new value to indicate that new key material is present. The new value of the key identifier is provided directly or indirectly to other parties in association with cryptographic outputs provided by the trusted execution environment using the refreshed key material. This approach is described in connection with an application executing securely on a mobile device.

Abstract: A method is described for transferring secrets from a first cryptographic system installed on a computing device to a second cryptographic system installed on the computing device to enable the second cryptographic system to replace the first cryptographic system.

Abstract: A phone-based electronic wallet providing authenticated transactions across multiple channels of commerce. The electronic wallet may be used for point-of-sale payments, remote mobile payments and/or web-based payments, and may use authentication tools such as offline PINs, SecureCode PINs and/or online PINs.

Abstract: A phone-based electronic wallet providing authenticated transactions across multiple channels of commerce. The electronic wallet may be used for point-of-sale payments, remote mobile payments and/or web-based payments, and may use authentication tools such as offline PINs, SecureCode PINs and/or online PINs.

Abstract: There is provided a method of authenticating data, comprising the following elements. Firstly, a voice biometric system is trained to identify a user from a message spoken by the user. Then a spoken message is received from the user, the spoken message comprising word content to be authenticated. The word content is then authenticated by using the voice biometric system to identify the user, and thereby authenticating the word content in the spoken message as word content spoken by the identified user. Suitable apparatus and systems are also disclosed.

Abstract: A phone-based electronic wallet providing authenticated transactions across multiple channels of commerce. The electronic wallet may be used for point-of-sale payments, remote mobile payments and/or web-based payments, and may use authentication tools such as offline PINs, SecureCode PINs and/or online PINs.

Abstract: A compliance assessment and security testing process provides assurance that a vendor's smart card product complies with a card association's security guidelines and is approved for use in a smart card electronic payment system under a card association's brand name. A certificate of compliance is assigned to the product if approved. The security guidelines are updated as new security threats and developing attack potential are recognized and product certifications are accordingly updated. When security vulnerabilities are discovered in the vendor's smart card product, risk analysis is conducted to determine if the vulnerabilities pose an unacceptable level of risk to the member banks.