Abstract: A method and system for associating a unique device identifier with a potential security threat are described. In a method conducted at a remotely accessible server, a unique device identifier is received from a computing device. The unique device identifier is associated with a record and is usable in identifying the computing device. An interaction data element is received from the computing device. The received interaction data element is validated including confirming that the received interaction data element matches an expected interaction data element associated with the record. Based on determining that the received interaction data element is not valid, the record is updated to associate the unique device identifier with a potential security threat. The interaction data element is updated periodically according to a sequence. The expected interaction data element changes based on the sequence.

Abstract: A method and system for associating a unique device identifier with a potential security threat are described. In a method conducted at a remotely accessible server, a unique device identifier is received from a computing device. The unique device identifier is associated with a record and is usable in identifying the computing device. An interaction data element is received from the computing device. The received interaction data element is validated including confirming that the received interaction data element matches an expected interaction data element associated with the record. Based on determining that the received interaction data element is not valid, the record is updated to associate the unique device identifier with a potential security threat. The interaction data element is updated periodically according to a sequence. The expected interaction data element changes based on the sequence.

Abstract: A system and method for determining a compromise risk associated with a unique device identifier. In a method conducted at a server an interaction data element is received from a mobile handset, the handset having provided a unique device identifier usable by the server in identifying the handset. The received interaction data element is validated against a record associated with the device identifier including identifying the received interaction data element in a list including a subset of previously used interaction data elements. If the received interaction data element is valid a newly generated interaction data element is obtained. The list of previously used interaction data elements is updated with the newly generated interaction data element. The newly generated interaction data element is transmitted to the handset for presentation to the server. If the received interaction data element is not valid, the device identifier is associated with a potential security threat.

Abstract: A system and method for determining a compromise risk associated with a unique device identifier. In a method conducted at a server an interaction data element is received from a mobile handset, the handset having provided a unique device identifier usable by the server in identifying the handset. The received interaction data element is validated against a record associated with the device identifier including identifying the received interaction data element in a list including a subset of previously used interaction data elements. If the received interaction data element is valid a newly generated interaction data element is obtained. The list of previously used interaction data elements is updated with the newly generated interaction data element. The newly generated interaction data element is transmitted to the handset for presentation to the server. If the received interaction data element is not valid, the device identifier is associated with a potential security threat.

Abstract: A system and method for secure authentication performed on a mobile communication device. The method includes an authentication application carrying out the steps of: receiving a unique identifier for a transaction from a first application provided on the same mobile communication device as the authentication application; receiving an encrypted transaction from a remote secure server; decrypting or obtaining decryption of the transaction with a private key of the authentication application; signing or obtaining signing of the transaction with the private key; signing the transaction with the unique identifier; and transmitting the signed transaction back to the remote secure server.

Abstract: Systems and methods for bestowing trust from a first application to a second application on a single device are provided. A first application has an established trust with an external service provider and a certificate registered with the service provider. In a method, a second application is initiated including generating a key pair and obtaining a certificate for secure communication with the service provider. One of the first application or the second application being a pairing application requests and receives from a secure gateway a pairing key for pairing with the other of the first application or the second application being a pairing receiving application. The pairing application sends the received pairing key to the pairing receiving application using inter-application communication. The pairing receiving application confirms the pairing key to the secure gateway to pair the certificates of the first application and the second application for the external service provider.

Abstract: The invention provides a system and method for signing a user workstation onto an access restricted network utilizing a mobile communication device. The method includes receiving a sign-on request from a mobile communication device of a user of the network, looking up a user certificate included in the sign-on request in an enrollment database and retrieving identifiers relating to the user, the workstation and network from the database, and transmitting a sign-on command to an authentication driver operating on the workstation, in response to which the authentication driver negotiates a sign-on operation of the workstation onto the network.

Abstract: A system and method for secure authentication performed on a mobile communication device. The method includes an authentication application carrying out the steps of: receiving a unique identifier for a transaction from a first application provided on the same mobile communication device as the authentication application; receiving an encrypted transaction from a remote secure server; decrypting or obtaining decryption of the transaction with a private key of the authentication application; signing or obtaining signing of the transaction with the private key; signing the transaction with the unique identifier; and transmitting the signed transaction back to the remote secure server.

Abstract: A system and method for generating a random number are provided. The method is performed on a mobile device, and includes the steps of establishing a secure, independent connection with a remote server, of transmitting a request for a random seed value from the server, of receiving a random seed value from the server generated by a dedicated random seed device, and of generating a random number using the random seed as input to a random number generating algorithm. The random number may in turn be used to generate an asymmetric key pair, including a public key and a private key, which in turn may be used to encrypt communication. The public key may be communicated to a remote server, which in turn may provide the mobile device with a digital certificate to use when digitally signing messages.

Abstract: A method and system for establishing a secure communication channel is disclosed. A remotely accessible server updates a used counter value to yield an updated counter value. The used counter value was used to generate a previously used symmetric key for encrypting communications between the server and a mobile handset. The updated counter value is used to generate a symmetric key, which is included in a key transfer message. The key transfer message is asymmetrically encrypted using a handset public key and transmitted to the handset such that it is capable of using a handset private key to decrypt the key transfer message and obtain the symmetric key. Further data received from the handset is decrypted asymmetrically using a server private key and symmetrically using the symmetric key, and further data communicated to the handset is encrypted symmetrically using the symmetric key and asymmetrically using the handset public key.

Abstract: The invention provides a system and method for signing a user workstation onto an access restricted network utilising a mobile communication device. The method includes receiving a sign-on request from a mobile communication device of a user of the network, looking up a user certificate included in the sign-on request in an enrolment database and retrieving identifiers relating to the user, the workstation and network from the database, and transmitting a sign-on command to an authentication driver operating on the workstation, in response to which the authentication driver negotiates a sign-on operation of the workstation onto the network.

Abstract: A method and system for conducting batched transaction authorisations from a mobile device is disclosed. The method includes transmitting a batched transactions list including details of multiple transactions loaded against an account and awaiting authorisation, to the mobile device, over a secure connection between an authentication server and the mobile device, and receiving a batched transaction authorisation message from the mobile device over the secure connection including a positive or negative authorisation result in respect of two or more of the transactions in the batched transaction list, each authorisation result in the batched transaction authorisation message having been individually signed with a private key associated with a unique digital certificate of the mobile device.

Abstract: A method and system for authenticating a public key of a server digital certificate of a third party online entity is disclosed. The method includes establishing a secure, independent connection between an aggregation server and a mobile device, over which a request to authenticate a public key of the server digital certificate is received from the mobile device. The request includes an identifier of the third party online entity with which the mobile device seeks to communicate. The aggregation server then retrieves the server digital certificate of the third party online entity from the third party entity, obtains the public key or a public key fingerprint from the server digital certificate; and transmits at least the obtained public key or public key fingerprint, as the case may be, to the mobile device so as to enable the mobile device to unambiguously communicate or establish a connection with the third party online entity.

Abstract: A method and system for authenticating secure transactions between a transacting user and a secure transaction host is provided. The system includes a mobile phone software application installed on a transacting user's mobile phone which is configured to compose a digital fingerprint uniquely associated with the specific mobile phone on which it is installed. The system further includes an authentication service provider with which users of the system may be enrolled by registering at least the digital identifiers composed by the applications installed on their mobile communication devices in an authentication database. The authentication service provider is configured to authenticate secure transactions on request from secure transaction hosts by sending transaction confirmation requests to mobile phones of enrolled users requiring them to confirm or deny secure transactions before such transactions are allowed to be finalized.

Abstract: Disclosed is a system and method for authenticating a communications channel between a mobile handset associated with a user and an application server for uniquely identifying the mobile handset and for encrypting communications between the mobile handset and the application server over the communication channel is provided. The system includes a certificate authority configured to issue digital certificates to the handset and the application server, as well as software applications operating on both the handset and application server. The digital certificates may be used by the handset and application server to uniquely identify one another as well as to exchange encryption keys by means of which further communication between them may be encrypted.

Abstract: Disclosed is a system and method for authenticating a communications channel between a mobile handset associated with a user and an application server, for uniquely identifying the mobile handset and for encrypting communications between the mobile handset and the application server over the communication channel is provided. The system includes a certificate authority configured to issue digital certificates to the handset and the application server, as well as software applications operating on both the handset and application server. The digital certificates may be used by the handset and application server to uniquely identify one another as well as to exchange encryption keys by means of which further communication between them may be encrypted.

Abstract: Disclosed is a system and method for authenticating a communications channel between a mobile handset associated with a user and an application server, for uniquely identifying the mobile handset and for encrypting communications between the mobile handset and the application server over the communication channel is provided. The system includes a certificate authority configured to issue digital certificates to the handset and the application server, as well as software applications operating on both the handset and application server. The digital certificates may be used by the handset and application server to uniquely identify one another as well as to exchange encryption keys by means of which further communication between them may be encrypted.

Abstract: A method and system for authenticating secure transactions between a transacting user (9) and a secure transaction host (15) is provided. The system includes a mobile phone software application (59) installed on a transacting user's mobile phone (7) which is configured to compose a digital fingerprint (13) uniquely associated with the specific mobile phone (7) on which it is installed. The system further includes an authentication service provider with which users of the system may be enrolled by registering at least the digital identifiers composed by the applications installed on their mobile communication devices in an authentication database (5). The authentication service provider is configured to authenticate secure transactions on request from secure transaction hosts by sending transaction confirmation requests to mobile phones of enrolled users requiring them to confirm or deny secure transactions before such transactions are allowed to be finalized.