Abstract: Described herein is a method of authentication between a mobile device and a service provider server. The method enables a session to be established between a computing device and the service provider server without a user having to enter any user account data on either the computing device or the mobile device. To establish a session, the session identifier is presented in machine readable form by the computing device to the mobile device and then, in response to a user authenticating with the mobile device, a credential embodying an anonymised user identifier is sent in a tamper-proof manner to the service provider service along with the session identifier. The service provider server can extract the anonymised user identifier from the credential and use it to identify the user's data and authorise the session. A method of obtaining the credential is also described.

Abstract: Data transfer using barcodes is described. In one example data can be transferred between a first device and a second device in close proximity to each other using repeating barcode sequences. For example at the first device a data item can be encoded as a sequence of barcodes, each barcode includes an indicator of the number of barcodes in the sequence and the position of the barcode in the sequence. To receive the data at a second device the barcode sequence can be captured and stored, for example using a digital camera associated with the device, and the barcodes subsequently decoded using the captured sequence. The data contained in each of the barcodes in the sequence can be reassembled by the receiving device to obtain the transmitted data.

Abstract: Controlling release of secure data is described. In an embodiment data verified by a trusted authority and other personal data may be stored in a data store on a mobile device. In an example the data store may be secured cryptographically. In an example the data store may be encrypted using one or more encryption keys. In response to receiving a request from a requesting application one or more of the data items may be provided to the requesting party to verify an aspect of a user's identity. In an example, in response to receiving a request from a requesting application user input may be requested, the user input specifying whether or not the data item may be released. In an example, the data store may be provided with a certificate, which may be revoked to prevent access to the stored data items.

Abstract: A method and apparatus for transferring data to a mobile device is described. Authentication information associated with a user is received and used to authenticate the user. A one-time-use password is determined and an identity of a mobile device and/or a mobile device operator is verified. Encrypted data is transmitted to the mobile device, where the encryption is based, at least in part, on the one-time-use password. On receipt of the password at the mobile device, the data may be decrypted for use by the mobile device.

Abstract: A system for authorizing smart cards via the Internet is provided, comprising a plurality of user stations (1-1-1-n) connected to a server (3) via the Internet (5) . Each of the user stations (1-1; 1-n) is attached to a card reader (7-1;7-n) suitable for reading data and accessing processing modules on smart cards (8-1-8-m). When a new card is to be issued, initially the server (3) generates and stores a task identifier as a task record (15) on a database (10) connected to the server (3). The task identifier is also dispatched to a user station (1-1; 1-n). A subsequent data submission by the user station (1-1; 1-n) is then required to include signed data incorporating authorization data and the received task identifier. When all the data required for authorization of a smart card (8-1; 8-m) has been received, the server (3) checks the signed data to confirm each data submission comprises data incorporating a correct task identifier utilised for the current authorization procedure.

Abstract: A system for authorising smart cards via the Internet is provided, comprising a plurality of user stations (1-1-1-n) connected to a server (3) via the Internet (5). Each of the user stations (1-1;1-n) is attached to a card reader (7-1;7-n) suitable for reading data and accessing processing modules on smart cards (8-1-8-m). When a new card is to be issued, initially the server (3) generates and stores a task identifier as a task record (15) on a database (10) connected to the server (3). The task identifier is also dispatched to a user station (1-1; 1-n). A subsequent data submission by the user station (1-1; 1-n) is then required to include signed data incorporating authorisation data and the received task identifier. When all the data required for authorisation of a smart card (8-1;8-m) has been received, the server (3) checks the signed data to confirm each data submission comprises data incorporating a correct task identifier utilised for the current authorisation procedure.