Abstract: A system and method are provided for identifying a browser instance in a browser session between a server hosting a web domain and the browser instance executing on a user computing device. The method conducted at the browser instance includes obtaining a private key and a public key of a key pair unique to a combination of a web domain and the browser instance being used to access the web domain. The method includes obtaining a browser certificate issued for the key pair and storing the private key at a storage provided by the browser instance for use by the browser instance during an active browser session with the web domain. The private key is stored as unextractable from the storage and with configuration for use by the browser instance during an active browser session with the web domain in signing or cryptographic operations without the private key being revealed.

Abstract: A method provides computer-generated contextual data to an end-point during a digital transaction. The method includes receiving a trigger message relating to a digital transaction between a consumer and a second entity. The trigger message includes a consumer identifier uniquely associated with the consumer and transaction details at least including a characteristic associated with the digital transaction. A data message including information based on an evaluation of the transaction details against a consumer-linked transaction matrix is obtained. The consumer-linked transaction matrix is linked to the consumer and includes information relating to the digital transaction. The data message is transmitted to a remote device with which the consumer interacts during pendency of the transaction and is configured to cause the device to output a prompt to the consumer displaying the data message.

Abstract: A system and method for maintaining a fraud risk profile in a fraud risk engine are described. In a method conducted at a remote server, a payload from a secure mobile application executing on a user mobile device associated with a user is received. The payload including contextual data having been obtained by the secure mobile application and a trust indicator linked to the contextual data. Validity of the contextual data is confirmed by verifying the trust indicator. If the trust indicator is verified, the contextual data is input into a fraud risk engine as truth data. The fraud risk engine maintains a fraud risk profile associated with the user. The fraud risk profile is usable by the fraud risk engine in evaluating a fraud risk associated with an activity associated with the user.

Abstract: A method provides computer-generated contextual data to an end-point during a digital transaction. The method includes receiving a trigger message relating to a digital transaction between a consumer and a second entity. The trigger message includes a consumer identifier uniquely associated with the consumer and transaction details at least including a characteristic associated with the digital transaction. A data message including information based on an evaluation of the transaction details against a consumer-linked transaction matrix is obtained. The consumer-linked transaction matrix is linked to the consumer and includes information relating to the digital transaction. The data message is transmitted to a remote device with which the consumer interacts during pendency of the transaction and is configured to cause the device to output a prompt to the consumer displaying the data message.

Abstract: A system and method for providing computer-generated contextual data to an end-point during a digital transaction is provided. A method includes receiving a trigger message relating to a digital transaction between a consumer and a second entity. The trigger message includes a consumer identifier uniquely associated with the consumer and transaction details at least including a characteristic associated with the digital transaction. A data message including information based on an evaluation of the transaction details against a consumer-linked transaction matrix is obtained. The consumer-linked transaction matrix is linked to the consumer and includes information relating to the digital transaction. The data message is transmitted to a remote device with which the consumer interacts during pendency of the transaction and is configured to cause the device to output a prompt to the consumer displaying the data message.

Abstract: A protocol-based system and method for establishing a multi-party contract are disclosed. In a method conducted at a computing device associated with an entity, a set of contract data elements relating to a contract to be established is received from either one of another entity or a deal negotiation component associated with the entity. The contract data elements are validated using an associated contract schema and a schema-based validation algorithm. If the contract data elements are valid, the contract data elements are transmitted to the other of the deal negotiation component or another entity. Transmitting the contract data elements to another entity includes generating a digital signature associated with the contract data elements by digitally signing the contract data elements or a representation thereof and transmitting the digital signature and either of the contract data elements or the representation thereof to the other entity.

Abstract: A system and method for proximity-based authentication are provided. The method conducted at a server includes receiving identification data from a primary user session on a session end point hosted on a computing device, the identification data being usable in linking the primary user session to a user record associated with a registered user. The server provides a token to one of the session end point and a registered end point hosted on a computing device, the registered end point associated with the user record, for local transmission from the end point for proximity-based acquisition by the other one of the session end point and a registered end point. The server receives the token from the other one of the session end point and the registered end point to establish physical proximity of the session end point and the registered end point during the primary user session.

Abstract: A system and method are provided for identifying a browser instance in a browser session between a server hosting a web domain and the browser instance executing on a user computing device. The method conducted at the browser instance includes obtaining a private key and a public key of a key pair unique to a combination of a web domain and the browser instance being used to access the web domain. The method includes obtaining a browser certificate issued for the key pair and storing the private key at a storage provided by the browser instance for use by the browser instance during an active browser session with the web domain. The private key is stored as unextractable from the storage and with configuration for use by the browser instance during an active browser session with the web domain in signing or cryptographic operations without the private key being revealed.

Abstract: A method and system for secure input at a remote service are provided. In a method conducted at a secure input device, a hash operation is performed on a data structure including shared data, the shared data having been obtained from a remote service via an encrypted payload. User input for secure entry at the remote service is received and encoded by performing an operation on corresponding symbols of the user input and an output of the hash operation to output an encoded message, the user input and the encoded message having the same length. The encoded message is output for entry at the remote service.

Abstract: A system and method for establishing a shared session between entities is disclosed. In a method, a first shared session request message being associated with a tag identifier and a first device associated with a first entity is received. The first device is associated with a shared session associated with the tag identifier. A second shared session request message being associated with the tag identifier and a second device associated with a second entity is received. The second device is associated with the shared session. One or both of the first device and the second device having obtained the tag identifier from a tag provided by the first entity or the second entity. The shared session is configured for requesting and providing transaction-related data by and to at least one of the devices associated with the shared session.

Abstract: A system and method for providing computer-generated contextual data to an end-point during a digital transaction is provided. A method includes receiving a trigger message relating to a digital transaction between a consumer and a second entity. The trigger message includes a consumer identifier uniquely associated with the consumer and transaction details at least including a characteristic associated with the digital transaction. A data message including information based on an evaluation of the transaction details against a consumer-linked transaction matrix is obtained. The consumer-linked transaction matrix is linked to the consumer and includes information relating to the digital transaction. The data message is transmitted to a remote device with which the consumer interacts during pendency of the transaction and is configured to cause the device to output a prompt to the consumer displaying the data message.

Abstract: A system and method for processing a transaction are provided. In a method conducted at a server computer associated with an issuer, a transaction request is received via a secure communication channel from a communication device. The transaction request relates to a transaction with a merchant which a consumer intends to conduct using the consumer device. The secure communication channel is established with the communication device. The consumer is authenticated by the issuer over the secure communication channel. The transaction request includes at least a transaction reference or transaction details. A cryptogram which is based on the transaction details and information in association with the consumer which is stored based on the transaction details and information associated with the consumer, which is stored at the server, is obtained and provided to the merchant for use in processing the transaction.

Abstract: A system and method for maintaining a fraud risk profile in a fraud risk engine are described. In a method conducted at a remote server, a payload from a secure mobile application executing on a user mobile device associated with a user is received. The payload including contextual data having been obtained by the secure mobile application and a trust indicator linked to the contextual data. Validity of the contextual data is confirmed by verifying the trust indicator. If the trust indicator is verified, the contextual data is input into a fraud risk engine as truth data. The fraud risk engine maintains a fraud risk profile associated with the user. The fraud risk profile is usable by the fraud risk engine in evaluating a fraud risk associated with an activity associated with the user.

Abstract: A method and system for secure input at a remote service are provided. In a method conducted at a secure input device, a hash operation is performed on a data structure including shared data, the shared data having been obtained from a remote service via an encrypted payload. User input for secure entry at the remote service is received and encoded by performing an operation on corresponding symbols of the user input and an output of the hash operation to output an encoded message, the user input and the encoded message having the same length. The encoded message is output for entry at the remote service.

Abstract: A protocol-based system and method for establishing a multi-party contract are disclosed. In a method conducted at a computing device associated with an entity, a set of contract data elements relating to a contract to be established is received from either one of another entity or a deal negotiation component associated with the entity. The contract data elements are validated using an associated contract schema and a schema-based validation algorithm. If the contract data elements are valid, the contract data elements are transmitted to the other of the deal negotiation component or another entity. Transmitting the contract data elements to another entity includes generating a digital signature associated with the contract data elements by digitally signing the contract data elements or a representation thereof and transmitting the digital signature and either of the contract data elements or the representation thereof to the other entity.