Abstract: Systems and methods are provided for authenticating users. An exemplary method includes receiving, by a directory server (DS), an authentication request for a transaction to an account where the request includes a token and a cryptogram, and transmitting the token and cryptogram to a digital service server (DSS). The method also includes mapping, by the DSS, the token to an account number for the account, validating the cryptogram, generating a directory server nonce (DSN) for the request, and transmitting the DSN and the account number to the DS. The method further includes transmitting, by the DS, the DSN and the account number to an access control server (ACS) associated with an issuer of the account and, in response to an issuer authentication value (IAV), compiling an accountholder authentication value (AAV) including the IAV, the DSN and an amount of the transaction and transmitting the AAV to a merchant or server.

Abstract: There is provided an authentication system for validating identity credentials of a user attempting to access a resource provided by a remote resource provision system. The authentication system includes an input configured to receive, from the resource provision system, an authentication request comprising a cryptographic representation of digital identity data of the user and an associated token identifier, where the digital identity data comprises at least one image of an identity credential of the user. The system also includes a processor configured to: determine a pre-stored cryptographic identifier corresponding to the token identifier; and compare the received cryptographic representation with the pre-stored cryptographic identifier.

Abstract: A method for generating and provisioning payment credentials to a mobile device lacking a secure element includes: generating a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier; provisioning, to a mobile device lacking a secure element, the generated card profile; receiving, from the mobile device, a key request, wherein the key request includes at least a mobile identification number (PIN) and the profile identifier; using the mobile PIN; generating a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction; and transmitting the generated single use key to the mobile device.

Abstract: A method for trusted notifications comprises: receiving, at a first host having at least one trusted server, a request message from a sender computing device, the request message comprising a request identifier and instructions to: update, at a second host, a recipient account associated with a recipient computing device, and to make a corresponding update at the first host to a sender account associated with the sender computing device. The method further comprises authorizing, at the first host, the request message; updating the sender account; generating a secure message at the at least one trusted server, the secure message comprising the request identifier and an indication from the at least one trusted server that the update completed; and sending the secure message from the first host to the sender computing device. The secure message can be received at the sender computer device and conveyed to the recipient computing device.

Abstract: A system and method for generating and provisioning payment credentials to a mobile device lacking a secure element includes receiving and storing by the mobile device a card profile from a remote system. The card profile may include payment credentials corresponding to a payment account and a profile identifier. The mobile device may receive a mobile personal identification number (PIN) input by a user of the mobile device and transmit a key request to the remote system. The mobile device may receive a single use key which may include an application transaction counter and a generating key from the remote system. The mobile device may generate a payment cryptogram valid for a single financial transaction based on the received single use key and the mobile PIN and transmit the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction.

Abstract: Systems and methods are provided for authenticating users. An exemplary method includes receiving, by a directory server (DS), an authentication request for a transaction to an account where the request includes a token and a cryptogram, and transmitting the token and cryptogram to a digital service server (DSS). The method also includes mapping, by the DSS, the token to an account number for the account, validating the cryptogram, generating a directory server nonce (DSN) for the request, and transmitting the DSN and the account number to the DS. The method further includes transmitting, by the DS, the DSN and the account number to an access control server (ACS) associated with an issuer of the account and, in response to an issuer authentication value (IAV), compiling an accountholder authentication value (AAV) including the IAV, the DSN and an amount of the transaction and transmitting the AAV to a merchant or server.

Abstract: There is provided an authentication system for validating identity credentials of a user attempting to access a resource provided by a remote resource provision system. The authentication system includes an input configured to receive, from the resource provision system, an authentication request comprising a cryptographic representation of digital identity data of the user and an associated token identifier, where the digital identity data comprises at least one image of an identity credential of the user. The system also includes a processor configured to: determine a pre-stored cryptographic identifier corresponding to the token identifier; and compare the received cryptographic representation with the pre-stored cryptographic identifier.

Abstract: Methods and apparatus for enabling a proximity payment device to generate dynamic data for securely conducting a transaction by emulating a magnetic stripe payment card. In an embodiment, a mobile device processor transmits information to a digital enablement service computer to activate a simulated magnetic stripe payment wallet application stored in the mobile device. The mobile device then receives one or more cryptographic keys, generates an unpredictable number (UN), generates dynamic CVC3 data based on the UN, and then assembles emulated magnetic stripe data. During initiation of a purchase transaction, the mobile device processor transmits the emulated magnetic stripe data to a communications interface associated with a merchant device.

Abstract: A transaction device is described. The device comprises storage configured to store a first data record comprising first value data and a unique identifier associated with one other device; communications circuitry configured to receive an identifier and second value data from a device; and control circuitry configured to compare the received identifier with the unique identifier and in the event of a positive comparison, the control circuitry is further configured to update the stored first value data in accordance with the exchanged second value data.

Abstract: There is provided an authentication system for validating identity credentials of a user attempting to access a resource provided by a remote resource provision system. The authentication system includes an input configured to receive, from the resource provision system, an authentication request comprising a cryptographic representation of digital identity data of the user and an associated token identifier, where the digital identity data comprises at least one image of an identity credential of the user. The system also includes a processor configured to: determine a pre-stored cryptographic identifier corresponding to the token identifier; and compare the received cryptographic representation with the pre-stored cryptographic identifier.

Abstract: Examples provide a system and method for initiating contactless communication sessions between computing devices using a variety of modalities. A user pre-registers a selected modality for triggering session initiation. A session initiation device generates trigger data based on a detected occurrence of a predetermined event corresponding to a user selected modality, such as, but not limited to, biometric data, a unique user identifier (ID), a vehicle identifier, or any other type of modality. The trigger data is mapped to a mobile device ID. The mobile device ID can be requested from a connection server. The communication session is established between the first computing device and the mobile user device using the mobile device identifier. The computing device transmits data to the mobile user device via the established communication session when the computing device is brought into proximity to the mobile user device.

Abstract: A method for trusted notifications comprises: receiving, at a first host having at least one trusted server, a request message from a sender computing device, the request message comprising a request identifier and instructions to: update, at a second host, a recipient account associated with a recipient computing device, and to make a corresponding update at the first host to a sender account associated with the sender computing device. The method further comprises authorizing, at the first host, the request message; updating the sender account; generating a secure message at the at least one trusted server, the secure message comprising the request identifier and an indication from the at least one trusted server that the update completed; and sending the secure message from the first host to the sender computing device. The secure message can be received at the sender computer device and conveyed to the recipient computing device.

Abstract: Systems and methods are provided for authenticating users. An exemplary method includes receiving, by a directory server (DS), an authentication request for a transaction to an account where the request includes a token and a cryptogram, and transmitting the token and cryptogram to a digital service server (DSS). The method also includes mapping, by the DSS, the token to an account number for the account, validating the cryptogram, generating a directory server nonce (DSN) for the request, and transmitting the DSN and the account number to the DS. The method further includes transmitting, by the DS, the DSN and the account number to an access control server (ACS) associated with an issuer of the account and, in response to an issuer authentication value (IAV), compiling an accountholder authentication value (AAV) including the IAV, the DSN and an amount of the transaction and transmitting the AAV to a merchant or server.

Abstract: A method for generating transaction credentials for a user in a transaction, comprising: storing in a mobile device, an encrypted session key, and an encrypted user authentication credential; receiving an authorisation request; initiating a user authorisation process wherein in the event that the user is an authenticated user, the method comprises: decrypting the encrypted session key and encrypted user authentication credential; generating a transaction cryptogram in dependence on the user authentication credential and the session key; transmitting the transaction cryptogram and a user authentication status to a transaction processing entity for use in a transaction.

Abstract: A method for a goods manager to authenticate products at the point of sale is provided. The method comprises: providing an authentication device to a merchant, wherein the authentication device is not associated with a product but is configured to receive product information from a merchant terminal; once information about a product has been received by the authentication device from the merchant terminal, obtaining from the authentication device a signed message comprising information about the authentication device and information about the product received from the merchant terminal; and providing authorization data to the authentication device if the information fulfils one or more criteria, thereby associating the authentication device with the product. A method for a merchant to authenticate goods at the point of sale and a merchant terminal to perform such a method are also provided.

Abstract: A method for trusted notifications comprises: receiving, at a first host having at least one trusted server, a request message from a sender computing device, the request message comprising a request identifier and instructions to: update, at a second host, a recipient account associated with a recipient computing device, and to make a corresponding update at the first host to a sender account associated with the sender computing device. The method further comprises authorizing, at the first host, the request message; updating the sender account; generating a secure message at the at least one trusted server, the secure message comprising the request identifier and an indication from the at least one trusted server that the update completed; and sending the secure message from the first host to the sender computing device. The secure message can be received at the sender computer device and conveyed to the recipient computing device.

Abstract: Systems and methods are provided for authenticating users to payment accounts in connection with transactions. An exemplary method includes receiving, by at least one computing device, an authentication request for a transaction associated with a payment account where the authentication request includes a token associated with the payment account and a cryptogram, and mapping the token to a primary account number (PAN) for the payment account. The method also includes validating the cryptogram, generating a directory server nonce (DSN) for the authentication request, and transmitting the DSN and the account number to an access control server (ACS) associated with an issuer of the payment account. The method further includes, in response to an issuer authentication value (IAV), compiling an accountholder authentication value (AAV) including the IAV, the DSN and an amount of the transaction, and transmitting the AAV to one of a merchant and a server.

Abstract: A method of operating a radiotherapy system mounted on a gantry surrounding a magnetic resonance imaging system is provided, the radiotherapy system comprising a radiotherapy beam generator, and a radiotherapy imaging system, wherein the gantry is arranged to rotate the radiotherapy beam generator around the magnetic resonance imaging system.

Abstract: Apparatus for measuring radiation beam energy output from a radiation beam source, comprising a first beam energy sensor at a first distance from the radiation beam source along the radiation beam axis; a second beam energy sensor located at a second distance from the radiation beam source along the radiation beam axis; and an energy absorbing layer, for example a layer that removes a part of the low energy content of the beam or a layer that absorbs at least 1% of the beam energy, located between the first and second sensors, and positioned such that radiation passing through the first sensor also passes through the energy absorbing layer before entering the second sensor.

Abstract: Examples provide a system and method for initiating contactless communication sessions between computing devices using a variety of modalities. A user pre-registers a selected modality for triggering session initiation. A session initiation device generates trigger data based on a detected occurrence of a predetermined event corresponding to a user selected modality, such as, but not limited to, biometric data, a unique user identifier (ID), a vehicle identifier, or any other type of modality. The trigger data is mapped to a mobile device ID. The mobile device ID can be requested from a connection server. The communication session is established between the first computing device and the mobile user device using the mobile device identifier. The computing device transmits data to the mobile user device via the established communication session when the computing device is brought into proximity to the mobile user device.