Abstract: A system and method are provided for identifying a browser instance in a browser session between a server hosting a web domain and the browser instance executing on a user computing device. The method conducted at the browser instance includes obtaining a private key and a public key of a key pair unique to a combination of a web domain and the browser instance being used to access the web domain. The method includes obtaining a browser certificate issued for the key pair and storing the private key at a storage provided by the browser instance for use by the browser instance during an active browser session with the web domain. The private key is stored as unextractable from the storage and with configuration for use by the browser instance during an active browser session with the web domain in signing or cryptographic operations without the private key being revealed.

Abstract: A system and method for secure input using tokens is provided. A computer-implemented method conducted at a server computer includes receiving a transaction confirmation request associated with a transaction. The method includes providing, to an end-user via an online platform, a plurality of user input options associated with the transaction. The method includes receiving, from the end-user via the online platform, a unique token associated with a selected user input option, the unique token having been obtained by the end-user inputting a selection of a user input option into an end-user token generator which is configured to generate the unique token uniquely specifying the selected user input option. The method includes validating the unique token and identifying the selected user input option with which the unique token is associated.

Abstract: A system and method for proximity-based authentication are provided. The method conducted at a server includes receiving identification data from a primary user session on a session end point hosted on a computing device, the identification data being usable in linking the primary user session to a user record associated with a registered user. The server provides a token to one of the session end point and a registered end point hosted on a computing device, the registered end point associated with the user record, for local transmission from the end point for proximity-based acquisition by the other one of the session end point and a registered end point. The server receives the token from the other one of the session end point and the registered end point to establish physical proximity of the session end point and the registered end point during the primary user session.

Abstract: A system and method are provided for identifying a browser instance in a browser session between a server hosting a web domain and the browser instance executing on a user computing device. The method conducted at the browser instance includes obtaining a private key and a public key of a key pair unique to a combination of a web domain and the browser instance being used to access the web domain. The method includes obtaining a browser certificate issued for the key pair and storing the private key at a storage provided by the browser instance for use by the browser instance during an active browser session with the web domain. The private key is stored as unextractable from the storage and with configuration for use by the browser instance during an active browser session with the web domain in signing or cryptographic operations without the private key being revealed.

Abstract: A method and system for secure input at a remote service are provided. In a method conducted at a secure input device, a hash operation is performed on a data structure including shared data, the shared data having been obtained from a remote service via an encrypted payload. User input for secure entry at the remote service is received and encoded by performing an operation on corresponding symbols of the user input and an output of the hash operation to output an encoded message, the user input and the encoded message having the same length. The encoded message is output for entry at the remote service.

Abstract: A method and system for secure input at a remote service are provided. In a method conducted at a secure input device, a hash operation is performed on a data structure including shared data, the shared data having been obtained from a remote service via an encrypted payload. User input for secure entry at the remote service is received and encoded by performing an operation on corresponding symbols of the user input and an output of the hash operation to output an encoded message, the user input and the encoded message having the same length. The encoded message is output for entry at the remote service.

Abstract: A system and method for secure input using tokens is provided. A computer-implemented method conducted at a server computer includes receiving a transaction confirmation request associated with a transaction. The method includes providing, to an end-user via an online platform, a plurality of user input options associated with the transaction. The method includes receiving, from the end-user via the online platform, a unique token associated with a selected user input option, the unique token having been obtained by the end-user inputting a selection of a user input option into an end-user token generator which is configured to generate the unique token uniquely specifying the selected user input option. The method includes validating the unique token and identifying the selected user input option with which the unique token is associated.