Abstract: Systems and methods for use with a service provider and a consumer electronic device include a trusted remote attestation agent (TRAA) configured to perform a set of checking procedures or mechanisms to help ensure the security status of a consumer electronic device (e.g., a mobile terminal or phone) that holds financial instruments. The checking procedures may include: self-verifying integrity by the TRAA; checking for presence of a provisioning SIM card (one that was present when the financial instruments were enabled on the device); checking that a communication connection between the consumer electronic device and the service provider is available and active; and checking that communication connectivity to a home mobile network is available and active. The frequency of the checking mechanisms may be adjusted, for example, according to a risk-profile of a user associated with the device or the location (e.g., GPS location) of the device.

Abstract: Systems and methods for use with a service provider and a consumer electronic device include a trusted remote attestation agent (TRAA) configured to perform a set of checking procedures or mechanisms to help ensure the security status of a consumer electronic device (e.g., a mobile terminal or phone) that holds financial instruments. The checking procedures may include: self-verifying integrity by the TRAA; checking for presence of a provisioning SIM card (one that was present when the financial instruments were enabled on the device); checking that a communication connection between the consumer electronic device and the service provider is available and active; and checking that communication connectivity to a home mobile network is available and active. The frequency of the checking mechanisms may be adjusted, for example, according to a risk-profile of a user associated with the device or the location (e.g., GPS location) of the device.

Abstract: Systems and methods for use with a service provider and a consumer electronic device include a trusted remote attestation agent (TRAA) configured to perform a set of checking procedures or mechanisms to help ensure the security status of a consumer electronic device (e.g., a mobile terminal or phone) that holds financial instruments. The checking procedures may include: self-verifying integrity by the TRAA; checking for presence of a provisioning SIM card (one that was present when the financial instruments were enabled on the device); checking that a communication connection between the consumer electronic device and the service provider is available and active; and checking that communication connectivity to a home mobile network is available and active. The frequency of the checking mechanisms may be adjusted, for example, according to a risk-profile of a user associated with the device or the location (e.g., GPS location) of the device.

Abstract: Systems and methods for use with a service provider and a consumer electronic device include a trusted remote attestation agent (TRAA) configured to perform a set of checking procedures or mechanisms to help ensure the security status of a consumer electronic device (e.g., a mobile terminal or phone) that holds financial instruments. The checking procedures may include: self-verifying integrity by the TRAA; checking for presence of a provisioning SIM card (one that was present when the financial instruments were enabled on the device); checking that a communication connection between the consumer electronic device and the service provider is available and active; and checking that communication connectivity to a home mobile network is available and active. The frequency of the checking mechanisms may be adjusted, for example, according to a risk-profile of a user associated with the device or the location (e.g., GPS location) of the device.

Abstract: Systems and methods for use with a service provider and a consumer electronic device include a trusted remote attestation agent (TRAA) configured to perform a set of checking procedures or mechanisms to help ensure the security status of a consumer electronic device (e.g., a mobile terminal or phone) that holds financial instruments. The checking procedures may include: self-verifying integrity by the TRAA; checking for presence of a provisioning SIM card (one that was present when the financial instruments were enabled on the device); checking that a communication connection between the consumer electronic device and the service provider is available and active; and checking that communication connectivity to a home mobile network is available and active. The frequency of the checking mechanisms may be adjusted, for example, according to a risk-profile of a user associated with the device or the location (e.g., GPS location) of the device.

Abstract: Various embodiments include a first detection being made that a first program residing on a device is requesting authentication. The first program resides in a first portion of the device. An authentication step can be performed by referencing a unique identifier accessible via a request sent by the first program to a second program residing on the device, where the second program resides in a second portion of the mobile device. The second portion has a greater level of security than the first portion (e.g. physical separation may exist between the first and second portions). Accordingly, integrity of the first program can be verified (e.g. an authentic, authorized version of a program is making a transaction request rather than an unauthorized version).

Abstract: Various embodiments include a first detection being made that a first program residing on a device is requesting authentication. The first program resides in a first portion of the device. An authentication step can be performed by referencing a unique identifier accessible via a request sent by the first program to a second program residing on the device, where the second program resides in a second portion of the mobile device. The second portion has a greater level of security than the first portion (e.g. physical separation may exist between the first and second portions). Accordingly, integrity of the first program can be verified (e.g. an authentic, authorized version of a program is making a transaction request rather than an unauthorized version).

Abstract: A system includes a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and a device to be identified by the tag, in which: the device is configured to communicate with the reader; the device has access to a secure Tag ID; and the device communicates a verification to the reader if the machine readable Tag ID communicated to the device from the reader matches the secure Tag ID. A method includes: reading a Tag ID from a tag attached to a device; communicating the Tag ID read from the tag to the device; comparing a secure Tag ID of the device to the Tag ID read from the tag; and responding with a “match” or “no-match” message from the device, according to which the device is either trusted or not trusted as being identified by the Tag ID. A method of verifying a trusted agent (TA) on a device includes: storing a digital signature of the TA in a secure vault of the device; and verifying the TA by verifying the digital signature of the TA each time the TA is used.

Abstract: An initial communication pathway is established between a first execution environment of a mobile device and a second execution environment of the mobile device. The first and second execution environments are executed in parallel with each other. The second execution environment has a higher level of security than the first execution environment. A request is received from a first entity to authenticate itself. The first entity resides in the first execution environment of the mobile device. The first entity is authenticated in response to the request. The authentication is performed by a second entity that resides in the second execution environment of the mobile device. The receiving of the request and the authenticating are performed using a direct communication link between the first execution environment and the second execution environment while bypassing the initial communication pathway.

Abstract: A detection is made that a first entity residing on a mobile device is requesting authentication. The first entity resides in a first portion of the mobile device. A determination is made that the mobile device is unable to establish network connections with a remote authentication server that is configured to authenticate the first entity. A local authentication process is performed in response to the determination that the mobile device is unable to establish network connections with the remote authentication server. Without accessing the remote authentication server, the local authentication process is performed by a second entity that resides in a second portion of the mobile device. The second portion has a greater level of security than the first portion.

Abstract: A system and method for facilitating electronic commerce over a network, according to one or more embodiments, includes communicating with a user via a user device over the network, distributing a resident application to the user device over the network, displaying a service icon on the user device, and receiving an authentication request from the user via the user device over the network. The service icon is linked to the resident application, and the authentication request includes user credentials inputted by the user via user selection of the service icon and resulting user access of the resident application. The system and method includes communicating with the resident application on the user device to request user confirmation of the authentication request, receiving user confirmation from the user via the user device over the network, authorizing the authentication request, and notifying the user of the authorized authentication request over the network via the resident application.

Abstract: A user inserts a received random sequence into the user's password or PIN. The user enters and transmits this randomized password to a service provider. The service provider extracts the password to determine whether to authenticate the user.

Abstract: Systems and methods for use with a service provider and a consumer electronic device include a trusted remote attestation agent (TRAA) configured to perform a set of checking procedures or mechanisms to help ensure the security status of a consumer electronic device (e.g., a mobile terminal or phone) that holds financial instruments. The checking procedures may include: self-verifying integrity by the TRAA; checking for presence of a provisioning SIM card (one that was present when the financial instruments were enabled on the device); checking that a communication connection between the consumer electronic device and the service provider is available and active; and checking that communication connectivity to a home mobile network is available and active. The frequency of the checking mechanisms may be adjusted, for example, according to a risk-profile of a user associated with the device or the location (e.g., GPS location) of the device.

Abstract: Methods and systems utilize a shake and transfer process to initiate a wireless communication and provide a user device with time and location information of the communication, which can be associated with contact information of a user of the other device. As a result, a user has additional information associated with a contact, and the time and location information can be used to determine or track elapsed time and distance traveled between communications.

Abstract: Systems and methods for use with a service provider and a consumer electronic device include a trusted remote attestation agent (TRAA) configured to perform a set of checking procedures or mechanisms to determine the security status of a consumer electronic device (e.g., mobile terminal or phone) holding financial instruments. Checking procedures may include: self-verifying integrity by the TRAA; checking for presence of a provisioning SIM card (one present when financial instruments were enabled on the device); checking that communication connectivity between the device and service provider is available and active; and that communication connectivity to a home mobile network is available and active. Frequency of the checking mechanisms may be adjusted according to a risk-profile of a user associated with the device or the GPS location of the device. The checks may be used to temporarily disable or limit the use of the financial instruments from the device.

Abstract: Methods, systems, and computer program products for providing behavioral stochastic authentication (BSA) are disclosed. For example, a computer-implemented method may include authenticating a user of a mobile device at a plurality of different times based on authentication credentials, collecting stochastic data associated with the mobile device during time periods corresponding to authenticating the user of the mobile device at the plurality of different times, and in response to an authentication request, authenticating the user of the mobile device based on comparing current data associated with the mobile device and the collected stochastic data to determine that the user of the mobile device is trusted.

Abstract: Methods and systems for authenticating a user and a consumer electronic device (CED) to a financial services provider (FSP) for purposes of communications initiated from the device and needing security, such as purchases and financial transactions, are provided. The FSP may compile information about a user's behavior from various sources, both public and private, including the CED. The information may be of a stochastic nature, being gathered by sampling user data and behavior at chosen times. The information may include indicators of user behavior—such as the user using the device to check various accounts and web-pages—and data from the device—such as GPS location. Based on the compiled stochastic information, and using a sliding scale, a throttling mechanism, acceptance variation, and pinging information, the FSP can compare current information from the device with what is known about the user and the device to provide a more accurate and reliable authentication process.

Abstract: Systems and methods are provided for a device to engage in a zero-knowledge proof with an entity requiring authentication either of secret material or of the device itself. The device may provide protection of the secret material or its private key for device authentication using a hardware security module (HSM) of the device, which may include, for example, a read-only memory (ROM) accessible or programmable only by the device manufacturer. In the case of authenticating the device itself a zero-knowledge proof of knowledge may be used. The zero-knowledge proof or zero-knowledge proof of knowledge may be conducted via a communication channel on which an end-to-end (e.g.

Abstract: A user inserts a received random sequence into the user's password or PIN. The user enters and transmits this randomized password to a service provider. The service provider extracts the password to determine whether to authenticate the user.

Abstract: An initial communication pathway is established between a first execution environment of a mobile device and a second execution environment of the mobile device. The first and second execution environments are executed in parallel with each other. The second execution environment has a higher level of security than the first execution environment. A request is received from a first entity to authenticate itself. The first entity resides in the first execution environment of the mobile device. The first entity is authenticated in response to the request. The authentication is performed by a second entity that resides in the second execution environment of the mobile device. The receiving of the request and the authenticating are performed using a direct communication link between the first execution environment and the second execution environment while bypassing the initial communication pathway.