Abstract: A technique is disclosed for remotely managing isolated domains on mobile devices. A request is received from the mobile device to instantiate a managed domain. A managed domain configuration is determined and comprises a security policy controlling access to content of the managed domain of the subscribing mobile device, a content specification identifying the content to be downloaded by the subscribing mobile device into the managed domain, and a content configuration identifying a configuration of the content on the subscribing mobile device. The managed domain configuration is sent to the subscribing mobile device to instantiate a secure, managed domain whose policy, content and content configuration is remotely controlled. The technique is useful for advertising and brand promotion on mobile devices as it simultaneously enables detailed control over the presentation of content by a curator while ensuring privacy and security protection of the other apps, accounts and data on the mobile device.

Abstract: Systems and methods that efficiently combine multiple wireless networks or devices resulting in faster, more reliable, and more secure mobile Internet. A Virtual Private Network (VPN) service application is operated to route outgoing and incoming data packets of a mobile device. The mobile device is (i) either coupled to a remote server through the VPN service application for data packets transfer between the remote server and the mobile device or (ii) performs cross-layer translation for data packets transfer between the mobile device and direct target hosts on the Internet. Concurrently using multiple channels secures data packets transfer by sending encrypted data packets over multiple channels and receiving the encrypted data packets by a single apparatus. Data packets are designated to be transferred via a Wi-Fi channel or a cellular channel, and then transferred using both the Wi-Fi channel and the cellular channel.

Abstract: In a payment-enabled smartphone, a shared cardholder verification method (CVM) applet serves a number of mobile payment cardlets. The shared CVM applet validates CVM information input by a user of the smartphone and in response issues a CVM token. The CVM token is passed to a particular one of the mobile payment cardlets that is selected for a current transaction. The selected mobile payment cardlet submits the CVM token back to the shared CVM applet for verification. Upon verifying the CVM token, the shared CVM applet enables the selected mobile payment cardlet to perform the current transaction.

Abstract: In a payment-enabled smartphone, a shared cardholder verification method (CVM) applet serves a number of mobile payment cardlets. The shared CVM applet validates CVM information input by a user of the smartphone and in response issues a CVM token. The CVM token is passed to a particular one of the mobile payment cardlets that is selected for a current transaction. The selected mobile payment cardlet submits the CVM token back to the shared CVM applet for verification. Upon verifying the CVM token, the shared CVM applet enables the selected mobile payment cardlet to perform the current transaction.

Abstract: A method for generating transaction credentials for a user in a transaction, comprising: storing in a mobile device, an encrypted session key, and an encrypted user authentication credential; receiving an authorisation request; initiating a user authorisation process wherein in the event that the user is an authenticated user, the method comprises: decrypting the encrypted session key and encrypted user authentication credential; generating a transaction cryptogram in dependence on the user authentication credential and the session key; transmitting the transaction cryptogram and a user authentication status to a transaction processing entity for use in a transaction

Abstract: In a payment-enabled smartphone, a shared cardholder verification method (CVM) applet serves a number of mobile payment cardlets. The shared CVM applet validates CVM information input by a user of the smartphone and in response issues a CVM token. The CVM token is passed to a particular one of the mobile payment cardlets that is selected for a current transaction. The selected mobile payment cardlet submits the CVM token back to the shared CVM applet for verification. Upon verifying the CVM token, the shared CVM applet enables the selected mobile payment cardlet to perform the current transaction.

Abstract: Systems and methods that efficiently combine multiple wireless networks or devices resulting in faster, more reliable, and more secure mobile Internet. A Virtual Private Network (VPN) service application is operated to route outgoing and incoming data packets of a mobile device. The mobile device is (i) either coupled to a remote server through the VPN service application for data packets transfer between the remote server and the mobile device or (ii) performs cross-layer translation for data packets transfer between the mobile device and direct target hosts on the Internet. Concurrently using multiple channels secures data packets transfer by sending encrypted data packets over multiple channels and receiving the encrypted data packets by a single apparatus. Data packets are designated to be transferred via a Wi-Fi channel or a cellular channel, and then transferred using both the Wi-Fi channel and the cellular channel.

Abstract: In a payment-enabled smartphone, a shared cardholder verification method (CVM) applet serves a number of mobile payment cardlets. The shared CVM applet validates CVM information input by a user of the smartphone and in response issues a CVM token. The CVM token is passed to a particular one of the mobile payment cardlets that is selected for a current transaction. The selected mobile payment cardlet submits the CVM token back to the shared CVM applet for verification. Upon verifying the CVM token, the shared CVM applet enables the selected mobile payment cardlet to perform the current transaction.

Abstract: In a payment-enabled smartphone, a shared cardholder verification method (CVM) applet serves a number of mobile payment cardlets. The shared CVM applet validates CVM information input by a user of the smartphone and in response issues a CVM token. The CVM token is passed to a particular one of the mobile payment cardlets that is selected for a current transaction. The selected mobile payment cardlet submits the CVM token back to the shared CVM applet for verification. Upon verifying the CVM token, the shared CVM applet enables the selected mobile payment cardlet to perform the current transaction.

Abstract: In a payment-enabled smartphone, a shared cardholder verification method (CVM) applet serves a number of mobile payment cardlets. The shared CVM applet validates CVM information input by a user of the smartphone and in response issues a CVM token. The CVM token is passed to a particular one of the mobile payment cardlets that is selected for a current transaction. The selected mobile payment cardlet submits the CVM token back to the shared CVM applet for verification. Upon verifying the CVM token, the shared CVM applet enables the selected mobile payment cardlet to perform the current transaction.

Abstract: Systems and methods that efficiently combine multiple wireless networks or devices resulting in faster, more reliable, and more secure mobile Internet. A Virtual Private Network (VPN) service application is operated to route outgoing and incoming data packets of a mobile device. The mobile device is (i) either coupled to a remote server through the VPN service application for data packets transfer between the remote server and the mobile device or (ii) performs cross-layer translation for data packets transfer between the mobile device and direct target hosts on the Internet. Concurrently using multiple channels secures data packets transfer by sending encrypted data packets over multiple channels and receiving the encrypted data packets by a single apparatus. Data packets are designated to be transferred via a Wi-Fi channel or a cellular channel, and then transferred using both the Wi-Fi channel and the cellular channel.

Abstract: Example embodiments include methods and apparatus for exchanging, using a contactless interface included in a portable device, transaction information associated with an electronic merchant device when the portable device is brought into close proximity to a contactless interface associated with the electronic merchant device, with the information identifying the electronic merchant device and identifying a handover wireless network connected to the electronic merchant device and with information including security credentials required to form a secure connection, establishing a persistent, secure wireless connection with the electronic merchant device, using a wireless network interface in the portable device and the transaction information, over the handover wireless network and exchanging transaction messages between the portable device and the electronic merchant device over the persistent, secure wireless connection during a shopping interval.

Abstract: In a payment-enabled smartphone, a shared cardholder verification method (CVM) applet serves a number of mobile payment cardlets. The shared CVM applet validates CVM information input by a user of the smartphone and in response issues a CVM token. The CVM token is passed to a particular one of the mobile payment cardlets that is selected for a current transaction. The selected mobile payment cardlet submits the CVM token back to the shared CVM applet for verification. Upon verifying the CVM token, the shared CVM applet enables the selected mobile payment cardlet to perform the current transaction.

Abstract: Systems, methods and apparatus for operating a device to complete a transaction are provided which include receiving a request to initiate a transaction with a merchant, transmitting a payment transaction initiation message to a merchant server associated with the merchant, receiving a request message from the merchant server for remote payment data, the request message including information identifying whether the merchant server supports a selected one of a first data format and an alternative data format, and providing the remote payment data to the merchant server in the selected data format for use by the merchant server to initiate authorization processing of the transaction.

Abstract: A technique is disclosed for remotely managing isolated domains on mobile devices. A request is received from the mobile device to instantiate a managed domain. A managed domain configuration is determined and comprises a security policy controlling access to content of the managed domain of the subscribing mobile device, a content specification identifying the content to be downloaded by the subscribing mobile device into the managed domain, and a content configuration identifying a configuration of the content on the subscribing mobile device. The managed domain configuration is sent to the subscribing mobile device to instantiate a secure, managed domain whose policy, content and content configuration is remotely controlled. The technique is useful for advertising and brand promotion on mobile devices as it simultaneously enables detailed control over the presentation of content by a curator while ensuring privacy and security protection of the other apps, accounts and data on the mobile device.

Abstract: A device and method for switching to an encrypted domain requiring authentication in an operating system which implements a plurality of secure domains. An intermediate domain different from the encrypted domain and a current domain is provided. Upon receiving a request to switch to the encrypted domain, the system switches to the intermediate domain. An authentication challenge for access to the encrypted domain is displayed in the intermediate domain. Receiving authentication information is used to decrypt filesystem keys for providing access to the encrypted filesystem. The encrypted filesystem is then mounted, and the encrypted domain started.

Abstract: A computing device operating system providing a plurality of secure domains. A domain manager selectively creates a plurality of secure domains, and one of the secure domains is selected as a current domain. A domain policy service stores and enforces, for each secure domain, a policy comprising a rule set controlling access to files and applications associated with the domain. A package manager enforces, for each secure domain, installation of the applications associated with the domain. A domain message service provides communication between running processes associated with different ones of the secure domains. An activity manager selectively switches the current domain. Domain isolation is achieved while enabling a unified user interface providing concurrent access to the resources of multiple domains.

Abstract: A method includes maintaining a digital wallet in a computer, and receiving a request for a transaction. The computer may receive and verify user authentication data, and then allow the user to access any payment card account in the digital wallet without requiring additional user authentication, regardless of the account selected for the transaction by the user. In some embodiments, cryptogram generation may be performed with an EMV server in association with the digital wallet, to enhance the level of security assurance for merchants, issuers and users.

Abstract: In a payment-enabled smartphone, a shared cardholder verification method (CVM) applet serves a number of mobile payment cardlets. The shared CVM applet validates CVM information input by a user of the smartphone and in response issues a CVM token. The CVM token is passed to a particular one of the mobile payment cardlets that is selected for a current transaction. The selected mobile payment cardlet submits the CVM token back to the shared CVM applet for verification. Upon verifying the CVM token, the shared CVM applet enables the selected mobile payment cardlet to perform the current transaction.

Abstract: Systems, methods, apparatus and computer program code are provided for operating a mobile device to conduct a transaction which include obtaining, by a mobile device operating a mobile payment application, a transaction payload from a merchant, extracting a payment gateway identifier from the transaction payload and establishing a secure communication channel with a payment gateway identified by the payment gateway identifier, receiving, from the payment gateway, item data associated with the transaction, the item data obtained by the payment gateway from the merchant, and receiving, from a user operating the mobile device, a confirmation to complete the transaction using a payment account associated with the user and transmitting the confirmation to the payment gateway with payment account credentials associated with the payment account.