Abstract: The present disclosure relates to credential management for mobile devices that can be used for access to secured physical environments. One aspect comprises a computer implemented method comprising a server system: receiving, from a mobile computing device, a provisioning request, which includes an account credential; authenticating the provisioning request based on the mobile computing device being linked to an account indicated by the account credential; generating an account token, which is bound to the account credential; generating one or more limited-use credentials (LUCs), using an application sequence counter, each of the one or more LUCs associated with a corresponding application sequence counter value; generating one or more emergency credentials; and transmitting, to the mobile computing device, the account token, the one or more LUCs, the application sequence counter values, and the one or more emergency credentials.

Abstract: The present disclosure relates to credential management for mobile devices that can be used for access to secured physical environments. One aspect comprises a computer implemented method comprising a mobile computing device: receiving, from a server system, and storing, on the mobile computing device: one or more application sequence counter values, one or more limited use credentials (LUCs), each LUC being bound to a corresponding one of the application sequence counter values; one or more emergency credentials, and an account token; subsequently receiving an authentication request from a terminal; in response to receiving the authentication request, determining that no LUC is available for fulfilling the request; and in response to determining that no LUC is available for fulfilling the request: transmitting, to the terminal, the account token and an application cryptogram generated from an emergency credential of said one or more emergency credentials; and updating a current application sequence counter.

Abstract: A method of providing access to securely held data is provided. A user interacts with the service provider to obtain access to a service by using a device to provide a digital identifier to the service provider, without the digital identifier being made known to the user. At a later date the user wishes to retrieve securely stored data relating to their use of the service. However, because the user does not know the digital identifier, they are unable to identify themselves to the service provider using the digital identifier. The present disclosure provides a secure method for exchanging private identifiers, which allows the user to identify themselves to the service provider in order to gain access to securely stored data relating to the user's previous use of the service. The user can do this using the device on which the digital identifier is stored, or another device.

Abstract: A method of providing access to securely held data is provided. A user interacts with the service provider to obtain access to a service by using a device to provide a digital identifier to the service provider, without the digital identifier being made known to the user. At a later date the user wishes to retrieve securely stored data relating to their use of the service. However, because the user does not know the digital identifier, they are unable to identify themselves to the service provider using the digital identifier. The present disclosure provides a secure method for exchanging private identifiers, which allows the user to identify themselves to the service provider in order to gain access to securely stored data relating to the user's previous use of the service. The user can do this using the device on which the digital identifier is stored, or another device.

Abstract: The present disclosure relates to an access security system and method, for example for securing access to data, objects or locations. According to one aspect there is provided a computer-implemented access security method, the method comprising: receiving, at a processor, a first authentication credential from a near-field communication, ‘NFC’ reader; generating a one-time token, at the processor, in dependence on the first authentication credential, the one-time token being in a form which is capable of reproduction by a user; and outputting the one-time token via an interface for use as an authentication credential in an access procedure. Other aspects relate to a user device for implementing such a method, a computer program product for storing instructions which, when executed, cause such a method to be implemented, and a system in which such a method can be used.

Abstract: The present disclosure relates to credential management for mobile devices that can be used for access to secured physical environments. One aspect comprises a computer implemented method comprising a mobile computing device: receiving, from a server system, and storing, on the mobile computing device: one or more application sequence counter values, one or more limited use credentials (LUCs), each LUC being bound to a corresponding one of the application sequence counter values; one or more emergency credentials, and an account token; subsequently receiving an authentication request from a terminal; in response to receiving the authentication request, determining that no LUC is available for fulfilling the request; and in response to determining that no LUC is available for fulfilling the request: transmitting, to the terminal, the account token and an application cryptogram generated from an emergency credential of said one or more emergency credentials; and updating a current application sequence counter.

Abstract: A method of providing access to securely held data is provided. A user interacts with the service provider to obtain access to a service by using a device to provide a digital identifier to the service provider, without the digital identifier being made known to the user. At a later date the user wishes to retrieve securely stored data relating to their use of the service. However, because the user does not know the digital identifier, they are unable to identify themselves to the service provider using the digital identifier. The present disclosure provides a secure method for exchanging private identifiers, which allows the user to identify themselves to the service provider in order to gain access to securely stored data relating to the user's previous use of the service. The user can do this using the device on which the digital identifier is stored, or another device.

Abstract: Transaction data is gathered for a plurality of successful payment device transactions in a first environment. The transaction data is filtered to identify successful payment device transactions associated with payment devices for which offline authentication is not supported, to obtain a whitelist. The whitelist is made available to at least one of (1) a merchant in a second, different environment, and (2) a third party acting on behalf of such a merchant.

Abstract: The present disclosure relates to an access security system and method, for example for securing access to data, objects or locations. According to one aspect there is provided a computer-implemented access security method, the method comprising: receiving, at a processor, a first authentication credential from a near-field communication, ‘NFC’ reader; generating a one-time token, at the processor, in dependence on the first authentication credential, the one-time token being in a form which is capable of reproduction by a user; and outputting the one-time token via an interface for use as an authentication credential in an access procedure. Other aspects relate to a user device for implementing such a method, a computer program product for storing instructions which, when executed, cause such a method to be implemented, and a system in which such a method can be used.

Abstract: Methods and systems for performing operations with an offline only terminal, particularly where the device being used is only capable of performing online operations, can include, according to one aspect, a method, at a mobile device, of interacting with an offline only terminal, the method comprising the steps of: generating an authorization request; sending the authorization request to a remote computer system via a telecommunications network; receiving an authorization response from the remote computer system, via a telecommunications network, the authorization response comprising data for enabling generation of an approval certificate for an offline operation; receiving a request for the approval certificate for an offline operation from the offline only terminal; generating an approval certificate for an offline operation based on the data; and sending the approval certificate for an offline operation to the offline only terminal.

Abstract: According to a first aspect there is provided a method of identifying the funding source of an electronic transaction, said method comprising a payment terminal: receiving a transaction request comprising one or more credentials from a payment device; and determining whether said credentials comprise a funding source proxy (FSP) and, if not, generating the FSP from one or more of said credentials according to a predetermined algorithm stored on said payment terminal; wherein the funding source proxy is derived from a funding primary account number (FPAN) of a funding source of said payment device. Other aspects provide a method of blocking an electronic transaction, a method of authorising an electronic transaction, a method performed by a payment terminal and a method of provisioning a device with payment capability.

Abstract: A computer implemented method of performing a transaction using a payment account, typically handled by a payment account manager (PAM), comprises the steps of: receiving a first message from a top up terminal indicating that funds have been transferred to the payment account; setting or adjusting a funds limit of the payment account based on information in the first message; receiving an authorization or pre-authorization request from a first terminal and commencing a funds aggregation; receiving a second message indicating a pre-defined amount of funds which may be used in the transaction; blocking an amount of the funds limit of the payment account equivalent to the pre-defined amount; and sending an authorization response to the first terminal.

Abstract: Transaction data is gathered for a plurality of successful payment device transactions in a first environment. The transaction data is filtered to identify successful payment device transactions associated with payment devices for which offline authentication is not supported, to obtain a whitelist. The whitelist is made available to at least one of (1) a merchant in a second, different environment, and (2) a third party acting on behalf of such a merchant.

Abstract: Transaction data is gathered for a plurality of successful payment device transactions in a first environment. The transaction data is filtered to identify successful payment device transactions associated with payment devices for which offline authentication is not supported, to obtain a whitelist. The whitelist is made available to at least one of (1) a merchant in a second, different environment, and (2) a third party acting on behalf of such a merchant.

Abstract: A computer implemented method of performing a transaction using a payment account, typically handled by a payment account manager (PAM), comprises the steps of: receiving a first message from a top up terminal indicating that funds have been transferred to the payment account; setting or adjusting a funds limit of the payment account based on information in the first message; receiving an authorisation or pre-authorisation request from a first terminal and commencing a funds aggregation; receiving a second message indicating a pre-defined amount of funds which may be used in the transaction; blocking an amount of the funds limit of the payment account equivalent to the pre-defined amount; and sending an authorisation response to the first terminal. As a result, the PAM can send data to indicate that a card associated with the payment account is not fit for travel.

Abstract: Transaction data is gathered for a plurality of successful payment device transactions in a first environment. The transaction data is filtered to identify successful payment device transactions associated with payment devices for which offline authentication is not supported, to obtain a whitelist. The whitelist is made available to at least one of (1) a merchant in a second, different environment, and (2) a third party acting on behalf of such a merchant.

Abstract: A hazardous environment protective garment has a first layer of fluid barrier material; and, in an exemplary embodiment, the torso section, sleeves and/or pant legs include a second layer of material bonded thereto to form a fluid seal therebetween, where the second layer of material includes integrated fasteners sewn thereto to provide lengthwise adjustability of the respective torso section, sleeves and/or pant legs

Abstract: N-methylolated/methoxymethylated aryldisulfonamides useful as rubber crosslinking agents are provided of the general formula: ##STR1## wherein x is between about 1 and 2, and y is between about 1 and 3, z is between about 0 and 1.5, the total of x, y and z being about 4.