Abstract: A method of securely processing data in a third party cloud environment is provided. Third party computer executable code is executed in a secure portion of the third party cloud environment. An external data request for external data to be received from an external data provider is then processed whereby the external data request comprises at least a portion of the secure data. The third party cloud environment determines whether to authorise the first external data request, and if the request is so authorised the request is sent to the external data provider and the external data is received from the external data provider.

Abstract: Systems and methods for managing data security are described. In an embodiment, the method comprises receiving a data access request from a first application that runs in a first operating environment of a mobile device, wherein the authentication request contains credentials of the first application, communicating with a second application that runs in a second operating environment in parallel to the first environment of the mobile device, wherein the second application is a trusted application that runs in a secure environment, and wherein the communicating includes transferring the credentials of the first application to the second application, and receiving data from the trusted application responsive to the data access request, based on the credentials of the first application.

Abstract: This disclosure is in the field of data leakage prevention and relates to computer-implemented methods for identifying data leakage and for enabling identification of data leakage, and data processing apparatus, computer programs, and computer readable storage media for performing the same. There are provided computer-implemented methods of constructing and querying a first Bloom filter, formed from a plurality of representations of sensitive data, wherein the plurality of representations have been generated from underlying sensitive data using a mapping function.

Abstract: A computer-implemented method for securing a user device is disclosed. A signed device authentication key is requested and received from a user application executing on the user device. The signed device authentication key is obtained via a software module installed on the user device and associated with a secure data processing provider. A device setup request is transmitted from the user device to the secure data processing system using the signed device authentication key. The device setup request comprises the signed device authentication key. The authenticity of the device setup request is verified at the secure data processing system based on the signed device authentication key.

Abstract: Systems and methods for managing data security are described. In an embodiment, the method comprises receiving a data access request from a first application that runs in a first operating environment of a mobile device, wherein the authentication request contains credentials of the first application, communicating with a second application that runs in a second operating environment in parallel to the first environment of the mobile device, wherein the second application is a trusted application that runs in a secure environment, and wherein the communicating includes transferring the credentials of the first application to the second application, and receiving data from the trusted application responsive to the data access request, based on the credentials of the first application.

Abstract: Systems and methods for managing data security are described. In an embodiment, the method comprises receiving a data access request from a first application that runs in a first operating environment of a mobile device, wherein the authentication request contains credentials of the first application, communicating with a second application that runs in a second operating environment in parallel to the first environment of the mobile device, wherein the second application is a trusted application that runs in a secure environment, and wherein the communicating includes transferring the credentials of the first application to the second application, and receiving data from the trusted application responsive to the data access request, based on the credentials of the first application.

Abstract: A merchant website automatically detects whether a customer device has a registered payment application; if so, the website generates a custom protocol message that is triggered on checkout to initiate payment via the payment application. Details of the transaction are passed to the payment application via a payment server so that the user can authorize the transaction within the payment application.

Abstract: User Authentication A mobile user authentication application is operable to perform one or more of the following operations: ?authenticate a user in a voice call to a telephony service, by passing an authentication code to the telephony service within the voice call [FIGS. 2, 2c]; ?validate a user instruction during a secure messaging session [FIG. 3]; and ?authenticate a user at a physical local service by obtaining a challenge code at that local service, validating the challenge code with a remote authentication service, obtain a confirmation code from the authentication service and presenting the confirmation code for validation at the local service [FIGS. 4, 4a and 4b].

Abstract: A method of securely processing data in a third party cloud environment is provided. Third party computer executable code is executed in a secure portion of the third party cloud environment. An external data request for external data to be received from an external data provider is then processed whereby the external data request comprises at least a portion of the secure data. The third party cloud environment determines whether to authorise the first external data request, and if the request is so authorised the request is sent to the external data provider and the external data is received from the external data provider.

Abstract: A computer-implemented method for securing a user device is disclosed. A signed device authentication key is requested and received from a user application executing on the user device. The signed device authentication key is obtained via a software module installed on the user device and associated with a secure data processing provider. A device setup request is transmitted from the user device to the secure data processing system using the signed device authentication key. The device setup request comprises the signed device authentication key. The authenticity of the device setup request is verified at the secure data processing system based on the signed device authentication key.

Abstract: The present disclosure relates to a method and apparatus for purchasing a product from a merchant by a consumer using an electronic device. An association between a transaction identifier and transaction information is stored in a database, the transaction information comprising a merchant identifier, which is associated with merchant information, and a transaction amount. The consumer may purchase the product by having the transaction identifier provided to an application on an electronic device and transmitting the transaction identifier from the application to a transaction processing server. The merchant information and the transaction amount associated with the transaction identifier is transmitted from the transaction processing server to the application and the transaction completed using the application on the basis of the transaction information on the database.

Abstract: Systems and methods for managing data security are described. In an embodiment, the method comprises receiving a data access request from a first application that runs in a first operating environment of a mobile device, wherein the authentication request contains credentials of the first application, communicating with a second application that runs in a second operating environment in parallel to the first environment of the mobile device, wherein the second application is a trusted application that runs in a secure environment, and wherein the communicating includes transferring the credentials of the first application to the second application, and receiving data from the trusted application responsive to the data access request, based on the credentials of the first application.

Abstract: In an exemplary embodiment, a method of registering online payment transaction details in an online banking system is described, the method comprising receiving data associated with an online payment transaction from a user, and storing data defining the online payment transaction after verifying the user's identity. In an initial mode of operation, the system enforces a restriction on the online transaction, and in a subsequent mode of operation, the system removes the restriction. A two-stage method of registering a user for access to an application on a mobile handset is also provided, whereby access is initially restricted until subsequent re-authentication of the user using a different channel.

Abstract: A computer implemented method of providing candidate information comprises: obtaining a challenge code from a verification service at a first device associated with an ID candidate; capturing the challenge code from the first device at a second device associated with an ID checker; verifying the challenge code between the second device and the verification service and, if the challenge code is verified, providing the candidate information from the verification service, such that the candidate information is accessible to the ID checker.

Abstract: Secure registration of a new application with a server system is provided. An old application has been registered with the system. A first link between the new application and the system establishes a first key and first check data is communicated from the system to the new application and passed to the old application. A second link between the old application and the system establishes a second key based on input of a credential to the old application; the first check data is communicated from the old application to the system. Enciphered second check data is communicated from the system to the old application over the second link and further encrypted by the old application using a third key. This generates doubly-enciphered check data which is passed to the new application and decrypted using the first key and a fourth key, generated at the new application based on the first check data and input of the credential to the new application.

Abstract: A merchant website automatically detects whether a customer device has a registered payment application; if so, the website generates a custom protocol message that is triggered on checkout to initiate payment via the payment application. Details of the transaction are passed to the payment application via a payment server so that the user can authorize the transaction within the payment application.

Abstract: Secure registration of a new application with a server system is provided. An old application has been registered with the system. A first link between the new application and the system establishes a first key and first check data is communicated from the system to the new application and passed to the old application. A second link between the old application and the system establishes a second key based on input of a credential to the old application; the first check data is communicated from the old application to the system. Enciphered second check data is communicated from the system to the old application over the second link and further encrypted by the old application using a third key. This generates doubly-enciphered check data which is passed to the new application and decrypted using the first key and a fourth key, generated at the new application based on the first check data and input of the credential to the new application.

Abstract: A method of user authentication by an application (1a) on a mobile telephony device (1) comprises authenticating the user by interaction with the application (1a), communicating with a remote authentication service (4) to receive a call identifier; and sending the call identifier within a telephone call to the remote telephony service (9), by means of which the user is authenticated to the remote telephony service (9). The mobile telephony device may receive a service code linked to the remote telephony service, and the call identifier may be based on this code. The service code may be captured or entered manually into the mobile device, or obtained from an application on the mobile device (1), such as a mobile banking application. The call identifier may be hidden within the call using audio steganography. The authentication service (4) may link the user to a remote service account ID, which is sent to the remote server.

Abstract: A user inputs a pattern consisting of a plurality of lines. The lines are classified by relative length, overall direction and degree of curvature. Where a line is started from a new position, the direction from the previous starting point is taken into account. The series of lines is then serialized into a key value, which may then be used to decrypt data stored on a device. This enables data to be securely stored since the key is supplied by the user at runtime and is not itself stored on the device.

Abstract: A system and method for spectroscopic mapping, with configurable spatial resolution, of an object include a fiber optic bundle having a plurality of optical fibers arranged in a first array at an input end with each of the plurality of optical fibers spaced one from another and arranged in at least one linear array at an output end. A first mask defining a plurality of apertures equal to or greater in number than the plurality of optical fibers is positioned between an object to be imaged and the input end of the fiber optic bundle. An imaging spectrometer is positioned to receive light from the output end of the fiber optic bundle and to generate spectra of the object. A sensor associated with the imaging spectrometer converts the spectra to electrical output signals for processing by an associated computer.