Abstract: Provided are a system and method for managing encryption keys used by a payment application on a mobile device. The method includes executing a mobile payment application in a user domain of the mobile device, where the user domain is an operating environment in which applications are executed and accessed by a user, importing a plurality of encryption keys for use by the mobile payment application into a system domain of the mobile device, where the system domain is a more secure operating environment controlled by an operating system, encrypting payment information of the mobile payment application in the system domain using one or more of the imported keys while executing the mobile payment application in the user domain, and transmitting the encrypted payment information to a merchant.

Abstract: A computing device embodies a security architecture for an application (42). The security architecture has non-volatile storage (43) for storing first cryptographic material and volatile storage (51) for storing second cryptographic material. The second cryptographic material is lost on rebooting of the computing device. At least the second cryptographic material may be replenished from a source external to the computing device but accessible by a computing network. Methods of use of this architecture by the application are also described.

Abstract: A method of determining legitimate use of a computing device for an action to be approved by a remote system is described. The following steps are carried out at the computing device. A verification method (44) is established for authenticating a user at the computing device or for verifying the integrity of the computing device in association with carrying out the action on that computing device. Cryptographic material is received from a trusted system for use in performing the action. The action is then performed (42). This may or may not comprise successful performance of the verification step. However, performing the action comprises returning information to the remote system that includes whether there was successful authentication using the verification method and parameters relating to computing device state when the action was performed. Suitable computing apparatus is also described.

Abstract: Provided are a system and method for managing encryption keys used by a payment application on a mobile device. The method includes executing a mobile payment application in a user domain of the mobile device, where the user domain is an operating environment in which applications are executed and accessed by a user, importing a plurality of encryption keys for use by the mobile payment application into a system domain of the mobile device, where the system domain is a more secure operating environment controlled by an operating system, encrypting payment information of the mobile payment application in the system domain using one or more of the imported keys while executing the mobile payment application in the user domain, and transmitting the encrypted payment information to a merchant.

Abstract: A method of biometric verification is described involving interaction between a token and a terminal. The token stores, or has access to, stored user biometric data. The terminal has an associated biometric reader. User biometric data is captured at the biometric reader. The token then initiates comparison of the captured user biometric data with the stored user data to determine a match. The token provides a verification result to the terminal, wherein an action at the terminal may proceed if the verification result indicates a match between the captured user biometric data and the stored biometric data. Methods performed at the token and at the terminal are described, as are tokens and terminals adapted to perform the steps described.