Abstract: A computerized method and system to communicate information between a supported client computer and a remote support organization have been described. At the supported client computer, status information, generated by one or more client applications when executing on the supported client computer, may be retrieved. The status information may be stored in a client database on the supported client computer. A first client database definition for a client data item may be mapped to a first tag, the first client database definition may be associated with the client database and the client data item may include the status information. A client message document including the first tag may be communicated to a support server of the remote support organization. The status information may be stored in, and retrieved from, the client database via a functional abstraction layer comprising one or more customized application program interfaces (API).

Abstract: A user accesses an application on a reader mode device, activating a reader communication mode and disabling conflicting communication modes. The reader mode device activates a radio frequency field and creates a secure communication channel with a payment device. A secure element application on the reader mode device requests and receives payment information from a payment device. The secure element application on the reader mode device decrypts the payment information and requests account verification from the user. The secure element application on the reader mode device receives input from the user and verifies the payment information. In response to verifying the account information, the secure element application on the reader mode device encrypts the payment information and transmits it to a payment processing system. The payment processing system processes the payment transaction and transmits a notice of approved or declined transaction to the reader mode device.

Abstract: A user accesses an application on a reader mode device, activating a reader communication mode and disabling conflicting communication modes. The reader mode device activates a radio frequency field and creates a secure communication channel with a payment device. A secure element application on the reader mode device requests and receives payment information from a payment device. The secure element application on the reader mode device decrypts the payment information and requests account verification from the user. The secure element application on the reader mode device receives input from the user and verifies the payment information. In response to verifying the account information, the secure element application on the reader mode device encrypts the payment information and transmits it to a payment processing system. The payment processing system processes the payment transaction and transmits a notice of approved or declined transaction to the reader mode device.

Abstract: Techniques for remote application access are described. Some embodiments provide access to an application executing on a host system via a Web browser of a client device. A user operating the Web browser may request access to the application via a uniform resource identifier. A service executing on the host system receives the request and facilitates access to the application. Facilitating access may include transmitting to the Web browser image data corresponding to a window or graphical user interface generated by the application and stored on the host system. Client logic executing within the Web browser receives the image data and displays a local copy of the application window on the client device. The client logic also forwards user input events made with respect to the to the local window to the remote presentation service, which in turn forwards the events to the window/application on the host system.

Abstract: Transferring control of a secure element between TSMs comprises a zone master key established between the TSMs that facilitates encryption of a temporary key. The TSMs create the zone master key prior to initiation of transfer of control. Once transfer of control is initiated, the first TSM establishes a communication channel and deletes its key from the secure element. The first TSM creates a temporary key that is encrypted with the zone master key established between the first TSM and the second TSM. The encrypted temporary key is communicated to the second TSM with a device identifier. The second TSM decrypts the temporary key using the zone master key and identifies the user device using the device identifier. The new TSM establishes a communication channel and deletes the temporary key from the secure element. The new TSM then inputs and saves its key into the secure element.

Abstract: A user conducts a wireless payment transaction with a merchant system by transmitting payment information from a user device to a terminal reader without accessing a secure element resident on the user device. A user taps a user device in a merchant system's terminal reader's radio frequency field. The terminal reader and the user device establish a communication channel and the terminal reader transmits a signal comprising a request for a payment processing response. The signal is received by the user device and converted by a controller to a request understandable by an application host processor. The controller transmits the request to the application host processor, where the request is processed, and a response is transmitted to the controller and then to the terminal reader. The response generated by the application host processor is identifiable by the merchant system as a payment response.

Abstract: Transferring control of a secure element between TSMs comprises a zone master key established between the TSMs that facilitates encryption of a temporary key. The TSMs create the zone master key prior to initiation of transfer of control. Once transfer of control is initiated, the first TSM establishes a communication channel and deletes its key from the secure element. The first TSM creates a temporary key that is encrypted with the zone master key established between the first TSM and the second TSM. The encrypted temporary key is communicated to the second TSM with a device identifier. The second TSM decrypts the temporary key using the zone master key and identifies the user device using the device identifier. The new TSM establishes a communication channel and deletes the temporary key from the secure element. The new TSM then inputs and saves its key into the secure element.

Abstract: Methods, systems, and techniques for sharing a remoted user interface are described. Example embodiments provide a Remote Session Sharing Protocol (“RSSP”) for sharing a remoted user interface and/or graphics of a same computer system operating system or application. Use of the RSSP enables server computing systems to optimize the utilization of frame buffers and state information when multiple clients connect to the same remote session (e.g., connect to the same user interface of an application or operating system) at substantially the same time.

Abstract: Methods, systems, and techniques for presenting dynamically changing images in a limited rendering environment are described. Example embodiments provide a client display manager that is configured to receive image blocks representing modifications or updates to a dynamically changing image. The client display manager may then layer the received image blocks upon one another, and then cause the layered image blocks to be presented on a display device as a single, composited image. In some embodiments, multiple image blocks may be coalesced or otherwise combined into a single image transmitted to the client display manager, where regions of the single image that are not occupied by the multiple image blocks are transparent.

Abstract: Methods, systems, and techniques for providing a pseudo permanent communications connection using temporary connection protocols are described. Example embodiments provide a Enhanced Communications Layer that provides such connections by means of a layer incorporated in the client side and server side communications stacks. The ECL maintains a pool of connections that are opened and used in a staggered fashion to reduce the amount of connection setup and teardown.

Abstract: Transferring control of a secure element between TSMs comprises a zone master key established between the TSMs that facilitates encryption of a temporary key. The TSMs create the zone master key prior to initiation of transfer of control. Once transfer of control is initiated, the first TSM establishes a communication channel and deletes its key from the secure element. The first TSM creates a temporary key that is encrypted with the zone master key established between the first TSM and the second TSM. The encrypted temporary key is communicated to the second TSM with a device identifier. The second TSM decrypts the temporary key using the zone master key and identifies the user device using the device identifier. The new TSM establishes a communication channel and deletes the temporary key from the secure element. The new TSM then inputs and saves its key into the secure element.

Abstract: A method is provided to remotely access an application hosted by a server and having a corresponding application graphical user interface (GUI) represented on the server, the method comprising: a client automatically sending GUI display update requests to the server throughout a duration of the access, the requests being HTTP requests over corresponding HTTP connections.

Abstract: A protected execution agent installs itself within a file system manager on the computer to control modifications to a protected execution environment by intercepting I/O requests from applications. If an unauthorized application attempts to modify the protected execution environment, the protected execution agent terminates the original I/O request and creates a redirected I/O request that specifies a corresponding directory path within an alternate environment. The requested I/O operation is a carried out by the file system against the alternate environment. A configuration utility is responsible for determining which installed applications are authorized to change the protected execution environment. The configuration utility also establishes a parent-child relationship between an unauthorized application that invokes or “spawns” an authorized application, with the authorized child application being considered unauthorized when performing processes on behalf of the unauthorized parent application.

Abstract: A protected execution agent installs itself within a file system manager on the computer to control modifications to a protected execution environment by intercepting I/O requests from applications. If an unauthorized application attempts to modify the protected execution environment, the protected execution agent terminates the original I/O request and creates a redirect I/O request that specifies a corresponding directory path within an alternate environment. The requested I/O operation is a carried out by the file system against the alternate environment. A configuration utility is responsible for determining which installed applications are authorized to change the protected execution environment. The configuration utility also establishes a parent-child relationship between an unauthorized application that invokes or “spawns” an authorized application, with the authorized child application being considered unauthorized when performing processes on behalf of the unauthorized parent application.

Abstract: A protected execution agent installs itself within a file system manager on the computer to control modifications to a protected execution environment by intercepting I/O requests from applications. If an unauthorized application attempts to modify the protected execution environment, the protected execution agent terminates the original I/O request and creates a redirected I/O request that specifies a corresponding directory path within an alternate environment. The requested I/O operation is a carried out by the file system against the alternate environment. A configuration utility is responsible for determining which installed applications are authorized to change the protected execution environment. The configuration utility also establishes a parent-child relationship between an unauthorized application that invokes or “spawns” an authorized application, with the authorized child application being considered unauthorized when performing processes on behalf of the unauthorized parent application.

Abstract: A protected execution agent installs itself within a file system manager on the computer to control modifications to a protected execution environment by intercepting I/O requests from applications. If an unauthorized application attempts to modify the protected execution environment, the protected execution agent terminates the original I/O request and creates a redirected I/O request that specifies a corresponding directory path within an alternate environment. The requested I/O operation is a carried out by the file system against the alternate environment. A configuration utility is responsible for determining which installed applications are authorized to change the protected execution environment. The configuration utility also establishes a parent-child relationship between an unauthorized application that invokes or “spawns” an authorized application, with the authorized child application being considered unauthorized when performing processes on behalf of the unauthorized parent application.

Abstract: A computerized method and system to communicate information between a supported client computer and a remote support organization have been described. At the supported client computer, status information, generated by one or more client applications when executing on the supported client computer, may be retrieved. The status information may be stored in a client database on the supported client computer. A first client database definition for a client data item may be mapped to a first tag, the first client database definition may be associated with the client database and the client data item may include the status information. A client message document including the first tag may be communicated to a support server of the remote support organization. The status information may be stored in, and retrieved from, the client database via a functional abstraction layer comprising one or more customized application program interfaces (API).

Abstract: A layered message architecture has been described that communicates status data from a client computer to a server through a remote support network. A database interface layers isolate the remaining layers of the architecture from the underlying client and server database systems. A mapping layer allows the exchange of data and instructions between the client and server without reference to the underlying data structures particular to each computer.

Abstract: A protected execution agent installs itself within a file system manager on the computer to control modifications to a protected execution environment by intercepting I/O requests from applications. If an unauthorized application attempts to modify the protected execution environment, the protected execution agent terminates the original I/O request and creates a redirected I/O request that specifies a corresponding directory path within an alternate environment. The requested I/O operation is a carried out by the file system against the alternate environment. A configuration utility is responsible for determining which installed applications are authorized to change the protected execution environment. The configuration utility also establishes a parent-child relationship between an unauthorized application that invokes or “spawns” an authorized application, with the authorized child application being considered unauthorized when performing processes on behalf of the unauthorized parent application.