The present invention relates to authorising access to data (132) associated with a user. Aspects of the invention provide a computer-implemented method, computer software, a system and a computing device. The method comprises receiving, at an application server (120) from a first device (110), a request to access the data (132) associated with the user. The data (132) is hosted at a data server (130) external to the application server (120). The application server (120) provides an authorisation request (510) to an authorisation server (140); and the authorisation request is transmitted from the authorisation server (140) to an authorisation application (310) executed on a second device (150) associated with the user. The authorisation application (310) executed on the second device (150) sends, in response to receiving the authorisation request, a redirect authorisation request (520) to a second application (320) executed on the second device (150), the second application (320) being associated with the data server (130). The request is authorised at the second device (150) by the second application (320), in dependence on an authorisation input from the user at the second device (150). In response to the authorisation of the request the second application (320) provides an access token to the application server (120) via the authorisation server (140), the access token being configured to enable access by the application server (120) to the data associated with the user.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for interconnecting devices. One of the methods includes authenticating, by a security platform, a user. The method includes generating, by the security platform, an authentication token for the user. The method includes receiving a selection of an IoT application by the user, the IoT application configured to control an IoT device. The method includes providing, by the security platform, the authentication token to the IoT application to authenticate the user with the selected application. The method also includes providing, by the selected application, control of the IoT device to the user.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for interconnecting devices. One of the methods includes authenticating, by a security platform, a user. The method includes generating, by the security platform, an authentication token for the user. The method includes receiving a selection of an IoT application by the user, the IoT application configured to control an IoT device. The method includes providing, by the security platform, the authentication token to the IoT application to authenticate the user with the selected application. The method also includes providing, by the selected application, control of the IoT device to the user.

A digital key service device includes a casing, an input device, a data storage unit and a controlling unit. The input device is disposed near the casing or mounted on the casing, and configured to receive a user operation input. The data storage unit is disposed in the casing, and configured to store digital data and a digital key. The controlling unit is disposed in the casing, and configured to use the digital key to perform a digital key service or output the digital data to a host when authentication is complete. The authentication includes an operation verification procedure for verifying the user operation input. The authentication is complete when the controlling unit determines that the user operation input conforms to a preset timing-based input set.

Techniques are disclosed relating to a method that includes, in response to a request from a user to complete a secure transaction, determining, by a computer system, that a plurality of transaction options is available for completing the secure transaction. The method further includes generating, by the computer system, a plurality of authentication codes, each authentication code of the plurality corresponding to a respective one of the plurality of transaction options. Receiving a particular authentication code of the plurality of authentication codes from a computing device associated with the user causes a selection of a corresponding transaction option.

Secure registration of a new application with a server system is provided. An old application has been registered with the system. A first link between the new application and the system establishes a first key and first check data is communicated from the system to the new application and passed to the old application. A second link between the old application and the system establishes a second key based on input of a credential to the old application; the first check data is communicated from the old application to the system. Enciphered second check data is communicated from the system to the old application over the second link and further encrypted by the old application using a third key. This generates doubly-enciphered check data which is passed to the new application and decrypted using the first key and a fourth key, generated at the new application based on the first check data and input of the credential to the new application.

Secure registration of a new application with a server system is provided. An old application has been registered with the system. A first link between the new application and the system establishes a first key and first check data is communicated from the system to the new application and passed to the old application. A second link between the old application and the system establishes a second key based on input of a credential to the old application; the first check data is communicated from the old application to the system. Enciphered second check data is communicated from the system to the old application over the second link and further encrypted by the old application using a third key. This generates doubly-enciphered check data which is passed to the new application and decrypted using the first key and a fourth key, generated at the new application based on the first check data and input of the credential to the new application.

A system for granting access to an account at an access device includes a computer server having a hardware processor and a memory storing a software code. The hardware processor executes the software code to receive a login request from the access device through a first communications socket, open a second communications socket between the access device and the computer server, transmit a verification request message including a required call-to-action to a verification device through a third communications socket, and receive a verification response message verifying that the required call-to-action has been completed at the verification device. Upon receiving the verification response message, the software code sends an access token for accessing the account to the access device through the second communications socket, receives the access token from the access device, and grants the access device access to the account.

A system for granting access to an account at an access device includes a computer server having a hardware processor and a memory storing a software code. The hardware processor executes the software code to receive a login request from the access device through a first communications socket, open a second communications socket between the access device and the computer server, transmit a verification request message including a required call-to-action to a verification device through a third communications socket, and receive a verification response message verifying that the required call-to-action has been completed at the verification device. Upon receiving the verification response message, the software code sends an access token for accessing the account to the access device through the second communications socket, receives the access token from the access device, and grants the access device access to the account.

A method and apparatus for establishing a trust relationship between users is disclosed. The apparatus includes at least two user devices containing the Application, a service provider server (SPS) comprising an application programming interface (API), a network communicably coupling the sender device, the receiver device and the SPS, and an out-of-band (OOB) channel, separate from the network, communicably coupling the sender device and the receiver device. The method includes obtaining a receiver's Public Key provided by an Application Programming Interface (API) on an service provider server, encrypting a verification message with the Receiver's Public key and the Sender's Private Key, sending the encrypted verification message from the Sender's device to the Receiver's device through the out-of-band channel, decrypting the encrypted verification message using Receiver's Private Key and Sender's Public Key, and communicating decrypted verification message via out-of-band channel.