A provisioning agent for provisioning a Digital Payment Device (DPD) which includes a Digital Transaction Processing Unit (DTPU) operable to host one or more transaction applications, the DTPU being further operable to adopt at least one transaction application selected from the one or more transaction applications, the DPD operable for a digital transaction with a Digital Transaction Device (DTD) using the adopted at least one transaction application, the provisioning agent being operable to provide provisioning data to the DPD, the DPD further including apparatus operable to receive the provisioning data, the provisioning data being operable to provide one or more functions to the DPD, the provisioning agent being operable to: prepare one or more first digital objects, receive one or more second digital objects from a second provisioning agent, include at least one of the one or more first digital objects and at least one of the one or more second digital objects in the provisioning data.

A Digital Payment Device (DPD) including a Digital Transaction Processing Unit (DTPU), wherein the DPD includes a first cryptographic key stored in a secure storage area of the DPD, wherein the first cryptographic key matches a second cryptographic key stored on the DTPU, the second cryptographic key being associated with a security domain of the DTPU, wherein the first cryptographic key enables encryption for a digital object, such that the digital object is authenticatable against the second cryptographic key.

A Digital Transaction Processing Unit (DTPU) operable to host one or more transaction applications for digitally transacting with a Digital Transaction Device (DTD), the DTPU including a security hierarchy for hosting the one or more transaction applications, wherein the security hierarchy is configured to host at least one transaction application for transacting in contact digital transactions.

A Digital Transaction Processing Unit (DTPU) operable to host one or more containers, the DTPU further operable to host one or more transaction applications operable for digital transactions with a Digital Transaction Device (DTD), each transaction application derived from one of the one or more containers for installation on the DTPU, wherein the DTPU is operable to reversibly place at least one of the one or more containers into an inactive state such that the at least one container is inoperable to be used to install a transaction application on the DTPU.

A Digital Transaction Processing Unit (DTPU) including a plurality of transaction applications operable for a digital transaction with a Digital Transaction Device (DTD), each of the plurality of transaction applications being associated with a tokenised primary identifier.

A Digital Transaction Processing Unit (DTPU) operable to host one or more transaction applications, the DTPU further operable to reversibly unlock at least one of the one or more transaction applications, wherein each unlocked transaction application is operable for a digital transaction with a Digital Transaction Device (DTD).

Disclosed are a system and methods enabling updating of a card number of a payment card and thereby reissuing the payment card utilizing a reissue application associated with the payment card. The reissue application, when executed communicates with a service provider that manages the payment card. The payment card includes processing circuitry and a rewriteable visual display. Using cryptographic techniques, the reissue application and payment card are authenticated to the service provider. Upon verification, an updated card number is obtained and provided via near-field communication to the payment card. In response to the update payment card number received from the reissue application, the rewriteable visual display on the payment card is updated with the updated card number. Other information may also be presented on the rewriteable visual display of the payment card based on user preferences.

Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. An ICC Master Key corresponding to the payment application is held by a trusted authority, such as the issuing bank. The trusted authority is adapted generate time-limited session keys on the basis of the ICC Master Key and distribute session keys to the payment application. Receipt of a session key by the payment application enables the payment application to conduct an EMV payment transaction. The session key is used to authorize a single EMV payment transaction.

A smart card, a method for outputting validation data, and a method for responding to an operation request are provided. The method for outputting validation data includes acquiring an operation request by a smart card; acquiring smart card operation information of the smart card by the smart card, after acquiring the operation request, wherein the smart card operation information comprises at least a smart card mode factor for indicating a working mode of the smart card, and the working mode of the smart card comprises a non-contact communication mode and/or a contact communication mode; acquiring a validation data generating strategy, and using the validation data generating strategy to process at least the smart card operation information to obtain validation data by the smart card; outputting the validation data by the smart card after obtaining the validation data.

A method for providing and checking the validity of a virtual document on a first computer system is disclosed. The virtual document is provided by means of a mobile second computer system for a first computer system. The method includes receiving a password-protected storage address of a first database at which the virtual document can be read, reading the virtual document, displaying the virtual document on a display of the first computer system, receiving a unique second identifier of the mobile second computer system, calculating a third identifier using the received second identifier and a hash value of the virtual document, identifying the database entry of the second database in which a first identifier of a first pairing consisting of the mobile second computer system and the first virtual document is stored, comparing the calculated third identifier with the first identifier stored in the identifier database entry.