A piece of electronic equipment including a first subsystem such as a touch-sensitive tablet and a second subsystem such as a payment terminal. The first sub-system embeds a first operating system for managing the power consumption of the first subsystem. The second subsystem embeds a specific and secure operating system capable of executing payment transactions. Since the two subsystems execute two different operating systems, an operating state of one of the subsystems may not allow the required service to be implemented if this requires the use of resources implemented by both of the two subsystems. Thus the first and second subsystems exchange data relating to their respective operating state and, where appropriate, change their current operating state as a function of the data relating to an operating state of the other subsystem thus exchanged.

Various embodiments for contextual tapping engines. For example, an application executing on a computing device may authenticate credentials associated with an account and detect a tap of a contactless card to the computing device. The application may receive, from a communications interface of the contactless card, action data used to determine an action associated with the tap of the contactless card to the computing device. The application may determine a context of the application based on a current output of the application. The application may determine, based on the action data, the determined context, and data associated with the account, a first action associated with the tap of the contactless card to the computing device, the first action associated with at least one of the application and an operating system (OS). The application may initiate performance of the first action based on the tap of the contactless card.

A portable apparatus includes one or more biometric sensors, one or more memories, and one or more processors operative to execute program instructions from the one or more memories. A public key infrastructure (PKI) certificate, which is stored in the one or more memories, includes a first code derived from encoding a first biometric digital signature of a person who has been registered and authorized to use the portable apparatus. The one or more processors cause the portable apparatus to acquire, by the one or more biometric sensors, biometric pattern of a person who attempts to access the portable apparatus; determine whether the biometric pattern is matched with the first biometric digital signature and the first code; and in response to determining that the biometric pattern is matched with the first biometric digital signature and the first code, transmit authentication information to a remote server over a network.

Some examples include establishing a secure communication session between a mobile device and a card reader. For instance, a trusted, remote validation server may be used to validate security information of a software module executing on the mobile device prior to the card reader and the software module establishing a secure communication session with each other. In some cases, the software module sends the security information of the software module to the validation server. The secure communication session between the software module and the card reader may be established based on a validation result of a validation process indicating that the security related information of the software module has been determined to be valid by the validation server.

Techniques described herein are directed to embedded card reader security. In an example, personal account number data read from a payment instrument may be temporally and/or spatially separated from personal identification number data utilized to complete a payment for products. Temporal separation may include removing the personal account number data from a merchant device prior to request personal identification number data. Spatial separation may include utilization of trusted execution environments, separated embedded card reader applications, intermediary applications, and/or trust routines, for example to enable different components of a merchant device, and/or components of other devices and systems to handle personal account number data and personal identification number data.

The present invention relates to a system and a method for authenticating an electronic money using a smart card and a communication terminal. The present invention provides a system and a method for authenticating an electronic money, wherein the system comprises a smart card and a communication terminal. The smart card takes biometric signature from a user as an input, transmits recognition completion information to the communication terminal when the biometric signature inputted by the user matches the stored biometric signature, receives an update command from the communication terminal, updates the amount of stored balance data, and transmits an update completion message to the communication terminal. The communication terminal is connected to the smart card in a wired or wireless manner, and transmits the update command to the smart card upon receipt of the recognition completion information.

An information processing apparatus is provided. The information processing apparatus includes an electronic money unit including a processor, a memory configured to store a balance of electronic monetary value, a terminal communication unit configured to receive a first command from an electronic money terminal using a terminal antenna, a mobile communication unit including a phone antenna for mobile communication via a base station; an interface unit configured to receive a second command from an electronic money server through an encrypted connection over the mobile communication; wherein the processor is configured to change the balance of electronic monetary value in response to at least one of the first command and the second command.

A secure PIN entry to verify the cardholder in over-limit transactions of mobile devices receiving payment via POS software. The system includes a POS application installed in the mobile device, which allows payment to be received and which is managed by the server application, an L3 business layer that manages the user interface, experience, and workflows of POS application, a POS memory which enables the software operation of security, key creation and cryptographic algorithms for POS application, a POS security layer which ensures that payment is made safely through POS memory, a PIN application that provides the user interface for secure PIN entry and securely forwards PIN entry to the POS application, a PIN memory which enables the software operation of security, key creation and cryptographic algorithms for PIN application, and a PIN security layer that enables secure reception and transmission of the PIN through the PIN memory.

An information processing apparatus and an information processing system that enable a settlement at a real shop without complicated operation is proposed. There is provided an information processing apparatus including: a unique information acquisition unit that acquires unique information, regarding a settlement at a real shop, generated by a user terminal via a real-shop terminal; a verification unit that verifies the unique information; and a settlement processing unit that sends the unique information to a settlement service provider so that the settlement service provider performs settlement processing on the basis of the unique information.

Embodiments leverage the PCI-DSS validation of a backend transaction processing system to avoid the payment application having to meet the PCI compliance reporting requirements of the PCI-DSS. When the payment application needs to collect Sensitive Data for a transaction, the payment application makes a request to the payment library, which in turn requests from the backend system a secure web page including fields for the user to enter the specific Sensitive Data to be collected and typically also including a public encryption key generated specifically for the secure web page. The payment library causes the secure web page to be rendered, thereby allowing the user to enter the required information. Upon completion of such data entry, the data entered via the secure web page is pushed back through the payment library to the backend system for processing. The backend system can decrypt the encrypted data using the private key associated with the public/private encryption key pair.