Virtual pos terminal method and apparatus

1 - 25 . (canceled) 26 . A mobile computing system comprising: a rich execution environment (REE) to communicatively couple with a trusted execution environment (TEE) during operation of the mobile computing system, the TEE and the REE are to operate in isolation from one another; the REE is arranged to operate a point of sale (POS) client, the POS client is to provide a user input to a virtual POS terminal (vPOS) operating within the TEE; and the TEE is arranged to operate the vPOS to: authenticate a user of the mobile computing system based on the user input, process a transaction while a trusted state with a cloud POS service is maintained, and prevent access to the vPOS when the trusted state with the cloud POS service is not maintained. 27 . The computing system of claim 26 , wherein maintenance of the trusted state with the cloud POS service takes place over a network connection between the vPOS and the cloud POS service. 28 . The computing system of claim 26 , wherein the TEE further includes a cloud POS service security domain (SD), and maintenance of the trusted state with the cloud POS service takes place between the vPOS and the cloud POS service SD. 29 . The computing system of claim 26 , wherein, to prevent access to the vPOS, the vPOS is to transition from an active state to an inactive state. 30 . The computing system of claim 26 , wherein the POS client is to: receive a transaction initiation, the transaction initiation indicates one or more payment options to be used for the transaction; receive another user input indicating a selected payment credential from among the one of the one or more payment options; provide an indication of the selected payment credential to the vPOS. 31 . The computing system of claim 30 , wherein the selected payment credential defines authentication parameters required to validate an identity of a party to the transaction, and the vPOS is to: provide the authentication parameters for transmission to another computing system operated by the party to the transaction; receive a first cryptographic certificate based on the authentication parameters from the other computing system; decrypt the first cryptographic certificate to validate the identity of the party to the transaction, and upon validation of the identity, generate and encrypt transaction data, the transaction data including a second cryptographic certificate, payment credential transaction terms defined by the authentication parameters, and an authentication challenge. 32 . The computing system of claim 31 , wherein the POS client is to: receive an authentication solicitation upon proper decryption of the second cryptographic certificate by the other computing system; and after proper decryption of the authentication challenge and in response to authentication solicitation, generate and render a user interface to obtain the user input to authenticate the user. 33 . The computing system of claim 32 , wherein the vPOS is to: receive, from the other computing system, updated transaction terms upon validation of the user, the updated transaction terms being based on a combination of the payment credential transaction terms and transaction terms of the other computing system; process the transaction according to the payment credential transaction terms when the vPOS denies the updated transaction terms; and process the transaction according to the updated transaction terms when the vPOS accepts the updated transaction terms. 34 . The computing system of claim 33 , wherein the vPOS is to: receive a personal identification number (PIN) block from the other computing system; and upon a proper decipher of the PIN block, generate payment data to include a digital signature associated with the payment credential. 35 . The computing system of claim 29 , wherein the transaction initiation includes a transaction amount of the POS transaction and a currency value to be used to process the POS transaction. 36 . One or more non-transitory computer-readable media (NTCRM) comprising instructions for a virtual point of sale terminal (vPOS), wherein execution of the instructions by a trusted execution environment (TEE) is to cause the TEE to: obtain a user input from a point of sale (POS) client that is to operate within a rich execution environment (REE), the REE is to operate in isolation from the TEE; authenticate a user of a mobile computing system based on the user input; process a transaction while a trusted state with a cloud POS service is maintained; and prevent access to the vPOS when the trusted state with the cloud POS service is not maintained. 37 . The one or more NTCRM of claim 36 , wherein the TEE further includes a cloud POS service security domain (SD), and maintenance of the trusted state with the cloud POS service takes place between the vPOS and the cloud POS service SD via a network connection between the vPOS and the cloud POS service. 38 . The one or more NTCRM of claim 36 , wherein the REE and the TEE are implemented in a same mobile computing system. 39 . The one or more NTCRM of claim 36 , wherein the REE is implemented in a mobile computing system and the TEE is implemented by one or more compute nodes of a cloud computing service. 40 . The one or more NTCRM of claim 36 , wherein execution of the instructions is to cause the TEE to: receive an indication of a selected payment credential from the POS client, wherein the selected payment credential defines authentication parameters required to validate an identity of a party to the transaction; send the authentication parameters to a computing system operated by the party to the transaction; receive a first cryptographic certificate based on the authentication parameters from the computing system operated by the party to the transaction; decrypt the first cryptographic certificate to validate the identity of the party to the transaction; upon validation of the identity of the party to the transaction, generate and encrypt transaction data, the transaction data including a second cryptographic certificate, payment credential transaction terms defined by the authentication parameters, and an authentication challenge; receive, from the computing system operated by the party to the transaction, updated transaction terms upon validation of the user, the updated transaction terms being based on a combination of the payment credential transaction terms and transaction terms of the other computing system; process the transaction according to the payment credential transaction terms when the vPOS denies the updated transaction terms; and process the transaction according to the updated transaction terms when the vPOS accepts the updated transaction terms. 41 . A method of operating a point of sale terminal (POS) client, the POS client is to operate within a rich execution environment (REE) of a mobile computing system, the REE being isolated from a trusted execution environment (TEE), the method comprising: receiving a transaction initiation from a remote computing system; generating and rendering a graphical user interface (GUI) in response to receipt of the transaction initiation, the GUI including one or more graphical control elements (GCEs) for selection of a credential; obtaining, via the GUI, an indication of a selected credential in response to a selection of a GCE of the one or more GCEs; providing the indication of the selected credential to a virtual POS terminal (vPOS) operating within the TEE to process the transaction. 42 . The meth