Abstract: A user requests to utilize anonymized user data to conduct a transaction. The anonymized user data keeps the user's sensitive data private, while still allowing certain entities to perform fraud analyses. The user configures a specific combination of user data elements to be anonymized prior to or at the time of the transaction. In some embodiments, the specific combination may be associated with a location or merchant type, which can also be selected by the user. The registration of a password associated with the anonymized user data may further increase security of the transaction.

Abstract: Techniques described herein include a platform and process for provisioning user information onto a machine-to-machine device in order to enable the machine-to-machine device to conduct transactions utilizing the user information. In some embodiments, a user device is used to relay information between a machine-to-machine device and a provisioning service provider computer. In some embodiments, a machine-to-machine device is connected to the provisioning service provider computer via a network connection. Upon receiving a request to provision the machine-to-machine device, the service provider computer may identify the device from a device identifier. The service provider computer may generate an access credential or token for the machine-to-machine device. The access credential, token, and/or one or more policies may be provisioned onto the machine-to-machine device.

Abstract: A method for confirming that a user interacted with a resource provider before allowing the user to submit feedback associated with the resource provider is disclosed. A social network provider can query entities that are aware of the user's interaction history before activating a feedback function. Also, non-sensitive information can be used to identify the user.

Abstract: Embodiments of the invention provision multiple payment tokens on a communication device. The communication device may be provisioned with multiple limited use keys (LUK), each LUK being associated with a specific type of transaction. When the communication device is used for a transaction, the communication device automatically determines a type of the transaction and selects an appropriate LUK based on the determined transaction type. The selected LUK may be used to create a cryptogram, which can be used to verify the transaction.

Abstract: A mobile phone is disclosed. The mobile phone may receive a first request to generate an initial scannable image, and a second request to generate modified scannable image. The modified scannable image can include a static portion that corresponds to a static portion of the initial scannable image. The modified scannable image may also include another portion that has a different appearance than a corresponding portion of the initial scannable image.

Abstract: A method for requesting a credential associated with token in a multiple token layer environment is disclosed. A tokenization certificate serves to validate the identity of a credential requestor and provide information about the requestor's authorization for de-tokenizing a token. Also, a public key in the tokenization certificate is used to encrypt the credential for secure transmission to the requestor.

Abstract: Systems and methods for generating a token are provided. An access device may receive, from a token vault computer, an encryption key and a credential identifier. The access device may generate a token using the encryption key and a current time. The access device may then transmit the token, the current time, and the credential identifier to the token vault computer. The token vault computer may receive the token, a current time, and a credential identifier. The token vault computer may retrieve an encryption key associated with the received credential identifier. The token vault computer may then validate the token based at least in part on the received current time and the retrieved encryption key.

Abstract: Embodiments of the present invention are directed to methods, systems, apparatuses, and computer-readable mediums for generating and providing a transaction token that may provide contextual information associated with the token. Accordingly, the transaction token may provide any entities within a transaction processing system immediate information about the context in which the token was generated, how the token may be used, and any other information that may be pertinent to processing the token.

Abstract: A method for providing a token revocation list is disclosed. The method includes maintaining a status for each of a plurality of tokens in a token revocation database. Token validation requests are received, and the statuses of payment tokens can be determined. Response messages with the statuses of the payment tokens are then sent to token status requesters so that they may make decisions on whether or not to use them to process transactions.

Abstract: Embodiments automatically select one of the multiple pre-generated payment cards provisioned on a mobile device. The multiple pre-generated payment cards (real or virtual) may each have a different credit limit. The mobile device may automatically select one of the multiple payment cards based on a transaction value of a transaction that is being conducted. An available credit limit of the selected payment card may be equal to or slightly greater than the transaction value. In some embodiments, the available credit limit of the selected payment card may be closer to the transaction value than the available credit limits of the remaining payment cards. In some embodiments, the different payment cards may be provisioned in a chip-and-pin based smart credit card or mobile wallet.

Abstract: Embodiments use a vehicle as a payment instrument to complete a payment transaction. A vehicle interface device (VID) coupled to the vehicle is used for transmitting payment account information to a merchant access device. The VID may be registered to the specific vehicle identification number (VIN) of the vehicle. Prior to transmitting the payment account information to the merchant access device, the VID may ensure that a mobile communication device is within the vehicle and/or that the VID is coupled to the correct vehicle. For example, the VID may compare the VIN of the vehicle to the VIN that is programmed to the VID. When the colocation of the VID with the mobile communication device and/or the correct vehicle is confirmed, the VID may forward payment account information to the merchant access device.

Abstract: Steganographic techniques are used to embed financial information or authentication information within an image, audio, or video file using a quantization table and/or other filter. The file is then transmitted over an insecure network, such as a GSM cell phone network, and a server extracts the information from the image, audio, or video using the same quantization table and/or filter. Multiple sets of information, such as telephone numbers and/or payment account numbers, are extracted from the same image by those entities possessing the appropriate keys. The filters and tables used to embed financial information can be updated periodically or according to events. A video of images, some with embedded information, some with ‘dummy’ data, can be used to hide information over insecure networks for payment transactions.

Abstract: Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.

Abstract: Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item.