Abstract: Disclosed are various examples for facilitating enrollment of a client device into more than one management framework. A client device can be enrolled with a management service as a fully managed device. The client device can also be enrolled with the management service as a personal or bring-your-own-device (BYOD), which causes a workspace to be created on the device that is segregated from the rest of the client device. Both enrollments can be managed by a remotely executed management service.

Abstract: Examples described herein include systems and methods for providing on-demand access to a restricted resource of a user device. An example method can include generating a profile that specifies a restricted resource and one or more conditions for that resource to be de-restricted. The profile can be sent to, and utilized by, an agent application executing on the user device. The agent application can determine that a user is requesting de-restriction of a resource and determine whether all applicable conditions are met. If the conditions are met, the agent application can de-restrict the resource. After the resource is used, the agent application can report details of the use to an administrator or management server.

Abstract: Techniques herein describe a method comprising: receiving, at an service provider computer, a resource provider account identifier maintained by an account entity from a resource provider device, the resource provider account identifier being associated with a resource provider; determining, by the service provider computer, if one or more processing networks are capable of processing transactions with the account entity; determining, by the service provider computer, that at least two processing networks of the one or more processing networks is capable of processing transactions with the account entity; and transmitting, by the service provider computer, a resource provider code to at least one of the at least two processing networks, wherein the resource provider code can be used by the least two processing networks to process transactions with the account entity.

Abstract: Techniques for enhancing the security of storing sensitive information or a token on a communication device may include sending a request for the sensitive information or token. The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.

Abstract: A method is disclosed and includes receiving a token request message in response to a user interaction of a first user. The method also comprises obtaining a token in response to receiving the token request message; transmitting the token to a resource provider, where the resource provider stores the token, provides a notification to a user communication device of a second user, receives a response to the notification, and then transmits an authorization request message comprising the token. The method also includes receiving the authorization request message comprising the token, detokenizing the token to a real credential, and transmitting a modified authorization request including the real credential to an authorizing entity computer for authorization.

Abstract: Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for providing a token service environment that allows a token requesting party (e.g. token requestor) to specify parameters for token generation for controlling and customizing the token generation process. For example, the token requesting party may specify (e.g. select from a list or provide a list of) the accounts for tokenization. The accounts may be identified by account identifiers (e.g. account numbers) or bank identification numbers (BINs). The token requesting party may also specify encryption keys for the tokens to be generated. The token requesting party may also specify additional parameters such as notification thresholds indicating when notifications associated with the tokens are to be generated.

Abstract: Techniques for enhancing the security of storing sensitive information or a token on a communication device may include sending a request for the sensitive information or token. The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.

Abstract: Disclosed are various examples for facilitating enrollment of a client device into more than one management framework. A client device can be enrolled with a management service as a fully managed device, the client device can also be enrolled with the management service as a personal or bring-your-own-device (BYOD), which causes a workspace to be created on the device that is segregated from the rest of the client device. Both enrollments can be managed by a remotely executed management service.

Abstract: Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for providing a token service environment that allows a token requesting party (e.g. token requestor) to specify parameters for token generation for controlling and customizing the token generation process. For example, the token requesting party may specify (e.g. select from a list or provide a list of) the accounts for tokenization. The accounts may be identified by account identifiers (e.g. account numbers) or bank identification numbers (BINs). The token requesting party may also specify encryption keys for the tokens to be generated. The token requesting party may also specify additional parameters such as notification thresholds indicating when notifications associated with the tokens are to be generated.

Abstract: Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for providing a token service environment that allows a token requesting party (e.g. token requestor) to specify parameters for token generation for controlling and customizing the token generation process. For example, the token requesting party may specify (e.g. select from a list or provide a list of) the accounts for tokenization. The accounts may be identified by account identifiers (e.g. account numbers) or bank identification numbers (BINs). The token requesting party may also specify encryption keys for the tokens to be generated. The token requesting party may also specify additional parameters such as notification thresholds indicating when notifications associated with the tokens are to be generated.

Abstract: Techniques for enhancing the security of storing sensitive information or a token on a communication device may include sending a request for the sensitive information or token. The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.

Abstract: Techniques for enhancing the security of storing sensitive information or a token on a communication device may include sending a request for the sensitive information or token. The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.

Abstract: Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for providing a token service environment that allows a token requesting party (e.g. token requestor) to specify parameters for token generation for controlling and customizing the token generation process. For example, the token requesting party may specify (e.g. select from a list or provide a list of) the accounts for tokenization. The accounts may be identified by account identifiers (e.g. account numbers) or bank identification numbers (BINs). The token requesting party may also specify encryption keys for the tokens to be generated. The token requesting party may also specify additional parameters such as notification thresholds indicating when notifications associated with the tokens are to be generated.

Abstract: Techniques for enhancing the security of storing sensitive information or a token on a communication device may include sending a request for the sensitive information or token. The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.

Abstract: Systems and methods for facilitating a user transaction are provided. A communication device may select an access device from a plurality of access devices. The communication device may establish a secure connection to the access device using a secure file transfer protocol supported by a wireless data protocol. The communication device may transmit a payment credential from the communication device to the access device using the secure file transfer protocol. The access device may broadcast a communication indicating connection readiness using the wireless data protocol. In response to receiving a request from the communication device, the access device may establish a secure connection with the communication device using the secure file transfer protocol. The access device may receive a payment credential via the secure file transfer protocol.

Abstract: An issuer computer may store a primary account number, and may generate a series of first payment tokens for a plurality of payment devices used by a consumer. The issuer computer may then provide the first payment tokens to a payment processing server computer. The payment processing server computer may then generate a plurality of second payment tokens corresponding to the first payment tokens. The second payment tokens may then be provisioned onto the consumer's payment devices.