Abstract: A method of performing a contactless transaction between a payment device and a terminal is described. The method comprises establishing a data connection between the payment device and the terminal and then establishing if the payment device and the terminal both support an enhanced security architecture. If they do not, they will then perform the contactless transaction according to a basic transaction flow using a first cryptographic system. If they do, they will perform the contactless transaction according to an enhanced transaction flow using a second cryptographic system. The first cryptographic system and the second cryptographic system comprise different asymmetric cryptographic systems. Suitable payment devices and terminals, and methods at the payment devices and terminals, are described.

Abstract: Methods and devices are provided for use in carrying out a transaction between a transaction device and a point of interaction. In connection therewith, a device for interacting with a point of interaction to carry out a transaction by a consumer includes a processor comprising a payment application and a system environment module, where the system environment module is configured to determine whether the payment application is eligible for a transaction. The device also includes an input in communication with the processor and configured to receive transaction data from a point of interaction in connection with the transaction, and an output in communication with the processor and configured to transmit transaction data to the point of interaction in connection with the transaction when the system environment module determines that the payment application is eligible for the transaction.

Abstract: A method for generating cryptograms in a webservice environment includes: receiving, in a first environment of a computing system, a credential request transmitted by an external computing device using a secure communication protocol, the credential request including a transaction identifier and account identifier; transmitting, by the first environment, a data request to a second environment of the computing system, the data request including the account identifier; receiving, by the first environment, an account profile and session key from the second environment; transmitting, by the first environment, a cryptogram request to a third environment of the computing system, the cryptogram request including the account profile and session key; receiving, by the first environment, a cryptogram from the third environment generated using the account profile and session key; and transmitting, by the first environment, the cryptogram and transaction identifier to the external computing device via the secure communic

Abstract: A method for generating payment credentials in a payment transaction includes: storing, in a memory, at least a single use key associated with a transaction account; receiving, by a receiving device, a personal identification number; identifying, by a processing device, a first session key; generating, by the processing device, a second session key based on at least the stored single use key and the received personal identification number; generating, by the processing device, a first application cryptogram based on at least the first session key; generating, by the processing device, a second application cryptogram based on at least the second session key; and transmitting, by a transmitting device, at least the first application cryptogram and second application cryptogram for use in a payment transaction.

Abstract: Systems and methods are provided for extending dialogue between a mobile device and a point-of-interaction (POI). One example computer-implemented method includes receiving, by a conduit server, from the POI, via a first connection between the conduit server and the POI, a request for an extended connection between the POI and the mobile device, and notifying a host server of the request. The method then includes receiving, from the mobile device, via a second connection between the conduit server and the mobile device, an identifier for the mobile device and pairing, based on the identifier, the first and second connections, to establish a wireless connection between the POI and the mobile device, via the conduit server. The method further includes submitting a wake-up call to the mobile device, whereby the mobile device publishes the identifier to establish a wireless connection directly between the POI and the mobile device.

Abstract: Systems and methods are provided for use in extending dialogue between a mobile device and a point-of-interaction. One exemplary computer-implemented method includes receiving, at a point-of-interaction (POI) computing device, an identifier for an interaction with a user where the identifier is specific to a card associated with an account of the user or to the user in general, and submitting, by the POI computing device, a request for the identifier to a registration database to determine whether the account is registered for one or more services. The method then includes, in response to the request, receiving an encrypted action (associated with a service), encoding, by the POI computing device, a receipt for the interaction, and transmitting, by the POI computing device, the encoded receipt and the encrypted action to a host server for initiating the encrypted action between the POI computing device and a mobile device associated with the user.

Abstract: Systems and methods are provided for facilitating biometric-enabled network interactions. One example computer-implemented method includes receiving, at a biometric identity switch (BIS) computing device, from a point-of-sale (POS) terminal of a merchant, a request for an authorization packet for a transaction between the merchant and a user and identifying a biometric provider associated with a biometric in the request. The method also includes requesting, by the BIS computing device, from the identified biometric provider, a biometric identifier for the user, based on the biometric, receiving the biometric identifier from the identified biometric provider, determining the authorization packet for the user based on the biometric identifier, and transmitting the authorization packet to the POS terminal for use by the POS terminal in compiling an authorization request for the transaction.

Abstract: A method for generating cryptograms in a webservice environment includes: receiving, in a first environment of a computing system, a credential request transmitted by an external computing device using a secure communication protocol, the credential request including a transaction identifier and account identifier; transmitting, by the first environment, a data request to a second environment of the computing system, the data request including the account identifier; receiving, by the first environment, an account profile and session key from the second environment; transmitting, by the first environment, a cryptogram request to a third environment of the computing system, the cryptogram request including the account profile and session key; receiving, by the first environment, a cryptogram from the third environment generated using the account profile and session key; and transmitting, by the first environment, the cryptogram and transaction identifier to the external computing device via the secure communic

Abstract: A method for generating transaction credentials for a user in a transaction, comprising: storing in a mobile device, an encrypted session key, and an encrypted user authentication credential; receiving an authorisation request; initiating a user authorisation process wherein in the event that the user is an authenticated user, the method comprises: decrypting the encrypted session key and encrypted user authentication credential; generating a transaction cryptogram in dependence on the user authentication credential and the session key; transmitting the transaction cryptogram and a user authentication status to a transaction processing entity for use in a transaction.

Abstract: A method for facilitating a transaction with a one-time number includes: receiving a first transaction request, wherein the first transaction request includes a plurality of data elements including at least a first data element configured to store a zero transaction amount and a second data element configured to store a primary account number; parsing the primary account number stored in the second data element included in the received first transaction request; generating a one-time value, wherein the one-time value includes a predetermined number of digits and a subset of the predetermined number of digits is a reference to the processing server; storing a data entry comprised of at least the parsed primary account number and the generated one-time value; and transmitting the generated one-time value in response to the received first transaction request.

Abstract: A method for a goods manager to authenticate products at the point of sale is provided. The method comprises: providing an authentication device to a merchant, wherein the authentication device is not associated with a product but is configured to receive product information from a merchant terminal; once information about a product has been received by the authentication device from the merchant terminal, obtaining from the authentication device a signed message comprising information about the authentication device and information about the product received from the merchant terminal; and providing authorization data to the authentication device if the information fulfils one or more criteria, thereby associating the authentication device with the product. A method for a merchant to authenticate goods at the point of sale and a merchant terminal to perform such a method are also provided.

Abstract: Systems and methods are provided for use in extending dialogue between a mobile device and a point-of-interaction. One exemplary computer-implemented method includes receiving, at a point-of-interaction (POI) computing device, an identifier for an interaction with a user where the identifier is specific to a card associated with an account of the user or to the user in general, and submitting, by the POI computing device, a request for the identifier to a registration database to determine whether the account is registered for one or more services. The method then includes, in response to the request, receiving an encrypted action (associated with a service), encoding, by the POI computing device, a receipt for the interaction, and transmitting, by the POI computing device, the encoded receipt and the encrypted action to a host server for initiating the encrypted action between the POI computing device and a mobile device associated with the user.

Abstract: Examples provide a system and method for initiating contactless communication sessions between computing devices using a variety of modalities. A user pre-registers a selected modality for triggering session initiation. A session initiation device generates trigger data based on a detected occurrence of a predetermined event corresponding to a user selected modality, such as, but not limited to, biometric data, a unique user identifier (ID), a vehicle identifier, or any other type of modality. The trigger data is mapped to a mobile device ID. The mobile device ID can be requested from a connection server. The communication session is established between the first computing device and the mobile user device using the mobile device identifier. The computing device transmits data to the mobile user device via the established communication session when the computing device is brought into proximity to the mobile user device.

Abstract: Pursuant to some embodiments, systems, methods and computer program code are provided for receiving a transaction request message, the transaction request message specifying transaction attributes for a proposed payment transaction involving a user of a mobile device and a merchant, comparing the transaction attributes with a permitted transaction rule, the permitted transaction rule having been stored in the mobile device prior to receiving the transaction request message, approving the proposed transaction upon determining that the transaction attributes satisfy the permitted transaction rule, the approving including generating a transaction cryptogram, and transmitting the transaction cryptogram to the merchant for use in completing the proposed payment transaction.

Abstract: A mobile computing device has at least one processor and at least one memory together providing a first execution environment and a second execution environment logically isolated from the first execution environment. The following approach is taken to manage data items for an application executing the first execution environment. A trust relationship is established between a trust client in the second execution environment and a remote trusted party and the trust client receives one or more data items from the remote trusted party. On executing the application in the first execution environment, the trust client provides the data items or further data items derived therefrom to the application. Provision of these data items may be conditional upon a user authentication process. A suitable mobile computing device is also described.

Abstract: A method of enhanced interaction between a first computing device and a second computing device is described. A first channel for connection between the first computing device and the second computing device using a short range communication technology and a second channel for communication between the first computing device and the second computing device using a communication technology are established. A first interaction is performed using the first channel and an additional interaction is performed using the second channel. Suitable first and second computing devices are also described.

Abstract: There is provided an authentication system for validating identity credentials of a user attempting to access a resource provided by a remote resource provision system. The authentication system includes an input configured to receive, from the resource provision system, an authentication request comprising a cryptographic representation of digital identity data of the user and an associated token identifier, where the digital identity data comprises at least one image of an identity credential of the user. The system also includes a processor configured to: determine a pre-stored cryptographic identifier corresponding to the token identifier; and compare the received cryptographic representation with the pre-stored cryptographic identifier.

Abstract: A method of transaction selection is described for a transaction conducted between a user computing device adapted for use as a payment device and a terminal. The user computing device supports a plurality of payment cards. Steps at the user computing device include the following: establishing communication with the terminal; receiving transaction related information from the terminal; performing a card selection operation using the transaction related information to select a preferred payment card for performing the transaction; and identifying to the terminal preferred applications for performing the transaction based on the preferred payment card. An associated method of card selection is described, along with corresponding steps performed at the terminal. User computing devices and terminals adapted to carry out these methods are also described.

Abstract: A method for processing an encoded one-time number via payment rails includes: receiving, by a receiving device interfaced with a computing system, a one-time number, wherein the one-time number is comprised of at least an identification value and a remaining value; executing, by a querying module of the computing system, a query on a memory of the computing system to identify a routing number based on at least a portion of the one-time number; generating, by a generation module of the computing system, a data value, wherein the data value includes at least the identified routing number and the remaining value; and electronically transmitting, by a transmitting device of the computing system, the generated data value to an external system via payment rails associated with a payment network.

Abstract: A method for verification of a bearer of a credential device at a device reader is described. The method comprises first establishing a digital communication channel with the credential device, and then determining a set of verification options for the bearer and providing the set of verification options to the credential device over the digital communication channel. The credential device then selects a verification option from the set of verification options and communicates this to the device reader. The device reader can then verify the bearer of the credential device in accordance with the selected verification option. Methods at both the credential device and the device reader are described, as are suitably programmed credential devices and device readers.