Abstract: Methods, devices, and systems are described for sending and receiving messages between a terminal reader and a payment device, such as a credit card. A dynamic signature is calculated on the payment device from an application transaction counter, a terminal unpredictable number, and a transaction amount, and it is sent with an application the locator (AFL) to the reader. The reader then sends a read record command to the payment device to get records associated with the AFL, among other normal processing. While the, normal processing is occurring for the transaction, the dynamic signature can be recalculated and compared with that from the payment device in order to assure that nothing has surreptitiously changed the values in the messages.

Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile device that includes a contactless element, such as an integrated circuit chip. The invention enables the updating, correction or synchronization of transaction data maintained by an Issuer with that stored on the device. This is accomplished by using a wireless (cellular) network as a data communication channel for data provided by an Issuer to the mobile device, and is particularly advantageous in circumstances in which the contactless element is not presently capable of communication with a device reader or point of sale terminal that uses a near field communications mechanism. Data transferred between the mobile device and Issuer may be encrypted and decrypted to provide additional security and protect the data from being accessed by other users or applications.

Abstract: Embodiments of the present invention are directed at methods and systems for providing a partial personalization process that allows for more efficient and effective personalization of a application on a communication device. For example, personalization profiles associated with multiple versions of the application may be stored at a provisioning system and the provisioning system may determine the appropriate partial provisioning information to update the application for each migration notification. Partial personalization information that is to be updated for the updated version of the application may be generated and installed to enable new functionality and/or update the information contained within an updated application without requiring re-personalization of all personalized information.

Abstract: Methods, devices, and systems are described for sending and receiving messages between a terminal reader and a payment device, such as a credit card. A dynamic signature is calculated on the payment device from an application transaction counter, a terminal unpredictable number, and a transaction amount, and it is sent with an application file locator (AFL) to the reader. The reader then sends a read record command to the payment device to get records associated with the AFL, among other normal processing. While the normal processing is occurring for the transaction, the dynamic signature can be recalculated and compared with that from the payment device in order to assure that nothing has surreptitiously changed the values in the messages.

Abstract: Embodiments of the present invention are directed at methods and systems for providing a partial personalization process that allows for more efficient and effective personalization of a mobile application on a communication device after updating the mobile application. For example, personalization profiles associated with multiple versions of the mobile application may be stored at an application update provisioning system and the application update provisioning system may determine the appropriate partial provisioning information to update the mobile application for each migration notification. Accordingly, a tailored partial personalization script including only that personalization information that is to be updated for the updated version of the mobile application may be generated and installed to enable new functionality and/or update the information contained within an updated mobile application, without requiring re-personalization of all personalized information into the updated mobile application.

Abstract: Embodiments of the invention are directed at an enhanced data interface (EDI) for contactless communications between a mobile application operating on a mobile device and an access device (e.g., contactless reader) that allows for enhanced verification between the mobile device and access device. One embodiment of the invention is directed to a method. The method comprises a mobile device receiving a request for available applets from an access device and providing a list of available applets including trusted applet identifiers and untrusted applet identifiers to the access device. The method further comprises receiving a selection of an untrusted applet identifier from the list and an entity identifier associated with the access device, validating that the access device is authorized to access credentials associated with the selected untrusted applet identifier using the entity identifier, and providing the credentials associated with the selected untrusted applet identifier to the access device.

Abstract: Embodiments of the invention are directed at an enhanced data interface (EDI) for contactless communications between a mobile application operating on a mobile device and an access device (e.g., contactless reader) that allows for enhanced verification between the mobile device and access device. One embodiment of the invention is directed to a method. The method comprises a mobile device receiving a request for available applets from an access device and providing a list of available applets including trusted applet identifiers and untrusted applet identifiers to the access device. The method further comprises receiving a selection of an untrusted applet identifier from the list and an entity identifier associated with the access device, validating that the access device is authorized to access credentials associated with the selected untrusted applet identifier using the entity identifier, and providing the credentials associated with the selected untrusted applet identifier to the access device.

Abstract: Methods, devices, and systems are described for sending and receiving messages between a terminal reader and a payment device, such as a credit card. A dynamic signature is calculated on the payment device from an application transaction counter, a terminal unpredictable number, and a transaction amount, and it is sent with an application file locator (AFL) to the reader. The reader then sends a read record command to the payment device to get records associated with the AFL, among other normal processing. While the normal processing is occurring for the transaction, the dynamic signature can be recalculated and compared with that from the payment device in order to assure that nothing has surreptitiously changed the values in the messages.

Abstract: A system for facilitating data access and management on a smart card is provided. According to one exemplary aspect of the system, a storage architecture is provided in the smart card which allows data stored thereon to be shared by multiple parties. Access to data stored on the smart card is controlled by various access methods depending on the actions to be taken with respect to the data to be accessed.

Abstract: Embodiments of the disclosure are directed to performing a transaction between a mobile device and an access device. Value information is provided to the access device by the mobile device. The value information is not necessary to complete the transaction.

Abstract: A portable consumer device may have money stored therein, which can be calculated using an accumulator record and an exception record. The accumulator record can be incremented by the amount of any initiated transaction using the portable consumer device. The exception record can be incremented by the amount of any completed transaction using the portable consumer device. The portable consumer device may also have a limit amount, to record the amount of money added. The records allow for a later reconstruction of the device history, and can account for any errors or problems during transactions.

Abstract: Systems, apparatus, and methods for managing an application installed on a mobile device, such as a mobile phone are provided, so as to prevent or limit unauthorized use of the application, for example, when the mobile device is lost, stolen, or otherwise subject to unauthorized use. An input indicative of a password to access the application can be received. It may be determined that a predetermined number of password entry attempts has been reached based on the input. A request message to disable access to the application can be transmitted from the mobile device to a remote computer. One or more lock instructions for disabling access to the application can be received by the mobile device from the remote computer. The one or more lock instructions can be executed by the mobile device by modifying control data within a secure memory of the mobile device.

Abstract: Systems, apparatus, and methods for managing an application installed on a mobile device, such as a mobile phone are provided, so as to prevent or limit unauthorized use of the application, for example, when the mobile device is lost, stolen, or otherwise subject to unauthorized use. A request to enable or disable user access to a function of the application can be received by a server computer. A command message responsive to the request can be generated by the server computer, the command message comprising control data for enabling or disabling user access to the function of the application. The generated command message can be transmitted to the mobile device over a wireless network.

Abstract: A portable consumer device may have money stored therein, which can be calculated using an accumulator record and an exception record. The accumulator record can be incremented by the amount of any initiated transaction using the portable consumer device. The exception record can be incremented by the amount of any completed transaction using the portable consumer device. The portable consumer device may also have a limit amount, to record the amount of money added. The records allow for a later reconstruction of the device history, and can account for any errors or problems during transactions.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and transmitting a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The token and the transaction cryptogram can be transmitted to a magnetic stripe reader by generating an emulated magnetic signal. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Abstract: A method comprising, at a reader, performing at least one transaction-based risk management process prior to energizing a contactless interface, initiating communication with a card utilized for a contactless transaction, receiving information associated with the card, terminating communication with the card, and authorizing the contactless transaction.

Abstract: Embodiments of the present invention are directed at methods and systems for providing a partial personalization process that allows for more efficient and effective personalization of a mobile application on a communication device after updating the mobile application. For example, personalization profiles associated with multiple versions of the mobile application may be stored at an application update provisioning system and the application update provisioning system may determine the appropriate partial provisioning information to update the mobile application for each migration notification. Accordingly, a tailored partial personalization script including only that personalization information that is to be updated for the updated version of the mobile application may be generated and installed to enable new functionality and/or update the information contained within an updated mobile application, without requiring re-personalization of all personalized information into the updated mobile application.

Abstract: Embodiments of the invention provision multiple payment tokens on a communication device. The communication device may be provisioned with multiple limited use keys (LUK), each LUK being associated with a specific type of transaction. When the communication device is used for a transaction, the communication device automatically determines a type of the transaction and selects an appropriate LUK based on the determined transaction type. The selected LUK may be used to create a cryptogram, which can be used to verify the transaction.

Abstract: Systems, apparatus, and methods for managing a payment application installed on a mobile device, such as a mobile phone are provided. An Issuer of a payment device can remotely control the payment application by instructing a wireless network carrier or operator to transmit a message to the mobile phone, where the message contains an instruction to perform an operation related to the payment application. The Issuer can remotely reset a counter or a password associated with the payment application, lock or unlock a payment application, and set the access control data to a predetermined value, to prevent unauthorized use of the payment application in the situation in which the mobile phone is lost or stolen, or the Issuer desires to limit access to the payment application for other reasons, such as limiting its exposure to unauthorized uses of the payment device.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and using a signature key to generate a signature. The transaction can be an offline data authentication transaction, and access can be granted based on authentication of the signature prior to verifying the transaction cryptogram.