Abstract: Systems and methods provide for communication of transaction data that is formatted according to a transaction type that is support by an access device. First transaction data may be formatted according to a first type of transaction supported by a first access device and second transaction data may be formatted according to a second type of transaction supported by a second access device. The first transaction data may be transmitted over a first wireless communication link to the first access device and the second transaction data may be transmitted to the second access over a second wireless communication link.

Abstract: An enhanced data interface (EDI) for communications between an application operating on a communication device and an access device can provide enhanced verification between the communication device and access device. The communication process may include the access device sending a request for available applets to a communication device, and receiving a list of available applets from the communication device. The access device may select an untrusted applet identifier, and provide the selected untrusted applet identifier and an entity identifier associated with the access device to the communication device. The communication device can validate the access device as being authorized to access credentials associated with the selected untrusted applet identifier by comparing the entity identifier to a list of trusted entity identifiers, and provide credentials associated with the selected untrusted applet identifier to the access device.

Abstract: Embodiments of the present invention provide methods and systems to enable a digital wallet identifier to be present in communications associated with transaction data for transactions that are facilitated by a digital wallet provider. In one embodiment, a communication device of a user receives a request for payment credentials required to conduct a transaction and obtains the payment credentials. The payment credentials include a digital wallet identifier and at least some of the payment credentials are obtained from a trusted execution environment associated with the communication device. The obtained payment credentials are provided to an access device associated with a merchant. The access device is configured to initiate the transaction by generating an authorization request message including the payment credentials for onward transmission to an issuer computer.

Abstract: A process for combining domain restriction and remote authentication may include receiving a token from a plug-in application to conduct a transaction associated with a user of a communicating device. The process may include sending an authentication request to a remote access control sever to authenticate the user, and receiving, from the remote access control server, an authentication tracking value that the remote access control server used in generation of an authentication cryptogram. The process may also include generating, using the authentication tracking value, a domain restriction cryptogram that is used for domain restriction of the token, and sending, to the plug-in application, the domain restriction cryptogram.

Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile device that includes a contactless element, such as an integrated circuit chip. An account holder is enabled to generate transaction related data and append that data to a transaction record or transaction identifier. The appended data and transaction record or identifier may be stored in the mobile payment device and/or provided to an Issuer. If provided to an Issuer, the transaction related data generated by the account holder may be used to supplement an account statement. The additional information generated by the account holder may be used to assist the account holder in determining if a transaction is valid by providing information that helps the account holder to recall the location or other aspect of the transaction.

Abstract: Embodiments of the present invention are directed at methods and systems for providing a partial personalization process that allows for more efficient and effective personalization of a application on a communication device. For example, personalization profiles associated with multiple versions of the application may be stored at a provisioning system and the provisioning system may determine the appropriate partial provisioning information to update the application for each migration notification. Partial personalization information that is to be updated for the updated version of the application may be generated and installed to enable new functionality and/or update the information contained within an updated application without requiring re-personalization of all personalized information.

Abstract: A process for combining domain restriction and remote authentication may include receiving a token from a plug-in application to conduct a transaction associated with a user of a communicating device. The process may include sending an authentication request to a remote access control sever to authenticate the user, and receiving, from the remote access control server, an authentication tracking value that the remote access control server used in generation of an authentication cryptogram. The process may also include generating, using the authentication tracking value, a domain restriction cryptogram that is used for domain restriction of the token, and sending, to the plug-in application, the domain restriction cryptogram.

Abstract: Embodiments of the present invention are directed to systems and methods for providing a central entity that can provision mobile payment applications on mobile communication devices and personalize the mobile payment applications with consumer and account information. The personalization of the mobile payment application on the mobile communication device may include provisioning a payment account on the mobile payment application. The central entity may provision the account on the mobile payment application without interacting with the issuer during the provisioning of the account. The central entity may provision the account on the mobile communication device by decrypting, using a secure element key, encrypted payment account information received from the mobile communication device. The payment account information may be encrypted by a secure element of the mobile communication device using the same secure element key.

Abstract: Embodiments of the present invention are directed at methods and systems for providing a partial personalization process that allows for more efficient and effective personalization of a application on a communication device. For example, personalization profiles associated with multiple versions of the application may be stored at a provisioning system and the provisioning system may determine the appropriate partial provisioning information to update the application for each migration notification. Partial personalization information that is to be updated for the updated version of the application may be generated and installed to enable new functionality and/or update the information contained within an updated application without requiring re-personalization of all personalized information.

Abstract: A method is disclosed. The method includes determining, by a security software application on a communication device, that the communication device has been accessed by an unauthorized user. The communication device is configured to communicate with a telecommunications network over the air through a first communication channel. The method also includes generating, by the communication device, security notification data and providing the security notification data or a derivative of the security notification data to a host computer via a second communication channel.

Abstract: Embodiments of the disclosure are directed to performing a transaction between a mobile device and an access device. Value information is provided to the access device by the mobile device. The value information is not necessary to complete the transaction.

Abstract: Embodiments of the present invention are directed to systems and methods for providing a central entity that can provision mobile payment applications on mobile communication devices and personalize the mobile payment applications with consumer and account information. The personalization of the mobile payment application on the mobile communication device may include provisioning a payment account on the mobile payment application. The central entity may provision the account on the mobile payment application without interacting with the issuer during the provisioning of the account. The central entity may provision the account on the mobile communication device by decrypting, using a secure element key, encrypted payment account information received from the mobile communication device. The payment account information may be encrypted by a secure element of the mobile communication device using the same secure element key.

Abstract: A process for authenticating a communication device may include receiving a request from a communication device to synchronize time with a server, and providing an authorization network time to the communication device. An authentication request including an access credential having a timestamp generated by the communication device may be received by the server. A determination can be made as to whether the communication device had successfully executed a predetermined shutdown sequence by determining whether the access credential has reliable timestamp information. The communication device can be authenticated when the timestamp has a non-reset value indicating that the communication device had successfully executed the predetermined shutdown sequence, and that the access credential has not expired.

Abstract: An enhanced data interface (EDI) for communications between an application operating on a communication device and an access device can provide enhanced verification between the communication device and access device. The communication process may include the access device sending a request for available applets to a communication device, and receiving a list of available applets from the communication device. The access device may select an untrusted applet identifier, and provide the selected untrusted applet identifier and an entity identifier associated with the access device to the communication device. The communication device can validate the access device as being authorized to access credentials associated with the selected untrusted applet identifier by comparing the entity identifier to a list of trusted entity identifiers, and provide credentials associated with the selected untrusted applet identifier to the access device.

Abstract: Systems, apparatus, and methods for managing an application installed on a mobile device, such as a mobile phone are provided, so as to prevent or limit unauthorized use of the application, for example, when the mobile device is lost, stolen, or otherwise subject to unauthorized use. A request to enable or disable user access to a function of the application can be received by a server computer. A command message responsive to the request can be generated by the server computer, the command message comprising control data for enabling or disabling user access to the function of the application. The generated command message can be transmitted to the mobile device over a wireless network.

Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile device that includes a contactless element, such as an integrated circuit chip. The invention enables the updating, correction or synchronization of transaction data maintained by an Issuer with that stored on the device. This is accomplished by using a wireless (cellular) network as a data communication channel for data provided by an Issuer to the mobile device, and is particularly advantageous in circumstances in which the contactless element is not presently capable of communication with a device reader or point of sale terminal that uses a near field communications mechanism. Data transferred between the mobile device and Issuer may be encrypted and decrypted to provide additional security and protect the data from being accessed by other users or applications.

Abstract: A method is disclosed. The method includes determining, by a security software application on a communication device, that the communication device has been accessed by an unauthorized user. The communication device is configured to communicate with a telecommunications network over the air through a first communication channel. The method also includes generating, by the communication device, security notification data and providing the security notification data or a derivative of the security notification data to a host computer via a second communication channel.

Abstract: A process for generating an access credential by a communication device may include determining whether a communication device successfully executed a predetermined shutdown sequence when the communication device last transitioned to an inactive state, determining whether the communication device has synchronized with an authorization network subsequent to transitioning back to an active state, and generating the access credential including a timestamp. The access credential may indicate whether the access credential has reliable timestamp information. The access credential can be provided to an access device associated with an authorization network to authenticate the communication device.

Abstract: Embodiments of the invention are directed at an enhanced data interface (EDI) for contactless communications between a mobile application operating on a mobile device and an access device (e.g., contactless reader) that allows for enhanced verification between the mobile device and access device. One embodiment of the invention is directed to a method. The method comprises a mobile device receiving a request for available applets from an access device and providing a list of available applets including trusted applet identifiers and untrusted applet identifiers to the access device. The method further comprises receiving a selection of an untrusted applet identifier from the list and an entity identifier associated with the access device, validating that the access device is authorized to access credentials associated with the selected untrusted applet identifier using the entity identifier, and providing the credentials associated with the selected untrusted applet identifier to the access device.

Abstract: A system, method, and server computer configured to authenticate a consumer device. The consumer device is authenticated via a mobile gateway using challenge-response authentication. If the consumer device is successfully authenticated, a secure channel is established between the consumer device and a first entity. The secure channel allows for secure communication between the consumer device and the first entity.