Abstract: Systems, apparatus, and methods for managing an application installed on a mobile device, such as a mobile phone are provided, so as to prevent or limit unauthorized use of the application, for example, when the mobile device is lost, stolen, or otherwise subject to unauthorized use. A request to enable or disable user access to a function of the application can be received by a server computer. A command message responsive to the request can be generated by the server computer, the command message comprising control data for enabling or disabling user access to the function of the application. The generated command message can be transmitted to the mobile device over a wireless network.

Abstract: Embodiments of the disclosure are directed to performing a transaction between a mobile device and an access device. Value information is provided to the access device by the mobile device. The value information is not necessary to complete the transaction.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include receiving a cryptogram generation key replenishment request that includes transaction log information derived from transaction data stored in a transaction log on a communication device, verifying that the transaction log information in the replenishment request is consistent with the previously received transaction information, and providing a new cryptogram generation key to the communication device in response to verifying the transaction log information in the replenishment request.

Abstract: Methods, devices, and systems are described for sending and receiving messages between a terminal reader and a payment device, such as a credit card. A dynamic signature is calculated on the payment device from an application transaction counter, a terminal unpredictable number, and a transaction amount, and it is sent with an application the locator (AFL) to the reader. The reader then sends a read record command to the payment device to get records associated with the AFL, among other normal processing. While the normal processing is occurring for the transaction, the dynamic signature can be recalculated and compared with that from the payment device in order to assure that nothing has surreptitiously changed the values in the messages.

Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile device that includes a contactless element, such as an integrated circuit chip. The invention enables the updating, correction or synchronization of transaction data maintained by an Issuer with that stored on the device. This is accomplished by using a wireless (cellular) network as a data communication channel for data provided by an Issuer to the mobile device, and is particularly advantageous in circumstances in which the contactless element is not presently capable of communication with a device reader or point of sale terminal that uses a near field communications mechanism. Data transferred between the mobile device and Issuer may be encrypted and decrypted to provide additional security and protect the data from being accessed by other users or applications.

Abstract: A biometric verification system is disclosed. The system includes a portable device which stores a biometric reference template and authentication preferences. The portable device can be used with an access device. The access device can prompt the user for a biometric sample. The access device may create a biometric sample template from the biometric sample, and the biometric sample template can be compared to the biometric reference template to determine if a user is authentic.

Abstract: A process for generating an access credential by a communication device may include determining whether a communication device successfully executed a predetermined shutdown sequence when the communication device last transitioned to an inactive state, determining whether the communication device has synchronized with an authorization network subsequent to transitioning back to an active state, and generating the access credential including a timestamp. The access credential may indicate whether the access credential has reliable timestamp information. The access credential can be provided to an access device associated with an authorization network to authenticate the communication device.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and transmitting a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The token and the transaction cryptogram can be transmitted to a magnetic stripe reader by generating an emulated magnetic signal. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Abstract: Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.

Abstract: Systems, apparatuses, and methods for performing transactions through mobile communication devices using either telecommunications networks or proximity near-field communications systems are disclosed. A mobile communication device may display an application authentication element. The application authentication element may include a pre-selected authentication element and transaction data associated with a transaction conducted by a mobile communication device. The mobile communication device may obtain the pre-selected authentication element by either transmitting a request to a server computer or retrieving the pre-selected authentication element from a secure memory in the mobile communication device. A user authentication token may be received by the mobile communication device from the user. The mobile communication device may generate a secret token that is derived from the user authentication token. If the secret token is correlated to a secret reference token, then a transaction may be conducted.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and sending a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Abstract: A system, method, and server computer configured to authenticate a consumer device. The consumer device is authenticated via a mobile gateway using challenge-response authentication. If the consumer device is successfully authenticated, a secure channel is established between the consumer device and a first entity. The secure channel allows for secure communication between the consumer device and the first entity.

Abstract: A process for generating an access credential by a communication device may include determining whether a communication device successfully executed a predetermined shutdown sequence when the communication device last transitioned to an inactive state, determining whether the communication device has synchronized with an authorization network subsequent to transitioning back to an active state, and generating the access credential including a timestamp. The access credential may indicate whether the access credential has reliable timestamp information. The access credential can be provided to an access device associated with an authorization network to authenticate the communication device.

Abstract: Embodiments of the present invention relate to systems and methods for enabling entities, such as issuers, merchants, payment processing networks, and mobile-network operators, to send account-related messages and marketing messages to a user's mobile device in response to a message request sent from the user's mobile device. According to some embodiments, the account-related messages and the marketing messages are sent to the user's mobile device in accordance with message parameters that are defined by the user and that are embedded in the message request.

Abstract: A computer-implemented method of communicating with a point of sale terminal. The method includes establishing wireless communication with a point of sale terminal using a first communication channel, and establishing communication with the point of sale terminal using a second communication channel. The method also includes transmitting a first section of communication data via the first communication channel; and transmitting a second section of the communication data using the second communication channel.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and transmitting a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The token and the transaction cryptogram can be transmitted to a magnetic stripe reader by generating an emulated magnetic signal. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Abstract: An interface and device architecture for a payment device. An interface between a payment application installed in a payment device and one or more value-add applications (such as loyalty programs, transit applications, etc.) that are also installed in the payment device. The API or interface design permits communications and data transfer between the payment application and one or more value-add applications. This reduces (and in some cases may prevent) the need for back-end server processing of data that may be relevant to both a payment transaction and to a function of the value-add application. Similarly, the same or another API or interface may enable communications and data transfer between a value-add application and the payment application.

Abstract: A system, method, and server computer configured to authenticate a consumer device. The consumer device is authenticated via a mobile gateway using challenge-response authentication. If the consumer device is successfully authenticated, a secure channel is established between the consumer device and a first entity. The secure channel allows for secure communication between the consumer device and the first entity.

Abstract: Embodiments of the present invention can be directed to systems, apparatuses, and methods for performing transactions through mobile communication devices using either telecommunications networks or proximity near-field communications systems. Embodiments may be directed to a mobile communication device displaying an application authentication element. The application authentication element may include a pre-selected authentication element and transaction data associated with a transaction conducted by a mobile communication device. The mobile communication device may obtain the pre-selected authentication element by either transmitting a request to a server computer or retrieving the pre-selected authentication element from a secure memory in the mobile communication device. A user authentication token may be received by the mobile communication device from the user. The mobile communication device may generate a secret token that is derived from the user authentication token.

Abstract: Enhance authentication techniques may include receiving credential data of a secondary device by a primary device, generating a cryptogram using the credential data of the secondary device, and transmitting the cryptogram to an access device to request for authorization to use an account associated with a user of the primary device. The authorization can be granted based on verification of the cryptogram and an interaction activity pattern of interactions between the primary device and a set of communication devices including the secondary device.