Abstract: An enhanced data interface (EDI) for communications between an application operating on a communication device and an access device can provide enhanced verification between the communication device and access device. The communication process may include the access device sending a request for available applets to a communication device, and receiving a list of available applets from the communication device. The access device may select an untrusted applet identifier, and provide the selected untrusted applet identifier and an entity identifier associated with the access device to the communication device. The communication device can validate the access device as being authorized to access credentials associated with the selected untrusted applet identifier by comparing the entity identifier to a list of trusted entity identifiers, and provide credentials associated with the selected untrusted applet identifier to the access device.

Abstract: Systems, apparatus, and methods for managing an application installed on a mobile device, such as a mobile phone are provided, so as to prevent or limit unauthorized use of the application, for example, when the mobile device is lost, stolen, or otherwise subject to unauthorized use. A request to enable or disable user access to a function of the application can be received by a server computer. A command message responsive to the request can be generated by the server computer, the command message comprising control data for enabling or disabling user access to the function of the application. The generated command message can be transmitted to the mobile device over a wireless network.

Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile device that includes a contactless element, such as an integrated circuit chip. The invention enables the updating, correction or synchronization of transaction data maintained by an Issuer with that stored on the device. This is accomplished by using a wireless (cellular) network as a data communication channel for data provided by an Issuer to the mobile device, and is particularly advantageous in circumstances in which the contactless element is not presently capable of communication with a device reader or point of sale terminal that uses a near field communications mechanism. Data transferred between the mobile device and Issuer may be encrypted and decrypted to provide additional security and protect the data from being accessed by other users or applications.

Abstract: A method is disclosed. The method includes determining, by a security software application on a communication device, that the communication device has been accessed by an unauthorized user. The communication device is configured to communicate with a telecommunications network over the air through a first communication channel. The method also includes generating, by the communication device, security notification data and providing the security notification data or a derivative of the security notification data to a host computer via a second communication channel.

Abstract: A process for generating an access credential by a communication device may include determining whether a communication device successfully executed a predetermined shutdown sequence when the communication device last transitioned to an inactive state, determining whether the communication device has synchronized with an authorization network subsequent to transitioning back to an active state, and generating the access credential including a timestamp. The access credential may indicate whether the access credential has reliable timestamp information. The access credential can be provided to an access device associated with an authorization network to authenticate the communication device.

Abstract: Embodiments of the invention are directed at an enhanced data interface (EDI) for contactless communications between a mobile application operating on a mobile device and an access device (e.g., contactless reader) that allows for enhanced verification between the mobile device and access device. One embodiment of the invention is directed to a method. The method comprises a mobile device receiving a request for available applets from an access device and providing a list of available applets including trusted applet identifiers and untrusted applet identifiers to the access device. The method further comprises receiving a selection of an untrusted applet identifier from the list and an entity identifier associated with the access device, validating that the access device is authorized to access credentials associated with the selected untrusted applet identifier using the entity identifier, and providing the credentials associated with the selected untrusted applet identifier to the access device.

Abstract: A system, method, and server computer configured to authenticate a consumer device. The consumer device is authenticated via a mobile gateway using challenge-response authentication. If the consumer device is successfully authenticated, a secure channel is established between the consumer device and a first entity. The secure channel allows for secure communication between the consumer device and the first entity.

Abstract: Systems, apparatus, and methods for managing an application installed on a mobile device, such as a mobile phone are provided, so as to prevent or limit unauthorized use of the application, for example, when the mobile device is lost, stolen, or otherwise subject to unauthorized use. An input indicative of a password to access the application can be received. It may be determined that a predetermined number of password entry attempts has been reached based on the input. A request message to disable access to the application can be transmitted from the mobile device to a remote computer. One or more lock instructions for disabling access to the application can be received by the mobile device from the remote computer. The one or more lock instructions can be executed by the mobile device by modifying control data within a secure memory of the mobile device.

Abstract: Systems, apparatus, and methods for managing an application installed on a mobile device, such as a mobile phone are provided, so as to prevent or limit unauthorized use of the application, for example, when the mobile device is lost, stolen, or otherwise subject to unauthorized use. A request to enable or disable user access to a function of the application can be received by a server computer. A command message responsive to the request can be generated by the server computer, the command message comprising control data for enabling or disabling user access to the function of the application. The generated command message can be transmitted to the mobile device over a wireless network.

Abstract: Embodiments of the disclosure are directed to performing a transaction between a mobile device and an access device. Value information is provided to the access device by the mobile device. The value information is not necessary to complete the transaction.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include receiving a cryptogram generation key replenishment request that includes transaction log information derived from transaction data stored in a transaction log on a communication device, verifying that the transaction log information in the replenishment request is consistent with the previously received transaction information, and providing a new cryptogram generation key to the communication device in response to verifying the transaction log information in the replenishment request.

Abstract: Methods, devices, and systems are described for sending and receiving messages between a terminal reader and a payment device, such as a credit card. A dynamic signature is calculated on the payment device from an application transaction counter, a terminal unpredictable number, and a transaction amount, and it is sent with an application the locator (AFL) to the reader. The reader then sends a read record command to the payment device to get records associated with the AFL, among other normal processing. While the normal processing is occurring for the transaction, the dynamic signature can be recalculated and compared with that from the payment device in order to assure that nothing has surreptitiously changed the values in the messages.

Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile device that includes a contactless element, such as an integrated circuit chip. The invention enables the updating, correction or synchronization of transaction data maintained by an Issuer with that stored on the device. This is accomplished by using a wireless (cellular) network as a data communication channel for data provided by an Issuer to the mobile device, and is particularly advantageous in circumstances in which the contactless element is not presently capable of communication with a device reader or point of sale terminal that uses a near field communications mechanism. Data transferred between the mobile device and Issuer may be encrypted and decrypted to provide additional security and protect the data from being accessed by other users or applications.

Abstract: A biometric verification system is disclosed. The system includes a portable device which stores a biometric reference template and authentication preferences. The portable device can be used with an access device. The access device can prompt the user for a biometric sample. The access device may create a biometric sample template from the biometric sample, and the biometric sample template can be compared to the biometric reference template to determine if a user is authentic.

Abstract: A process for generating an access credential by a communication device may include determining whether a communication device successfully executed a predetermined shutdown sequence when the communication device last transitioned to an inactive state, determining whether the communication device has synchronized with an authorization network subsequent to transitioning back to an active state, and generating the access credential including a timestamp. The access credential may indicate whether the access credential has reliable timestamp information. The access credential can be provided to an access device associated with an authorization network to authenticate the communication device.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and transmitting a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The token and the transaction cryptogram can be transmitted to a magnetic stripe reader by generating an emulated magnetic signal. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Abstract: Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.

Abstract: Systems, apparatuses, and methods for performing transactions through mobile communication devices using either telecommunications networks or proximity near-field communications systems are disclosed. A mobile communication device may display an application authentication element. The application authentication element may include a pre-selected authentication element and transaction data associated with a transaction conducted by a mobile communication device. The mobile communication device may obtain the pre-selected authentication element by either transmitting a request to a server computer or retrieving the pre-selected authentication element from a secure memory in the mobile communication device. A user authentication token may be received by the mobile communication device from the user. The mobile communication device may generate a secret token that is derived from the user authentication token. If the secret token is correlated to a secret reference token, then a transaction may be conducted.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and sending a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Abstract: A system, method, and server computer configured to authenticate a consumer device. The consumer device is authenticated via a mobile gateway using challenge-response authentication. If the consumer device is successfully authenticated, a secure channel is established between the consumer device and a first entity. The secure channel allows for secure communication between the consumer device and the first entity.