Abstract: A user device may receive (e.g., when proximate to the first access device), from an intervening device, device identification data for a first access device. A message may be received from a second access device via the intervening device. The message may include a digital signature generated based at least in part on second access device identification data. The user device may validate the message utilizing the digital signature and a public key. If the message is invalid, the user device may discard the message. If the message is valid, (e.g., unaltered), the user device may determine that the user has not confirmed an intent to interact with the second access device and may terminate a[n] further interaction with the second access device accordingly.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and transmitting a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The token and the transaction cryptogram can be transmitted to a magnetic stripe reader by generating an emulated magnetic signal. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Abstract: Embodiments of the present invention relate to systems and methods for implementing a mobile tokenization hub with a common tokenization capabilities (CTC) module that may provide tokenization for various entities in various contexts. For example, the CTC module can provide and store tokens for mobile payment transactions, transit transactions, digital wallet applications, merchant point of sale (POS) applications, personalization services, and the like.

Abstract: A computer-implemented method of communicating with a point of sale terminal. The method includes establishing wireless communication with a point of sale terminal using a first communication channel, and establishing communication with the point of sale terminal using a second communication channel. The method also includes transmitting a first section of communication data via the first communication channel; and transmitting a second section of the communication data using the second communication channel.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and using a signature key to generate a signature. The transaction can be an offline data authentication transaction, and access can be granted based on authentication of the signature prior to verifying the transaction cryptogram.

Abstract: Techniques are described for managing master keys for token requestors to use in generating cryptograms such as TAVVs. A processor computer generates a first master key for a token requestor, the first master key being generated based on (a) a second master key managed by the processor computer and (b) an identifier of the token requestor. The processor computer transmits, to a token requestor computer corresponding to the token requestor, the first master key. The processor computer receives, from the token requestor computer, a request for a token. Responsive to receiving the request for the token, the processor computer transmits the token to the token requestor computer; and receives, from the token requestor computer, an authorization request message comprising the token and a cryptogram generated by the token requestor computer using the first master key and the token.

Abstract: A computer-implemented method of communicating with a point of sale terminal. The method includes establishing wireless communication with a point of sale terminal using a first communication channel, and establishing communication with the point of sale terminal using a second communication channel. The method also includes transmitting a first section of communication data via the first communication channel; and transmitting a second section of the communication data using the second communication channel.

Abstract: Systems and methods for facilitating payment transactions using quick-response (QR) codes are provided. A first machine readable code encoding first data generated by an access device is scanned by a communication device. The communication device generates a cryptogram based on the first data encoded within the first machine readable code. The communication device then obtains financial credentials data from a payment application being executed on the communication device. A second machine readable code encoding second data comprising the financial credentials data and the cryptogram is then generated. The second machine readable code is displayed on a display of the communication device, wherein the second machine readable code is scanned by the access device.

Abstract: Embodiments of the present invention relate to systems and methods that allow users to use their communication devices to perform transactions (e.g., payment transactions, access transactions, etc.). To complete a transaction, a resource provider electronically generates a code representing transaction data and displays it on an access device. The user scans the code with his or her communication device using a camera associated with the communication device, for example. The code is interpreted by an application on the communication device. The user may request and receive a token at the communication device corresponding to sensitive information selected to perform the transaction (e.g., a primary account number). The user may then provide the token and the transaction data via the communication device to a server computer, which may facilitate completion of the transaction between the user and the resource provider using the transaction data and the token.

Abstract: Systems, methods, and devices are disclosed for preventing relay attacks. A user device may receive (e.g., when proximate to the first access device), from an intervening device, device identification data for a first access device. A message may be received from a second access device via the intervening device. The message may include a digital signature generated based at least in part on second access device identification data. The user device may validate the message utilizing the digital signature and a public key. If the message is invalid, the user device may discard the message. If the message is valid, (e.g., unaltered), the user device may determine that the user has not confirmed an intent to interact with the second access device and may terminate an further interaction with the second access device accordingly.

Abstract: Systems, methods, and devices are disclosed for preventing relay attacks. A user device may receive (e.g., when proximate to the first access device), from an intervening device, device identification data for a first access device. A message may be received from a second access device via the intervening device. The message may include a digital signature generated based at least in part on second access device identification data. The user device may validate the message utilizing the digital signature and a public key. If the message is invalid, the user device may discard the message. If the message is valid, (e.g., unaltered), the user device may determine that the user has not confirmed an intent to interact with the second access device and may terminate an further interaction with the second access device accordingly.

Abstract: A system and method uses one or more repurposed data fields in a payment transaction message to pass the merchant consumable data from a mobile device to the merchant system using an existing channel. The merchant consumable data relate to loyalty or rewards.

Abstract: Embodiments of the present invention relate to systems and methods for implementing a mobile tokenization hub with a common tokenization capabilities (CTC) module that may provide tokenization for various entities in various contexts. For example, the CTC module can provide and store tokens for mobile payment transactions, transit transactions, digital wallet applications, merchant point of sale (POS) applications, personalization services, and the like.

Abstract: Embodiments of the invention are directed to systems and methods for validating transactions using a cryptogram. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a communication device provisioned with a token. The method comprises receiving, by a service provider computer, from an application on the communication device, a request for a token authentication cryptogram, wherein the token authentication cryptogram includes encrypted user exclusive data. The service provider computer may generate the token authentication cryptogram to include the user exclusive data. The service provider computer may send the token authentication cryptogram to the application, where the token authentication cryptogram can be used to validate the transaction, and the user exclusive data is extracted from the token authentication cryptogram during validation.

Abstract: Embodiments of the present invention relate to systems and methods for implementing a mobile tokenization hub with a common tokenization capabilities (CTC) module that may provide tokenization for various entities in various contexts. For example, the CTC module can provide and store tokens for mobile payment transactions, transit transactions, digital wallet applications, merchant point of sale (POS) applications, personalization services, and the like.

Abstract: Embodiments of the invention are directed to systems and methods for validating transactions using a cryptogram. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a communication device provisioned with a token. The method comprises receiving, by a service provider computer, from an application on the communication device, a request for a token authentication cryptogram, wherein the token authentication cryptogram includes encrypted user exclusive data. The service provider computer may generate the token authentication cryptogram to include the user exclusive data. The service provider computer may send the token authentication cryptogram to the application, where the token authentication cryptogram can be used to validate the transaction, and the user exclusive data is extracted from the token authentication cryptogram during validation.

Abstract: A computer-implemented method of communicating with a point of sale terminal. The method includes establishing wireless communication with a point of sale terminal using a first communication channel, and establishing communication with the point of sale terminal using a second communication channel. The method also includes transmitting a first section of communication data via the first communication channel; and transmitting a second section of the communication data using the second communication channel.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and transmitting a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The token and the transaction cryptogram can be transmitted to a magnetic stripe reader by generating an emulated magnetic signal. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Abstract: A computer-implemented method of communicating with a point of sale terminal. The method includes establishing wireless communication with a point of sale terminal using a first communication channel, and establishing communication with the point of sale terminal using a second communication channel. The method also includes transmitting a first section of communication data via the first communication channel; and transmitting a second section of the communication data using the second communication channel.

Abstract: Embodiments of the present invention relate to systems and methods that allow users to use their communication devices to perform transactions (e.g., payment transactions, access transactions, etc.). To complete a transaction, a resource provider electronically generates a code representing transaction data and displays it on an access device. The user scans the code with his or her communication device using a camera associated with the communication device, for example. The code is interpreted by an application on the communication device. The user may request and receive a token at the communication device corresponding to sensitive information selected to perform the transaction (e.g., a primary account number). The user may then provide the token and the transaction data via the communication device to a server computer, which may facilitate completion of the transaction between the user and the resource provider using the transaction data and the token.