Abstract: A method includes maintaining a digital wallet in a computer, and receiving a request for a transaction. The computer may receive and verify user authentication data, and then allow the user to access any payment card account in the digital wallet without requiring additional user authentication, regardless of the account selected for the transaction by the user. In some embodiments, cryptogram generation may be performed with an EMV server in association with the digital wallet, to enhance the level of security assurance for merchants, issuers and users.

Abstract: A security control (SC) system including one or more security control (SC) computing devices for automating security controls between computer networks is provided. The SC system is configured to receive a request to access a service including a system identifier that identifies a computer system requesting access to a service controlled by the one or more SC computing devices, build a token request based on the request, and correlate the token request to at least one security policy associated with the system identifier. The SC system is also configured to generate an access token in response to the token request, wherein the access token is included in an authorization request, and invoke the service using the authorization request. The SC system is further configured to validate the access token using the at least one security policy and authorize access to the service based on the at least one security policy.

Abstract: A secure authorization server computer system for verifying an identity of an end-user is provided. The computer system is programmed to receive, from a computing client, an authentication request at an authorization component. The authentication request includes a secure authentication request identifier. The computer system is also programmed to validate the authentication request at the authorization component by validating the secure authentication request identifier. The computer system is further programmed to transmit an authentication response from the authorization component to the computing client. The authentication response includes an authorization code. The authorization code represents a validation of the authentication request.

Abstract: Systems and methods prevent fraudulent registration of devices associated with remuneration vehicles by bootstrapping the device to be registered with a bootstrap URL. The bootstrap URL may provide access to a registration server hosted by the vehicle provider. The vehicle provider may verify a single use of the bootstrap URL. Moreover, if access to the bootstrap URL is provided to the device, the vehicle provider may provide a server access communication to the device allowing the device and vehicle provider to set up a secure communication (even if communicating via an unsecure communication path). The secure communication may be used by the vehicle provider and the device to negotiate a symmetric communication key. At least the secure access communication and the symmetric communication key may operate based on one or more of an Elliptic Curve-, Diffie Hellman-, or Elliptic Curve Diffie Hellman (ECDH)-based secure connection scheme.

Abstract: A security control (SC) system including one or more security control (SC) computing devices for automating security controls between computer networks is provided. The SC system is configured to receive a request to access a service including a system identifier that identifies a computer system requesting access to a service controlled by the one or more SC computing devices, build a token request based on the request, and correlate the token request to at least one security policy associated with the system identifier. The SC system is also configured to generate an access token in response to the token request, wherein the access token is included in an authorization request, and invoke the service using the authorization request. The SC system is further configured to validate the access token using the at least one security policy and authorize access to the service based on the at least one security policy.

Abstract: A secure authorization server computer system for verifying an identity of an end-user is provided. The computer system is programmed to receive, from a computing client, an authentication request at an authorization component. The authentication request includes a secure authentication request identifier. The computer system is also programmed to validate the authentication request at the authorization component by validating the secure authentication request identifier. The computer system is further programmed to transmit an authentication response from the authorization component to the computing client. The authentication response includes an authorization code. The authorization code represents a validation of the authentication request.

Abstract: Systems and methods prevent fraudulent registration of devices associated with remuneration vehicles by bootstrapping the device to be registered with a bootstrap URL. The bootstrap URL may provide access to a registration server hosted by the vehicle provider. The vehicle provider may verify a single use of the bootstrap URL. Moreover, if access to the bootstrap URL is provided to the device, the vehicle provider may provide a server access communication to the device allowing the device and vehicle provider to set up a secure communication (even if communicating via an unsecure communication path). The secure communication may be used by the vehicle provider and the device to negotiate a symmetric communication key. At least the secure access communication and the symmetric communication key may operate based on one or more of an Elliptic Curve-, Diffie Hellman-, or Elliptic Curve Diffie Hellman (ECDH)-based secure connection scheme.

Abstract: A secure authorization server computer system for verifying an identity of an end-user is provided. The computer system is programmed to receive, from a computing client, an authentication request at an authorization component. The authentication request includes a secure authentication request identifier. The computer system is also programmed to validate the authentication request at the authorization component by validating the secure authentication request identifier. The computer system is further programmed to transmit an authentication response from the authorization component to the computing client. The authentication response includes an authorization code. The authorization code represents a validation of the authentication request.

Abstract: A secure authorization server computer system for verifying an identity of an end-user is provided. The computer system is programmed to receive, from a computing client, an authentication request at an authorization component. The authentication request includes a secure authentication request identifier. The computer system is also programmed to validate the authentication request at the authorization component by validating the secure authentication request identifier. The computer system is further programmed to transmit an authentication response from the authorization component to the computing client. The authentication response includes an authorization code. The authorization code represents a validation of the authentication request.

Abstract: A secure authorization server computer system for verifying an identity of an end-user is provided. The computer system is programmed to receive, from a computing client, an authentication request at an authorization component. The authentication request includes a secure authentication request identifier. The computer system is also programmed to validate the authentication request at the authorization component by validating the secure authentication request identifier. The computer system is further programmed to transmit an authentication response from the authorization component to the computing client. The authentication response includes an authorization code. The authorization code represents a validation of the authentication request.

Abstract: A secure authorization server computer system for verifying an identity of an end-user is provided. The computer system is programmed to receive, from a computing client, an authentication request at an authorization component. The authentication request includes a secure authentication request identifier. The computer system is also programmed to validate the authentication request at the authorization component by validating the secure authentication request identifier. The computer system is further programmed to transmit an authentication response from the authorization component to the computing client. The authentication response includes an authorization code. The authorization code represents a validation of the authentication request.

Abstract: A method includes maintaining a digital wallet in a computer, and receiving a request for a transaction. The computer may receive and verify user authentication data, and then allow the user to access any payment card account in the digital wallet without requiring additional user authentication, regardless of the account selected for the transaction by the user. In some embodiments, cryptogram generation may be performed with an EMV server in association with the digital wallet, to enhance the level of security assurance for merchants, issuers and users.

Abstract: A method and system for securely propagating client identities in a service call from a first system to a target service system are provided. The system includes a memory device for storing data and a service provider (SP) computer system. The SP computer system is programmed to determine identities to transmit to the target system in association with a request, construct a data structure to represent each identity and additional information related to the identity, digitally sign the identity information, pair the identity information and the corresponding digital signature in a header of a request message from the first system to the target service system, receive the request message and extract the identity information and corresponding digital signatures from the header, validate the corresponding digital signatures, and construct using the corresponding identity information a data structure that represents each of the original identities established in the first system.

Abstract: A method and system for signing a digital certificate in real time for accessing a service application hosted within a service provider (SP) computer system through an open application programming interface (API) platform is provided. The API platform is in communication with a memory device. The method includes receiving registration data from a developer computer device wherein the developer computer device is associated with a developer and configured to store a developer application, receiving a certificate signing request (CSR) from the developer computer device wherein the CSR includes a public key associated with the developer, verifying the registration data as being associated with the developer, signing the CSR to produce a signed certificate after verifying the registration data wherein the verifying and signing steps are performed by the SP computer system in real time, and transmitting the signed certificate and a client ID to the developer computer device.

Abstract: A method and system for signing a digital certificate in real time for accessing a service application hosted within a service provider (SP) computer system through an open application programming interface (API) platform is provided. The API platform is in communication with a memory device. The method includes receiving registration data from a developer computer device wherein the developer computer device is associated with a developer and configured to store a developer application, receiving a certificate signing request (CSR) from the developer computer device wherein the CSR includes a public key associated with the developer, verifying the registration data as being associated with the developer, signing the CSR to produce a signed certificate after verifying the registration data wherein the verifying and signing steps are performed by the SP computer system in real time, and transmitting the signed certificate and a client ID to the developer computer device.

Abstract: A method and system for securely propagating client identities in a service call from a first system to a target service system are provided. The system includes a memory device for storing data and a service provider (SP) computer system. The SP computer system is programmed to determine identities to transmit to the target system in association with a request, construct a data structure to represent each identity and additional information related to the identity, digitally sign the identity information, pair the identity information and the corresponding digital signature in a header of a request message from the first system to the target service system, receive the request message and extract the identity information and corresponding digital signatures from the header, validate the corresponding digital signatures, and construct using the corresponding identity information a data structure that represents each of the original identities established in the first system.