Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.

Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.

Abstract: Methods and systems for gateway agnostic tokenization are disclosed. Gateway agnostic tokenization enables a resource provider to quickly, safely, and efficiently route a token for authorization via any appropriate gateway computer. As part of an interaction with a user, a resource provider can transmit a token to an edge computer. The edge computer can then forward the token to a gateway computer. The gateway computer can identify a data item comprising two ciphertexts associated with the token. The edge computer and gateway computer can collectively decrypt the two ciphertexts to obtain a credential. The gateway computer can then forward the credential to an authorizing entity computer. The authorizing entity computer can then determine whether or not to authorize the interaction.

Abstract: Blinding techniques can be used to obfuscate or otherwise modify a quantum-secure public key (and the corresponding private, or secret, key) such as a lattice-based public key. Blinding of a public key can include selecting a blinding parameter, which can be a vector or matrix, and applying the blinding parameter to the public key. A corresponding modification can be applied to the private key such that data encrypted using the blinded public key can be decrypted using the blinded public key. When a device needs to send a public key in the clear, e.g., in the course of establishing a secure communication session, the device can generate a blinded public key from its static public key and send the blinded key instead of the static public key.

Abstract: Systems, methods, and computer readable media are provided for improving the usability of a cryptogram generated in a first cryptographic protocol such as triple-DES. The methods may generate a first cryptogram using a first identifier in a first cryptographic protocol, stored in a key store within an insecure memory of the mobile communication device, generate, within a secure memory of the mobile communication device, a second cryptogram using a second identifier in a second cryptographic protocol, stored in the secure memory, combining, the first cryptogram and a number of characters of the second cryptogram equal to the length of the first cryptogram to generate a third cryptogram and transmitting the third cryptogram to an payment processing network to validate a transaction. A transaction associated with the third cryptogram may be validated by an authorization entity or an issue entity.