Abstract: Methods and devices for pre-generating session keys for securing transactions are provided. A plurality of session cryptographic keys are generated from a master cryptographic key and a respective plurality of possible values of a transaction counter. The session cryptographic keys are encrypted to provide a plurality of encrypted session cryptographic keys, which are stored in the user terminal. The master cryptographic key is deleted from the user terminal after the session keys are generated. To secure a transaction, a cryptogram is generated based on one of the encrypted session cryptographic keys and transaction data for the transaction, and the cryptogram is transmitted to a transaction terminal. The transaction counter is updated, and the encrypted session cryptographic key is deleted from the user terminal.

Abstract: Payment instrument data is received in connection with a transaction, the data including an alternative primary account number (PAN) and an account identifier. A permanent PAN of an account is identified that is based on the account identifier. An alternative PAN associated with the permanent PAN is derived to determine whether the received alternative PAN matches the derived alternative PAN associated with the permanent PAN.

Abstract: A method of operating an authentication node is disclosed. Transaction information for a transaction is received from a merchant node. The transaction information includes an identification for a credit/debit account, a name on the credit/debit account, and a transaction amount for the transaction. Responsive to receiving the transaction information, a complete account number for the credit/debit account is determined using the identification for the credit/debit account and the name on the credit/debit account. The identification for the credit/debit account is different than the complete account number for the credit/debit account. In addition, account information may be transmitted to an acquirer node, and the account information may include the complete account number for the credit/debit account, the name on the credit/debit account, and the transaction amount. Related methods of operating merchant nodes, related computer program products, and related computer systems are also disclosed.

Abstract: Operations by an electronic device include randomly selecting an initial location among ordered keys for display of a selection indicia, and displaying on a display device the ordered keys containing symbols and the selection indicia at the initial location selected among the ordered keys. The operations further include moving the selection indicia from the initial location to a next location among the ordered keys responsive to a navigation signal from a user, and identifying one of the symbols as being selected by the user based on a present location of the selection indicia relative to one of the ordered keys containing the one of the symbols when a selection signal is received from the user. The one of the symbols is provided to an application as an input from the user.

Abstract: An electronic device generates mapping information that maps individual symbols of a defined order set of symbols to individual symbols of a random order set of symbols. Symbols of the defined order set of symbols are displayed on a display device arranged adjacent to the mapped symbols of the random order set of symbols, based on the mapping information. A user selection of a symbol of the random order set of symbols is received, and a symbol of the defined order set of symbols that maps to the symbol selected by the user is identified based on the mapping information. The symbol of the defined order set of symbols is provided to an application processed by electronic device as a selection from the user.

Abstract: Operations by an electronic device include randomly selecting an initial location among ordered keys for display of a selection indicia, and displaying on a display device the ordered keys containing symbols and the selection indicia at the initial location selected among the ordered keys. The operations further include moving the selection indicia from the initial location to a next location among the ordered keys responsive to a navigation signal from a user, and identifying one of the symbols as being selected by the user based on a present location of the selection indicia relative to one of the ordered keys containing the one of the symbols when a selection signal is received from the user. The one of the symbols is provided to an application as an input from the user.

Abstract: An electronic device generates mapping information that maps individual symbols of a defined order set of symbols to individual symbols of a random order set of symbols. Symbols of the defined order set of symbols are displayed on a display device arranged adjacent to the mapped symbols of the random order set of symbols, based on the mapping information. A user selection of a symbol of the random order set of symbols is received, and a symbol of the defined order set of symbols that maps to the symbol selected by the user is identified based on the mapping information. The symbol of the defined order set of symbols is provided to an application processed by electronic device as a selection from the user.

Abstract: A method performed by a processor of a computer, includes obtaining a security key associated with data, dividing the security key into key fragments, and distributing different ones of the key fragments to different proxy storage devices. Key fragments are received from the proxy storage devices, a reconstructed security key is generated based on the key fragments received from the proxy storage devices, and programmatic access to the data is controlled based on the reconstructed security key. Related computer program products and systems are disclosed.

Abstract: A method performed by a processor of a computer, includes obtaining a security key associated with data, dividing the security key into key fragments, and distributing different ones of the key fragments to different proxy storage devices. Key fragments are received from the proxy storage devices, a reconstructed security key is generated based on the key fragments received from the proxy storage devices, and programmatic access to the data is controlled based on the reconstructed security key. Related computer program products and systems are disclosed.

Abstract: Payment instrument data is received in connection with a transaction, the data including an alternative primary account number (PAN) and an account identifier. A permanent PAN of an account is identified that is based on the account identifier. An alternative PAN associated with the permanent PAN is derived to determine whether the received alternative PAN matches the derived alternative PAN associated with the permanent PAN.

Abstract: Data is received that corresponds to an image presented at a location of a transaction involving a user device and a terminal device. It is determined that the user device and the terminal device are engaged in the transaction based at least in part on the data and local interactions of a payment device with the terminal device are virtualized based on authenticating the transaction. Virtualizing the interactions can include exchanging messages with the terminal device over a network according to a protocol corresponding to the payment device and the terminal device.

Abstract: A method of operating an authentication node is disclosed. Transaction information for a transaction is received from a merchant node. The transaction information includes an identification for a credit/debit account, a name on the credit/debit account, and a transaction amount for the transaction. Responsive to receiving the transaction information, a complete account number for the credit/debit account is determined using the identification for the credit/debit account and the name on the credit/debit account. The identification for the credit/debit account is different than the complete account number for the credit/debit account. In addition, account information may be transmitted to an acquirer node, and the account information may include the complete account number for the credit/debit account, the name on the credit/debit account, and the transaction amount. Related methods of operating merchant nodes, related computer program products, and related computer systems are also disclosed.

Abstract: An identification device includes a computer readable code. The computer readable code includes data relating to one or more pictures of a person and identity data for the person. The computer readable code is readable by a device reader, and the device reader is configured to interpret the computer readable code and to display the picture of the person using the computer readable code data relating to the picture of the person.

Abstract: Methods and devices for pre-generating session keys for securing transactions are provided. A plurality of session cryptographic keys are generated from a master cryptographic key and a respective plurality of possible values of a transaction counter. The session cryptographic keys are encrypted to provide a plurality of encrypted session cryptographic keys, which are stored in the user terminal. The master cryptographic key is deleted from the user terminal after the session keys are generated. To secure a transaction, a cryptogram is generated based on one of the encrypted session cryptographic keys and transaction data for the transaction, and the cryptogram is transmitted to a transaction terminal. The transaction counter is updated, and the encrypted session cryptographic key is deleted from the user terminal.

Abstract: A system and method is provided for generating a one-time passcode (OTP) from a user device. The method includes providing a passcode application and a cardstring defined by a provider account to the user device. The passcode application is configured to generate a passcode configured as a user OTP for the provider account, using the cardstring. The cardstring is defined by at least one key camouflaged with a personal identification number (PIN). The key may be camouflaged by modifying and encrypting the modified key under the PIN. The key may be configured as a symmetric key, a secret, a seed, and a controlled datum. The cardstring may be an EMV cardstring; and the key may be a UDKA or UDKB. The cardstring may be an OTP cardstring, and the key may be a secret configurable to generate one of a HOTP, a TOTP, and a counter-based OTP.

Abstract: A system and method is provided for generating a one-time passcode (OTP) from a user device. The method includes providing a passcode application and a cardstring defined by a provider account to the user device. The passcode application is configured to generate a passcode configured as a user OTP for the provider account, using the cardstring. The cardstring is defined by at least one key camouflaged with a personal identification number (PIN). The key may be camouflaged by modifying and encrypting the modified key under the PIN. The key may be configured as a symmetric key, a secret, a seed, and a controlled datum. The cardstring may be an EMV cardstring; and the key may be a UDKA or UDKB. The cardstring may be an OTP cardstring, and the key may be a secret configurable to generate one of a HOTP, a TOTP, and a counter-based OTP.

Abstract: Provided herein are systems and methods for using rhythm to provide user authentication. Use of the systems and methods herein include converting rhythm information associated with (e.g., input by) an authorized user to a first vector that includes a representation of the rhythm information. An access attempt is then made on the computing system whereupon additional rhythm information associated with the access attempt is received and converted into to a second vector. The first vector is then compared to the second vector to determine if the access attempt is allowed.

Abstract: A system and method is provided for generating a one-time passcode (OTP) from a user device. The method includes providing a passcode application and a cardstring defined by a provider account to the user device. The passcode application is configured to generate a passcode configured as a user OTP for the provider account, using the cardstring. The cardstring is defined by at least one key camouflaged with a personal identification number (PIN). The key may be camouflaged by modifying and encrypting the modified key under the PIN. The key may be configured as a symmetric key, a secret, a seed, and a controlled datum. The cardstring may be an EMV cardstring; and the key may be a UDKA or UDKB. The cardstring may be an OTP cardstring, and the key may be a secret configurable to generate one of a HOTP, a TOTP, and a counter-based OTP.

Abstract: A confidential datum, such as a private key used in public key signature systems, is secured in a digital wallet using a “generation camouflaging” technique. With this technique, the private key is not necessarily stored in the digital wallet, not even in an encrypted form. Instead, the wallet contains a private key generation function that reproduces the correct private key when the user inputs his or her pre-selected PIN. If the user inputs an incorrect PIN, an incorrect private key is outputted. Such private key can be configured so that it cannot be readily distinguished from the correct private key through the use of private key formatting, and/or the use of pseudo-public keys corresponding to the private key. The techniques described herein are also applicable to other forms of regeneratable confidential data besides private keys.

Abstract: A method is provided for generating a human readable passcode to an authorized user including providing a control access datum and a PIN, and generating a unique machine identifier for the user machine. The method further includes modifying the controlled access datum, encrypting the controlled access datum using the PIN and/or a unique machine identifier to camouflage the datum, and generating a passcode using the camouflaged datum and the PIN and/or the unique machine identifier. A mobile user device may be used to execute the method in one embodiment. The passcode may be used to obtain transaction authorization and/or access to a secured system or secured data. The unique machine identifier may be defined by a machine effective speed calibration derived from information collected from and unique to the user machine.