Abstract: Techniques are described for managing master keys for token requestors to use in generating cryptograms such as TAVVs. A processor computer generates a first master key for a token requestor, the first master key being generated based on (a) a second master key managed by the processor computer and (b) an identifier of the token requestor. The processor computer transmits, to a token requestor computer corresponding to the token requestor, the first master key. The processor computer receives, from the token requestor computer, a request for a token. Responsive to receiving the request for the token, the processor computer transmits the token to the token requestor computer; and receives, from the token requestor computer, an authorization request message comprising the token and a cryptogram generated by the token requestor computer using the first master key and the token.

Abstract: Embodiments of the present invention relate to systems and methods that allow users to use their communication devices to perform transactions (e.g., payment transactions, access transactions, etc.). To complete a transaction, a resource provider electronically generates a code representing transaction data and displays it on an access device. The user scans the code with his or her communication device using a camera associated with the communication device, for example. The code is interpreted by an application on the communication device. The user may request and receive a token at the communication device corresponding to sensitive information selected to perform the transaction (e.g., a primary account number). The user may then provide the token and the transaction data via the communication device to a server computer, which may facilitate completion of the transaction between the user and the resource provider using the transaction data and the token.

Abstract: A method includes receiving, by a universal authentication application from a resource provider computer, a user credential verification request message comprising a user identifier, server computer data, and interaction data for an interaction. The universal authentication application transmits the user credential verification request message to a browser that invokes the authenticator to verify biometric information of a user. The universal authentication application receives a user credential verification response message from the authenticator. The user credential verification response message includes signed interaction data. The universal authentication application sends the user credential verification response message to the resource provider computer. The resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers.

Abstract: Embodiments of the invention are directed to systems and methods of securely transmitting account credentials, such as a token. A user device and application can initially select an account, and then obtain a transaction identifier associated with the account. The user device can provide the transaction identifier to a resource provider, which can then directly exchange the transaction identifier for the account credentials.

Abstract: Embodiments of the invention are directed to systems and methods that enable authentication of a user via an authentication application that is different than a wallet application that is being used to process a transaction. The wallet application may contain payment devices and/additional wallet applications.

Abstract: Embodiments of the invention are directed to systems and methods of securely transmitting account credentials, such as a token. A user device and application can initially select an account, and then obtain a transaction identifier associated with the account. The user device can provide the transaction identifier to a resource provider, which can then directly exchange the transaction identifier for the account credentials.

Abstract: Embodiments of the invention are directed to systems and methods for authenticating a user device using an authenticating device that has previously been associated with a user and/or a credential. The user may initiate a transaction at the user device. An authenticating device associated with the transaction may be sent an authentication request corresponding to the user device. The user may indicate whether or not the user device is authenticated utilizing the authenticating device. If the user device is authenticated, the transaction may proceed. If the user device is not authenticated the transaction may be rejected.

Abstract: Embodiments of the invention are directed to systems and methods that enable authentication of a user via an authentication application that is different than a wallet application that is being used to process a transaction. The wallet application may contain payment devices and/additional wallet applications.

Abstract: During a transaction, a user may wish to determine if there are benefits available to the user, which may be applicable to the transaction with a resource provider. An application on the user device receives and transmits a resource provider identifier of the resource provider to a server computer. The server computer may identify a remote processor associated with the resource provider, and communicate with the remote processor to identify one or more benefits applicable to the transaction. The server computer may send the applicable benefit(s) to the application on the user device. The user may select one or more of the applicable benefits, and transmit the selection to the server computer, which may initiate processing of the transaction in view of the selected benefits.

Abstract: Embodiments of the present invention relate to systems and methods that allow users to use their communication devices to perform transactions (e.g., payment transactions, access transactions, etc.). To complete a transaction, a resource provider electronically generates a code representing transaction data and displays it on an access device. The user scans the code with his or her communication device using a camera associated with the communication device, for example. The code is interpreted by an application on the communication device. The user may request and receive a token at the communication device corresponding to sensitive information selected to perform the transaction (e.g., a primary account number). The user may then provide the token and the transaction data via the communication device to a server computer, which may facilitate completion of the transaction between the user and the resource provider using the transaction data and the token.

Abstract: Embodiments of the present invention relate to systems and methods that allow users to use their communication devices to perform transactions (e.g., payment transactions, access transactions, etc.). To complete a transaction, a resource provider electronically generates a code representing transaction data and displays it on an access device. The user scans the code with his or her communication device using a camera associated with the communication device, for example. The code is interpreted by an application on the communication device. The user may request and receive a token at the communication device corresponding to sensitive information selected to perform the transaction (e.g., a primary account number). The user may then provide the token and the transaction data via the communication device to a server computer, which may facilitate completion of the transaction between the user and the resource provider using the transaction data and the token.

Abstract: Embodiments of the invention are directed to systems and methods of providing secure remote transaction (SRT) transactions. In some embodiments, upon selection of a checkout element, a user may be identified with respect to a transaction to be completed. A number of accounts may then be identified in relation to that user. Upon selection of a particular account, the user may be authenticated using a facilitator application installed on a mobile computing device that supports authentication for the selected account. In some embodiments, the system may involve the use of a transaction-specific token generated upon receiving an authentication indicator from the facilitator application.

Abstract: Techniques are described for managing master keys for token requestors to use in generating cryptograms such as TAVVs. A processor computer generates a first master key for a token requestor, the first master key being generated based on (a) a second master key managed by the processor computer and (b) an identifier of the token requestor. The processor computer transmits, to a token requestor computer corresponding to the token requestor, the first master key. The processor computer receives, from the token requestor computer, a request for a token. Responsive to receiving the request for the token, the processor computer transmits the token to the token requestor computer; and receives, from the token requestor computer, an authorization request message comprising the token and a cryptogram generated by the token requestor computer using the first master key and the token.

Abstract: According to some embodiments of the invention, an authentication method is provided1. Transaction data for a transaction is received at a communication device from an access device or a resource provider. The transaction data comprises a location of the access device. A location of the communication device is determined by the communication device. It is determined whether a distance between the location of the access device and the location of the communication device is within a predetermined threshold. The transaction is not authorized if the distance between the location of the access device and the location of the communication device is not within a predetermined threshold.

Abstract: According to some embodiments of the invention, an authentication method is provided. Transaction data for a transaction is received at a communication device from an access device or a resource provider. The transaction data comprises a location of the access device. A location of the communication device is determined by the communication device. It is determined whether a distance between the location of the access device and the location of the communication device is within a predetermined threshold. The transaction is not authorized if the distance between the location of the access device and the location of the communication device is not within a predetermined threshold.

Abstract: Techniques for provisioning access data may include receiving, by a first application installed on a communication device, user input selecting an account to provision to a second application installed on the communication device. The first application may invoke the second application and send a session identifier (ID) to the second application. The second application may send a user ID associated with the second application, a device ID, and the session ID to the first application. The first application may then generate encrypted provisioning request data and send the encrypted provisioning request data to the second application. The second application may send the encrypted provisioning request data to a remote server computer to request access data that can be used to access a resource. The second application may receive the access data provided by the remote server computer based on validation of the encrypted provisioning request data.

Abstract: Embodiments of the invention are directed to methods, systems and devices for providing sensitive user data to a mobile device using an encryption key. For example, a mobile application on a mobile device may receive encrypted sensitive user data from a mobile application server, where the user sensitive data is encrypted with a key from a token server computer. The mobile application may then request that the encrypted payment information be sent to the token server. The mobile device may then receive a payment token associated with the payment information from the token server.

Abstract: Embodiments of the invention are directed to systems and methods of providing secure remote transaction (SRT) transactions. In some embodiments, a resource provider is able to embed a checkout element into a webpage that it hosts. The checkout element enables interaction between a user that has accessed the webpage and an initiator application server located remotely in order to complete a transaction while preventing the resource provider from gaining access to sensitive information. In some embodiments, the user's information may be determined by an initiator server and populated into the checkout element.

Abstract: Techniques herein describe a method comprising: receiving, at an service provider computer, a resource provider account identifier maintained by an account entity from a resource provider device, the resource provider account identifier being associated with a resource provider; determining, by the service provider computer, if one or more processing networks are capable of processing transactions with the account entity; determining, by the service provider computer, that at least two processing networks of the one or more processing networks is capable of processing transactions with the account entity; and transmitting, by the service provider computer, a resource provider code to at least one of the at least two processing networks, wherein the resource provider code can be used by the least two processing networks to process transactions with the account entity.

Abstract: Embodiments of the invention are directed to methods, systems and devices for providing sensitive user data to a mobile device using an encryption key. For example, a mobile application on a mobile device may receive encrypted sensitive user data from a mobile application server, where the user sensitive data is encrypted with a key from a token server computer. The mobile application may then request that the encrypted payment information be sent to the token server. The mobile device may then receive a payment token associated with the payment information from the token server.