Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include encrypting account information with a first encryption key to generate a second encryption key, and encrypting key index information using the second key to generate a limited-use key (LUK). The key index information may include a key index having information pertaining to generation of the LUK. The LUK and the key index can be provided to the communication device to facilitate generation of a transaction cryptogram for a transaction conducted using the communication device, and the transaction can be authorized based on the transaction cryptogram generated from the LUK.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device comprising a server computer receiving a payment request including encrypted payment information. The encrypted payment information being generated by a mobile payment application of the mobile device and being encrypted using a third party key. The method further comprises decrypting the encrypted payment information using the third party key, determining a transaction processor public key associated with the payment information, and re-encrypting the payment information using the transaction processor public key. The method further comprises sending a payment response including the re-encrypted payment information to a transaction processor.

Abstract: A merchant computer generates a token including a “pay-me” merchant account identifier and transaction data for a transaction conducted by a consumer. The merchant token can be obtained by a mobile communication device and transmitted to a payment processing network along with a device identifier for the mobile communication device and an authentication token provided by the consumer. The payment processing network can authenticate the device using the authentication token, retrieve a consumer account number based on the device identifier, and complete the transaction by pushing money into the merchant “pay-me” account from the consumer account.

Abstract: Systems and methods for interoperable network token processing are provided. A network token system provides a platform that can be leveraged by external entities (e.g., third party wallets, e-commerce merchants, payment enablers/payment service providers, etc.) or internal payment processing network systems that have the need to use the tokens to facilitate payment transactions. A token registry vault can provide interfaces for various token requestors (e.g., mobile device, issuers, merchants, mobile wallet providers, etc.), merchants, acquirers, issuers, and payment processing network systems to request generation, use and management of tokens. The network token system further provides services such as card registration, token generation, token issuance, token authentication and activation, token exchange, and token life-cycle management.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device. The method comprises receiving, by a mobile payment application on a secure memory of the mobile device, transaction data from a transaction processor application on the mobile device. The method further comprises validating that the transaction processor application is authentic and in response to validating the transaction processor application, providing encrypted payment credentials to the transaction processor application. The transaction processor application further initiates a payment transaction with a transaction processor server computer using the encrypted payment credentials.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device comprising a server computer receiving a payment request including encrypted payment information. The encrypted payment information being generated by a mobile payment application of the mobile device and being encrypted using a third party key. The method further comprises decrypting the encrypted payment information using the third party key, determining a transaction processor public key associated with the payment information, and re-encrypting the payment information using the transaction processor public key. The method further comprises sending a payment response including the re-encrypted payment information to a transaction processor.

Abstract: A semiconductor structure that includes a resistor that is located within an interconnect dielectric material layer of an interconnect level is provided. The resistor includes a diffusion barrier material that is present at a bottom of a feature that is located in the interconnect dielectric material layer. In some embodiments, the resistor has a topmost surface that is located entirely beneath a topmost surface of the interconnect dielectric material layer. In such an embodiment, the resistor is provided by removing sidewall portions of a diffusion barrier liner that surrounds a metal-containing structure. The removal of the sidewall portions of the diffusion barrier liner reduces the parasitic noise that is contributed to the sidewall portions of a resistor that includes such a diffusion barrier liner. Improved precision can also be obtained since sidewall portions may have a high thickness variation which may adversely affect the resistor's precision.

Abstract: Systems and methods for interoperable network token processing are provided. A network token system provides a platform that can be leveraged by external entities (e.g., third party wallets, e-commerce merchants, payment enablers/payment service providers, etc.) or internal payment processing network systems that have the need to use the tokens to facilitate payment transactions. A token registry vault can provide interfaces for various token requestors (e.g., mobile device, issuers, merchants, mobile wallet providers, etc.), merchants, acquirers, issuers, and payment processing network systems to request generation, use and management of tokens. The network token system further provides services such as card registration, token generation, token issuance, token authentication and activation, token exchange, and token life-cycle management.

Abstract: A merchant computer generates a token including a “pay-me” merchant account identifier and transaction data for a transaction conducted by a consumer. The merchant token can be obtained by a mobile communication device and transmitted to a payment processing network along with a device identifier for the mobile communication device and an authentication token provided by the consumer. The payment processing network can authenticate the device using the authentication token, retrieve a consumer account number based on the device identifier, and complete the transaction by pushing money into the merchant “pay-me” account from the consumer account.

Abstract: Client devices can send access request messages to resource management computers to request access to a resource. A data security hub can provide centralized routing between different client devices, resource management computers, and authentication data processing servers. The data security hub can reduce the risk of sensitive authentication information from leaking (e.g., due to a breach) by limiting the amount or types of authentication information distributed to the data processing servers. The data security hub can limited the authentication information being distributed based on its sensitivity, the trust level of the client device, and the security level of the requested resource. The data security hub can also evaluate the client devices and data processing servers to identify security breaches and can cancel or reroute access requests accordingly Thus, the data security hub can maintain resource security while better preserving the privacy of the client device's authentication information.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for obtaining authorization for a plurality of split shipments associated with a single order. In particular, embodiments of the present invention allow a merchant to submit a separate split shipment authorization request for each of the plurality of split shipments. The split shipments authorization requests are linked to the original order using verifiable linking data. The linking data may be extracted from a previous (e.g., initial) split shipment authorization request and/or a previous (e.g., initial) split shipment authorization request. The linking data may be validated by an authorizing entity (e.g., a payment processing network computer or an issuer computer) to ensure validity of a split shipment authorization request. Additionally, the split shipment authorization requests may be validated using one or more predefined split shipment rules.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for obtaining authorization for a plurality of split shipments associated with a single order. In particular, embodiments of the present invention allow a merchant to submit a separate split shipment authorization request for each of the plurality of split shipments. The split shipments authorization requests are linked to the original order using verifiable linking data. The linking data may be extracted from a previous (e.g., initial) split shipment authorization request and/or a previous (e.g., initial) split shipment authorization request. The linking data may be validated by an authorizing entity (e.g., a payment processing network computer or an issuer computer) to ensure validity of a split shipment authorization request. Additionally, the split shipment authorization requests may be validated using one or more predefined split shipment rules.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device comprising a server computer receiving a payment request including encrypted payment information. The encrypted payment information being generated by a mobile payment application of the mobile device and being encrypted using a third party key. The method further comprises decrypting the encrypted payment information using the third party key, determining a transaction processor public key associated with the payment information, and re-encrypting the payment information using the transaction processor public key. The method further comprises sending a payment response including the re-encrypted payment information to a transaction processor.

Abstract: Embodiments are described that are directed to optimizing the provisioning of payment account credentials to mobile devices utilizing mobile wallets. In some embodiments, one of multiple provisioning schemes may be selectively chosen for payment account credential provisioning based upon a determined risk involved with a particular provisioning request. A low risk provisioning request leads to an immediate provisioning of a payment credential, whereas a provisioning request of high risk results in the provisioning request being denied. In some embodiments, medium risk provisioning requests will cause an additional user authentication to be performed before the payment account provisioning is finalized. The additional user authentication may occur using a separate communication channel than the channel in which the provisioning request was received.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device comprising a server computer receiving a payment request including encrypted payment information. The encrypted payment information being generated by a mobile payment application of the mobile device and being encrypted using a third party key. The method further comprises decrypting the encrypted payment information using the third party key, determining a transaction processor public key associated with the payment information, and re-encrypting the payment information using the transaction processor public key. The method further comprises sending a payment response including the re-encrypted payment information to a transaction processor.

Abstract: Systems, apparatuses, and methods are provided for enabling a transaction using a token associated with a first payment network to be conducted using a second payment network. When a transaction using a token is submitted to a payment network, the payment network can determine the payment network associated with the token. If the token is associated with a second payment network, a token verification request including the token can be sent to the second payment network. The second payment network can then return a token verification response including a primary account identifier such as a primary account number (PAN) corresponding to the token and a validation result. The transaction may then be processed using the primary account identifier.

Abstract: Embodiments are described that are directed to optimizing the provisioning of payment account credentials to mobile devices utilizing mobile wallets. In some embodiments, one of multiple provisioning schemes may be selectively chosen for payment account credential provisioning based upon a determined risk involved with a particular provisioning request. A low risk provisioning request leads to an immediate provisioning of a payment credential, whereas a provisioning request of high risk results in the provisioning request being denied. In some embodiments, medium risk provisioning requests will cause an additional user authentication to be performed before the payment account provisioning is finalized. The additional user authentication may occur using a separate communication channel than the channel in which the provisioning request was received.

Abstract: Methods are provided for enabling a transaction using a token associated with a first payment network to be conducted using a second payment network. When a transaction using a token is submitted to a payment network, the payment network can determine the payment network associated with the token. If the token is associated with a second payment network, a token verification request including the token can be sent to the second payment network. The second payment network can then return a token verification response including a primary account identifier such as a primary account number (PAN) corresponding to the token and a validation result. The transaction may then be processed using the primary account identifier.

Abstract: Embodiments of the present invention are directed to methods, systems, and apparatuses for provisioning account information to a mobile device. In one embodiment, following the provisioning of account information to a first mobile device of a user, a second mobile device of the user may be provisioned without requiring the user to provide account information for the provisioned accounts. In another embodiment, provisioned account information may be stored to a remote database, and subsequently restored to a previously provisioned mobile device or provisioned to a new mobile device.

Abstract: A semiconductor structure that includes a resistor that is located within an interconnect dielectric material layer of an interconnect level is provided. The resistor includes a diffusion barrier material that is present at a bottom of a feature that is located in the interconnect dielectric material layer. In some embodiments, the resistor has a topmost surface that is located entirely beneath a topmost surface of the interconnect dielectric material layer. In such an embodiment, the resistor is provided by removing sidewall portions of a diffusion barrier liner that surrounds a metal-containing structure. The removal of the sidewall portions of the diffusion barrier liner reduces the parasitic noise that is contributed to the sidewall portions of a resistor that includes such a diffusion barrier liner. Improved precision can also be obtained since sidewall portions may have a high thickness variation which may adversely affect the resistor's precision.