Abstract: Systems and methods for authentication may include an authentication system. The authentication system may include a processor and a memory. The memory may contain a unique identifier, a counter, a session key, and a PAN sequence number. The processor may be configured to receive an authentication request. The processor may be configured to generate, in response to the authentication request, a virtual card number and a dynamic security code based on mapping with a plurality of parameters of a cryptogram including at least one selected from the group of the unique identifier, the counter, the session key, and the PAN sequence number. The processor may be configured to transmit the virtual card number and the dynamic security code to complete the authentication request.

Abstract: A system for authenticating a user with a mobile device comprising a memory storing instructions, and a processor in communication with a network. The processor may be configured to execute the stored instructions to receive, from a mobile device, an authentication request; obtain, from a database, a permanent identifier associated with a transaction card; generate a temporary identifier associated with the transaction card; generate an expected value by encrypting the permanent identifier and the temporary identifier; verify the expected value against an encrypted value received from the mobile device; and transmit an authorization command to the mobile device.

Abstract: Disclosed herein are system, method, and computer program product embodiments for signing a document by generating a hash value using a smart card. The smart card can receive from a computing device a first hash value generated for the document based on a first hash function, determine a private key based on a private key information stored on the smart card, sign the first hash value by generating a second hash value based on the first hash value using a second hash function and the private key. The second hash value is to authenticate that the second hash value is generated by the smart card based on the first hash value and the private key. The smart card can further assemble a signature package including the second hash value, and transmit the signature package to the computing device.

Abstract: In some embodiments, the present disclosure provides an exemplary method that may include steps of determining an identity of at least one user of a plurality of users based on a multi-factor authentication; utilizing an identity tokenizer to generate at least one temporary identity token associated with the identity of the user; transmitting the at least one temporary identity token to an external computing device for authentication; receiving an authenticated digital token from the external computing device; automatically utilizing the authenticated digital token to retrieve a plurality of data items of an account information; utilizing a security module to link the authenticated digital token and the plurality of data items; generating a unique-universal identifier associated with the security module and the authenticated digital token; and utilizing the unique-universal identifier and the security module associated with the authenticated digital token.

Abstract: Methods and systems for personalizing contactless cards are provided. An exemplary method includes: preinstalling, by a server, an applet on the contactless card; assigning, by the server, a first unique identifier to the contactless card; pre-provisioning, by the server, a first unique derived key to the contactless card; generating, by the server a first nonce; generating, by the server, a data file containing script for updating the contactless card and further containing a message authentication code (MAC); transmitting, by the server, the data file and the first nonce to the contactless card; validating, by the contactless card, the MAC based on the first unique derived key and the first nonce; and personalizing the contactless card by the preinstalled applet executing the script.

Abstract: Systems and methods of the present disclosure enable improved cryptographic security using an integrated circuit of a short range wireless card. The integrated circuit receives, via a short range wireless signal, from a user device, a bearer token request including an identifier that identifies a user, the user device or both. The integrated circuit determines a cryptographic key and uses a time keeping circuit to generate a time value indicative of a window of time for which a bearer token is to be valid. The integrated circuit uses a cryptographic hash to produce the bearer token based on: the identifier, the time value and the cryptographic key. The integrated circuit transmits, via a return short range wireless signal to the user device, the bearer token to enable authentication of the user upon the bearer token being equivalent to a comparison token within the time window.

Abstract: Systems and methods of identification-based payment instruments is provided. An exemplary system includes a computer server including a memory and a processor. The server is configured to receive at least one digital certificate as an universal identification of a user, associate the at least one digital certificate with at least one payment instrument of the user, generate a public key and a private key pairing with the public key, the public key and the private key being associated with the at least one payment instrument, incorporate the public key into the digital certificate, and transmit the private key to a user device associated with the user.

Abstract: Systems and methods of validating transactions are provided. An exemplary system includes a server including a memory and a processor. The server is configured to: receive from an entity a transaction validation request of validating a transaction; validate the transaction; generate a logging record of the transaction validation; cryptographically hash the logging record to create a hashed logging record; digitally sign the hashed logging record using a key to create a signed hashed logging record; and transmit the signed hashed logging record to a computer device.

Abstract: Disclosed embodiments include aspects that relate to authentication of contactless interactions. Identifying information can be provided from multiple sources. A chip-embedded card can be registered to an individual and include identifying information associated with the information. During a contactless transaction, identifying information can be acquired. An individual's identity can be validated based on identifying information. A chip-embedded card can be read by a card reader at a particular location providing physical presence information. In one instance, identifying information from the chip-embedded card can be compared to other identifying information to determine whether there is a match or mismatch. A confidence score can be computed based on the amount and type of information provided. An individual's identity can be validated when the confidence score satisfies a threshold.

Abstract: Logic may provide enforce a rate limit for product offers and generate a product token associated for product authentication. Logic may determine a rate limit associated with the product based on an identity of the consumer in a cryptogram for a transaction. Logic may compare the rate limit with a quantity of purchases of the product with a payment instrument provided for payment for the transaction, the rate limit to limit purchases of the product via the payment instrument or by the consumer associated with the payment instrument. Logic may approve the transaction based on comparison of the rate limit in response to the rate limit being greater than purchases of the product. Logic may create a product token via the cryptogram, the product token encoded via the cryptogram, the product token to uniquely identify the product and logic may cause transmission of the product token to the consumer.

Abstract: Systems and methods for generating a shared secret key for a transaction card are provided. An exemplary system can include: a transaction card including a card private key and a card public key derived from the card private key; a server including a server private key and a server public key derived from the server private key; and a user device. The user device can be configured to: open a communication field, read the card public key, transmit the card public key to the server, wherein the server generates a shared secret key from the card public key and the server private key, receive the server public key from the server, and transmit the server public key to the transaction card, wherein the card generates the same shared secret key from the server public key and the card private key.

Abstract: Methods and systems are described herein for using cryptographic tokens that represent real-world items to enable those items to be used in different virtual worlds (e.g., game worlds). In particular, an object retrieval system may be used to retrieve a cryptographic token that encodes parameter data for an object to be used (e.g., displayed) within a plurality of computing platforms. The object retrieval system may determine (e.g., using a cryptographic signature) that the user is allowed to use the object and may then generate a set of parameters for representing the object with the particular computing platform requesting the object. The object retrieval system may then transmit the parameters to the requesting platform. The object retrieval system may perform the same operations for requests from other platforms, such that the object retrieval system may uniquely encode the parameters for the particular platforms.

Abstract: Described herein are techniques a systems for maintaining a system of record for one or more contactless cards. A computing apparatus is configured to generate a first unique identifier for a contactless card associated with a user account. The apparatus is further caused to generate a message to update a database with a new database entry, the message including the first unique identifier and identity information for the user account. Next, the apparatus is caused to send the message to the database to add the new entry therein, each entry in the database including a recorded unique identifier associated with a corresponding contactless card, each contactless card being associated with one of a plurality of user accounts. The apparatus is further caused to send the first unique identifier to a personalization server to store the first unique identifier in a memory of the first contactless card.

Abstract: A system and method are described that enables mobile devices (e.g. including but not limited to a mobile phone or the like), to intercept and respond to contactless card authentication requests, allowing mobile devices to be used in place of contactless cards. Enabling mobile phone devices to emulate contactless cards decreases issues related to lost or damaged cards, enabling a single device to be used to provide tokens related to multiple different contactless cards, and leverages functionality of the mobile device to provide dual-factor authentication.

Abstract: Example embodiments of systems and methods for data transmission in a contactless card are provided. The contactless card may include a processor, and a memory. The memory may contain a first applet, a second applet, and a plurality of keys. The first applet and the second applet may be stored within a shared security domain. The second applet may be configured to communicate with the first applet to perform one or more cryptographic services. The second applet may be configured to transmit one or more requests to the first applet to encode one or more payload strings based on the plurality of keys to perform the one or more cryptographic services. The first applet may be configured to perform the one or more cryptographic services on behalf of the second applet based on the one or more requests.

Abstract: A device may receive a VCN generation request comprising a primary account number (PAN) and an approved URL. A device may generate a VCN based on the PAN, the VCN being associated with the approved URL. A device may receive a VCN use request from an external entity, the VCN use request comprising the VCN. A device may receive a use request URL associated with the VCN use request. A device may compare the use request URL to the approved URL. A device may provide a VCN use decision based on the comparing the use request URL to the approved URL, the VCN use decision including a VCN use authorization or a VCN use denial.

Abstract: A procedure for modifying a user interface may include causing a first application on a user device to monitor an electronic session of a second application on the user device. The first application may determine a characteristic of the electronic session, query an API using the determined characteristic for a relevant single-application code, and receive a response back from the API. The first application may detect an activation of a user interface element associated with completing an interaction on the electronic session. In response to the detection, the first application may interrupt a response of the second application to the activation. During the interruption, the first application may modify the interaction, e.g., by injecting execution of the single-application code into the second application, and then cause the response of the second application to resume with the modified interaction.

Abstract: Systems and methods for authentication may include an authentication server. The authentication server may include a processor and a memory. The processor may be configured to transmit an authentication request. The processor may be configured to receive a first response that is responsive to the authentication request, the first response comprising a first cryptogram. The processor may be configured to generate a first challenge based on the first response. The processor may be configured to encrypt the first challenge with a symmetric key. The processor may be configured to transmit the first challenge receive a second response that is responsive to the first challenge, the second response comprising a second cryptogram. The processor may be configured to authenticate the second response.

Abstract: The proposed system and method is directed at a system for generating a GPU-based mobile device signature to enhance the strength of a OTP card authentication signal. The proposed implementation leverages the NFC read capability of contactless OTP cards and WebGL image rendering functionality of mobile browser. An image, or a URL pointing to one, is received, via NFC transmission from a contactless card, for processing by a mobile browser. The output of the mobile browser image processing buffer (WebGL can then be hashed and used as a device identifier for the specific mobile device performing electronic authentication of a transmission source (Read by verifying, with high degree of certainty, the identity of the reading mobile device.

Abstract: Disclosed herein are systems and methods to perform card functions in a computer environment. In some embodiments, a switchboard node is provided. The switchboard node receives a request to establish a validation session. The validation session is established and encrypted data from a contactless card is validated by a validator. Once the encrypted data is validated, the switchboard node requests that an issuer server completes a requested function. The issuer completes a portion of the function and then encrypts a message to a merchant indicating to the merchant that the function is complete. The encrypted message is received and decrypted by the merchant and the merchant completes the remainder of the function in communication with a user device.