Abstract: Various embodiments for sending a cryptogram to a point of sale terminal while disconnected from a network. In some embodiments, for example, a computing device that is configured to display a prompt for a selection of a transaction account. An encrypted session key is retrieved through a network in response to determining a number of session keys associated with the transaction account is below a threshold. The computing device is also configured to generate a session key based at least in part on decrypting the encrypted session key using an encryption key and establish a wireless connection with a point of sale terminal for a purchase. A cryptogram is generated from the session key based at least in part on the user device being disconnected from the network. The cryptogram is sent to the point of sale terminal.

Abstract: Systems, methods, and articles of manufacture for secured account provisioning and payments using user computing devices are provided. One such method comprises receiving, by a user computing device, a payment request from a point of sale terminal; obtaining, by the user computing device, a storage encryption (ENC) key based on at least a device fingerprint of the user computing device and a storage root key; obtaining, by the user computing device, an encrypted account payload from a secure database of the user computing device; decrypting, by the user computing device, the encrypted account payload using the storage ENC key, wherein the decrypted account payload includes a payment credential; and transmitting, by the user computing device, the payment credential to the point-of-sale terminal.

Abstract: A system for using loyalty rewards accounts in a digital wallet may generate a mapping comprising an account mapped to a wallet token number and an indicator with the mapping stored in a database on a network of servers. The indicator may indicate an account type, and the wallet token number may be transmitted to a user device. The system may also receive a transaction request including a received wallet token number and a received indicator The indicator may be matched to the received indicator to determine the received wallet token number is associated with the account type (e.g., a loyalty rewards account). The system may route the transaction request to a loyalty settlement process in response to the account type being a loyalty rewards account.

Abstract: Systems, methods, and articles of manufacture for secured account provisioning and payments using user computing devices are provided. One such method comprises obtaining an account payload by the user computing device, wherein the account payload comprises a payment credential associated with a transaction account of a user of the user computing device; generating a storage encryption (ENC) key and a storage message authentication code (MAC) key based on at least a device fingerprint of the user computing device and a storage root key; encrypting, the account payload with the storage ENC key to form an encrypted account payload; generating a digital signature of the encrypted account payload using the storage MAC key; and storing the encrypted account payload and the digital signature in a secured database of the user computing device.

Abstract: A system for using loyalty rewards accounts in a digital wallet may add a loyalty rewards account as a payment medium to a digital wallet application by transmitting a token that identifies the loyalty rewards account to the digital wallet application, wherein the token includes an alias account identifier that is mapped to the loyalty rewards account; and transmitting a transaction request for the transaction, wherein the transaction request includes the token that identifies the loyalty rewards account as the payment medium for the transaction, wherein the token further includes an indicator that specifies an account type for the loyalty rewards account and is configured for routing the transaction request to the loyalty settlement process during settlement processing.

Abstract: Disclosed are various embodiments for executing entity-specific cryptographic code in a cryptographic coprocessor. In one embodiment, an exemplary method comprises receiving encrypted code that includes implementing a cryptographic algorithm from a service via a network, wherein the encrypted code further includes a symmetric encryption key; decrypting, by a cryptographic coprocessor, the encrypted code; executing, by the cryptographic coprocessor, the decrypted code to generate a cryptogram including information encrypted using the cryptographic algorithm and the symmetric encryption key; and sending the cryptogram to the service via the network.

Abstract: Disclosed are various embodiments for securely conducting online in-application purchases. In one example, among others, a system comprises a computing device that is configured to identify a purchase request from a merchant application executed on the computing device and authenticate an account with a wallet provider based at least in part on a selection of the account. The computing device is configured to receive an instruction from the wallet provider to execute a security library and determine that the computing device is secure by executing a security library. The execution of the security library generates a device response for the wallet provider. A security code is determined data received from the wallet provider. A token is transmitted for the purchase request to the wallet provider based at least in part on the security code.

Abstract: The system comprises approving a credit application during a single http session, transmitting an encoded secure token to a web-client participating in the http session, receiving from the mobile communications device the secure token, and transmitting the transaction account data to the mobile communications device, in response to the receiving the secure token. The system may further comprise the mobile communications device decoding the secure token.

Abstract: A system may identify a purchase transaction request from a merchant application and generate an in-app payment cryptogram for the purchase transaction request based on a limited use payment credential (LUPC). The in-app payment cryptogram may be provided to the merchant application. The merchant application may transmit the in-app payment cryptogram to a merchant computing device. A request may be received from a payment network to update the LUPC. A security library may be executed to determine that the client device is secure. The execution of the security library may generate a device attestation response, and the device attestation response is transmitted to the payment network. An updated LUPC may be received from the payment network.

Abstract: The system comprises approving a credit application during a single http session, transmitting an encoded secure token to a web-client participating in the http session, receiving from the mobile communications device the secure token, and transmitting the transaction account data to the mobile communications device, in response to the receiving the secure token. The system may further comprise the mobile communications device decoding the secure token.

Abstract: A system, method, and computer readable medium (collectively, the “system”) are provided. The system may include a processor configured to perform operations and/or steps comprising receiving a selection of a transaction account to be used as payment for a transaction; and transmitting a wireless signal carrying emulated track data for payment of the transaction, wherein the emulated track data emulates data in tracks of a magnetic card and includes alias transaction account data in place of actual transaction account data.

Abstract: Disclosed are various embodiments for executing entity-specific cryptographic code in a cryptographic coprocessor. In one embodiment, an exemplary method comprises receiving encrypted code that includes implementing a cryptographic algorithm from a service via a network, wherein the encrypted code further includes a symmetric encryption key; decrypting, by a cryptographic coprocessor, the encrypted code; executing, by the cryptographic coprocessor, the decrypted code to generate a cryptogram including information encrypted using the cryptographic algorithm and the symmetric encryption key; and sending the cryptogram to the service via the network.

Abstract: A system, method, and computer readable medium (collectively, the “system”) are provided. The system may include a processor configured to perform operations and/or steps comprising receiving a wireless signal from a transaction device, wherein the wireless signal carries emulated track data for payment of a transaction; reading the emulated track data from the wireless signal; generating a transaction payload, wherein the transaction payload contains transaction account data and a dynamically generated digital signature value from the emulated track data of the wireless signal; transmitting the transaction payload to an authorization network server; receiving an authorization instruction from the authorization network server for handling payment of the transaction; and processing the payment of the transaction in accordance with the authorization instruction.

Abstract: Disclosed are various embodiments for executing entity-specific cryptographic code in a cryptographic coprocessor. In one embodiment, encrypted code implementing a cryptographic algorithm is received from a service via a network. The cryptographic coprocessor decrypts the encrypted code. The cryptographic coprocessor executes the decrypted code to generate a cryptogram including information encrypted using the cryptographic algorithm. The cryptogram is sent to the service via the network.

Abstract: Systems, methods, and articles of manufacture for secured account provisioning and payments using user computing devices are provided. One such method comprises obtaining an account payload by the user computing device, wherein the account payload comprises a payment credential associated with a transaction account of a user of the user computing device; generating a storage encryption (ENC) key and a storage message authentication code (MAC) key based on at least a device fingerprint of the user computing device and a storage root key; encrypting, the account payload with the storage ENC key to form an encrypted account payload; generating a digital signature of the encrypted account payload using the storage MAC key; and storing the encrypted account payload and the digital signature in a secured database of the user computing device.

Abstract: Systems, methods, and articles of manufacture for secured account provisioning and payments using near-field communication (NFC) enabled devices are provided. The system may receive an encrypted account provisioning request comprising a provisioning account and a device fingerprint; decrypt the encrypted account provisioning request with a server root key; retrieve a limited use payment credential (LUPC) based on the provisioning account; generate an ENC key, a MAC key, and a DEK key based on the device fingerprint and the server root key; and encrypt the LUPC using the ENC key, the MAC key, and the DEK key to generate an encrypted account payload.

Abstract: A system is configured for detecting a point of sale, receiving a personal identification number (PIN), generating a PIN based key using a message digest of the PIN, decrypting a data encryption key (DEK) using the PIN based key, and generating a DEK based dynamic key using the PIN based key. The system may also decrypt a session key using the DEK based dynamic key, generate a cryptogram from the session key, and send the cryptogram to the point of sale.

Abstract: A system may receive a transaction request from a user device, and request an in-app cryptogram from a network software development kit (SDK) on the user device. The in-app cryptogram may include an unpredictable number, an application transaction counter (ATC), and a card verification result (CVR), and the ATC may be extracted from a limited use payment credential (LUPC). The system may transmit a token, a token expiry, and a token data block for an assessment by a payment network, with the token data block including the token, the token expiry, the ATC, and/or the in-app cryptogram. The system may further receive a request from the payment network to update the LUPC on the user device, and attest that the user device is secure in response to the request from the payment network to refresh the LUPC on the user device.

Abstract: Disclosed are various embodiments for executing entity-specific cryptographic code in a cryptographic coprocessor. In one embodiment, encrypted code implementing a cryptographic algorithm is received from a service via a network. The cryptographic coprocessor decrypts the encrypted code. The cryptographic coprocessor executes the decrypted code to generate a cryptogram including information encrypted using the cryptographic algorithm. The cryptogram is sent to the service via the network.

Abstract: Disclosed are various embodiments for executing entity-specific cryptographic code in a trusted execution environment. In one embodiment, encrypted code implementing a cryptographic algorithm is received from a service via a network. The encrypted code is provided to an application executed in a trusted execution environment of the computing device. The encrypted code is decrypted in the trusted execution environment. The decrypted code is executed in the trusted execution environment to generate a cryptogram including information encrypted using the cryptographic algorithm.