Abstract: A method includes receiving, by a network processing computer, software information from a development computer. The network processing computer can determine one or more logical modules of a plurality of logical modules based on the software information. The network processing computer can provide the one or more logical modules to a testing computer. The testing computer evaluates one or more software modules corresponding to the software information using the one or more logical modules. The network processing computer receives a security evaluation report from the testing computer based on the evaluation of the one or more software modules using the one or more logical modules. The network processing computer creates a security evaluation summary based on the security evaluation report.

Abstract: A method is disclosed. The method includes transmitting, by a user device to an access device, a digital certificate and a seed. The access device encrypts the seed and a first access device key with a public key from the digital certificate to form encrypted data. The method also includes receiving from the access device, the encrypted data, decrypting the encrypted data using a private key corresponding to the public key to obtain the seed and the first access device key, verifying that the seed received from the access device matches the seed sent to the access device, encrypting a secret or derivative thereof with the first access device key to form an encrypted secret or derivative thereof, and transmitting to the access device, the encrypted secret or derivative thereof.

Abstract: A method is disclosed. The method includes transmitting, by a user device to an access device, a digital certificate and a seed. The access device encrypts the seed and a first access device key with a public key from the digital certificate to form encrypted data. The method also includes receiving from the access device, the encrypted data, decrypting the encrypted data using a private key corresponding to the public key to obtain the seed and the first access device key, verifying that the seed received from the access device matches the seed sent to the access device, encrypting a secret or derivative thereof with the first access device key to form an encrypted secret or derivative thereof, and transmitting to the access device, the encrypted secret or derivative thereof.

Abstract: Systems and methods are disclosed for preventing relay or replay attacks using time-stamped, localized footprint data. An access device may receive, from one or more beacon transmitters, a plurality of broadcast messages, each broadcast message, of the plurality of broadcast messages, comprising a timestamp and a unique identifier for a beacon transmitter, of the one or more beacon transmitters. The access device may store the timestamps and the unique identifiers. The access device may receive, from a user device, an access request comprising timestamps and unique identifiers corresponding to a subset of the broadcast messages received by the access device. The access device may verify that the stored timestamps and unique identifiers match the timestamps and unique identifiers received from the user device. Based on the verifying, the access device may authenticate the access request.

Abstract: Embodiments of the invention are directed to enabling access transaction systems to accept different communication protocols. In some embodiment, an access device receives, from a portable device, an indication that a transaction is to be performed by exchanging transaction information between the portable device and a remote computer, wherein the remote computer is configured to communicate using a first communication protocol. Next, the access device determines that the portable device is configured to communicate using a second communication protocol. The access device then converts communications between the portable device and the remote computer from the second communication protocol to the first communication protocol to assist the portable device and the remote computer in exchanging the transaction information.

Abstract: A thin client may be utilized to facilitate data exchanges between two devices (e.g., a remote computer and a portable device). In some embodiments, the two devices may utilize differing communications protocols. The thin client may further be configured with a rules engine that determines one or more actions to be performed in response to one or more stimuli. The thin client may manage the processing flow between the two devices according to one or more predefined rules that are interpretable by the rules engine. The rules may be pushed to the thin client via any suitable device enabling the functionality of the thin client to be configured and/or modified without having to update the hardware and/or software of the thin client.

Abstract: A thin client may be utilized to facilitate data exchanges between two devices (e.g., a remote computer and a portable device). In some embodiments, the two devices may utilize differing communications protocols. The thin client may further be configured with a rules engine that determines one or more actions to be performed in response to one or more stimuli. The thin client may manage the processing flow between the two devices according to one or more predefined rules that are interpretable by the rules engine. The rules may be pushed to the thin client via any suitable device enabling the functionality of the thin client to be configured and/or modified without having to update the hardware and/or software of the thin client.

Abstract: A method includes receiving, by a server computer, a thin client identifier from a thin client on a communication device. The server computer can then retrieve an encrypted first cryptographic key based on the thin client identifier. The encrypted first cryptographic key is a first cryptographic key that is encrypted with a second cryptographic key. The server computer can initiate the sending of the encrypted first cryptographic key to the thin client. The server computer then receives an encrypted secret from the thin client, the encrypted secret being a secret encrypted with the first cryptographic key.

Abstract: Embodiments of the invention are directed to enabling access transaction systems to accept different communication protocols. In some embodiment, an access device receives, from a portable device, an indication that a transaction is to be performed by exchanging transaction information between the portable device and a remote computer, wherein the remote computer is configured to communicate using a first communication protocol. Next, the access device determines that the portable device is configured to communicate using a second communication protocol. The access device then converts communications between the portable device and the remote computer from the second communication protocol to the first communication protocol to assist the portable device and the remote computer in exchanging the transaction information.

Abstract: Embodiments of the invention are directed to enabling access transaction systems to accept different communication protocols. In some embodiment, an access device receives, from a portable device, an indication that a transaction is to be performed by exchanging transaction information between the portable device and a remote computer, wherein the remote computer is configured to communicate using a first communication protocol. Next, the access device determines that the portable device is configured to communicate using a second communication protocol. The access device then converts communications between the portable device and the remote computer from the second communication protocol to the first communication protocol to assist the portable device and the remote computer in exchanging the transaction information.

Abstract: Systems and methods are disclosed for performing a secure exchange of encryption keys (e.g., public keys) between two devices. One or more initialization keys are stored at both devices. In some embodiments, at least one device (e.g., a reader device) stores the initialization key(s) (e.g., a symmetric key, an asymmetric key pair) in local memory as part of performance of a manufacturing process for the device. The second device (e.g., a thin client device) may receive the initialization key(s) from an acceptance cloud (e.g., a server computer configured to perform terminal processing). The initialization key(s) are utilized to perform a secure exchange of the devices' respective public keys. Once these public keys are exchanged, the devices may proceed to establishing a secure connection with which subsequent operations may be performed.

Abstract: A method is disclosed. The method includes generating, by a communication device during an interaction with an access device, a cryptogram using transaction level data and interoperability level data; transmitting the transaction level data and interoperability level data to the access device; and transmitting the cryptogram the access device, wherein the access device or a remote server computer in communication with the access device validates the received cryptogram before allowing the transaction to proceed.

Abstract: Methods and systems are disclosed for enabling transaction processing utilizing a single device. A mobile device can store an application comprising first and second software modules. One module may execute acceptance processing while another software module may emulate a transaction device associated with a user. One or more identifiers (e.g., QR codes, bar codes) may be obtained corresponding to one or more physical items. Authorization may be requested via the mobile device. In response, data may be exchanged between the software modules and this data (e.g., transaction data, a payment token, a cryptogram, etc.) may be provided to a remote computer (e.g., a cloud based acceptance service) that can generate an authorization request message for the transaction.

Abstract: A method is disclosed. The method includes generating, by a communication device during an interaction with an access device, a cryptogram using transaction level data and interoperability level data; transmitting the transaction level data and interoperability level data to the access device; and transmitting the cryptogram the access device, wherein the access device or a remote server computer in communication with the access device validates the received cryptogram before allowing the transaction to proceed.

Abstract: A method for conducting a transaction is disclosed. A processor in a thin client may receive transaction data from a portable device of a first portable device type. The processor may determine that the portable device is the first portable device type. The processor may apply an encryption protocol associated with a second portable device type to the transaction data to create encrypted data. The processor may transmit the encrypted data to a remote computer, wherein the remote computer utilizes the encryption protocol to decrypt the transaction data, and thereafter process the transaction data to conduct the transaction.

Abstract: A method for conducting a transaction is disclosed. A processor in a thin client may receive transaction data from a portable device of a first portable device type. The processor may determine that the portable device is the first portable device type. The processor may apply an encryption protocol associated with a second portable device type to the transaction data to create encrypted data. The processor may transmit the encrypted data to a remote computer, wherein the remote computer utilizes the encryption protocol to decrypt the transaction data, and thereafter process the transaction data to conduct the transaction.

Abstract: Systems and methods are disclosed for preventing relay or replay attacks using time-stamped, localized footprint data. An access device may receive, from one or more beacon transmitters, a plurality of broadcast messages, each broadcast message, of the plurality of broadcast messages, comprising a timestamp and a unique identifier for a beacon transmitter, of the one or more beacon transmitters. The access device may store the timestamps and the unique identifiers. The access device may receive, from a user device, an access request comprising timestamps and unique identifiers corresponding to a subset of the broadcast messages received by the access device. The access device may verify that the stored timestamps and unique identifiers match the timestamps and unique identifiers received from the user device. Based on the verifying, the access device may authenticate the access request.

Abstract: Systems and methods are disclosed for preventing relay or replay attacks using time-stamped, localized footprint data. An access device may receive, from one or more beacon transmitters, a plurality of broadcast messages, each broadcast message, of the plurality of broadcast messages, comprising a timestamp and a unique identifier for a beacon transmitter, of the one or more beacon transmitters. The access device may store the timestamps and the unique identifiers. The access device may receive, from a user device, an access request comprising timestamps and unique identifiers corresponding to a subset of the broadcast messages received by the access device. The access device may verify that the stored timestamps and unique identifiers match the timestamps and unique identifiers received from the user device. Based on the verifying, the access device may authenticate the access request.

Abstract: A method of binding a device to an authority comprising reading pre-determined data corresponding to characteristics of the device. The method includes obtaining a pseudo-random number and combining it with the pre-determined data to generate a base number. The method includes downloading an application that performs a cryptographic function on the base number to generates a secure identifier of the device, and storing the secure identifier in a memory of the device. The method includes providing the secure identifier of the device to the authority to bind the device to the authority.

Abstract: A method includes generating, by a portable communication device, a first random code and transmitting the first random code to an access device. The access device receives the first random code, generates a second random code, receives a personal token from a user of the portable communication device, and hashes the first random code, the second random code, and the personal token to form a first hash output. The first hash output and the second random code are received from the access device. The first random code, a stored personal token, and the second random code are hashed to form a second hash output. A determination is made if the first hash output and the second hash output are equal. A secure communication channel is formed between the portable communication device and the access device when the first hash output and the second hash output are equal.