Abstract: Systems and methods for securing data transmissions using distance measurements are disclosed. A mobile device (such as a smart phone) and a base station can use ultra-wideband technology to determine the distance between the two devices. The distance measurements produced by the mobile device and the base station can be compared, directly or indirectly by the mobile device, the base station, and/or an access device to determine whether the mobile device is present at an access device or if the mobile device is not present at the access device (as expected during a relay attack). If the mobile device is not present at the access device, the access device can prevent or cancel an interaction based on the data transfer (e.g., opening a locked door of a secure building in response to receiving an access credential from the mobile device).

Abstract: Methods and systems for performing efficient integration tests on mobile device for contactless data transfers are described. Rather than performing contactless communications with a variety of test user devices (e.g., test smart cards), which may be time consuming and may present physical difficulty, a mobile device can simulate the result of these communications using a simulator application operating on the mobile device. A contactless communication application, also operating on the mobile device, can communicate with the simulator application in order to generate interaction payloads based on stored data records corresponding to the test user devices. These interaction payloads can then be transmitted by the mobile device to a processing computer. Later, the mobile device may receive a response from the processing computer or another computer system, indicating if the interaction payloads were successfully received and interpreted. This in turn may indicate if the integration test was successful.

Abstract: Embodiments of the invention are directed to systems, methods, and devices for providing dynamic applicability management with respect to a testing framework. Executable code segments can be provided in/with various test procedures that include instructions for testing hardware, software, capabilities, features, functionalities, or protocols of a computing device. Each code segment can encapsulate logic that, when executed, identifies whether a corresponding test procedure is applicable to a device given that device's configuration. By executing each code segment, a set of applicable test procedures can be identified. Identifiers or the test procedures may be provided to the device to be tested or a testing platform configured to conduct the test of that device. Transmitting the identifiers and/or procedures configures those devices to perform the test through simulating a legitimate data exchange.

Abstract: Systems and methods for securing data transmissions using distance measurements are disclosed. A mobile device (such as a smart phone) and a base station can use ultra-wideband technology to determine the distance between the two devices. The distance measurements produced by the mobile device and the base station can be compared, directly or indirectly by the mobile device, the base station, and/or an access device to determine whether the mobile device is present at an access device or if the mobile device is not present at the access device (as expected during a relay attack). If the mobile device is not present at the access device, the access device can prevent or cancel an interaction based on the data transfer (e.g., opening a locked door of a secure building in response to receiving an access credential from the mobile device).

Abstract: A thin client may be utilized to facilitate data exchanges between two devices (e.g., a remote computer and a portable device). In some embodiments, the two devices may utilize differing communications protocols. The thin client may further be configured with a rules engine that determines one or more actions to be performed in response to one or more stimuli. The thin client may manage the processing flow between the two devices according to one or more predefined rules that are interpretable by the rules engine. The rules may be pushed to the thin client via any suitable device enabling the functionality of the thin client to be configured and/or modified without having to update the hardware and/or software of the thin client.

Abstract: Systems and methods for securing data transmissions using distance measurements are disclosed. A mobile device (such as a smart phone) and a base station can use ultra-wideband technology to determine the distance between the two devices. The distance measurements produced by the mobile device and the base station can be compared, directly or indirectly by the mobile device, the base station, and/or an access device to determine whether the mobile device is present at an access device or if the mobile device is not present at the access device (as expected during a relay attack). If the mobile device is not present at the access device, the access device can prevent or cancel an interaction based on the data transfer (e.g., opening a locked door of a secure building in response to receiving an access credential from the mobile device).

Abstract: A method for conducting a transaction is disclosed. A processor in a thin client may receive transaction data from a portable device of a first portable device type. The processor may determine that the portable device is the first portable device type. The processor may apply an encryption protocol associated with a second portable device type to the transaction data to create encrypted data. The processor may transmit the encrypted data to a remote computer, wherein the remote computer utilizes the encryption protocol to decrypt the transaction data, and thereafter process the transaction data to conduct the transaction.

Abstract: A method includes an access device determining an interaction value associated with an interaction. The access device prompts a user operating a user device for a secret. The access device receives the secret. The access device receives an initial communication then a user device certificate comprising a public key from the user device. The access device then verifies the certificate. The access device concatenates at least the secret and an unpredictable number to form a concatenated value. The access device encrypts the concatenated value with the public key, then transmits the encrypted concatenated value. The user device decrypts the encrypted concatenated value with a private key, verifies the unpredictable number, verifies the secret, determines whether or not the interaction is approved, produces an interaction authorization result, and then provides the interaction authorization result to the contactless access device. The access device receives the interaction authorization result.

Abstract: A method includes receiving, by a network processing computer, software information from a development computer. The network processing computer can determine one or more logical modules of a plurality of logical modules based on the software information. The network processing computer can provide the one or more logical modules to a testing computer. The testing computer evaluates one or more software modules corresponding to the software information using the one or more logical modules. The network processing computer receives a security evaluation report from the testing computer based on the evaluation of the one or more software modules using the one or more logical modules. The network processing computer creates a security evaluation summary based on the security evaluation report.

Abstract: A method is disclosed. The method includes transmitting, by a user device to an access device, a digital certificate and a seed. The access device encrypts the seed and a first access device key with a public key from the digital certificate to form encrypted data. The method also includes receiving from the access device, the encrypted data, decrypting the encrypted data using a private key corresponding to the public key to obtain the seed and the first access device key, verifying that the seed received from the access device matches the seed sent to the access device, encrypting a secret or derivative thereof with the first access device key to form an encrypted secret or derivative thereof, and transmitting to the access device, the encrypted secret or derivative thereof.

Abstract: A method is disclosed. The method includes transmitting, by a user device to an access device, a digital certificate and a seed. The access device encrypts the seed and a first access device key with a public key from the digital certificate to form encrypted data. The method also includes receiving from the access device, the encrypted data, decrypting the encrypted data using a private key corresponding to the public key to obtain the seed and the first access device key, verifying that the seed received from the access device matches the seed sent to the access device, encrypting a secret or derivative thereof with the first access device key to form an encrypted secret or derivative thereof, and transmitting to the access device, the encrypted secret or derivative thereof.

Abstract: Systems and methods are disclosed for preventing relay or replay attacks using time-stamped, localized footprint data. An access device may receive, from one or more beacon transmitters, a plurality of broadcast messages, each broadcast message, of the plurality of broadcast messages, comprising a timestamp and a unique identifier for a beacon transmitter, of the one or more beacon transmitters. The access device may store the timestamps and the unique identifiers. The access device may receive, from a user device, an access request comprising timestamps and unique identifiers corresponding to a subset of the broadcast messages received by the access device. The access device may verify that the stored timestamps and unique identifiers match the timestamps and unique identifiers received from the user device. Based on the verifying, the access device may authenticate the access request.

Abstract: Embodiments of the invention are directed to enabling access transaction systems to accept different communication protocols. In some embodiment, an access device receives, from a portable device, an indication that a transaction is to be performed by exchanging transaction information between the portable device and a remote computer, wherein the remote computer is configured to communicate using a first communication protocol. Next, the access device determines that the portable device is configured to communicate using a second communication protocol. The access device then converts communications between the portable device and the remote computer from the second communication protocol to the first communication protocol to assist the portable device and the remote computer in exchanging the transaction information.

Abstract: A thin client may be utilized to facilitate data exchanges between two devices (e.g., a remote computer and a portable device). In some embodiments, the two devices may utilize differing communications protocols. The thin client may further be configured with a rules engine that determines one or more actions to be performed in response to one or more stimuli. The thin client may manage the processing flow between the two devices according to one or more predefined rules that are interpretable by the rules engine. The rules may be pushed to the thin client via any suitable device enabling the functionality of the thin client to be configured and/or modified without having to update the hardware and/or software of the thin client.

Abstract: A thin client may be utilized to facilitate data exchanges between two devices (e.g., a remote computer and a portable device). In some embodiments, the two devices may utilize differing communications protocols. The thin client may further be configured with a rules engine that determines one or more actions to be performed in response to one or more stimuli. The thin client may manage the processing flow between the two devices according to one or more predefined rules that are interpretable by the rules engine. The rules may be pushed to the thin client via any suitable device enabling the functionality of the thin client to be configured and/or modified without having to update the hardware and/or software of the thin client.

Abstract: A method includes receiving, by a server computer, a thin client identifier from a thin client on a communication device. The server computer can then retrieve an encrypted first cryptographic key based on the thin client identifier. The encrypted first cryptographic key is a first cryptographic key that is encrypted with a second cryptographic key. The server computer can initiate the sending of the encrypted first cryptographic key to the thin client. The server computer then receives an encrypted secret from the thin client, the encrypted secret being a secret encrypted with the first cryptographic key.

Abstract: Embodiments of the invention are directed to enabling access transaction systems to accept different communication protocols. In some embodiment, an access device receives, from a portable device, an indication that a transaction is to be performed by exchanging transaction information between the portable device and a remote computer, wherein the remote computer is configured to communicate using a first communication protocol. Next, the access device determines that the portable device is configured to communicate using a second communication protocol. The access device then converts communications between the portable device and the remote computer from the second communication protocol to the first communication protocol to assist the portable device and the remote computer in exchanging the transaction information.

Abstract: Embodiments of the invention are directed to enabling access transaction systems to accept different communication protocols. In some embodiment, an access device receives, from a portable device, an indication that a transaction is to be performed by exchanging transaction information between the portable device and a remote computer, wherein the remote computer is configured to communicate using a first communication protocol. Next, the access device determines that the portable device is configured to communicate using a second communication protocol. The access device then converts communications between the portable device and the remote computer from the second communication protocol to the first communication protocol to assist the portable device and the remote computer in exchanging the transaction information.

Abstract: Systems and methods are disclosed for performing a secure exchange of encryption keys (e.g., public keys) between two devices. One or more initialization keys are stored at both devices. In some embodiments, at least one device (e.g., a reader device) stores the initialization key(s) (e.g., a symmetric key, an asymmetric key pair) in local memory as part of performance of a manufacturing process for the device. The second device (e.g., a thin client device) may receive the initialization key(s) from an acceptance cloud (e.g., a server computer configured to perform terminal processing). The initialization key(s) are utilized to perform a secure exchange of the devices' respective public keys. Once these public keys are exchanged, the devices may proceed to establishing a secure connection with which subsequent operations may be performed.

Abstract: A method is disclosed. The method includes generating, by a communication device during an interaction with an access device, a cryptogram using transaction level data and interoperability level data; transmitting the transaction level data and interoperability level data to the access device; and transmitting the cryptogram the access device, wherein the access device or a remote server computer in communication with the access device validates the received cryptogram before allowing the transaction to proceed.