Abstract: A method for pre-authorization of a payment transaction with tokenized credentials includes: receiving a first data set signed with a first digital signature and including an acquirer identification value and a second data set; verifying the first digital signature using a first public key of a first cryptographic key pair associated with the acquirer identification value; extracting, from the first data set in response to verification of the first digital signature, the second data set including a merchant identification value and a third data set; extracting, from the second data set, the third data set including an issuer identification value and transaction data; identifying an issuing computing system based on the issuer identification value; and transmitting a fourth data set to the issuing computing system, the fourth data set including the first data set and a steward identification value.

Abstract: The invention provides methods, systems and computer programs for dual layer identity based access control implemented within systems that implement a micro-service architecture. The invention involves (i) receiving at a first resource server (a) a request for a first processor implemented service, (b) a primary access token generated by the primary identity authentication server, and (c) validation information corresponding to the primary access token that is transmitted by the primary identity authentication server, (iv) responsive confirming validity of the primary access token, transmitting to a secondary identity authentication server, a request for generation of a secondary access token, (v) receiving the secondary access token at the first resource server, and (vi) transmitting to a second resource server within the server system, a request for a second processor implemented service implemented by said second resource server.

Abstract: According to an embodiment, there is provided a method for authorizing use of an application on a device. The method includes: identifying a plurality of device identifiers of the device; determining authorization information based on predetermined one or more of the plurality of device identifiers; and determining authorization for use of the application on the device in response to the authorization information.

Abstract: Systems and methods provide multi-function authentication. One exemplary method includes receiving a request to opt into multi-function authentication. A primary operation-based key is generated by the communication device, the operation-based key accessible based on authentication of the user and available for use after the authentication. The primary key is imported, by an application, into a secure key data structure, such that it is only accessible by the application. When the biometric authentication of the user is successful, the communication device transmits to an account server an indication that the user is eligible for multi-function authentication. The communication device receives a time-based secondary key from the account server, wherein the time-based key is useable only during a defined interval. The application links the secondary key to the primary key and imports the secondary key into the data structure such that it is only accessible via the primary key.

Abstract: The invention provides methods, systems and computer programs for dual layer identity based access control implemented within systems that implement a micro-service architecture. The invention involves (i) receiving at a first resource server (a) a request for a first processor implemented service, (b) a primary access token generated by the primary identity authentication server, and (c) validation information corresponding to the primary access token that is transmitted by the primary identity authentication server, (iv) responsive confirming validity of the primary access token, transmitting to a secondary identity authentication server, a request for generation of a secondary access token, (v) receiving the secondary access token at the first resource server, and (vi) transmitting to a second resource server within the server system, a request for a second processor implemented service implemented by said second resource server.

Abstract: Systems and methods provide multi-function authentication. One exemplary method includes receiving a request to opt into multi-function authentication. A primary operation-based key is generated by the communication device, the operation-based key accessible based on authentication of the user and available for use after the authentication. The primary key is imported, by an application, into a secure key data structure, such that it is only accessible by the application. When the biometric authentication of the user is successful, the communication device transmits to an account server an indication that the user is eligible for multi-function authentication. The communication device receives a time-based secondary key from the account server, wherein the time-based key is useable only during a defined interval. The application links the secondary key to the primary key and imports the secondary key into the data structure such that it is only accessible via the primary key.

Abstract: According to an embodiment, there is provided a method for authorizing use of an application on a device. The method includes: identifying a plurality of device identifiers of the device; determining authorization information based on predetermined one or more of the plurality of device identifiers; and determining authorization for use of the application on the device in response to the authorization information.