Abstract: The disclosed embodiments include methods and systems for providing tokenized transaction accounts. In one embodiment, a computer-implemented method is provided that may include generating, by one or more processors, a first tokenized transaction account from a first transaction account associated with a first user. The method may also include providing the first tokenized transaction account to a client device associated with the first user for storage in the client device and use in transactions. The method may also include updating the first tokenized transaction account based on one or more conditions and providing the updated first tokenized transaction account to the client device for storage and use in a subsequent transaction.

Abstract: Methods and devices for provisioning a secure application on an electronic device with first issuer data for a first issuer are described. In an embodiment, the provisioning system receives and stores first issuer records. The example provisioning system receives a provisioning request to provision the secure application with the first issuer data. The provisioning request includes identifying information. The example provisioning system evaluates the provisioning request based on at least one of the first issuer evaluation criteria, the first issuer records and the identifying information in the provisioning request. When the provisioning request satisfies the first issuer evaluation criteria, the example provisioning system generates a signal using the communication module to provide the first issuer data to the electronic device to provision the secure application on the electronic device.

Abstract: The disclosed embodiments include computerized systems and methods for generating secured blockchain-based ledger data structures that track occurrences of events across fragmented and geographically dispersed lines-of-business of an enterprise. In one instance, an apparatus associated with a rules authority of the secured blockchain-based ledger may detect an occurrence of a triggering event, and may access and decrypt a set of rules hashed into the secured blockchain-based ledger using a confidentially-held master cryptographic key. The apparatus may identify a rule associated with the detected event, and perform one or more operations consistent with the rule, including a disbursement of various rewards to employees in response to customer-specific interactions with the enterprise. The disclosed embodiments provide a rules process for aggregating mutually incompatible enterprise data that specifies the events, and for tracking the events in uniform data structures accessible across the enterprise.

Abstract: The disclosed embodiments include computerized systems and methods for generating secured block-chain-based ledger data structures that track subdivide ownership and usage of one or more assets, such as Internet-connected devices. In one instance, an apparatus associated with a rules authority of the secured block-chain-based ledger may detect an occurrence of a triggering event related to at least one of partial ownership interests in the assets, and may access and decrypt a set of rules hashed into the secured block-chain-based ledger using a confidentially-held master cryptographic key. The apparatus may identify a rule associated with the detected event, and perform one or more operations consistent with the rule, including a generation of additional data blocks reflecting a change in at least one of the partial ownership interests, and additionally or alternatively, processes that adaptively monitor a compliance of one or more partial owners with an imposed usage restriction.

Abstract: A processor receives a signal representing data including event information detailing an event involving an entity having a registered ownership interest in a product and loads a portion of a distributed electronic ledger for tracking ownership information associated with the product. The distributed electronic ledger includes, within a block thereof and associated with the product, an event trigger list including entity data associated with each entity having a registered ownership interest in the product and a rules engine including rules associated with event triggers in the event trigger list. The processor determines whether a triggering event corresponding to the event is stored in the event trigger list and, when the event has a corresponding triggering event, determines the associated rule within the rules engine. The processor updates and saves the distributed electronic ledger by performing an action specified by the determined associated rule.

Abstract: A system has a storage medium encoded with program instructions, and a processor coupled to access the program instructions. The instructions configure the processor for: receiving a first request at a POS terminal to surrender a previously purchased first asset in exchange for at least a portion of a second asset that was used to purchase the first asset, receiving the private key from the first asset; accessing a set of rules stored in a distributed electronic ledger, the set of rules specifying conditions associated with the first request; transmitting an authorization to return the at least a portion of the second asset in exchange for surrender of the first asset, in the case where the conditions are satisfied; and invalidating the first request in the case where one or more of the conditions are not satisfied.

Abstract: Mobile communications devices, systems and methods are provided for identifying a risk of fraudulent activity associated with a merchant before a user executes a transaction with the merchant. In an embodiment, a mobile communications device obtains first information identifying prior instances of fraudulent activity associated with a merchant. The mobile communications device may determine a level of risk of fraudulent activity associated with the merchant based on the obtained first information, and may identify, based on the determined risk level, one or more payment instruments and associated incentives appropriate for financial services transactions involving the merchant. The mobile communications device may present, to a user, a notification including the identified payment instruments and associated incentives prior to execution of a transaction between the user and the merchant.

Abstract: A system has a storage medium encoded with program instructions, and a processor coupled to access the program instructions. The instructions configure the processor for: receiving a first request at a POS terminal to surrender a previously purchased first asset in exchange for at least a portion of a second asset that was used to purchase the first asset, receiving the private key from the first asset; accessing a set of rules stored in a distributed electronic ledger, the set of rules specifying conditions associated with the first request; transmitting an authorization to return the at least a portion of the second asset in exchange for surrender of the first asset, in the case where the conditions are satisfied; and invalidating the first request in the case where one or more of the conditions are not satisfied.

Abstract: Methods and devices for provisioning a secure application on an electronic device with first issuer data for a first issuer are described. In an embodiment, the provisioning system receives and stores first issuer records. The example provisioning system receives a provisioning request to provision the secure application with the first issuer data. The provisioning request includes identifying information. The example provisioning system evaluates the provisioning request based on at least one of the first issuer evaluation criteria, the first issuer records and the identifying information in the provisioning request. When the provisioning request satisfies the first issuer evaluation criteria, the example provisioning system generates a signal using the communication module to provide the first issuer data to the electronic device to provision the secure application on the electronic device.

Abstract: A payment processing server generates an asymmetric cryptographic key pair, over one secure communications channel providing a mobile device with one cryptographic key of the cryptographic key pair, and saves another cryptographic key of the cryptographic key pair in a pending transaction database in unique association with a single-use payment number and a financial account. The server encrypts the payment number, which does not identify the financial account, with the another cryptographic key and provides the mobile device with the encrypted payment number over another secure communications channel distinct from the one secure communications channel. The server receives from a payment terminal a payment completion request that includes the encrypted payment number decrypted with the one cryptographic key.

Abstract: Methods and devices for provisioning a secure application on an electronic device with first issuer data for a first issuer are described. In an embodiment, the provisioning system receives and stores first issuer records. The example provisioning system receives a provisioning request to provision the secure application with the first issuer data. The provisioning request includes identifying information. The example provisioning system evaluates the provisioning request based on at least one of the first issuer evaluation criteria, the first issuer records and the identifying information in the provisioning request. When the provisioning request satisfies the first issuer evaluation criteria, the example provisioning system generates a signal using the communication module to provide the first issuer data to the electronic device to provision the secure application on the electronic device.

Abstract: A message processing server includes a message processor and a database of multi-layer tokens. Each token in the database includes a plurality of encrypted data layers. The first layer includes the second layer and a first pointer. The second layer includes a second pointer. The message processor is configured to receive a first authorization message including a first cryptographic key and a second value; decrypt the first layer of one of the tokens with the first key; validate the first pointer by receiving confirmation of the first pointer pointing to a database entry comprising the second value; receive a second authorization message including a second cryptographic key and a third value; decrypt the second layer of the token with the second key; and validate the second pointer by receiving confirmation of the second pointer pointing to a database entry comprising a maximum data value not less than the third value.

Abstract: A message processing server includes a message processor and a database of multi-layer tokens. Each token in the database includes a plurality of encrypted data layers. The first layer includes a first data pointer. A primary layer includes the first layer and identifies a reference data value. The message processor receives from a communications device an authentication request identifying a first data value, validates the authentication request from the first data value and the reference data value configured in one of the multi-layer tokens, receives a first authorization message including a first cryptographic key, derives a first decrypted data layer from the first cryptographic key and the first encrypted data layer of the one multi-layer token, and validates the first data pointer by receiving confirmation of the first data pointer pointing to a database entry comprising a second data value less than the reference data value.

Abstract: An apparatus for use in a digital messaging system includes a storage device and a processor coupled to the storage device. The storage device storing software instructions for controlling the processor that when executed by the processor configured the processor to: generate a first message comprising a payload portion; encrypt the payload portion of the message; derive a first session key from a domain-specific key; and sign the message using the first session key.

Abstract: The disclosed embodiments include methods and point-of-sale terminals for authenticating a user. The disclosed embodiments include, for example, a method for receiving, by one or more processors, authentication data from an authentication network, the authentication data including an authentication code identifying an authentication transaction associated with an authenticating partner system. The method may also include validating, by the one or more processors, the authentication data, the validating comprising comparing the authentication data with validation data corresponding to a prior authentication event associated with the user. The method may also include generating, by the one or more processors, validation information based on the validating, the validation information comprising a determination whether to validate the user for the authentication transaction. The method may also include providing, by the one or more processors, the validation information to the authentication network.

Abstract: The disclosed embodiments include methods and systems for providing account and event status notifications. The disclosed embodiments include, for example, a communications device including a memory storing software instructions and one or more processors configured to execute the software instructions to perform operations. In one aspect, the operations may include receive a notification of a status of an account parameter. The operations may also include identifying a device eligible to access the notification in accordance with a user-specified data restriction, and identifying at least a portion of the notification that is consistent with the data restriction. The communications device provide the identified portion of the notification to the eligible device without receiving input from the user, and the eligible device may present at least one of a visual, audible, or tactile indicator of the status of the account parameter.

Abstract: The disclosed embodiments include computer-implemented devices and processes that generate, present, and manipulate data-aggregating graphical user interfaces. For example, a network-connected device may generate a first interface element representative of an obligation and may display, through a display unit, an graphical user interface that includes the first interface element and a plurality of second interface elements representative of time periods available for resolving the obligation. The network-connected device may receive, from an input unit, first input data indicative of a selection of the first interface element and second input data indicative of a movement of the selected first interface element from the first position to a second position within the interface.

Abstract: The disclosed embodiments include computerized systems and methods that generate secured blockchain-based ledger structures that facilitate event-based control of tracked assets. In one embodiment, an apparatus associated with a centralized authority of the secured blockchain-based ledger may detect an occurrence of an event, and may access and decrypt a set of rules hashed into the secured blockchain-based ledger using a confidentially-held master cryptographic key. The apparatus may identify a rule associated with the detected event, and perform one or more operations consistent with the rule and involving at least one of assets tracked within the secured blockchain-based ledger or an owner of a portion of the tracked assets. By way of example, the detected event may triggering a sale, transfer, and/or re-allocation of an ownership interest in a tracked asset, and the identified rule may specify a distribution of proceeds derived from the sale, transfer, and/or re-allocation.

Abstract: A device has a secure element including a memory that stores at least one address, a set of rules, and a state of an asset. A processor is configured for receiving a request to change the state of the asset associated with the address, validating the request in the case where changing the state of the asset according to the request complies with the set of rules, and invalidating the request in the case where changing the state of the asset according to the request violates the set of rules. A communications module is coupled to the secure element for transmitting information responsive to the request to a distributed network of peer processors for recording a change in the state of the asset in a distributed electronic ledger in the case where the secure element validates the request.

Abstract: The disclosed embodiments include computerized methods and systems that enable users to delegate a functionality of a mobile application through pre-loaded tokens. In one aspect, the disclosed embodiments may temporarily delegate or “loan” financial products loaded into a mobile wallet of a user to other eligible users. For example, the disclosed embodiments may receive, from a first user, a request to delegate a financial product to a second user to complete purchase transactions. In response to the received request, the disclosed embodiments may identify one or more temporal or financial conditions on the delegation, and may generate a corresponding mobile wallet token for transmission to a second user device. The second user device may, for example, process the mobile wallet token and establish the delegated financial provide in the second user's mobile wallet in accordance with the at least one of the temporal or financial conditions.