Abstract: Techniques are described for managing master keys for token requestors to use in generating cryptograms such as TAVVs. A processor computer generates a first master key for a token requestor, the first master key being generated based on (a) a second master key managed by the processor computer and (b) an identifier of the token requestor. The processor computer transmits, to a token requestor computer corresponding to the token requestor, the first master key. The processor computer receives, from the token requestor computer, a request for a token. Responsive to receiving the request for the token, the processor computer transmits the token to the token requestor computer; and receives, from the token requestor computer, an authorization request message comprising the token and a cryptogram generated by the token requestor computer using the first master key and the token.

Abstract: An authentication request message from a user conducting an interaction at a resource provider computer is received. It is determined that data representing an indication that the resource provider is trusted by the user and including a trusted marker is present in a database. Authentication to the user is provided, and information indicating that the user has been authenticated and the trusted marker are sent so that authorization request message for the interaction that includes the trusted marker is generated. The trusted marker is validated, and the authorization request message including information related to the interaction and the validated trusted marker is sent to an authorizing entity computer.

Abstract: A method includes a network processing computer receiving an authorization request message comprising a token and a cryptogram during an interaction between a resource provider and a user. The network processing computer determines user credentials associated with the token. The network processing computer then determines a plan identifier based on the authorization request message. The network processing computer provides the plan identified to an authorizing entity computer.

Abstract: A system and method of establishing a resource provider as a trusted listing are disclosed. The method includes receiving, by a directory server computer, an indication from a user that a resource provider is trusted. The directory server computer is programmed to provide a first level of authentication. The method then includes storing, in a database, data representing the indication from the user that the resource provider is trusted. The method then includes receiving an authentication request message from the user conducting an interaction at the resource provider computer and determining that the data representing the indication from the user that the resource provider is trusted is present. In response to determining, the method includes providing a second level of authentication to the user before the user is allowed to complete the interaction. The second level of authentication is lower than the first level.

Abstract: A method and system for authorizing a secure transaction using a portable device is disclosed. The method includes an authorization process performed in real-time that includes two phases: an authentication phase and a transaction processing phase. In the authentication phase, a resource provider system may receive a cryptogram from a portable device and verify the cryptogram. Upon the resource provider system obtaining an authentication response indicator, the transaction processing phase may include the resource provider system generating and transmitting an authorization request message to a processing computer. The resource provider system may then receive an authorization response message from the processing computer including an authorization response indicator, which completes the authorization process.

Abstract: Systems and methods are provided to enable a user to conduct a transaction using their credentials stored on a secure server computer (e.g., a computer associated with a partner such as another merchant) by merely presenting their authentication data at a physical location via an auxiliary device. An auxiliary device may be provided for interfacing with a partners backend server (e.g., the secure server computer). In some embodiments, biometric authentication may provide a mechanism for a true seamless and potentially frictionless (in the case of modalities that do not require physical contact) interaction. Payment can occur without any need for a card, phone, wearable, or any other user device as long as the auxiliary device is able to recognize the user and retrieve a credential that can be linked to that user.

Abstract: A system and method of establishing a resource provider as a trusted listing are disclosed. The method includes receiving, by a directory server computer, an indication from a user that a resource provider is trusted. The directory server computer is programmed to provide a first level of authentication. The method then includes storing, in a database, data representing the indication from the user that the resource provider is trusted. The method then includes receiving an authentication request message from the user conducting an interaction at the resource provider computer and determining that the data representing the indication from the user that the resource provider is trusted is present. In response to determining, the method includes providing a second level of authentication to the user before the user is allowed to complete the interaction. The second level of authentication is lower than the first level.

Abstract: Techniques are described for managing master keys for token requestors to use in generating cryptograms such as TAVVs. A processor computer generates a first master key for a token requestor, the first master key being generated based on (a) a second master key managed by the processor computer and (b) an identifier of the token requestor. The processor computer transmits, to a token requestor computer corresponding to the token requestor, the first master key. The processor computer receives, from the token requestor computer, a request for a token. Responsive to receiving the request for the token, the processor computer transmits the token to the token requestor computer; and receives, from the token requestor computer, an authorization request message comprising the token and a cryptogram generated by the token requestor computer using the first master key and the token.

Abstract: A method for validating an interaction is disclosed. A first interaction cryptogram can be generated by a first device using information about a first party to the interaction and a second party to the interaction. A second interaction cryptogram can be generated by a second device also using information about the first party to the interaction and the second party to the interaction. Verifying each cryptogram can validate that the interaction details have not been changed, and that both the first party and second party legitimately authorized the interaction.

Abstract: A method for validating an interaction is disclosed. A first interaction cryptogram can be generated by a first device using information about a first party to the interaction and a second party to the interaction. A second interaction cryptogram can be generated by a second device also using information about the first party to the interaction and the second party to the interaction. Verifying each cryptogram can validate that the interaction details have not been changed, and that both the first party and second party legitimately authorized the interaction.

Abstract: A method for validating an interaction is disclosed. A first interaction cryptogram can be generated by a first device using information about a first party to the interaction and a second party to the interaction. A second interaction cryptogram can be generated by a second device also using information about the first party to the interaction and the second party to the interaction. Verifying each cryptogram can validate that the interaction details have not been changed, and that both the first party and second party legitimately authorized the interaction.