Abstract: Techniques for identifying a fraudulent interaction of a user device using time based risk features are described herein. In embodiments, time stamp information provided by an external clock and time units may be maintained by a user device. The user device may include an authentication component that is communicatively coupled to a clock component that generates the time units. In response to conducting an interaction with an access device and user device first time information may be received from the access device. Second time information may be determined based at least in part on the time units from the clock component and the time stamp information. The second time information may be compared to the first time information. An authentication plan for the interaction may be determined based at least in part on the comparison of the second time information to the first time information.

Abstract: A method is disclosed. The method includes receiving, by a user device from the access device, a routing path list comprising a first set of network nodes. After receiving the routing path list, the user device determines a routing options list comprising a second set of network nodes based on the first set of network nodes in the routing path list. The method also includes obtaining an encrypted credential or token, and transmitting, by the user device to the access device, the routing options list, and the encrypted credential or token to the access device. The access device transmits an authorization request message comprising the encrypted credential or token, and the routing options list to a server computer via at least some of the network nodes in the second set of network nodes. The server computer may be an authorizing entity computer.

Abstract: A method includes an access device determining an interaction value associated with an interaction. The access device prompts a user operating a user device for a secret. The access device receives the secret. The access device receives an initial communication then a user device certificate comprising a public key from the user device. The access device then verifies the certificate. The access device concatenates at least the secret and an unpredictable number to form a concatenated value. The access device encrypts the concatenated value with the public key, then transmits the encrypted concatenated value. The user device decrypts the encrypted concatenated value with a private key, verifies the unpredictable number, verifies the secret, determines whether or not the interaction is approved, produces an interaction authorization result, and then provides the interaction authorization result to the contactless access device. The access device receives the interaction authorization result.

Abstract: Provided are methods, systems, and computer program products for verifying a card image file. A system may include at least one processor programmed or configured to parse a card image file to determine card data represented by the card image file, generate a plurality of simulated payment transactions based on the card data, each simulated payment transaction including simulated transaction data, issue a plurality of commands to the payment device emulator, the plurality of commands based on the simulated transaction data for the plurality of simulated payment transactions, receive a plurality of command responses generated by the payment device emulator based on the plurality of commands, and verify the card image file based on the plurality of command responses and the card data.

Abstract: Methods and systems for performing efficient integration tests on mobile device for contactless data transfers are described. Rather than performing contactless communications with a variety of test user devices (e.g., test smart cards), which may be time consuming and may present physical difficulty, a mobile device can simulate the result of these communications using a simulator application operating on the mobile device. A contactless communication application, also operating on the mobile device, can communicate with the simulator application in order to generate interaction payloads based on stored data records corresponding to the test user devices. These interaction payloads can then be transmitted by the mobile device to a processing computer. Later, the mobile device may receive a response from the processing computer or another computer system, indicating if the interaction payloads were successfully received and interpreted. This in turn may indicate if the integration test was successful.

Abstract: An access device is disclosed. The access device includes a non-transitory computer readable medium that includes code for performing a method that includes receiving, from a user device, a digital certificate and a seed, and then encrypting the seed, and a first access device key with a public key from the digital certificate to form encrypted data. The method also includes transmitting, to the user device, the encrypted data. The user device decrypts the encrypted data using a private key corresponding to the public key to obtain the seed, and the first access device key, verifies that the seed received from the access device matches the seed sent to the access device, and encrypts a secret or derivative thereof with the first access device key to form an encrypted secret or derivative thereof. The method also includes receiving the encrypted secret or derivative thereof.

Abstract: Systems and methods are disclosed for securely communicating sensitive data (e.g., interaction data) during a process for offline authentication. A data packet may be received by an access device from a user device in a one-way communication. The data packet may be converted to obtain interaction data comprising a digital certificate certified by the certificate authority and a digital signature value generated by the user device. A second public key associated with the user device may be obtained utilizing the digital certificate and the first public key associated with the certificate authority. The validity of the interaction data may be determined based at least in part on the digital signature value and the second public key associated with the user device. When the interaction data is determined to be valid, an identifier of the interaction data may be authorized and access may be provided based on this authorization.

Abstract: Techniques for identifying a fraudulent interaction of a user device using time based risk features are described herein. In embodiments, time stamp information provided by an external clock and time units may be maintained by a user device. The user device may include an authentication component that is communicatively coupled to a clock component that generates the time units. In response to conducting an interaction with an access device and user device first time information may be received from the access device. Second time information may be determined based at least in part on the time units from the clock component and the time stamp information. The second time information may be compared to the first time information. An authentication plan for the interaction may be determined based at least in part on the comparison of the second time information to the first time information.

Abstract: A method includes forming a communication channel between a user device and an access device. The communication channel is then secured using a user device key pair in the user device and an access device ephemeral key pair in the access device. The access device then generates a session key using at least a private cryptographic key in the access device ephemeral key pair, and a public key in the user device key pair. The access device then uses the session key to secure an ultra-wideband communication channel between the user device and the access device.

Abstract: A method is disclosed. The method includes generating, by a communication device during an interaction with an access device, a cryptogram using transaction level data and interoperability level data; transmitting the transaction level data and interoperability level data to the access device; and transmitting the cryptogram the access device, wherein the access device or a remote server computer in communication with the access device validates the received cryptogram before allowing the transaction to proceed.

Abstract: A method for creating a final application includes a computer obtaining an obfuscated SDK binary and an interface source code that comprises one or more functions that call obfuscated functions within the obfuscated SDK. The computer then creates application source code that calls functions in the interface source code. The computer builds an intermediate object comprising the interface source code and the application source code. The computer then creates the final application using the intermediate object and the obfuscated SDK binary.

Abstract: A method is disclosed. The method includes a user device storing a message data template comprising a plurality of data fields. A multi-record message may be generated using the message data template in response to an interaction between the user device and an access device. To generate the multi-record message, the user device may increment a counter stored on the user device to produce a counter value, and generate a dynamic cryptogram. The user device may additionally retrieve a credential. The counter value, the dynamic cryptogram, and the credential may then be incorporated into the plurality of data fields of the message data template to form the multi-record message. The multi-record message may be transmitted to the access device, where the access device forwards the multi-record message to an authorization computer to authorize or deny the interaction.

Abstract: Systems and methods for securing data transmissions using distance measurements are disclosed. A mobile device (such as a smart phone) and a base station can use ultra-wideband technology to determine the distance between the two devices. The distance measurements produced by the mobile device and the base station can be compared, directly or indirectly by the mobile device, the base station, and/or an access device to determine whether the mobile device is present at an access device or if the mobile device is not present at the access device (as expected during a relay attack). If the mobile device is not present at the access device, the access device can prevent or cancel an interaction based on the data transfer (e.g., opening a locked door of a secure building in response to receiving an access credential from the mobile device).

Abstract: Methods and systems for performing efficient integration tests on mobile device for contactless data transfers are described. Rather than performing contactless communications with a variety of test user devices (e.g., test smart cards), which may be time consuming and may present physical difficulty, a mobile device can simulate the result of these communications using a simulator application operating on the mobile device. A contactless communication application, also operating on the mobile device, can communicate with the simulator application in order to generate interaction payloads based on stored data records corresponding to the test user devices. These interaction payloads can then be transmitted by the mobile device to a processing computer. Later, the mobile device may receive a response from the processing computer or another computer system, indicating if the interaction payloads were successfully received and interpreted. This in turn may indicate if the integration test was successful.

Abstract: Techniques for enabling usage of an Ultra-Wideband (UWB) chip on a passive device are disclosed. The passive device comprises a substrate including a first electronic component, and a second electronic component. The first electronic component is programmed to communicate with an access device using a first communication protocol, and the second electronic component is programmed to communicate with the access device using a second wireless communication protocol. The passive device includes a first antenna electrically coupled to at least the first electronic component or the second electronic component, and a second antenna electrically coupled to at least the second electronic component. The first antenna is adapted to receive a first signal from the access device, which powers at least the second electronic component, thereby causing the second electronic component to cause the second antenna to emit a second signal that is received by the access device.

Abstract: Systems and methods are disclosed for securely communicating sensitive data (e.g., interaction data) during a process for offline authentication. A data packet may be received by an access device from a user device in a one-way communication. The data packet may be converted to obtain interaction data comprising a digital certificate certified by the certificate authority and a digital signature value generated by the user device. A second public key associated with the user device may be obtained utilizing the digital certificate and the first public key associated with the certificate authority. The validity of the interaction data may be determined based at least in part on the digital signature value and the second public key associated with the user device. When the interaction data is determined to be valid, an identifier of the interaction data may be authorized and access may be provided based on this authorization.

Abstract: A method is disclosed and includes determining a test plan to test a kernel on a mobile device, and determining an interaction input message according to the test plan, the interaction input message comprising first data. The method also includes transmitting the interaction input message comprising the first data to the mobile device over a network-based communication channel. The kernel in the mobile device generates the interaction output message in response to receiving the interaction input message. The method also includes receiving, from the mobile device, the interaction output message comprising second data from the mobile device over the network-based communication channel, and determining if the interaction output message is consistent with the test plan.

Abstract: Embodiments of the invention are directed to systems, methods, and devices for providing dynamic applicability management with respect to a testing framework. Executable code segments can be provided in/with various test procedures that include instructions for testing hardware, software, capabilities, features, functionalities, or protocols of a computing device. Each code segment can encapsulate logic that, when executed, identifies whether a corresponding test procedure is applicable to a device given that device's configuration. By executing each code segment, a set of applicable test procedures can be identified. Identifiers or the test procedures may be provided to the device to be tested or a testing platform configured to conduct the test of that device. Transmitting the identifiers and/or procedures configures those devices to perform the test through simulating a legitimate data exchange.

Abstract: A disclosed method includes receiving, by a first device from a server computer, a first hash value along with a plurality of other hash values, and a random value. The first hash value is generated by inputting at least a first credential and the random number into a hash function. The method includes reading a second credential from a second device operated by a second user, and generating a second hash value by inputting at least the second credential and the random value into the hash function. The method includes comparing the first hash value and the second hash value, and determining that the first hash value and the second hash value match. The method also includes validating an action of the second user when the first hash value and the second hash value match.

Abstract: A method conducted using a mobile device is disclosed. The method includes maintaining a plurality of software modules, wherein each software module of the plurality of software modules is built and executed independently of other software modules. The mobile device receives first interaction initiation data corresponding to a first transaction. In response to receiving the first interaction initiation data, a first subset of the plurality of software modules is selected via an application interface to execute the first transaction. The mobile device receives second interaction initiation data corresponding to a second transaction. In response to receiving the second interaction initiation data, a second subset of the plurality of software modules to execute the second transaction is selected via the application interface. The first subset of the plurality of software modules is different than the second subset of the plurality of software modules.