Abstract: A mobile device with a display, processor(s), and memory: displays promotional offers; detects a user input selecting one of the promotional offers; and initiates performance of a transaction with an automatic retail machine to purchase a product stocked by the automatic retail machine. The mobile device also: receives a transaction completion notification from the payment module indicating that the product corresponding to the selected promotional offer was vended by the automatic retail machine; and, in response to receiving the transaction completion notification, provides a prompt to the user of the mobile device to obtain a product code for the vended product to validate the promotional offer. The mobile device further: obtains the product code for the vended product; transmits the product code to the server; and, in response: receives promotion validation information from the server; and displays the promotion validation information indicating whether the respective promotion offer was validated.

Abstract: A user can set up a travel account with a payment provider, to inform the payment provider of expected dates and locations of travel, along with limits or restrictions at the various locations and/or dates. When the user travels and attempts to make a payment, the payment provider can determine the location and date to aid in processing the payment request, resulting in an easier process for the user, while still providing additional security with the limits and restrictions.

Abstract: Embodiments of methods, apparatuses, devices, and/or systems for data copyright management are described. According to one embodiment of this disclosure, data copyright management may include displaying, storing, copying, editing, and/or transferring digital data. According to an embodiment, data copyright management may include protecting digital data copyrights. Various embodiments of this disclosure may use cryptographic keys to implement portions of the data copyright management disclosed.

Abstract: A user can share digital content with another user or device using dynamically-generated barcodes. A user might request to share an electronic book (“e-book”), stored on a first device, with another user having a second device. The first device can generate a barcode that includes not only information about the identity of the e-book, but also information about the user or the first device, which can help to determine rights and/or access restrictions for the content. The second device can capture an image of the barcode generated on a display of the first device, and use information extracted from that image to attempt to obtain a copy of the e-book. Other types of barcodes can be generated based at least in part upon the context, such as where a user is attempting to locate a physical copy of a type of digital content in a retail location.

Abstract: A method that includes receiving, from a first entity having an input permission, a first data structure into a HSM, wherein the first data structure maps a first many-to-one mapping between a first and a second PIN numeral system. The method also includes determining whether the content of the first data structure is valid, storing the first data structure in the HSM if the first data structure is valid and marking the stored first data structure as inactive. The method further includes activating the first data structure if a second data structure is input into the HSM by a second entity having an activation permission, wherein the first entity is different from the second entity, the first data structure is identical to the second data structure. The method additionally includes converting from the first to the second PIN numeral system responsive to the activated first data structure.

Abstract: Key requests in a data processing system may include identifiers such as user names, policy names, and application names. The identifiers may also include validity period information indicating when corresponding keys are valid. When fulfilling a key request, a key server may use identifier information from the key request in determining which key access policies to apply and may use the identifier in determining whether an applicable policy has been satisfied. When a key request is authorized, the key server may generate a key by applying a one-way function to a root secret and the identifier. Validity period information for use by a decryption engine may be embedded in data items that include redundant information. Application testing can be facilitated by populating a test database with data that has been encrypted using a format-preserving encryption algorithm. Parts of a data string may be selectively encrypted based on their sensitivity.

Abstract: A simple to customize secure IT infrastructure architecture. The IT infrastructure architecture includes a secure general purpose virtualized architecture platform. The IT infrastructure architecture is well suited for delivering simple pre-packaged software solutions to the small business segment as plug and play type appliances. In certain embodiments, the IT infrastructure architecture includes a secure virtual appliance device such as a virtual appliance universal serial bus (USB) key. The IT infrastructure architecture uses embedded server virtualization technology to host applications as a virtual appliance.

Abstract: Structures and methods are disclosed for verifying integrity of peer-supplied content in a peer-to-peer content distribution system, for example, to verify that content supplied from a sending peer node to a receiving peer node corresponds to the content that was requested by the receiving node.

Abstract: A system that supports multi-stage transactions through the use of biometric tokens, such as fingerprint images or iris scans. A user pre-stages a transaction by providing transaction details that can be used a later time to complete the transaction, and the system stores the transaction details in a transaction record that is identified by a biometric token captured from the user. In some systems, the biometric token is captured as part of the pre-staging process. In other systems, the biometric token is retrieved from a data store after the user has provided authentication information, such as a bank card or user-identification code coupled with a secret PIN code. When the user is ready to complete the pre-staged transaction, the system captures a second biometric token from the user and matches the second token to the one identifying the user's transaction record. The transaction details contained in that transaction record are then used to complete the user's transaction.

Abstract: An encryption key management system is provided for storage area network devices. A create key request is received at a storage area network switch. The key is created at the storage area network switch and the created key request is transmitted to a key management center. The key object is stored in the key management center and includes a unique identifier, an encrypted key, a wrapper unique identifier, and a key entity. The encrypted key can later be decrypted to generate a decrypted key. The encrypted key is decrypted using keying material accessed using the wrapper unique identifier that identifies another key object.

Abstract: A method and a system of managing information security for a mobile device in a restricted area based on location information regarding the mobile device are provided. The method includes receiving, by the mobile device, a request for the execution of an application program in a restricted area from a server managing the restricted area, executing, by the mobile device, the application program requested for execution when the program was set to be executable according to a security policy set to the restricted area, encrypting, by the mobile device, a file, created according to the execution of the application program, based on location information regarding the mobile device, and storing the encrypted file.

Abstract: A provisioning system for enabling a mobile communication device to operate as a financial presentation device (FPD) which is presentable to providers of goods or service is provided. The provisioning system relies on a transaction processing system that normally routes authorization requests from merchants to issuers of FPDs for purposes of authorizing FPD transactions. The transaction processing system already stores security keys of all issuers in order to validate transaction data being sent from the merchants. The provisioning system monitors authorization requests being routed through the transaction processing system and retrieves an authorization request of a financial transaction that was initiated with a particular FPD.

Abstract: A virtual payment chipcard service depends on a secure, back-end network server configured to maintain chipcard authorization data and computational services as virtual assets in the Cloud. These are behind tamper resistant boundaries, and, on user transaction request, arranged to electronically sign a transaction on the user's behalf as a proxy to a virtual chip-card payment. Two independent and concurrent user communication channels connected to the network server are configured to receive user transaction requests on one user communication channel, and to enable the network server to make confirmations with said user on the other user communication channel.

Abstract: Systems, methods, and apparatuses are provided for enabling a merchant payment computer to obtain one or more encryption keys, and use the encryption keys to encrypt transaction data. The merchant payment computer may authenticate to a merchant management computer to obtain a signed digital certificate attesting the identity of the merchant payment computer. The merchant payment computer can provide the certificate and a device identifier to a key management computer to obtain an encryption key. The merchant payment computer can then use the encryption key to encrypt transaction data for a transaction.

Abstract: A franchise Application Service Provider (ASP) server is disclosed. The franchise ASP server includes a token generating function unit that generates a token on the basis of transaction-related information included in a payment request upon receiving the payment request from a payment terminal, and generates a net key for payment on the basis of the generated token and a franchise identifier, a token processing unit that processes the generated token in conjunction with a smart safe for receiving the net key for payment from a buyer terminal having received the net key for payment, and a token confirmation unit that receives a confirmation request of the token from the payment terminal and confirms whether the token has been processed.

Abstract: A method and system for signing a digital certificate in real time for accessing a service application hosted within a service provider (SP) computer system through an open application programming interface (API) platform is provided. The API platform is in communication with a memory device. The method includes receiving registration data from a developer computer device wherein the developer computer device is associated with a developer and configured to store a developer application, receiving a certificate signing request (CSR) from the developer computer device wherein the CSR includes a public key associated with the developer, verifying the registration data as being associated with the developer, signing the CSR to produce a signed certificate after verifying the registration data wherein the verifying and signing steps are performed by the SP computer system in real time, and transmitting the signed certificate and a client ID to the developer computer device.

Abstract: An RFID system includes an RFID tag, an RFID reader, and a server. The RFID tag communicates to the server via encrypted information. The information may be encrypted with synchronized encryption keys. In this manner, the reader need not decrypt the information from the RFID tag. The effectiveness of malicious readers is thereby reduced, resulting in improved RFID tag security.

Abstract: A method for discounting a payment transaction includes: storing, in a memory, transaction data for a payment transaction, wherein the transaction data includes at least a transaction amount; receiving, by a receiving device, payment data submitted for payment for the payment transaction, wherein the payment data includes at least a consumer identifier corresponding to a consumer and payment information; receiving, by the receiving device, offer data, wherein the offer data includes an offer identifier corresponding to the consumer and a transaction modifier; encrypting, using a predetermined encryption key, the consumer identifier to obtain an encrypted consumer identifier; and updating, in the memory, the transaction amount included in the transaction data based on the transaction modifier if the encrypted consumer identifier corresponds to the offer identifier.

Abstract: In order to validate a user to facilitate conducting a high-valued financial transaction via wireless communication between an electronic device (such as a smartphone) and another electronic device (such as a point-of-sale terminal), the electronic device may authenticate the user prior to the onset of the high-valued financial transaction. In particular, a secure enclave processor in a processor may provide local validation information that is specific to the electronic device to a secure element in the electronic device when received local authentication information that is specific to the electronic device (such as a biometric identifier of the user) matches stored authentication information. Moreover, an authentication applet in the secure element may provide the local validation information to an activated payment applet in the secure element. This may enable the payment applet to conduct the high-valued financial transaction via wireless communication, such as near-field communication.

Abstract: Described in an example embodiment herein is an apparatus comprising an input device and a processor communicatively coupled with the input device. The processor employs asymmetric encryption to provision the input device with a terminal master key. The processor employs the terminal master key with a symmetric encryption algorithm to transfer a communication key to the input device. The processor obtains data representative of a financial account. The processor receives data representative of the personal identification number for authorizing a financial transaction with the financial account from the input device, the data representative of the personal identification number is encrypted with the communication key. The processor receives a request for a financial transaction associated with the financial account via the input device. The processor determines whether the financial transaction is authorized based on the data representative of the personal identification number received from the input device.

Abstract: In order to authenticate a user to facilitate conducting a financial transaction via wireless communication between an electronic device (such as a smartphone) and another electronic device (such as a point-of-sale terminal), the electronic device may securely communicate an authentication-complete indicator to a secure element in the electronic device. In particular, a secure enclave processor in a processor may provide the authentication-complete indicator to the secure element using an encrypted token when received authentication information (such as a biometric identifier of the user) matches stored authentication information. Moreover, an authentication applet in the secure element may decrypt the token, and then may set an authentication-complete flag in an operating system of the secure element based on the authentication-complete indicator.

Abstract: A server apparatus having a one-time scan code issuing function, a user terminal having a one-time scan code recognizing function, and a method for processing a one-time scan code are provided so as to safely and conveniently transmit one-time information used for key-exchange-scheme-based encryption, using a scan code such as a bar code and a QR code.

Abstract: In an example, a network device is configured to generate a first public-private key pair. The network device is configured to receive, over an electronic network, public keys of two or more second public-private key pairs. The network device is configured to generate a digital currency address using the public keys of the two or more second public-private key pairs and a public key of the first public-private key pair.

Abstract: The present invention provides a method and system for verifying and tracking transactional information. In an embodiment of the invention, a system for delivering security solutions is provided that includes at least one of the following: a radio frequency (RF) identification device, an identification mechanism (e.g., a card, sticker), and an RF reader.

Abstract: Articles and methods for transaction irregularity detection are disclosed. In one example, the article discloses: a memory including a record of a last-reported security-device transaction with the security-device, and including a last-reported transaction counter value associated with the last-reported security-device transaction; a previous device identifier; a record of the previous security-device transaction with the security-device, and including the previous device identifier associated with the previous security-device transaction; a record of a current security-device transaction with the security-device, and including a currently-reported transaction counter value associated with the current security-device transaction; and a back-end device tagging the previous device with fraud if the current transaction counter value differs from the last-reported transaction counter value by other than an increment.

Abstract: Systems, methods, and computer-readable media for securely conducting online payments with a secure element of an electronic device are provided. In one example embodiment, a method includes, inter alia, at an electronic device, generating first data that includes payment card data, generating second data by encrypting the first data and merchant information with a first key, transmitting to a commercial entity subsystem the generated second data, receiving third data that includes the first data encrypted with a second key that is associated with the merchant information, and transmitting the received third data to a merchant subsystem that is associated with the merchant information, where the first key is not accessible to the merchant subsystem, and where the second key is not accessible to the electronic device. Additional embodiments are also provided.

Abstract: Current embodiments provide for authorization and payment of an online commercial transaction between a purchaser and a merchant including verification of an identity of the purchaser and verification of an ability of the purchaser to pay for the transaction, where the identity provider and the payment provider are often different network entities. Other embodiments also provide for protocols, computing systems, and other mechanisms that allow for identity and payment authentication using a mobile module, which establishes single or multilevel security over an untrusted network (e.g., the Internet). Still other embodiments also provide for a three-way secure communication between a merchant, consumer, and payment provider such that sensitive account information is opaque to the merchant, yet the merchant is sufficiently confident of the consumer's ability to pay for requested purchases.

Abstract: Embodiments of the invention are directed to methods, apparatuses, computer-readable media, and systems for securely processing remote transactions. One embodiment is directed to a method of processing a remote transaction initiated by a communication device. The method comprising a server computer receiving a payment request including encrypted payment information that is encrypted using a first key. The encrypted payment information including security information. The method further comprises decrypting the encrypted payment information using a second key, obtaining an authentication response value for the remote transaction from an authentication computer associated with an issuer, updating the decrypted payment information to include the authentication response value, re-encrypting the decrypted payment information using a third key, and sending a payment response including the re-encrypted payment information to a transaction processor.

Abstract: Techniques for improved Point of Sale (PoS) transactions are disclosed. The techniques include a PoS terminal that receives biometric data from a consumer, determines an encryption key based on the biometric data, and transmits the encryption key to a mobile device associated with the consumer to cause the mobile device to decrypt a consumer key and transmit an indication of a successful decryption. The PoS terminal further receives the indication of the successful decryption from the mobile device, and retrieves consumer account information responsive to receiving the indication of the successful decryption.

Abstract: Included are embodiments for tokenizing sensitive data. Some embodiments of systems and/or methods are configured to receive sensitive data from a vendor, determine a token key for the vendor, and utilize a proprietary algorithm, based on the token key to generate a vendor-specific token that is associated with the sensitive data. Some embodiments include creating a token identifier that comprises data related to the token key sending the vendor-specific token and the token identifier to the vendor.

Abstract: Provided are computer implemented methods and systems for messaging, calling, and one-touch payments via mobile and wearable devices. An exemplary system comprises a processor and a database in communication with the processor. The processor is configured to provide an integrated interface for selection of an activity mode. The activity mode includes a messaging mode, a calling mode, and a one-touch payment mode. The processor is further configured to receive the selection of the activity mode via the integrated interface from a user. If the messaging mode is selected, a message from the user is received and sent to a recipient via a data network. If the calling mode is selected, a data network call is initiated on a call request of the user. If the one-touch payment mode is selected, a payment request is transmitted to a financial organization.

Abstract: Systems, apparatus, methods, and computer program products for using quick response (QR) codes for authenticating users to ATMs and other secure machines for cardless transactions are disclosed. Embodiments of the present disclosure read an image displayed on a display of an external device using a mobile device associated with a user authorized to access a secure resource, decode transaction information encoded in the image, transmit the transaction information and an identifier of the mobile device from the mobile device to an authentication system, and grant access to the secure resource if the transaction information and the identifier satisfy an authentication test performed at the authentication system.

Abstract: According to an embodiment of the present invention, a method for using information in conjunction with a data repository includes encrypting data associated with the information with an encryption key, sending at least the encrypted data to the data repository, and possibly deleting the information. The method also includes receiving a request for the information from a remote device, and sending a request for the encrypted data to the data repository. The method further includes receiving the encrypted data from the data repository, decrypting the encrypted data using the encryption key, and sending the information to the remote device.

Abstract: Disclosed is a technique for establishing a secure communication session between a mobile device and a card reader. The technique can involve using a trusted, remote validation server to validate security information of both the card reader and a POS module in the mobile device prior to, and as a precondition of, the card reader and the POS module establishing a secure communication session with each other. In certain embodiments the POS module sends the security information of both the card reader and the POS module to the validation server. The security information can include cryptographic keys of the POS module and the card reader and additional security information related to the POS module and its software environment.

Abstract: A system and method of exchanging assets splits authentication of the parties in the transaction from real-time validation of the assets used in the transaction. Electronic representations of currency or other value of an asset provide a mechanism for the electronic transfer of the ownership of those assets. Digital tokens or other electronic money is created, issued, purchased, validated, and redeemed within an electronic exchange. Ownership of the token is established by the physical possession of the token along with a public key certificate that decrypts the owner's copy of the token. Tokens are stored in digital wallets and are transferred using private p2p communications channels or NFC. The separation of the authentication of the parties using an authentication authority (registry) and the validation of the assets using a transaction authority allows personal anonymity. Privacy is maintained, and no single authority has a complete audit trail of the transaction.

Abstract: A micropayment system and method is presented for a payor U to establish payment to payee M for a transaction T, which typically has a very low value TV. The micropayment scheme minimizes the bank's processing costs, while at the same time eliminating the need for users and merchants to interact in order to determine whether a given micropayment should be selected for payment. In one embodiment, the micropayment scheme includes time constraints, which require that an electronic check C for the transaction T be presented to a bank B for payment within a predetermined time/date interval. In another embodiment, the micropayment scheme includes a selective deposit protocol, which guarantees that a user is never charged in excess of what he actually spends, even within a probabilistic framework. In another embodiment, the micropayment scheme includes a deferred selection protocol, which provides the bank with control and flexibility over the payment selection process.

Abstract: Embodiments of the present invention are directed to systems and methods for providing a central entity that can provision mobile payment applications on mobile communication devices and personalize the mobile payment applications with consumer and account information. The personalization of the mobile payment application on the mobile communication device may include provisioning a payment account on the mobile payment application. The central entity may provision the account on the mobile payment application without interacting with the issuer during the provisioning of the account. The central entity may provision the account on the mobile communication device by decrypting, using a secure element key, encrypted payment account information received from the mobile communication device. The payment account information may be encrypted by a secure element of the mobile communication device using the same secure element key.

Abstract: A method of authorizing a financial transaction involves a payment terminal receiving, from a payment card interfaced with the payment terminal, application data in response to a predetermined authorization amount provided to the payment card by the payment terminal. The application data comprises an account number uniquely associated with the payment card. The payment terminal generates an adjusted authorization amount based on the account number and from a preliminary authorization amount received at the payment terminal, provides the payment card with the adjusted authorization amount, receives a cryptogram from the payment card in response, and provides notification of authorization of a financial transaction for the adjusted authorization amount in accordance with a confirmation that the cryptogram received at the payment terminal from the payment card was generated by the payment card from the adjusted authorization amount and from a cryptographic key uniquely associated with the payment card.

Abstract: Disclosed is a digital card-based payment system and method. A digital card-based payment system includes a seller terminal configured to acquire a token from a purchaser terminal desiring to purchase a product and a card management server configured to store and manage one or more pieces of card information and one or more pieces of token information corresponding to the card information and, upon receipt of the token information and payment information for the product from the seller terminal, make payment for the product using card information corresponding to the received token.

Abstract: Pursuant to some embodiments, methods, systems, apparatus, computer program code and means for conducting an online transaction by a user operating a computer are provided which include identifying, at the computer, that the user has selected a secure payment option during a transaction with a merchant. The computer is caused to enter a private session. During the private session, payment card data from a physical payment card held by the user is received, and the payment card data is forwarded to a payment provider to cause the payment provider to provide substitute payment card details to the merchant to complete the transaction.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device. The method comprises receiving, by a mobile payment application on a secure memory of the mobile device, transaction data from a transaction processor application on the mobile device. The method further comprises validating that the transaction processor application is authentic and in response to validating the transaction processor application, providing encrypted payment credentials to the transaction processor application. The transaction processor application further initiates a payment transaction with a transaction processor server computer using the encrypted payment credentials.

Abstract: Unauthorized copying of a transaction barcode is prevented by including a sensed condition or other publicly-accessible data with the transaction barcode for use as a comparison with the publicly accessible data determined at a barcode reader. If the sensed condition included in the transaction barcode indicates that the transaction barcode was generated for a different transaction, then the barcode reader invalidates the transaction. For instance, if the barcode was generated too distant in time, position, or sequential transactions, then the barcode reader invalidates the transaction barcode as an unauthorized copy of a transaction barcode generated for a different transaction.

Abstract: A process that simplifies shopping on E-commerce platforms includes a program that naturally keeps sensitive user information and data more secure by removing large amounts of sensitive user information and data from multiple merchant sites. The process makes use of personal devices that are always available to users to store user, shipping and payment information and data. Transactions are completed by having the personal device communicate either directly with a merchant's gateway or merchant account, and then sending the transaction details and shipping information and data to both the user and the merchant.

Abstract: Methods and devices for enabling authentication may include a first stage in which a first electronic device of the first entity communicates with a second electronic device of the second entity via a telecommunications network. During the first stage, the first electronic device generates a first token and transmits it from the first electronic device to the second electronic device via the network; and the second electronic device generates a third token and transmits the third token to the first electronic device via the network. During a second stage, authenticating a first non-authenticated entity as being the second entity as a function of a second token contained in a first portable electronic device of the first non-authenticated entity occurs; and authenticating a non-authenticated entity as being the first entity as a function of a fourth token contained in a second portable electronic device of the second non-authenticated entity also occurs.

Abstract: Methods for facilitating financial transactions include facilitating or otherwise increasing the ease and speed of checkout processes. In particular, one or more implementations comprise an e-commerce payment facilitator that acts as an intermediary between a commerce application and a payment gateway. The e-commerce payment facilitator can provide stored payment information to a commerce application based on a few simple selections by a user. This allows a user to easily and securely complete commerce transactions, which simplifies the user's checkout experience and reduces barriers to purchase. Furthermore, the e-commerce payment facilitator can pass payment details to the commerce application's payment gateway. In addition to the foregoing, methods involve dynamically and intelligently providing a user the option of using payment information stored by the network application.

Abstract: Key requests in a data processing system may include identifiers such as user names, policy names, and application names. The identifiers may also include validity period information indicating when corresponding keys are valid. When fulfilling a key request, a key server may use identifier information from the key request in determining which key access policies to apply and may use the identifier in determining whether an applicable policy has been satisfied. When a key request is authorized, the key server may generate a key by applying a one-way function to a root secret and the identifier. Validity period information for use by a decryption engine may be embedded in data items that include redundant information. Application testing can be facilitated by populating a test database with data that has been encrypted using a format-preserving encryption algorithm. Parts of a data string may be selectively encrypted based on their sensitivity.

Abstract: Embodiments are described that are directed to optimizing the provisioning of payment account credentials to mobile devices utilizing mobile wallets. In some embodiments, one of multiple provisioning schemes may be selectively chosen for payment account credential provisioning based upon a determined risk involved with a particular provisioning request. A low risk provisioning request leads to an immediate provisioning of a payment credential, whereas a provisioning request of high risk results in the provisioning request being denied. In some embodiments, medium risk provisioning requests will cause an additional user authentication to be performed before the payment account provisioning is finalized. The additional user authentication may occur using a separate communication channel than the channel in which the provisioning request was received.

Abstract: Data can be protected in mobile and payment environments through various tokenization operations. A mobile device can tokenize communication data based on device information and session information associated with the mobile device. A payment terminal can tokenize payment information received at the payment terminal during a transaction based on transaction information associated with the transaction. Payment data tokenized first a first set of token tables and according to a first set of tokenization parameters by a first payment entity can be detokenized or re-tokenized with a second set of token tables and according to a second set of tokenization parameters. Payment information can be tokenized and sent to a mobile device as a token card based on one or more selected use rules, and a user can request a transaction based on the token card. The transaction can be authorized if the transaction satisfies the selected use rules.

Abstract: The present invention provides a personalized marketing system and a personalized marketing method. The personalized marketing system comprises: a display device, a detecting device, a database device, and a control device. The display device is utilized for displaying at least an information. The detecting device is utilized for detecting at least a viewer via at least a wireless signal that can identify the viewer. The database device is utilized for recording data of connections between the information and the detected viewer. The control device is utilized for controlling the display device to display a specific information according to the data recorded in the database device.

Abstract: A payment processing server generates an asymmetric cryptographic key pair, over one secure communications channel providing a mobile device with one cryptographic key of the cryptographic key pair, and saves another cryptographic key of the cryptographic key pair in a pending transaction database in unique association with a single-use payment number and a financial account. The server encrypts the payment number, which does not identify the financial account, with the another cryptographic key and provides the mobile device with the encrypted payment number over another secure communications channel distinct from the one secure communications channel. The server receives from a payment terminal a payment completion request that includes the encrypted payment number decrypted with the one cryptographic key.