The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authenticate device identity and authorize exchanges of data in real-time based on dynamically generated cryptographic data. For example, an apparatus may receive a first signal that includes a first cryptogram associated with a client device, and may perform operations that authenticate an identity of the client device based on a comparison of the received first cryptogram and a second cryptogram generated by a computing system associated with an application program executed by the client device. In response to the authenticated identity, the apparatus may load profile data associated with the client device from a storage unit, and perform operations consistent with the profile data in accordance with the authenticated identity.

Systems and methods are provided for managing digital identities associated with users. One exemplary method includes receiving, at a computing device, an encrypted message from a communication device associated with a user where the messaging includes a changed attribute for the user. The method also includes generating a hash of a digital identity for the user with the changed attribute, generating a hash of the digital identity of the user stored in a ledger data structure, and transmitting a request for the user to attest to the changed attribute when the generated hashes do not match. The method then further includes broadcasting a pending status of the digital identity of the user to a relying party for the digital identity, and storing a certification of the changed attribute, received from the relying party in response to the pending status, based on verification of the changed attribute by the relying party.

Embodiments include methods and systems for linking high-value tokens using a low-value token, comprising receiving, from an electronic data server, a first high-value token and a request for a low-value token, the first high-value token being associated with sensitive data associated with a user, and the low-value token being associated with a subset of the sensitive data associated with the user. The methods and systems further comprise providing the low-value token to the electronic data server, and receiving, from a second electronic data server, the low-value token and a request for a second high-value token, the low-value token having been provided to the second electronic data server by the electronic data server. The methods and systems further comprise generating a second high-value token associated with the sensitive data associated with the user, and providing the second high-value token to the second electronic data server.

A validation terminal located at a registered location comprises a barcode reader, a memory, and a processor. The memory stores a public key that is paired with a private key linked with the registered location of the validation terminal. The processor is operably coupled to the barcode reader and the memory, and is configured to detect an encrypted barcode that was scanned by the barcode reader from a mobile device that is located at the registered location of the validation terminal. The encrypted barcode is based at least in part upon transaction information associated with products in a digital cart, and the encrypted barcode is encrypted using the private key. The processor is further configured to decrypt the encrypted barcode using the stored public key, and to indicate the transaction is valid in response to decrypting the encrypted barcode using the public key.

Systems, methods, and devices for provisioning funding card numbers to merchant wallets are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for provisioning funding card numbers to third party wallets may include: (1) authenticating a customer using an electronic device; (2) redirecting the customer to a third-party website; (3) receiving, from the third-party website and via a first API, a request for funding primary account numbers (FPANs) associated with the customer; (4) providing the third-party website with a plurality of FPAN identifiers for FPANs associated with the customer; (5) receiving, from the third-party website and via a second API, a request for a FPAN associated with a selected FPAN identifier; (6) encrypting the FPAN associated with the selected FPAN identifier; and (7) communicating the encrypted FPAN to the third-party website.

A computer-implemented method includes: determining assets held by a remitter, the assets to be spent in a remittance transaction between the remitter and one or more payees, in which each asset corresponds to a respective asset identifier, a respective asset amount, and a respective asset commitment value; determining a remitter pseudo public key and a remitter pseudo private key; determining a cover party pseudo public key, in which the cover party pseudo public key is obtained based on asset commitment values of assets held by the cover party; and generating a linkable ring signature for the remittance transaction.

Systems and methods for distributed ledger-based identity management are disclosed. In one embodiment, a computer-based method for managing attestations may include: (1) receiving, by a computer program executed by an electronic device for an identity consumer and from an identity provider, a notification from an identity provider server that an attestation is available, wherein the attestation may be generated by the identity provider based on authorization from a system operator and may include a chain of trust comprising an identification of the system operator and the identity provider; (2) requesting, by the computer program, the attestation from the identity provider; and (3) downloading, by the computer program, the attestation to an identity consumer electronic wallet for the identity consumer. The identity provider may commit the downloading of the attestation to a distributed ledger, wherein the distributed ledger maintains a current status for the attestation.

A method including receiving, by a server computer, a request message from a token requestor computer on behalf of a user device. The request message comprising a first current token tracking value and a first function index value. The server computer can determine a second function index value. The server computer can then compare the first function index value to the second function index value. If the first function index value and the second function index value match, the server computer can determine a function based on the first function index value and a stored function table associated with the user device. The server computer can then determine a second current token tracking value based on the function, then compare the first current token tracking value to the second current token tracking value. The server computer can generate a response message in response to the comparing.

A dual-factor PIN based authentication system and method uses a cryptogram provided by a contactless card associated with the client in association with a PIN stored by the contactless card to authenticate the client. In some embodiments, cryptogram authentication may be preconditioned upon a PIN match determination by the contactless card. In other embodiments, the cryptogram may be formed at least in part using the personal identification number (PIN) stored on the contactless card encoded using a dynamic key stored by the contactless card and uniquely associated with the client. Authentication may be achieved by comparing the cryptogram formed using the PIN against an expected cryptogram generated an expected PIN and an expected dynamic key.

A system is provided for issuing static tokens on a decentralized distributed ledger in which transactions are recorded by parties to the transactions without the use of a blockchain. The system generates an identifier of a token. The system accesses a verification key of the owner of the token. The system generates an issue transaction that outputs the identifier, the verification key, a description of the asset the token represents, and an identification of the issuer. The system adds to the transaction an issuer signature. The system provides the issue transaction to a notary system for notarization. The notary system stores a reference to the output for the token identifier and the verification key. The notary system uses the verification key to determine whether a transfer transaction that inputs the token was signed using the corresponding signing key.