A method includes providing an initial communication, by an access device to a user device. The access device can receive the user identifier and the access token and receive a secret associated with the user. The access device can determine, using the user identifier and/or the access token, if the transaction is authorized by an authorizing entity computer associated with the access device or by an authorizing entity not associated with the access device. If the transaction is authorized by the authorizing entity computer associated with the access device, the access device can transmit an authorization request message comprising the user identifier, the secret, and the access token to the authorizing entity computer. The authorizing entity computer validates the secret, retrieves a real credential of the user using the user identifier, and authorizes the transaction.

Systems and methods disclosed herein provide automatic expense categorization of transactions or expenditures based on a machine learning (ML) model trained using anonymized transactional data for expenditures that are stored in a public blockchain. The anonymized transactional data for the expenditure and the expense category, may be distributed throughout the blockchain network and recorded in the blockchain. In some implementations, an expenditure may be submitted to the blockchain network for expense categorization. The transactional data for the expenditure may be anonymized to remove confidential and personal identifying information (PII) before it is distributed throughout the blockchain network. Each participating node of the blockchain network may utilize the ML model to identify an expense category for the expenditure. The participating nodes may provide a consensus mechanism in order to arrive at a shared understanding of how to categorize the expenditure.

Systems and methods for device registration and authentication are disclosed. In one embodiment, a method for authentication of a device may include (1) receiving, at a mobile device, a first credential; (2) transmitting, over a network, the first credential to a server; (3) receiving, from the server, a first key and a first value, the first value comprising a receipt for the first credential; (4) receiving, at the mobile device, a data entry for a second credential; (5) generating, by a processor, a second key from the data entry; (6) retrieving, by the mobile device, a third credential using the first key and the second key; (7) signing, by the mobile device, the first value with the third credential; and (8) transmitting, over the network, the signed third value to the server.

In some implementations, a transaction card may receive transaction data from a transaction terminal based on initiation of a transaction with the transaction terminal; generate a tokenized primary account number, for use with the transaction, based on the transaction data and an actual primary account number of the transaction card; and transmit the tokenized primary account number to the transaction terminal for processing the transaction.

Various embodiments are directed to securely verifying an identity of a user who is requesting to add or link a financial instrument to a third-party digital wallet using one-tap contactless card authentication. The financial instrument may be added or linked to the third-party wallet in at least two scenarios: pull provisioning and push provisioning. In either provisioning scenarios, the user may be required to authenticate the financial instrument being added or linked by successfully verifying the identity of the user via the one-tap contactless card authentication at a banking application associated with the financial instrument.

A system for providing a service at a self-service machine having a device identifier and that does not have internet connectivity or that is in an off-line state includes: a validation server that stores the device identifier, the validation server being in communication with a mobile device of a user, but not with the self-service machine. The self-service machine is configured to: receive a selection of a service; generate a service request identifier for the selected service; add the service request identifier to a list of service requests to be fulfilled; and communicate, to the mobile device by a first direct communication method, service request data including the service request identifier, a terminal identifier of the self-service machine, and an address of a validation server.

Disclosed is a method and system, in FIG. 1, for verifying authenticity of specific personal data responsive to a unique wallet address (70) on a public ledger (66) of an unregulated platform (60). The wallet contains one or more non-transferable NFTs each locked to the wallet and related to specific personal data. The non-transferable NFT was minted from a regulated platform (27) to which there is a record (76) in the public ledger. Supplying the unique address of the wallet to a service supplier affects a log-in of a client (18) to the service supplier (90), whereafter message interactions over a network (12) between the service supplier and the unregulated platform (60) permits searching for a relevant (72) non-transferable NFTs (74) stored in the wallet and related to the specific personal data. Return of any relevant non-transferable NFT related to the personal data thus verifies authenticity of the specific personal data by association with a regulated platform.

A computer-implemented method of using blockchain transactions to issue one or more single-uses tokens for use by one or more respective token redeemers, wherein the method is performed by a token issuer and comprises: generating a token transaction, wherein the token transaction comprises: one or more token outputs, wherein each token output comprises token data representing a respective single-use token, wherein each single-use token is associated with a respective spendable output of the token transaction, and wherein a respective validity of each single-use token is conditional on the respective spendable output being present in an unspent transaction output set of a blockchain; and one or more inputs, wherein at least a first one of the inputs comprises a signature linked to a first public key of the token issuer; and transmitting the token transaction to one or more nodes of a blockchain network to be recorded in the blockchain.

Systems and methods described herein are directed to using a smart contract deployed on a distributed ledger network to prove compliance for handling of an asset over time and space. In some implementations, a system includes: one or more servers operating as nodes on a distributed ledger network; and a storage to store an instance of a smart contract. The one or more servers may be to: deploy the smart contract to the distributed ledger network; verify time series data captured by a device, where the verified time series data includes for each time a secured representation of a distributed ledger address; and send at least some of the verified time series data as an input to the smart contract. The smart contract, in response to receiving the at least some of the verified time series data, may execute to determine if one or more conditions have been satisfied.

A method for submission of payment transaction requests from a point of sale (POS) terminal to a financial institution includes reading payment information from a payment vehicle, reading financial institution routing information from the payment vehicle, reading a payment vehicle certificate from the payment vehicle, requesting consumer authentication information from a consumer, and submitting a payment transaction request to the financial institution using the financial institution routing information, a POS terminal certificate, and the payment vehicle certificate. An authentication certificate for submission of payment transaction requests from a point of sale (POS) terminal to a financial institution may be generated by receiving a request for an authentication certificate from a requestor, the request comprising a requestor ID and one or more capabilities of the requestor, verifying the requestor ID, generating an authentication certificate for the requestor, and returning the generated authentication certificate to the requestor.