An apparatus includes a memory and a hardware processor. The memory stores a private encryption key. The processor intercepts a first transaction request from a user, communicates a first recertification request to a certificate authority that issued the private encryption key, and receives, from the certificate authority, a first message indicating that the private encryption key is valid for use. In response to the first message, the processor generates a first digital signature using the private encryption key, generates a first non-repudiation message comprising the first digital signature and the first message, generates a second message comprising the first transaction request and the first non-repudiation message, and communicates the second message to a server to process the first transaction request.

An embodiment of the present invention is directed to delivering an entitlements model that scales to both mid-frequency and low-latency use cases. The innovative solution may be distributed in nature and able to operate in low priority threads alongside the main logic of the software. An embodiment of the present invention may be implemented as a software module with APIs for ease of adoption.

Systems and methods are provided for receiving an encrypted payment payload from a digital wallet host, transmitting a low value token to a merchant, receiving an authorization request, requesting authorization for the transaction from an issuer financial institution using financial data from the encrypted payment payload, receiving an authorization decision from the issuer financial institution, and transmitting an authorization response to the merchant.

A system, method and computer program product for securing user information, including processing circuitry that receives an encrypted first request from a first party and that includes a unique identifier associated with an account of a user, sends, based on the encrypted first request, an encrypted authorization request to an operator servicing the account of the user, and receives, in response to the encrypted authorization request, an authorization from the operator based on a result of an authorization message exchange for authorizing or not authorizing the request sent by the operator to a device associated with the user over a network controlled by the operator. No pecuniary information of the user nor the personal identification number of the user is received by the processing circuitry thereby shielding the pecuniary information of the user from the first party.

Disclosed herein is a computer implemented method for providing authentication for secure transactions in a multi-server system, the method comprising; receiving, at an authentication server from a requestor server, a request for a cryptogram, the request being associated with a transaction and including a requestor identifier; in response to receiving the request, generating a cryptogram; sending, from the authentication server, the cryptogram to the requestor server; receiving, at the authentication server from a merchant server, the cryptogram, a payment token, and a unique merchant identifier, and a merchant secret; validating, at the authentication server, the cryptogram; comparing, at the authentication server, the unique merchant identifier and the merchant secret with a unique merchant identifier and a merchant secret pair stored in a database; and authorizing, at the authentication server, the transaction when there is a match.

This disclosure includes utilizing a token cryptogram with a browser to facilitate a transaction. A webpage of a website is configured to accept a token cryptogram in fields of the webpage. The webpage of the website may indicate that it is token-aware and is configured to accept the token cryptograms.

A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (ga), the second value (ga) based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (mi); generate, with the payment network, a public key (pki) based on the second value (ga), the merchant product (M), and the random merchant number (mi) and a random key (rki) based on the merchant product (M) and the random merchant number (mi) for each respective merchant bank; and communicate, with the payment network, the public key (pki) and the random key (rki) to at least one respective merchant bank.

A privilege provision device according to an embodiment of the present invention includes a payment token request reception unit configured to receive a token request including user identification information from a user terminal, a token generation unit configured to generate a token associated with coupon identification information and the user identification information, a token transmission unit configured to transmit the token to the user terminal, a payment request reception unit configured to receive a payment request including the token from a store terminal, a validity determination unit configured to determine whether or not a coupon associated with the coupon identification information is valid at the time of the reception of the token request, and a privilege provision unit configured to provide the user with a privilege by the coupon associated with the coupon identification information corresponding to the token is in a case where the validity determination unit determines that the coupon is valid.

Aspects of this disclosure relate to utilizing a 360-degree light source and frictionless authentication methods to provide access to a secure network and associated services. Data transmission is conducted via a light source that is also used to illuminate a location. An agent-centric method of frictionless data authentication and transfer is applied. The agent-centric authentication methods may be power efficient for use in connection with a mobile device having limited battery capacity and limited bandwidth.

A method for distributing collectable ownership by using multi-signatures based on blockchain networks, including steps of: (a) an online transaction server, in response to acquiring a distribution request for a collectable from an owner, (i) generating an ownership token contract, (ii) generating a contract registering transaction, and (iii) broadcasting the contract registering transaction to a blockchain network, to thereby instruct the blockchain nodes to (iii-1) verify the contract registering transaction, (iii-2) register the ownership token contract, included in the contract registering transaction in the blockchain network, and (iii-3) transfer an ownership token contract ID corresponding to the ownership token contract registered in the blockchain network to the online transaction server.