An embodiment of the present invention is directed to delivering an entitlements model that scales to both mid-frequency and low-latency use cases. The innovative solution may be distributed in nature and able to operate in low priority threads alongside the main logic of the software. An embodiment of the present invention may be implemented as a software module with APIs for ease of adoption.

Embodiments of the present invention provide a system for authenticating and tracking resource distributions of secondary users. The system is configured for receiving a registration request from a primary user, wherein the registration request is associated with registration of one or more secondary users, in response to receiving the request, generating user credentials for each of the one or more secondary users, associating the user credentials with a primary user identification of the primary user, receiving a resource distribution request from a secondary user of the one or more secondary users, authenticating the secondary user, and processing the resource distribution request based on authenticating the secondary user.

A second blockchain system receives a first consensus message from a first blockchain system, the first blockchain system includes first nodes that provide services to at least a first account, and the second blockchain system includes second nodes that provide services to at least a second account. The first consensus message indicates a first plurality of the first nodes reaches a consensus for transferring a resource from the first account to the second account. The second blockchain system transfers the resource in the task to the second account. The transferring includes that a node in the second nodes adds the resource to the second account and generates a fourth block that records a completion of a transfer event. A second consensus message is transmitted from the second blockchain system to the first blockchain system in response to a second plurality of the second nodes completing the transfer event.

Apparatuses, methods, and systems are disclosed for user authentication using a connection information package provided by a blockchain network. One apparatus includes a processor and a memory coupled to the processor, the memory comprising instructions executable by the processor to cause the apparatus to receive, from a smart contract, a set of connection information packages and to receive, from a first function, a request to authenticate a roaming user. The instructions are further executable by the processor to cause the apparatus to determine whether the first function is associated with a valid connection information package and to accept the request to authenticate the roaming user in response to the first function being associated with the valid connection information package.

In some implementations, a transaction card may receive transaction data from a transaction terminal based on initiation of a transaction with the transaction terminal; generate a tokenized primary account number, for use with the transaction, based on the transaction data and an actual primary account number of the transaction card; and transmit the tokenized primary account number to the transaction terminal for processing the transaction.

Systems, methods, and apparatuses for storing verified identification information in a distributed database and for verifying entities to requestors are provided herein. Identity information relating to an entity is verified by a generally recognized identity provider (GRIP). Once verified, the GRIP populates a distributed database with an entry corresponding to the verified identity information. The distributed database is publically accessible such that identity requestors can see the entries in the distributed database. In some arrangements, the distributed database is write-protected such that only an authorized GRIP can modify the distributed database. An entity can provide information to a requestor to verify an identity attribute of the entity to the requestor. The requestor uses information provided by the entity to retrieve verified entity identification information from the distributed database and to confirm that the identity attribute was verified by an authorized GRIP.

A method of providing access to securely held data is provided. A user interacts with the service provider to obtain access to a service by using a device to provide a digital identifier to the service provider, without the digital identifier being made known to the user. At a later date the user wishes to retrieve securely stored data relating to their use of the service. However, because the user does not know the digital identifier, they are unable to identify themselves to the service provider using the digital identifier. The present disclosure provides a secure method for exchanging private identifiers, which allows the user to identify themselves to the service provider in order to gain access to securely stored data relating to the user's previous use of the service. The user can do this using the device on which the digital identifier is stored, or another device.

Provided are systems and methods for managing and implementing single-use payment-enabled tokens. In one example, a method may include distributing, via a server, a payment-enabled token to a payment application on a computing device, the payment-enabled token being mapped to a payment account of the payment application via a tokenization service, detecting use of the payment-enabled token as a payment via the payment application, and in response to the detecting, deactivating the payment-enabled token at the server and storing an identifier of the payment-enabled token and an additional data element of the payment-enabled token that identifies the payment account together within a data structure of the server.

A method includes a server computer receiving a cryptogram request message comprising a token associated with a first credential during an interaction between a user of a user device and a resource provider of a resource provider application on the user device. The server computer generates a detokenization request message comprising the token. The server computer then provides the detokenization request message to a token service computer. The server computer receives a detokenization response message comprising a second credential from the token service computer. The server computer obtains a cryptogram for the interaction. The server computer generates a cryptogram response message comprising the second credential and the cryptogram, and then provides it in response to the cryptogram request message.

A system supports symmetric release of cryptologically-locked asset transactions. A leading exchange party and a reciprocal exchange party establish, at least in part, a peer challenge in a pre-exchange proposal. The reciprocal party uses the peer challenge to lock a cryptologically-locked asset transaction. The solution to the peer challenge corresponds to an exchange key controlled by the leading exchange party. After establishment of the cryptologically-locked asset transaction, the leading party may request that exchange logic initiate release of the cryptologically-locked asset transaction. In response to the request, the exchange logic may execute a symmetric release of the exchange key and/or signature to the reciprocal exchange party and cryptologically-locked asset transaction (such that the asset is transferred to the leading exchange party).