The invention relates to the field of technical infrastructures that ensure the implementation of financial transactions between economic entities, in particular to payment systems that provide ease of use and confidential data security. The present invention is the method of authenticating a customer, the method of carrying out a payment transaction comprising said authentication method, and the payment system implementing the specified methods, which ensure the achievement of a technical effect consisting in expanding the functionality of the payment system and reducing its vulnerability, in particular, by making it possible to conduct a payment transaction in a contactless way, on condition that the reference value of the customer authentication data is stored exclusively on the customer's device, as well as by combining the advantages of online and offline customer authentication procedures.

Various embodiments are generally directed to utilizing an offline and/or online verification or authentication protocol to access, redeem, or otherwise utilize multiple loyalty points and loyalty accounts A method for utilizing various loyalty points includes: receiving, by an application executing on a processor, a request to redeem at least one loyalty point of a plurality of loyalty points of a loyalty points account, receiving, by the application, a cryptogram from a contactless card associated with an account, transmitting, by the application to a server, the cryptogram, determining, by the application based on a decryption result received from the server, that the server decrypted the cryptogram, and authorizing, by the application based on the determination that the server decrypted the cryptogram, the request to redeem the at least one loyalty point.

A card payment system using body information and its method. A card reader, a user terminal unit and a server are connected via a communication network, cryptogram search keys and password keys are received from the user terminal unit to the server, a card information cryptogram table and a cryptogram search key table are generated. Also, the card payment system, if the first body information of a IC card and the second body information of a user of the IC card are same, checks if a card information cryptogram which is generated from the IC card's card information and the card information cryptogram cryptogram table which is stored in the server are same. Thus, the card payment system using body information can process a payment without decryption of the encrypted card information cryptogram.

Example embodiments of systems and methods for replacing card information. In an embodiment, a system comprises an authentication server in data communication with a network and a database in data communication with the authentication server. The authentication server is configured to receive an authentication signal from a user device via the network, retrieve a list of merchants having transaction history with an account associated with the account card, and transmit an access token to at least one merchant server selected using the list of merchants.

A method is disclosed and includes receiving, by a record server computer from a first processing network computer, a token, a device identifier associated with a user device, a session identifier associated with a registration request, and metadata about the token, and then receiving a metadata request from a second processing network computer in response to the second processing network computer receiving an authorization request message comprising the token, and the device identifier and/or the session identifier. The metadata request comprises at least the device identifier and/or the session identifier. The method also includes retrieving, by the record server computer, metadata associated with the metadata request, and providing the metadata to the second processing network computer. The second processing network computer processes the authorization request message using the token and the metadata.

Systems and methods for authentication may include an authentication server. The authentication server may include a processor and a memory. The processor may be configured to receive a cryptogram associated with a first near field communication data exchange format (NDEF) read. The processor may be configured to perform a first factor authentication of the cryptogram. The processor may be configured to receive a first data set, wherein the first data set is associated with a second NDEF read. The processor may be configured to extract metadata from the first data set. The processor may be configured to perform, after the first factor authentication, a second factor authentication based on the metadata. The processor may be configured to generate a message indicative of an outcome of the second factor authentication. The processor may be configured to transmit the message that instructs the processor to effectuate one or more actions.

A working method for an IC card having a fingerprint recognition function, comprising: an IC card receiving and determining an instruction type from a terminal, and when determined that the received instruction is an application selection instruction, the IC card selecting an application and returning a response to the terminal; when determined that the received instruction is a processing option acquisition instruction, the IC card acquiring a user fingerprint information verification state according to the content of the instruction, and if verification is successful, returning to the terminal a processing option instruction response containing an application file locator list for which a personal identification number does not need to be verified; if verification fails, returning to the terminal a processing option instruction response containing an application file locator list for which a personal identification number must be verified; when determined that the received instruction is a record reading instruction, the IC card returning a record reading response to the terminal according to the record reading instruction, wherein the record reading response contains a method for verifying a card holder. Thus, the risk of a personal identification number being leaked is avoided, thus enhancing the security of a transaction, while also improving user experience.

Example embodiments provide systems and methods for increasing the cryptographic strength of an encryption or message-authentication-code- (MAC) generation technique. According to some embodiments, a MAC may be constructed around a shared secret (such as a random initialization number), thereby increasing strength of the MAC against brute force attacks based on the size of the shared secret. The MAC may be combined with randomized data, and may also be encrypted to further bolster the strength of the code. These elements (shared secret, MAC algorithm, and encryption algorithm) may be employed in various combinations and to varying degrees, depending on the application and desired level of security. At each stage, the cryptographic construct operates on the cyptographically modified data from the previous stage. This layering of cryptographic constructs may increase the strength of the group of contrasts more efficiently than applying any one construct with a larger key size or similar increase in complexity.

An RFID tag may execute instructions from an authenticated RFID reader. A tag determines a handle and a first parameter, both of which may be random numbers, and sends the handle to a reader. Upon receiving a challenge from the reader, the tag determines and sends a cryptographic response to the challenge based on an algorithm, a tag key, the first parameter, and the challenge. Upon receiving a message with a second parameter and a tag instruction, the tag executes the tag instruction upon verifying that the second parameter derives from the first parameter and the tag handle.

An authentication token using a smart card that an organization would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user.