| CPC H04L 63/107 (2013.01) [G06Q 20/3224 (2013.01); G06Q 20/385 (2013.01); G06Q 20/4015 (2020.05); H04L 9/3228 (2013.01); H04L 9/3234 (2013.01); H04L 63/108 (2013.01); H04W 4/02 (2013.01); H04W 12/02 (2013.01); H04W 12/03 (2021.01); H04W 12/12 (2013.01); H04W 12/61 (2021.01); H04W 12/63 (2021.01); H04W 12/67 (2021.01); H04L 9/3213 (2013.01); H04L 2209/56 (2013.01); H04L 2209/80 (2013.01); H04L 2463/121 (2013.01); H04W 12/06 (2013.01); H04W 12/068 (2021.01)] | 18 Claims |
|
1. A computer-implemented method comprising:
receiving, by a mobile communication device from an access device, access device data for conducting a transaction;
receiving, by a server computer from the mobile communication device for conducting the transaction, a token request, the token request including the access device data associated with the access device and mobile communication device data associated with the mobile communication device, wherein the access device data and the communication device data are specific to the transaction;
determining, by the server computer, a token and generating, by the server computer, a cryptogram, the cryptogram generated using the access device data and the communication device data;
transmitting, by the server computer to the mobile communication device, the token and the cryptogram;
transmitting, by the mobile communication device to the access device, the token and the cryptogram;
receiving, by the server computer from the access device, the token and the cryptogram;
decrypting, by of the server computer, the cryptogram;
determining, by the server computer, a token assurance level based on the access device data and the communication device data in the decrypted cryptogram; and
based on the token assurance level, transmitting, by the server computer, an authorization response message indicating whether the transaction is approved or rejected.
|