| CPC G06Q 20/385 (2013.01) [G06K 7/1417 (2013.01); G06Q 20/3276 (2013.01); G06Q 20/4018 (2013.01); G06Q 20/382 (2013.01); G06Q 20/3821 (2013.01); G06Q 20/401 (2013.01); G06Q 30/0253 (2013.01)] | 18 Claims |
|
1. A method comprising:
receiving, by a token server computer from an application provider computer in connection with a transaction between a user device of a user and an access device of a resource provider, a token request for a token, the token request comprising a token reference identifier;
in response to receiving the token request from the application provider computer:
retrieving, by the token server computer, the token using a stored mapping between the token reference identifier and the token, wherein the token is associated with an account of the user;
providing, by the token server computer to the application provider computer, the token, wherein the application provider computer initiates an authorization request message including the token to authorize the transaction, wherein the authorization request message is received at a transaction processing computer without the token being exchanged between the user device and the access device and without the token being stored on the user device or the access device;
receiving, by the token server computer from the transaction processing computer, the token, wherein the access device had no access to the token during the transaction;
in response to receiving the token from the transaction processing computer:
determining, by the token server computer, an account number representing the account of the user based on the token; and
providing, by the token server computer, the account number to the a transaction processing computer, wherein the transaction processing computer processes the transaction using the account number.
|