| CPC G06Q 20/02 (2013.01) [G06Q 20/3255 (2013.01); G06Q 20/34 (2013.01); G06Q 20/382 (2013.01); G06Q 20/3821 (2013.01); G06Q 20/385 (2013.01); G06Q 20/401 (2013.01); G06Q 20/4014 (2013.01); G06Q 20/40975 (2013.01); G06Q 20/42 (2013.01); G06Q 40/02 (2013.01); H04L 63/083 (2013.01)] | 4 Claims |
|
1. A system comprising:
a data store comprising financial account data of a plurality of cardholders;
a token service system;
a third-party provider (TPP) computing device comprising a first one or more processors and a first one or more non-transitory computer-readable media having computer-executable instructions that when executed by the first one or more processors, causes the first one or more processors to perform the operations of:
generating a JSON web token (JWT), the JWT including a request to access financial account data of a cardholder of the plurality of cardholders from the data store; and
launching, via the JWT, a web SDK within a TPP application executing on a cardholder computing device; and
an open service computing system including a database, an open service application programming interface (API),
a second one or more processors, and a second one or more non-transitory computer readable media storing computer-executable instructions that when executed by the second one or more processors, cause the second one or more processors to perform the operations of:
executing the open service API;
receiving, via the executing open service API, a request to authenticate a cardholder of the plurality of cardholders from the TPP computing device, the request including encrypted transaction card details corresponding to a transaction card of the cardholder and the JWT, the encrypted-transaction card details being associated with the financial account data of the cardholder;
presenting, via the executing open service API, on the cardholder computing device, a consent screen including a list of one or more data services;
receiving, via the executing open service API, a selection of one or more data services of the list of one or more data services associated with the request;
receiving, via the executing open service API, a consent message from the cardholder computing device, the consent message including cardholder selection of one or more data services of the list of one or more data services associated with the request;
after receiving the selection, decrypting, via the executing open service API, the encrypted transaction card details associated with the request; and
transmitting, via the executing open service API, the decrypted transaction card details to the token service system;
the token service system comprising a third one or more processors and a third one or more non-transitory computer readable media storing computer-executable instructions that when executed by the third one or more processors causes the third one or more processors to perform the operations of:
based on the received transaction card details, generating a payment token, wherein the payment token is associated with the financial account data;
authenticating the cardholder, wherein authenticating comprises:
receiving an authentication identifier (ID) from an issuer computer;
receiving a second ID from the cardholder computing device; and
determining that the authentication ID and the second ID are the same;
after authenticating the cardholder, generating a digital access token;
generating an association between the digital access token, the payment token, and the received transaction card details, and storing the payment token and the association in the database; and
after storing the association in the database, transmitting the digital access token to the TPP computing device.
|