| CPC G06Q 20/401 (2013.01) [H04L 9/088 (2013.01)] | 14 Claims |
|
1. A method comprising:
initiating an authorization process by receiving, by a resource provider system from a portable device, a portable device identifier and a cryptogram generated by the portable device using the portable device identifier and a unique derivation key generated based on a key derivation parameter comprising an intermediate access identifier associated with the portable device identifier, the intermediate access identifier comprising a virtual primary account number not operable for being used to directly conduct a transaction;
obtaining, by the resource provider system, the intermediate access identifier using the received portable device identifier;
determining, by the resource provider system, the key derivation parameter using at least the obtained intermediate access identifier;
generating, by the resource provider system, the unique derivation key using at least the determined key derivation parameter;
generating, by the resource provider system, a second cryptogram using the received portable device identifier and the generated unique derivation key;
verifying, by the resource provider system, the cryptogram by determining that the second cryptogram matches the cryptogram generated by the portable device;
obtaining, by the resource provider system, an authentication response indicator after verification of the cryptogram;
generating, by the resource provider system based at least in part on the authentication response indicator, an authorization request message comprising an access identifier, the access identifier being a payment credential having the same format as the intermediate access identifier;
transmitting, by the resource provider system, the authorization request message to a processing computer; and
receiving, by the resource provider system from the processing computer, an authorization response message comprising an authorization response indicator, wherein the authorization process is performed in real-time and is completed by receipt of the authorization response message.
|