Methods for secure cryptogram generation

What is claimed is: 1. A method comprising performing, by a user device: determining a key pair comprising a first public key and a first private key; generating a request shared secret using the first private key and a static server public key; encrypting identification data using the request shared secret to obtain encrypted identification data, the identification data identifying the user device and/or a user of the user device; sending, over a secure communication channel to a server computer, a request message including the first public key and the encrypted identification data; receiving, from the server computer, first registration data over a second communication channel separate from the secure communication channel, receiving, from the server computer, a response message including a first blinded server public key; determining a first response shared secret using the first private key and the first blinded server public key; generating a first cryptogram key using the first response shared secret; encrypting the first registration data using the first cryptogram key to generate a first registration cryptogram; and sending the first registration cryptogram to the server computer, wherein the server computer authenticates the user device using the first registration cryptogram. 2. The method of claim 1 , wherein the identification data includes authentication credentials of the user of the user device. 3. The method of claim 1 , further comprising: generating an identification factor using the identification data and authentication data of the user; and generating a combined private key using the first private key and the identification factor, wherein determining the first response shared secret using the first private key and the first blinded server public key uses the combined private key. 4. The method of claim 1 , wherein the second communication channel comprises SMS, email, phone call, online chat, facsimile, or postal mail. 5. The method of claim 1 , wherein the first registration data is a one-time passcode. 6. The method of claim 1 , further comprising: storing, by the user device, the first response shared secret, and wherein sending the first registration cryptogram to the server computer comprises encrypting the first registration cryptogram using the first response shared secret. 7. The method of claim 1 , further comprising performing, by the user device: receiving second registration data; generating a second key pair comprising a second public key and a second private key; sending, to the server computer, a renewal request message including the first registration cryptogram and the second public key; generating a second registration cryptogram using the second private key and the second registration data; and sending the second registration cryptogram to the server computer. 8. The method of claim 7 , further comprising performing, by the user device: receiving a renewal response message including a second blinded server public key; and deriving a second cryptogram key using the second private key and the second blinded server public key, wherein the second registration cryptogram is generated by applying the second cryptogram key to the second registration data. 9. The method of claim 8 , wherein deriving the second cryptogram key using the second private key and the second blinded server public key includes: determining a second response shared secret using the second private key and the second blinded server public key; and generating the second cryptogram key using a key derivation parameter and the second response shared secret. 10. The method of claim 7 , wherein the renewal request message includes a hash of the second registration data. 11. The method of claim 1 , wherein the first public key and the first private key are ephemeral keys. 12. A method comprising performing, by a server computer: receiving, over a secure communication channel, a provisioning request message from a user device, the provisioning request message including a first public key and encrypted request data including encrypted identification data; determining, by the server computer, a request shared secret using the first public key and a static server private key; decrypting the encrypted request data using the request shared secret to obtain request data including identification data; verifying the identification data corresponds to the user device; sending, over a second communication channel separate from the secure communication channel, first registration data to the user device; sending, to the user device, a response message including a first blinded server public key generated by blinding a static server public key using a first cryptographic nonce; receiving a user registration cryptogram from the user device; generating a response shared secret using the first cryptographic nonce and a server private key that corresponds to the static server public key; generating a first cryptogram key using the response shared secret; encrypting the first registration data using the first cryptogram key to generate a first registration cryptogram; and verifying, by the server computer, the user registration cryptogram by comparing the user registration cryptogram to the first registration cryptogram, wherein the user device is authenticated if the first registration cryptogram is verified. 13. The method of claim 12 , wherein the encrypted request data includes an encrypted user identifier that is decrypted to obtain a user identifier, and wherein the identification data is verified by using the user identifier to retrieve, from a device database, corresponding identification data that is compared to the identification data. 14. The method of claim 12 , wherein the first public key is a combined public key, and wherein the request data includes a user device public key used to generate the combined public key, the method further comprising: retrieving authentication data associated with the identification data; generating an identification factor using the identification data and the authentication data; and verifying the combined public key using the user device public key and the identification factor. 15. The method of claim 12 , wherein the response shared secret is further generated using the first public key. 16. The method of claim 12 , wherein a second public key is received with the user registration cryptogram, and wherein the response shared secret is further generated using the second public key. 17. The method of claim 12 , further comprising: decrypting the user registration cryptogram using the response shared secret before verifying the user registration cryptogram. 18. The method of claim 12 , further comprising performing, by the server computer: storing the user registration cryptogram; sending second registration data to the user device; receiving, from the user device, a renewal request message including the user registration cryptogram and a second public key; verifying the user registration cryptogram by comparing the received user registration cryptogram to the stored user registration cryptogram; receiving, from the user device, a second registration cryptogram; and verifying the second registration cryptogram using a server computer private key, the second public key, and the second registration data. 19. The method of claim 18 , further comprising performing, by the server computer: sending, to the user device, a renewal response messag