Credential management for mobile devices

What is claimed is: 1. A computer-implemented method for managing access credentials, the method comprising: receiving, at a mobile computing device, from a server system, and storing, by the mobile computing device, in memory associated with the mobile computing device: multiple application sequence counter values; multiple limited use credentials (LUCs), each LUC bound to a corresponding one of the multiple application sequence counter values; one or more emergency credentials; and an account token; and then, receiving, by the mobile computing device, an authentication request from a terminal; in response to receiving the authentication request: determining, by the mobile computing device, that none of the multiple LUCs is available in the memory for fulfilling the request; and determining that the mobile computing device is unable to receive one or more additional LUCs from the server system; and then, in response to (i) determining that none of the multiple LUCs is available in the memory for fulfilling the request and (ii) determining that the mobile computing device is unable to receive the one or more additional LUCs from the server system: transmitting, by the mobile computing device, to the terminal, the account token and an application cryptogram generated from an emergency credential of said one or more emergency credentials; and updating, by the mobile computing device, a current application sequence counter. 2. The method of claim 1 , further comprising: receiving an LUC master key with which the stored LUCs are encrypted; and storing the LUC master key only in a volatile memory device of the mobile computing device. 3. The method of claim 1 , wherein each emergency credential is bound to a corresponding one of the application sequence counter values and the application cryptogram is generated from both the emergency credential and its corresponding application sequence counter value. 4. The method of claim 1 , further comprising: subsequent to updating the current application sequence counter, determining, by the mobile computing device, that a current value of the application sequence counter matches the application sequence counter value of one of the LUCs; and in response to determining that the current value of the application sequence counter matches the application sequence counter value of one of the LUCs, deleting, by the mobile computing device, the matching LUC from the memory associated with the mobile computing device. 5. The method of claim 1 , further comprising, in response to receiving the authentication request, determining, by the mobile computing device, that the authentication request relates to a zero-value transaction; wherein transmitting the account token and the application cryptogram is in response to determining that the authentication request relates to a zero-value transaction. 6. The method of claim 1 , further comprising, subsequent to transmitting the application cryptogram to the terminal and updating the current application sequence counter: detecting, by the mobile computing device, that communication over the internet is possible; and in response to detecting that communication over the internet is possible, transmitting, by the mobile computing device, a request, to the server system, for the one or more additional LUCs and one or more additional emergency credentials, wherein the request comprises a current value of the application sequence counter. 7. The method of claim 1 , wherein the application cryptogram is generated from said emergency credential of the one or more emergency credentials and the current application sequence counter value. 8. A mobile computing device for managing access credentials, the mobile computing device comprising a memory and a communication apparatus each communicatively coupled to a processor, the memory storing instructions which, when executed by the processor, cause the mobile computing device to: receive, from a server system, and store on the mobile computing device: multiple application sequence counter values; multiple limited use credentials (LUCs), each LUC being bound to a corresponding one of the multiple application sequence counter values; one or more emergency credentials; and an account token; and then, receive an authentication request from a terminal; in response to the authentication request: determine that none of the multiple LUCs is available on the mobile computing device for fulfilling the request; and determine that the mobile computing device is unable to receive one or more additional LUCs from the server system; and then, in response to the determination that no LUC is available on the mobile computing device for fulfilling the request, and in response to the determination that the mobile computing device being is unable to receive the one or more additional LUCs from the sever system: transmit, to the terminal, the account token and an application cryptogram generated from an emergency credential of said one or more emergency credentials; and update a current application sequence counter.