Payment system for authorizing a transaction between a user device and a terminal

What is claimed is: 1. A method for communicating between a user device and a terminal in a transaction, the method comprising: receiving, at the terminal from the user device comprising a payment application, an application expiry date parameter associated with the payment application and including an expiration day, an expiration month, and an expiration year, and a certificate having data stored within one or more data fields and a hash in one of the one or more data fields, the application expiry date parameter not being in any data field in the certificate and the application expiry date parameter repurposed to represent an expiration date of the certificate, and wherein the hash is generated by concatenating the application expiry date parameter and at least some of the data stored within the one or more data fields of the certificate; in response to the receiving the application expiry date parameter and the certificate, concatenating data including the application expiry date parameter and the at least some of the data stored within the one or more data fields of the certificate; verifying, by the terminal, the hash, by performing a one-way mathematical operation including a hash algorithm on the concatenated data including the application expiry date parameter and the at least some of the data stored within the one or more data fields of the certificate to form another hash, and comparing the hash and the another hash; determining, by the terminal, that the application expiry date parameter is not expired by comparing the application expiry date parameter to a current date; and in response to determining and verifying, authorizing, by the terminal, the transaction. 2. The method of claim 1 , wherein the certificate is an ICC (Integrated Circuit Card) public key certificate and the user device is a mobile phone. 3. The method of claim 1 , wherein the data stored within the one or more data fields of the certificate comprises a primary account number associated with the user device, a certificate serial number associated with the certificate, and a hash algorithm indicator that identifies the one-way mathematical operation. 4. The method of claim 1 , wherein the application expiry date parameter is not signed by an issuer of the user device. 5. The method of claim 1 , wherein the method further comprises provisioning, by an issuer computer, a plurality of certificates and hashes to the user device, each certificate and hash being provisioned based at least in part on an expiration date parameter associated therewith. 6. The method of claim 5 , wherein, responsive to the satisfaction of a predetermined criterion, provisioning the user device with a given certificate and a given hash. 7. The method of claim 6 , wherein the predetermined criterion comprises a current day, a current month, and a current year matching a given application expiration date, wherein the current date, the current month, and the current year are being maintained by a certificate provisioning entity. 8. The method of claim 6 , wherein the predetermined criterion comprises receiving a request of a predetermined type, the request identifying at least the user device. 9. The method of claim 5 , wherein the provisioning of the plurality of certificates and the hashes occur via a communications network. 10. The method of claim 1 , wherein the certificate expires a predetermined number of days after provisioning of the certificate to the user device based on the application expiry date parameter, the predetermined number of days being less than a predicted brute force decryption time to decrypt encrypted payment keys in the user device. 11. The method of claim 1 , wherein the at least some of the data stored within the one or more data fields of the certificate includes a certificate format, a primary account number, a certificate serial number, a hash algorithm indicator, an ICC public key indicator, an ICC public key length, and an ICC public key. 12. The method of claim 1 , wherein the terminal is a point-of-sale terminal. 13. The method of claim 1 , wherein the hash algorithm is a SHA-1 algorithm. 14. The method of claim 1 , wherein the user device includes a first processing portion and a second processing portion, the first processing portion comprising a first application environment within a secure element and the second processing portion comprising a second application environment external to the secure element, and wherein the second processing portion comprises the payment application. 15. The method of claim 14 , wherein the user device includes a mobile communications device and the secure element comprises a Subscriber Identity Module. 16. The method of claim 14 , wherein the second application environment comprises a Trusted Execution Environment, and wherein the Trusted Execution Environment is configured to store or execute at least part of the payment application. 17. The method of claim 11 , wherein the terminal communicates with the user device using a radio frequency communications protocol. 18. A terminal comprising: a processor; and a computer readable medium, the computer readable medium comprising code, executable by the processor for performing a method for communicating in a transaction, the method comprising: receiving, from a user device comprising a payment application, an application expiry date parameter associated with the payment application and including an expiration day, an expiration month, and an expiration year, and a certificate having data stored within one or more data fields and a hash in one of the one or more data fields, the application expiry date parameter not being in any data field in the certificate, and the application expiry date parameter repurposed to represent an expiration date of the certificate, and wherein the hash is generated by concatenating the application expiry date parameter and at least some of the data stored within the one or more data fields of the certificate; in response to the receiving the application expiry date parameter and the certificate, concatenating data including the application expiry date parameter and the at least some of the data stored within the one or more data fields of the certificate verifying, the hash, by performing a one-way mathematical operation including a hash algorithm on the concatenated data including the application expiry date parameter and the at least some of the data stored within the one or more data fields of the certificate; determining that the application expiry date parameter is not expired by comparing the application expiry date parameter to a current date; and in response to determining, authorizing the transaction, wherein the data stored within the one or more data fields of the certificate comprises a primary account number associated with the user device, a certificate serial number associated with the certificate, and a hash algorithm indicator that identifies the one-way mathematical operation. 19. The terminal of claim 18 , wherein the certificate is an ICC (Integrated Circuit Card) public key certificate and the user device is a mobile phone.