Systems and methods for creating subtokens using primary tokens

What is claimed is: 1. A method comprising: generating, by a server computer, a primary token associated with a primary account number of an account of a user, wherein the primary token comprises a first header identifies an authorizing entity computer that holds the account of the user; receiving, by the server computer, a subtoken request message from a user device of the user, wherein the subtoken request message includes an identification of the primary token; generating, by the server computer, a subtoken based on the primary token including a second header and an obfuscated portion, wherein the second header routes the subtoken to the server computer, wherein the obfuscated portion includes an encrypted portion stored at a database in association with the primary token, wherein the subtoken is a substitute identifier for the primary token; receiving, by the server computer, an authorization request message from a resource provider computer in a transaction, the authorization request message comprising the subtoken; identifying, by the server computer, the primary token and data associated with the primary token at the database using the obfuscated portion of the subtoken; and retrieving, by the server computer, a credential associated with the primary token, wherein the credential includes the primary account number of the account of the user, the credential including the first header, and authorizing, by the server computer, the transaction with the credential, or sending, by the server computer, the primary token to the authorizing entity computer, wherein the authorizing entity computer retrieves the credential associated with the primary token, and authorizes the transaction with the credential, wherein the credential includes the primary account number for the account of the user, the credential including the first header. 2. The method of claim 1 , further comprising: transmitting, by the server computer, the primary token to the user device. 3. The method of claim 1 , wherein the data associated with the primary token includes a limited use key, and wherein the method further comprises: generating, by the server computer, a token validation cryptogram using the limited use key, and retrieving the credential using the primary token and the token validation cryptogram. 4. The method of claim 3 , further comprising: changing, by the server computer, the limited use key periodically so that token validation cryptograms generated by the server computer periodically change. 5. The method of claim 1 , wherein the resource provider computer extracted the subtoken from a one-dimensional bar code. 6. The method of claim 1 , wherein the subtoken is received from the resource provider computer through a transport computer without a token validation cryptogram. 7. The method of claim 1 , wherein the authorization request message comprises a payment amount in addition to the subtoken. 8. The method of claim 1 , further comprising: updating the authorization request message by replacing the subtoken with the credential. 9. The method of claim 1 , wherein using the obfuscated portion of the subtoken comprises: locating the primary token and the data associated with the primary token in a database, wherein the primary token and the data associated with the primary token are stored in the database in association with the obfuscated portion. 10. The method of claim 1 , wherein the primary token includes a middle portion, the credential includes a center portion, wherein the center portion of the credential is different than the middle portion of the primary token, wherein the center portion of the primary token is mathematically derived from the center portion of the primary account number. 11. The method of claim 1 , further comprising: after the transaction is authorized, invalidating the subtoken. 12. The method of claim 1 , wherein the subtoken, the primary token, and the credential comprise a same check digit. 13. The method of claim 1 , wherein a number of digits of the obfuscated portion is equal or more than a number of digits of the second header. 14. A server computer comprising: a processor; and a memory element comprising code, executable by the processor, for implementing a method comprising: generating a primary token associated with a primary account number of an account of a user, wherein the primary token comprises a first header identifies an authorizing entity computer that holds the account of the user; receiving a subtoken request message from a user device of the user, wherein the subtoken request message includes an identification of the primary token; generating a subtoken based on the primary token including a second header and an obfuscated portion, wherein the second header routes the subtoken to the server computer, wherein the obfuscated portion includes an encrypted portion stored at a database in association with the primary token, wherein the subtoken is a substitute identifier for the primary token; receiving an authorization request message from a resource provider computer in a transaction, the authorization request message comprising the subtoken; identifying the primary token and data associated with the primary token at the database using the obfuscated portion of the subtoken; and retrieving a credential associated with the primary token, wherein the credential includes the primary account number of the account of the user, the credential including the first header, and authorizing, by the server computer, the transaction with the credential, or sending the primary token to the authorizing entity computer, wherein the authorizing entity computer retrieves the credential associated with the primary token, and authorizes the transaction with the credential, wherein the credential includes the primary account number for the account of the user, the credential including the first header. 15. The server computer of claim 14 , wherein the data associated with the primary token includes a limited use key, wherein the method further comprises: generating a token validation cryptogram using the limited use key; retrieving the credential using the primary token and the token validation cryptogram; and changing the limited use key periodically thereby periodically changing token validation cryptograms generated by the server computer. 16. The server computer of claim 14 , wherein the method further comprises: updating the authorization request message by replacing the subtoken with the credential. 17. The server computer of claim 14 , wherein using the obfuscated portion of the subtoken comprises: locating the primary token and the data associated with the primary token in a database, wherein the primary token and the data associated with the primary token are stored in the database in association with the obfuscated portion. 18. The server computer of claim 14 , wherein the primary token includes a middle portion, the credential includes a center portion, wherein the center portion of the credential is different than the middle portion of the primary token, wherein the center portion of the primary token is mathematically derived from the center portion of the primary account number. 19. The server computer of claim 14 , wherein the method further comprises: after the transaction is authorized, invalidating the subtoken. 20. The server computer of claim 14 , wherein the subtoken, the primary token, and the credential comprise a same check digit.