Limited-use keys and cryptograms

1 .- 24 . (canceled) 25 . A method comprising: receiving, by a communication device from a computer system, a limited-use key (LUK) that is associated with one or more limited-use thresholds that limits usage of the LUK, receiving, by the communication device from the computer system, key index with the LUK, the key index including a counter value indicating a number of times that the LUK has been renewed in a predetermined time period and time information indicating when the LUK was generated, and wherein the computer system encrypts account information with a first encryption key to generate a second encryption key, and encrypts the key index with the second encryption key to generate the LUK; receiving, by the communication device from an access device, transaction data for a transaction; generating, by the communication device, a transaction cryptogram for the transaction by encrypting the transaction data with the LUK; and sending, by the communication device to the computer system, the transaction cryptogram and the key index to the access device to conduct the transaction, wherein the access device provides the transaction cryptogram and the key index to the computer system via an authorization request message, and wherein the computer system verifies that the transaction cryptogram was encrypted using the LUK by regenerating the transaction cryptogram using the key index, verifies that the LUK has not exceeded the one or more limited-use thresholds, and authorizes the transaction if the transaction cryptogram is verified and if the LUK has not exceeded the one or more limited-use thresholds. 26 . The method of claim 25 , wherein the account information includes an account identifier or a token that is a substitute for the account identifier. 27 . The method of claim 26 , further comprising: sending, by the communication device to the computer system, the token to the access device along with the transaction cryptogram and the key index, wherein the access device provides the token to the computer system via the authorization request message, and wherein the computer system authorizes the transaction further based on the token. 28 . The method of claim 25 , wherein generating the transaction cryptogram includes: enciphering the transaction data using a first portion of the LUK; deciphering the enciphered transaction data using a second portion of the LUK; and re-enciphering the deciphered transaction data using the first portion of the LUK. 29 . The method of claim 25 , wherein generating the transaction cryptogram includes: encrypting a predetermined numeric string using the LUK; and decimalizing the encrypted predetermined numeric string. 30 . The method of claim 29 , wherein decimalizing the encrypted predetermined numeric string includes: extracting numeric digits from the encrypted predetermined numeric string to form a first data block; extracting hexadecimal digits from the encrypted predetermined numeric string and converting each extracted hexadecimal digit into a numeric digit to form a second data block; and concatenating the first data block and the second data block. 31 . The method of claim 25 , wherein generating the transaction cryptogram takes place when the communication device is placed in proximity to the access device, and wherein sending the transaction cryptogram and the key index to the access device is performed by transmitting the transaction cryptogram and the key index to a contactless reader of the access device. 32 . The method of claim 25 , wherein sending the transaction cryptogram and the key index to the access device includes displaying a QR code a screen of the communication device for scanning by the access device, where the transaction cryptogram and the key index are encoded into the QR code. 33 . The method of claim 25 , further comprising: sending, by the communication device to the access device, a request for the transaction data. 34 . The method of claim 25 , wherein the transaction is conducted without using a secure element. 35 . A communication device comprising: one or more processors; and one or more memories storing computer-readable code, which when executed by the one or more processors, causes the communication device to perform operations including: receiving, from a computer system, a limited-use key (LUK) that is associated with one or more limited-use thresholds that limits usage of the LUK, receiving, from the computer system, key index with the LUK, the key index including a counter value indicating a number of times that the LUK has been renewed in a predetermined time period and time information indicating when the LUK was generated, and wherein the computer system encrypts account information with a first encryption key to generate a second encryption key, and encrypts the key index with the second encryption key to generate the LUK; receiving, from an access device, transaction data for a transaction; generating a transaction cryptogram for the transaction by encrypting the transaction data with the LUK; and sending, to the computer system, the transaction cryptogram and the key index to the access device to conduct the transaction, wherein the access device provides the transaction cryptogram and the key index to the computer system via an authorization request message, and wherein the computer system verifies that the transaction cryptogram was encrypted using the LUK by regenerating the transaction cryptogram using the key index, verifies that the LUK has not exceeded the one or more limited-use thresholds, and authorizes the transaction if the transaction cryptogram is verified and if the LUK has not exceeded the one or more limited-use thresholds. 36 . The communication device of claim 35 , wherein the computer system verifies that the transaction cryptogram was encrypted using the LUK by regenerating the transaction cryptogram using the key index and comparing a regenerated transaction cryptogram to a sent transaction cryptogram. 37 . The communication device of claim 35 , wherein the transaction is conducted without using a secure element. 38 . The communication device of claim 35 , wherein the one or more limited-use thresholds limits a number of transactions that can be conducted using the LUK. 39 . The communication device of claim 35 , wherein the first encryption key is a master derivation key associated with an issuer of an account associated with the account information. 40 . The communication device of claim 39 , wherein the second encryption key is a unique derivation key for the account. 41 . The communication device of claim 35 , wherein the computer system sends an authorization response message with authorization response results to the access device, and wherein the access device displays the authorization response results. 42 . The communication device of claim 35 , wherein encrypting the account information with the first encryption key to generate the second encryption key includes encrypting the account information using the first encryption key to generate a first portion of the second encryption key, inverting the account information, and encrypting the inverted account information using the first encryption key to generate a second portion of the second encryption key. 43 . The communication device of claim 35 , wherein encrypting the key index using the second encryption key to generate the LUK includes padding the key index with a first value to generate a first padded key