Securely generating time and location bounded virtual transaction cards using mobile wallets without involving third parties or point of sale terminals

We claim: 1. A method of authorizing transactions comprising: receiving, by a host operating system (OS) running on a processor of a subscriber mobile device into a secure storage element, user input via a user interface of the subscriber mobile device, the secure storage element comprising a non-transitory memory; and executing, by a secure processing element of the subscriber mobile device, an embedded OS without involving the host OS running on the processor, wherein the secure processing element is implemented in configurable logic or fixed-functionality hardware, and wherein executing the embedded OS without involving the host OS includes: identifying a card value based on the user input; identifying one or more mobile usage constraints including a time bounded policy based on the user input; generating, without involving a third party or point of sale terminal, a virtual transaction card based on the card value and the one or more mobile usage constraints, wherein the virtual transaction card is invalid when the time bounded policy is not satisfied; transmitting the virtual transaction card to a delegate mobile device; retrieving, encryption information from the secure storage element of the subscriber mobile device; and transmitting, using the encryption information, an encrypted representation of the card value and the one or more mobile usage constraints to a payment network component. 2. The method of claim 1 , further comprising generating the virtual transaction card further based on a location bounded policy, wherein the one or more mobile usage constraints includes the location bounded policy, and wherein the virtual transaction card is invalid if the location bounded policy is not satisfied. 3. The method of claim 1 , wherein the virtual transaction card is generated further based on a transaction type policy, wherein the virtual transaction card is invalid if the transaction type policy is not satisfied. 4. The method of claim 1 , wherein the virtual transaction card is generated further based on an additional card policy, wherein the virtual transaction card is invalid if the additional card policy is not satisfied. 5. The method of claim 1 , wherein the virtual transaction card is generated further based on an authentication policy, wherein the virtual transaction card is invalid if the authentication policy is not satisfied. 6. The method of claim 1 , wherein transmitting to the delegate mobile device is via a near field communications module of the subscriber mobile device, and wherein the near field communications module coordinates with a controller hub to facilitate off-platform communications using radio frequency identifier (RFID) technology. 7. The method of claim 1 , wherein the virtual transaction card is transmitted to the delegate mobile device via a network interface of the subscriber mobile device. 8. A subscriber mobile device comprising: a user interface coupled to a processor to run a host operating system (OS) and a secure storage element to receive and store user input, the secure storage element comprising a non-transitory memory; a secure processing element to execute an embedded OS without involving the host OS, wherein the secure processing element is implemented in configurable logic or fixed-functionality hardware, the secure processing element comprising: a card generation module to identify without involving the host OS a card value and one or more mobile usage constraints based on the user input, and generate without involving the host OS, without involving a third party or point of sale terminal, a virtual transaction card based on the card value and the one or more mobile usage constraints including a time bounded policy, wherein the virtual transaction card is to be invalid when the time bounded policy is not satisfied; and a card distribution module to retrieve without involving the host OS the encryption information, transmit without involving the host OS the virtual transaction card to a delegate mobile device, and transmit without involving the host OS, using encryption information, an encrypted representation of the card value and the one or more mobile usage constraints to a payment network component. 9. The subscriber mobile device of claim 8 , wherein the one or more mobile usage constraints are to include a location bounded policy, wherein the card generation module is to further generate the virtual transaction card based on the location bounded policy, wherein the virtual transaction card is to be invalid if the location bounded policy is not satisfied. 10. The subscriber mobile device of claim 8 , wherein the card generation module is to generate the virtual transaction card further based on a transaction type policy, wherein the virtual transaction card is to be invalid if the transaction type policy is not satisfied. 11. The subscriber mobile device of claim 8 , wherein the card generation module is to generate the virtual transaction card further based on an additional card policy, wherein the virtual transaction card is to be invalid if the additional card policy is not satisfied. 12. The subscriber mobile device of claim 8 , wherein the card generation module is to generate the virtual transaction card further based on an authentication policy, wherein the virtual transaction card is to be invalid if the authentication policy is not satisfied. 13. The subscriber mobile device of claim 8 , further including a network notification module coupled to a controller hub to transmit the card value and the one or more mobile usage constraints to the payment network component, wherein the near field communications module is to coordinate with the controller hub to facilitate off-platform communications using radio frequency identifier (RFID) technology. 14. The subscriber mobile device of claim 13 , wherein the network notification module is incorporated into the secure processing element. 15. The subscriber mobile device of claim 13 , wherein the network notification module is to retrieve the encryption information from the secure storage element and use the encryption information to transmit the card value and the one or more mobile usage constraints to the payment network component. 16. The subscriber mobile device of claim 8 , further including a near field communications module coupled to a controller hub, wherein the virtual transaction card is to be transmitted to the delegate mobile device via the near field communications module, wherein the near field communications module is to coordinate with the controller hub to facilitate off-platform communications using radio frequency identifier (RFID) technology. 17. The subscriber mobile device of claim 8 , further including a network interface, wherein the virtual transaction card is to be transmitted to the delegate mobile device via the network interface. 18. At least one non-transitory computer readable storage medium comprising a set of instructions which, if executed, cause a computer to: receive, by a host operating system (OS) associated with a processor of a subscriber mobile device into a secure storage element, user input via a user interface, the secure storage element is to be a non-transitory memory; and execute, by a secure processing element of the subscriber mobile device, an embedded OS without involving the host OS, wherein the secure processing element is to be implemented in configurable logic or fixed-functionality hardware, wherein the secure processing element without involving the host OS is to: identify a card value based