Systems and methods for cryptographic authentication of contactless cards

US 10,505,738 B1
Filed: 03/12/2019
Issued: 12/10/2019
Est. Priority Date: 10/02/2018
Status: Active Grant

First Claim

Patent Images

1. A transmitting device comprising:

a memory including a counter value, and a plurality of keys;

a communication interface; and

one or more processors in communication with the memory and communication interface,wherein the one or more processors is configured to;

update the counter value when the communication interface is within a range of a first active communication field of a first receiving device;

create a first cryptogram based on the plurality of keys and the counter value;

transmit the first cryptogram, via the first active communication field, to the first receiving device;

receive, from the first receiving device, an authentication request for sensitive data;

update the counter value when the communication interface is within a range of a second active communication field of a second receiving device;

create a second cryptogram based on the plurality of keys and the counter value; and

transmit an authentication response responsive to the authentication request for sensitive data via the second active communication field, the authentication response comprising the second cryptogram transmitted to the second receiving device, wherein the second cryptogram authorizes access to the sensitive data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of systems and methods for data transmission between transmitting and receiving devices are provided. These systems and methods may provide for the secure transmission of sensitive information, such as personally-identifiable information. In some examples, the sensitive information may be requested and securely shared when cryptographically signed by the user, and the user may control the access of viewers to the personally identifiable information or end users.

498 Citations

20 Claims

1. A transmitting device comprising:
- a memory including a counter value, and a plurality of keys;
  
  a communication interface; and
  
  one or more processors in communication with the memory and communication interface,wherein the one or more processors is configured to;
  
  update the counter value when the communication interface is within a range of a first active communication field of a first receiving device;
  
  create a first cryptogram based on the plurality of keys and the counter value;
  
  transmit the first cryptogram, via the first active communication field, to the first receiving device;
  
  receive, from the first receiving device, an authentication request for sensitive data;
  
  update the counter value when the communication interface is within a range of a second active communication field of a second receiving device;
  
  create a second cryptogram based on the plurality of keys and the counter value; and
  
  transmit an authentication response responsive to the authentication request for sensitive data via the second active communication field, the authentication response comprising the second cryptogram transmitted to the second receiving device, wherein the second cryptogram authorizes access to the sensitive data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The transmitting device of claim 1, wherein the authentication request for sensitive data comprises one or more requests including personally identifiable information.
  - 3. The transmitting device of claim 1, wherein the authentication request for sensitive data is transmitted from an application comprising instructions for execution on the first receiving device.
  - 4. The transmitting device of claim 1, wherein multifactor authentication associated with an application comprising instructions for execution on the second receiving device and the transmitting device is activated.
  - 5. The transmitting device of claim 4, wherein the multifactor authentication comprises a login credential and one or more gestures by the transmitting device to the second receiving device via the second active communication field.
  - 6. The transmitting device of claim 1, wherein the sensitive data is included in a storage, the storage comprising at least one selected from the group of a cloud storage, a secure local storage element, and a blockchain.
  - 7. The transmitting device of claim 6, wherein the second device is configured to retrieve one or more portions of the sensitive data from the storage.
  - 8. The transmitting device of claim 1, wherein the authentication response is signed with one or more private keys from the transmitting device.
  - 9. The transmitting device of claim 8, wherein the signed authentication response is transmitted to the first receiving device and validated via one or more public keys.
  - 10. The transmitting device of claim 1, wherein the authentication request for sensitive data is restricted to a predetermined time period.

11. A method for secure data transmission, the method comprising the steps of:
- updating, by one or more processors of a transmitting device, a counter value when the communication interface is within a range of a first active communication field of a first receiving device, the transmitting device comprising;
  
  a memory including the counter value, and a plurality of keys;
  
  a communication interface, the one or more processors in communication with the memory and communication interface;
  
  creating, by the one or more processors, a first cryptogram based on the plurality of keys and the counter value;
  
  transmitting, by the one or more processors, the first cryptogram via the first active communication field to the first receiving device;
  
  receiving, from the first receiving device, an authentication request for sensitive data;
  
  updating, by the one or more processors, the counter value when the communication interface is within a range of a second active communication field of a second receiving device;
  
  creating, by the one or more processors, a second cryptogram based on the plurality of keys and the counter value; and
  
  transmitting, by the one or more processors, an authentication response responsive to the authentication request for sensitive data via the second active communication field, the authentication response comprisingthe second cryptogram transmitted to the second receiving device, wherein the second cryptogram authorizes access to the sensitive data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method for secure data transmission of claim 11, wherein the sensitive data is included in a storage, the storage comprising at least one selected from the group of a cloud storage, a secure local storage element, and a blockchain.
  - 13. The method for secure data transmission of claim 12, wherein the second device is configured to retrieve one or more portions of the sensitive data from the storage.
  - 14. The method for secure data transmission of claim 11, wherein the authentication response is signed with one or more private keys from the transmitting device.
  - 15. The method for secure data transmission of claim 14, wherein the signed authentication response is transmitted to the first receiving device and validated via one or more public keys.
  - 16. The method for secure data transmission of claim 11, wherein the authentication request for sensitive data is restricted to a predetermined time period.
  - 17. The method for secure data transmission of claim 11, wherein the authentication request for sensitive data is transmitted from an application comprising instructions for execution on the first receiving device.
  - 18. The method for secure data transmission of claim 11, wherein multifactor authentication associated with an application comprising instructions for execution on the second receiving device and the transmitting device is activated.
  - 19. The method for secure data transmission of claim 18, wherein the multifactor authentication comprises a login credential and one or more gestures by the transmitting device to the second receiving device via the second active communication field.

20. A first device comprising:
- a memory including a counter value, and a plurality of keys;
  
  a communication interface; and
  
  one or more processors in communication with the memory and communication interface,wherein the one or more processors is configured to;
  
  update the counter value when the communication interface is within a range of a first communication field of a second device;
  
  create a first cryptogram based on the plurality of keys and the counter value;
  
  transmit the first cryptogram, via the first communication field, to a first application comprising instructions for execution on the second device;
  
  receive, from the first application, an authentication request for sensitive data;
  
  update the counter value when the communication interface is within a range of a second communication field of a third device;
  
  create a second cryptogram based on the plurality of keys and the counter value; and
  
  transmit an authentication response responsive to the authentication request for sensitive data via the second communication field, the authentication response comprising the second cryptogram transmitted to a second application comprising instructions for execution on the third device, wherein the second cryptogram authorizes access to the sensitive data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Rule, Jeffrey, Ilincic, Rajko
Primary Examiner(s)
Korsak, Oleg

Application Number

US16/299,940
Time in Patent Office

273 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/44   Program or device authentic...

G06F 21/602   Providing cryptographic fac...

G06F 21/6245   Protecting personal data, e...

H04L 2209/80   Wireless network architectu...

H04L 2463/082   applying multi-factor authe...

H04L 63/0407   wherein the identity of one...

H04L 63/0853   using an additional device,...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3215   using a plurality of channe...

H04L 9/3234   involving additional secure...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

H04W 12/068   using credential vaults, e....

H04W 12/47   using near field communicat...

H04W 12/68   Gesture-dependent or behavi...

Systems and methods for cryptographic authentication of contactless cards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

498 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for cryptographic authentication of contactless cards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

498 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others