Systems and methods for cryptographic authentication of contactless cards

US 10,565,587 B1
Filed: 03/12/2019
Issued: 02/18/2020
Est. Priority Date: 10/02/2018
Status: Active Grant

First Claim

Patent Images

1. A data transmission system comprising:

a transmitting device having a processor and memory, the memory of the transmitting device containing a diversified master key, transmission data and a counter value;

an application comprising instructions for execution on a receiving device having a processor and memory, the memory of the receiving device containing the master key;

wherein the transmitting device is configured to;

generate a diversified key using the diversified master key, one or more cryptographic algorithms, and the counter value,generate a cryptographic result including the counter value using the one or more cryptographic algorithms and the diversified key,encrypt the transmission data using the one or more cryptographic algorithms and the diversified key to yield encrypted transmission data, andtransmit the cryptographic result and encrypted transmission data to the application; and

wherein the application is configured to;

generate an authentication diversified key based on the master key and a unique identifier;

generate a session key based on the authentication diversified key and the cryptographic result; and

decrypt the encrypted transmission data and validate the received cryptographic result using the one or more cryptographic algorithms and the session key;

wherein the transmitting device comprises a first contactless card and the receiving device comprises a terminal,wherein the first contactless card is configured to transmit a first account number to the application,the data transmission system further comprising a second contactless card that is configured to transmit a second account number to the application,wherein the application is further configured to;

transmit a first communication to a server, the first communication configured to cause the server to process a payment, the first communication including the first account number and the second account number;

receive a payment amount and determine a first instruction based on a first number, the first number indicative of how many contactless cards transmit information to the application,determine a tap password, wherein the tap password indicates a second number, the second number comprising a number of taps by at least one selected from the group of the first contactless card and the second contactless card to the terminal,receive a second communication from the server indicating that the payment was processed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Citations

20 Claims

1. A data transmission system comprising:
- a transmitting device having a processor and memory, the memory of the transmitting device containing a diversified master key, transmission data and a counter value;
  
  an application comprising instructions for execution on a receiving device having a processor and memory, the memory of the receiving device containing the master key;
  
  wherein the transmitting device is configured to;
  
  generate a diversified key using the diversified master key, one or more cryptographic algorithms, and the counter value,generate a cryptographic result including the counter value using the one or more cryptographic algorithms and the diversified key,encrypt the transmission data using the one or more cryptographic algorithms and the diversified key to yield encrypted transmission data, andtransmit the cryptographic result and encrypted transmission data to the application; and
  
  wherein the application is configured to;
  
  generate an authentication diversified key based on the master key and a unique identifier;
  
  generate a session key based on the authentication diversified key and the cryptographic result; and
  
  decrypt the encrypted transmission data and validate the received cryptographic result using the one or more cryptographic algorithms and the session key;
  
  wherein the transmitting device comprises a first contactless card and the receiving device comprises a terminal,wherein the first contactless card is configured to transmit a first account number to the application,the data transmission system further comprising a second contactless card that is configured to transmit a second account number to the application,wherein the application is further configured to;
  
  transmit a first communication to a server, the first communication configured to cause the server to process a payment, the first communication including the first account number and the second account number;
  
  receive a payment amount and determine a first instruction based on a first number, the first number indicative of how many contactless cards transmit information to the application,determine a tap password, wherein the tap password indicates a second number, the second number comprising a number of taps by at least one selected from the group of the first contactless card and the second contactless card to the terminal,receive a second communication from the server indicating that the payment was processed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The data transmission system of claim 1, wherein the receiving device comprises at least one selected from the group of a cellphone, a smart device, and a wearable device.
  - 3. The data transmission system of claim 1, wherein the application is configured to receive the payment amount from at least one selected from the group of the first contactless card and the second contactless card, and the first communication includes the payment amount.
  - 4. The data transmission system of claim 3, wherein the payment is equal to the payment amount and the payment is debited from an account associated with at least one selected from the group of the first account number and the second account number.
  - 5. The data transmission system of claim 2, wherein the application comprising instructions for execution on the wearable device is configured to scan a barcode and determine the payment amount based on the scanned barcode.
  - 6. The data transmission system of claim 5, wherein the first contactless card is configured to transmit the first account number to the application comprising instructions for execution on the wearable device and the application comprising instructions for execution on the wearable device is configured to send the first communication to the server, the communication including the first account number.
  - 7. The data transmission system of claim 6, wherein the payment is equal to the payment amount and the payment is debited from an account associated with at least one selected from the group of the first account number and the second account number.
  - 8. The data transmission system of claim 1, wherein the application is configured to receive the payment amount and a second instruction on how to divide up the payment amount between the first contactless card and the second contactless card, and the first communication includes the payment amount and the second instruction.
  - 9. The data transmission system of claim 8, wherein the payment is equal to the payment amount and the payment is debited from an account associated with the first account number and an account associated with the second account number, the payment being divided up between the account associated with the first account number and an accounted associated with the second account number based on the second instruction.
  - 10. The data transmission system of claim 1, wherein the tap password indicates a duration of how long at least one selected from the group of the first contactless card and the second contactless card was tapped on the terminal.
  - 11. The data transmission system of claim 1, wherein the application is configured to transmit the tap password to the server.
  - 12. The data transmission system of claim 11, wherein the application is configured to receive an authorization from the server indicating that the tap password is correct.
  - 13. The data transmission system of claim 1, wherein:
    - the receiving device is a server; and
      
      the cryptographic result and encrypted transmission data are transmitted by the transmitting device to the application via one or more intermediary devices.

14. A method for transmitting data by a contactless card having a processor and a memory, the memory containing a master key, an identification number, and a counter, the method comprising:
- generating a card key using the master key and the identification number;
  
  generating a first session key using the card key and a first portion of the counter and a second session key using the card key and a second portion of the counter, wherein the first portion of the counter is different than the second portion of the counter;
  
  generating a cryptographic result including the counter using one or more cryptographic algorithms and the card key;
  
  generating a cryptogram using the first session key, the cryptogram comprising the cryptographic result and the identification number;
  
  encrypting the cryptogram using the second session key;
  
  transmitting the encrypted cryptogram and the cryptographic result;
  
  transmitting a first account number and a second account number to an application comprising instructions for execution on a receiving device, the receiving device comprising a terminal;
  
  transmitting a first communication to a server, the first communication configured to cause the server to process a payment;
  
  receiving a payment amount and determining a first instruction based on a first number, the first number indicative of how many contactless cards transmit information the application;
  
  determining a tap password, wherein the tap password indicates a second number, the second number comprising a number of taps of each of the contactless cards to the terminal; and
  
  receiving a second communication from the server indicating that the payment was processed.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the application comprising instructions for execution on the receiving device including at least one selected from the group of a cellphone, a smart device, and a wearable device.
  - 16. The method of claim 14, wherein the payment is equal to the payment amount and the payment is debited from an account associated with at least one selected from the group of the first account number and the second account number.
  - 17. The method of claim 14, further comprising receiving the payment amount and a second instruction on how to divide up the payment amount between each of the contactless cards, and the first communication comprises the payment amount and the second instruction.
  - 18. The method of claim 14, wherein the tap password indicates a duration of how long each of the contactless cards was tapped on the terminal.
  - 19. The method of claim 14, further comprising transmitting the tap password to the server.
  - 20. The method of claim 15, further comprising scanning a barcode and determining the payment amount based on the scanned barcode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Newman, Kaitlin, Haynes, Kimberly, Crank, Charles Nathan, Cogswell, Andrew, Hart, Colin, Rule, Jeffrey, Mossler, Lara, Gulati, Latika, Benkreira, Abdelkader, Cunningham, Sarah Jane, Bermudez, Sophie, Mossoba, Michael, Lutz, Wayne
Primary Examiner(s)
Korsak, Oleg

Application Number

US16/351,401
Time in Patent Office

343 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/352   Contactless payments by cards

G06Q 20/3674   involving authentication

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3829   involving key management

G06Q 20/401   Transaction verification

G06Q 20/409   Device specific authenticat...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0822   using key encryption key

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/14   using a plurality of keys o...

H04L 9/3226   using a predetermined code,...

H04W 12/68   Gesture-dependent or behavi...

Systems and methods for cryptographic authentication of contactless cards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for cryptographic authentication of contactless cards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links