Systems and methods for cryptographic authentication of contactless cards

US 10,579,998 B1
Filed: 03/12/2019
Issued: 03/03/2020
Est. Priority Date: 10/02/2018
Status: Active Grant

First Claim

Patent Images

1. A system for secure communication comprising:

a transmitting device having a processor and memory, the memory of the transmitting device containing a diversified master key, transmission data and a counter value;

an application comprising instructions for execution on a receiving device having a processor and memory, the memory of the receiving device containing a master key;

wherein the transmitting device is configured to;

generate a diversified key using the diversified master key, one or more cryptographic algorithms, and the counter value,generate a cryptographic result including the counter value using the one or more cryptographic algorithms and the diversified key,encrypt the transmission data using the one or more cryptographic algorithms and the diversified key to yield encrypted transmission data, andtransmit the cryptographic result and encrypted transmission data to the application;

wherein the application is configured to;

generate an authentication diversified key based on the master key and a unique identifier;

generate a session key based on the authentication diversified key and the cryptographic result; and

decrypt the encrypted transmission data and validate the received cryptographic result using the one or more cryptographic algorithms and the session key;

wherein, upon the initiation of an operation, the application is further configured to;

request a user identification;

pause the operation until the user identification has been authenticated;

upon authentication of the user identification, complete the operation,wherein the user identification is provided after entry of the transmitting device into a communication field of the receiving device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

542 Citations

20 Claims

1. A system for secure communication comprising:
- a transmitting device having a processor and memory, the memory of the transmitting device containing a diversified master key, transmission data and a counter value;
  
  an application comprising instructions for execution on a receiving device having a processor and memory, the memory of the receiving device containing a master key;
  
  wherein the transmitting device is configured to;
  
  generate a diversified key using the diversified master key, one or more cryptographic algorithms, and the counter value,generate a cryptographic result including the counter value using the one or more cryptographic algorithms and the diversified key,encrypt the transmission data using the one or more cryptographic algorithms and the diversified key to yield encrypted transmission data, andtransmit the cryptographic result and encrypted transmission data to the application;
  
  wherein the application is configured to;
  
  generate an authentication diversified key based on the master key and a unique identifier;
  
  generate a session key based on the authentication diversified key and the cryptographic result; and
  
  decrypt the encrypted transmission data and validate the received cryptographic result using the one or more cryptographic algorithms and the session key;
  
  wherein, upon the initiation of an operation, the application is further configured to;
  
  request a user identification;
  
  pause the operation until the user identification has been authenticated;
  
  upon authentication of the user identification, complete the operation,wherein the user identification is provided after entry of the transmitting device into a communication field of the receiving device.
- View Dependent Claims (2, 3, 4)
- - 2. The system for secure communication of claim 1, wherein the receiving device is configured to communicate with one or more servers to authenticate the user identification.
  - 3. The system for secure communication of claim 1, wherein the user identification is provided by the transmitting device.
  - 4. The system for secure communication of claim 1, wherein:
    - the receiving device is a server; and
      
      the cryptographic result and encrypted transmission data are transmitted by the transmitting device to the application via one or more intermediary devices.

5. A method of securing an operation, the method comprising the steps of:
- providing a transmitting device comprising a processor and memory and the memory of the transmitting device containing a diversified master key, identification data and a counter value;
  
  providing an application comprising instructions for execution on the receiving device comprising a processor and a memory containing a master key;
  
  wherein the transmitting device is configured to;
  
  generate a diversified key using the diversified master key, one or more cryptographic algorithms, and the counter,generate a cryptographic result including the counter value using the one or more cryptographic algorithms and the diversified key,encrypt the identification data using one or more cryptographic algorithms and the diversified key to yield encrypted identification data, andtransmit the cryptographic result and encrypted identification data to the application;
  
  wherein the application is configured to;
  
  generate an authentication diversified key based on the master key and a unique identifier;
  
  generate a session key based on the authentication diversified key and the cryptographic result; and
  
  decrypt the encrypted identification data and validate the received cryptographic result using the one or more cryptographic algorithms and the session key;
  
  initiating an operation;
  
  pausing the operation until a user identification has been authenticated;
  
  authenticating the user identification after entry of the transmitting device into a communication field of the receiving device thereby transmitting encrypted identification data from the transmitting device to the application, wherein the user identification is provided after entry of the transmitting device into the communication field; and
  
  completing the operation.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 6. The method of claim 5, wherein the operation comprises a financial transaction.
  - 7. The method of claim 6, wherein the step of pausing the operation occurs prior to transmitting financial data associated with the financial transaction.
  - 8. The method of claim 6, wherein the financial transaction comprises withdrawing funds from an account.
  - 9. The method of claim 5, wherein the operation comprises accessing a physical space.
  - 10. The method of claim 5, wherein the operation comprises checking into a hotel.
  - 11. The method of claim 5, wherein the operation comprises auto-populating an online form.
  - 12. The method of claim 5, wherein the operation comprises unlocking a vehicle.
  - 13. The method of claim 5, wherein the operation comprises operating a vehicle.
  - 14. The method of claim 5, wherein the operation comprises accessing medical records.
  - 15. The method of claim 5, wherein the operation comprises accessing personal information.
  - 16. The method of claim 5, wherein the operation comprises calling a customer service agent.
  - 17. The method of claim 5, wherein the operation comprises changing a hotel reservation.
  - 18. The method of claim 5, wherein the operation comprises editing a password.
  - 19. The method of claim 5, wherein the operation comprises editing a mailing address.
  - 20. The method of claim 5, further comprising the steps of transmitting a passcode to a mobile device and requesting the passcode prior to completing the operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Newman, Kaitlin, Hart, Colin, Rule, Jeffrey, Mossler, Lara, Bermudez, Sophie, Mossoba, Michael, Lutz, Wayne, Crank, Charles Nathan, Heng, Melissa, Osborn, Kevin, Haynes, Kimberly, Cogswell, Andrew, Gulati, Latika, Cunningham, Sarah Jane, Ashfield, James
Primary Examiner(s)
Korsak, Oleg

Application Number

US16/351,441
Time in Patent Office

357 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/326   Payment applications instal...

G06Q 20/352   Contactless payments by cards

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3829   involving key management

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/002   Countermeasures against att...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0866   involving user or device id...

H04L 9/0877   using additional device, e....

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

Systems and methods for cryptographic authentication of contactless cards

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

542 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for cryptographic authentication of contactless cards

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

542 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others