Systems and methods for cryptographic authentication of contactless cards
First Claim
Patent Images
1. A data transmission system comprising:
- a transmitting device having a processor and memory, the memory of the transmitting device containing a diversified master key, transmission data and a counter value;
an authentication server having a processor and memory, the memory of the authentication server containing a master key;
wherein the transmitting device is configured to;
generate a diversified key using the diversified master key, one or more cryptographic algorithms, and the counter value, and store the diversified key in the memory of the transmitting device,generate a cryptographic result including the counter value using one or more cryptographic algorithms and the diversified key,encrypt the transmission data using the one or more cryptographic algorithms and the diversified key to yield encrypted transmission data, andtransmit the cryptographic result and encrypted transmission data to the authentication server via one or more intermediary devices; and
wherein the authentication server is configured to;
generate an authentication diversified key based on the master key and a unique identifier, and store the authentication diversified key in the memory of the authentication server,generate a session key based on the authentication diversified key and the cryptographic result, anddecrypt the encrypted transmission data and validate the cryptographic result using the one or more cryptographic algorithms and the session key,wherein the counter value is independently updated by the transmitting device and the authentication server for each transmission between the transmitting device and the authentication server.
2 Assignments
0 Petitions
Accused Products
Abstract
Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.
-
Citations
20 Claims
-
1. A data transmission system comprising:
-
a transmitting device having a processor and memory, the memory of the transmitting device containing a diversified master key, transmission data and a counter value; an authentication server having a processor and memory, the memory of the authentication server containing a master key; wherein the transmitting device is configured to; generate a diversified key using the diversified master key, one or more cryptographic algorithms, and the counter value, and store the diversified key in the memory of the transmitting device, generate a cryptographic result including the counter value using one or more cryptographic algorithms and the diversified key, encrypt the transmission data using the one or more cryptographic algorithms and the diversified key to yield encrypted transmission data, and transmit the cryptographic result and encrypted transmission data to the authentication server via one or more intermediary devices; and wherein the authentication server is configured to; generate an authentication diversified key based on the master key and a unique identifier, and store the authentication diversified key in the memory of the authentication server, generate a session key based on the authentication diversified key and the cryptographic result, and decrypt the encrypted transmission data and validate the cryptographic result using the one or more cryptographic algorithms and the session key, wherein the counter value is independently updated by the transmitting device and the authentication server for each transmission between the transmitting device and the authentication server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for transmitting data by a contactless card having a processor and a memory, the memory containing a master key, an identification number, and a counter, the method comprising:
-
generating a card key using the master key and the identification number; generating a first session key using the card key and a first portion of the counter and a second session key using the card key and a second portion of the counter, wherein the first portion of the counter is different than the second portion of the counter; generating a cryptographic result including the counter using one or more cryptographic algorithms and the card key; generating a cryptogram using the first session key, the cryptogram including the cryptographic result and the identification number; encrypting the cryptogram using the second session key; and transmitting the encrypted cryptogram and the cryptographic result. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A contactless card comprising:
-
a substrate; a memory containing one or more applets, a counter value, and at least one key; a communication interface; and one or more processors in communication with the memory and communication interface, wherein; the contactless card is configured to update the counter value after a first near-field communication (NFC) read of a NFC data exchange format (NDEF) tag via the communication interface, upon updating the counter value, the contactless card is configured to create a first key using the at least one key and a first portion of the updated counter value, and create a second key using the at least one key and a second portion of the updated counter value, wherein the first portion of the updated counter value is different than the second portion of the updated counter value, the contactless card is configured to create a cryptogram using the first key, concatenate the cryptogram with a random number, and encrypt the cryptogram and random number concatenated thereto using the second key, and the encrypted cryptogram and the updated counter value are transmitted from the contactless card, via a second NFC read of the NDEF tag via the communication interface. - View Dependent Claims (20)
-
Specification