Systems and methods for cryptographic authentication of contactless cards
First Claim
1. A card locking system comprising:
- a contactless card including one or more processors, and a memory, wherein the memory comprises a diversified master key, transmission data, first and second applets, and a counter;
a client application comprising instructions for execution on a client device including a processor and a memory, the memory containing a master key,wherein the contactless card is configured to;
generate a diversified key using the diversified master key, one or more cryptographic algorithms, and the counter,generate a cryptographic result including the counter using one or more cryptographic algorithms and the diversified key,encrypt the transmission data using the one or more cryptographic algorithms and the diversified key to yield encrypted transmission data, andtransmit the cryptographic result and encrypted transmission data to the client application; and
wherein the application is configured to;
generate an authentication diversified key based on the master key and a unique identifier,generate a session key based on the authentication diversified key and the cryptographic result, anddecrypt the encrypted transmission data and validate the cryptographic result using the one or more cryptographic algorithms and the session key,wherein the counter is independently updated by the contactless card and the client application for each transmission between the contactless card and the application,wherein the first applet is configured to establish a communication path to the second applet based on receipt of a message from the client application, andwherein the second applet is deactivated by the first applet via the communication path.
1 Assignment
0 Petitions
Accused Products
Abstract
Example embodiments of systems and methods for data transmission between a contactless card and a client application are provided. A card key may be generated using a master key and identification number. A first and second session key may be generated using the card key and portions of the. A cryptographic result including the counter may be generated using one or more cryptographic algorithms and the card key. A cryptogram may be generated using the first session key and encrypted using the second session key. The application may be transmit one or more messages to the first applet of the contactless card. The first applet may be configured to establish one or more communication paths to the second applet based on receipt of the one or more messages from the client device. The second applet may be deactivated by the first applet via the one or more communication paths.
-
Citations
20 Claims
-
1. A card locking system comprising:
-
a contactless card including one or more processors, and a memory, wherein the memory comprises a diversified master key, transmission data, first and second applets, and a counter; a client application comprising instructions for execution on a client device including a processor and a memory, the memory containing a master key, wherein the contactless card is configured to; generate a diversified key using the diversified master key, one or more cryptographic algorithms, and the counter, generate a cryptographic result including the counter using one or more cryptographic algorithms and the diversified key, encrypt the transmission data using the one or more cryptographic algorithms and the diversified key to yield encrypted transmission data, and transmit the cryptographic result and encrypted transmission data to the client application; and wherein the application is configured to; generate an authentication diversified key based on the master key and a unique identifier, generate a session key based on the authentication diversified key and the cryptographic result, and decrypt the encrypted transmission data and validate the cryptographic result using the one or more cryptographic algorithms and the session key, wherein the counter is independently updated by the contactless card and the client application for each transmission between the contactless card and the application, wherein the first applet is configured to establish a communication path to the second applet based on receipt of a message from the client application, and wherein the second applet is deactivated by the first applet via the communication path. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for locking a contactless card including a processor and a memory containing a master key, an identification number, a first applet, a second applet, and a counter, comprising:
-
generating a card key using the master key and the identification number; generating a first session key using the card key and a first portion of the counter and a second session key using the card key and a second portion of the counter, wherein the first portion of the counter is different than the second portion of the counter; generating a cryptographic result including the counter using one or more cryptographic algorithms and the card key; generating a cryptogram using the first session key, the cryptogram including the cryptographic result and the identification number; encrypting the cryptogram using the second session key; transmitting the encrypted cryptogram and the cryptographic result; receiving a deactivation instruction to deactivate the contactless card; creating a communication path to the second applet; and deactivating the second applet via the communication path. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A contactless card comprising:
-
a processor and a memory, wherein the memory comprises first and second applets and a counter; wherein the first applet is configured to receive one or more messages, wherein the first applet is configured to create, based on receipt of the one or more messages, a communication path to the second applet, wherein the one or more messages are configured to deactivate the second applet of the contactless card, wherein the second applet is reactivated based on one or more gestures by the contactless card within a communication field, the one or more gestures comprises at least one selected from the group of a tap, swipe, wave, or any combination thereof, and wherein the counter is adjusted for each transaction, the counter configured to increment for a predetermined number of transactions.
-
Specification