Systems and methods for cryptographic authentication of contactless cards

US 10,685,350 B2
Filed: 10/02/2019
Issued: 06/16/2020
Est. Priority Date: 10/02/2018
Status: Active Grant

First Claim

Patent Images

1. A client device comprising:

a processor;

a memory containing a Fast Identity Online (FIDO) public key, a FIDO private key, and account information; and

a communication interface having a communication field;

wherein, upon receipt of an instruction to initiate a transaction, the processor is configured to;

transmit a transaction request to a first server, the transaction request including account information and transaction information relating to the transaction;

receive a challenge from a second server;

request a transaction verification from a contactless card;

receive, via the communication interface, a transaction verification from the contactless card after entry of the contactless card into the communication field, wherein the transaction verification permits use of the FIDO private key in connection with the challenge;

sign the challenge using the private key; and

transmit the signed challenge to the second server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of systems and methods for data transmission between a contactless card and a client device in support of a FIDO authentication are provided. In an embodiment, upon receipt of a challenge issued by a server in connection with a pending transaction, the contactless card may authorize the client device to utilize a FIDO private key to respond to the challenge. If the response to the challenge is successful, the FIDO authentication may proceed and the transaction may be completed.

Citations

20 Claims

1. A client device comprising:
- a processor;
  
  a memory containing a Fast Identity Online (FIDO) public key, a FIDO private key, and account information; and
  
  a communication interface having a communication field;
  
  wherein, upon receipt of an instruction to initiate a transaction, the processor is configured to;
  
  transmit a transaction request to a first server, the transaction request including account information and transaction information relating to the transaction;
  
  receive a challenge from a second server;
  
  request a transaction verification from a contactless card;
  
  receive, via the communication interface, a transaction verification from the contactless card after entry of the contactless card into the communication field, wherein the transaction verification permits use of the FIDO private key in connection with the challenge;
  
  sign the challenge using the private key; and
  
  transmit the signed challenge to the second server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The client device of claim 1, wherein the processor is further configured to:
    - generate a FIDO key pair including the FIDO private key and a FIDO public key; and
      
      transmit the FIDO public key to the second server.
  - 3. The client device of claim 2, wherein the processor is configured to generate the FIDO key pair using a master key and a diversified key.
  - 4. The client device of claim 3, wherein the diversified key is generated using the master key and a counter value.
  - 5. The client device of claim 2, wherein the second server is configured to create the challenge using the FIDO public key.
  - 6. The client device of claim 2, wherein the second server is configured to confirm the signed challenge using the FIDO public key.
  - 7. The client device of claim 1, wherein the communication interface is configured to communicate with the contactless card via near field communication.
  - 8. The client device of claim 1, wherein the challenge is a string of random numbers.
  - 9. The client device of claim 1, wherein the challenge is a string of random letters.
  - 10. The client device of claim 1, wherein the second server transmitted the challenge to the client device in response to receiving a request for a payment from the first server.
  - 11. The client device of claim 1, wherein the first server and the second server are the same.
  - 12. The client device of claim 1, wherein the client device further comprises a display and the processor is configured to request a transaction verification by presenting a message asking a user to tap the contactless card on the client device on the display.
  - 13. The client device of claim 1, wherein the transaction information includes at least one of an account number, a transaction amount, and a unique card identifier.
  - 14. The client device of claim 1, wherein the use of the master key is limited to a predetermined time period or to a predetermined number of uses.

15. An authorization method comprising:
- initiating, by a client application comprising instructions for execution on a client device, a transaction with a first server;
  
  transmitting, by the client application, transaction information to the first server;
  
  receiving, by the client application, a challenge sent by a second server;
  
  requesting, by the client application, a transaction verification after entry of a contactless card into a communication field;
  
  receiving, by the client application, the transaction verification, wherein the transaction verification authorizes the client application to utilize a Fast Identity Online (FIDO) private key stored in a memory of the client device to sign the challenge;
  
  signing, by the client application, the challenge using the FIDO private key;
  
  transmitting, by the client application, the signed challenge to the second server; and
  
  receiving, by the client application, an indication from the first server that the transaction has been approved.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The authorization method of claim 15, wherein the transaction verification includes a second entry of the contactless card into the communication field.
  - 17. The authorization method of claim 15, wherein the contactless card and the client device each store a master key and a counter value.
  - 18. The authorization method of claim 17, further comprising:
    - encrypting, by the client application, the FIDO private key using a combination of a diversified key and the counter value stored by the contactless card; and
      
      transmitting, by the client application, the encrypted FIDO private key to the second server.
  - 19. The authorization method of claim 15, further comprising:
    - generating, by the client application, a FIDO public key and a FIDO private key; and
      
      transmitting, by the client application, the FIDO public key to the second server.

20. A contactless card comprising:
- a substrate, including;
  
  a memory containing an applet, a counter value, a master key, a diversified key, a Fast Identity Online (FIDO) public key, and a FIDO private key;
  
  a communication interface; and
  
  a processor in communication with the memory and communication interface, the processor configured to;
  
  update the counter value when the communication interface is within a range of a communication field of a client device;
  
  receive, via the communication interface, a transaction verification request;
  
  create a cryptogram using the diversified key and the counter value, wherein the cryptogram stores the FIDO public key;
  
  create a transaction verification response, the transaction verification response including the cryptogram, wherein the transaction verification permits use of the private key in connection with a challenge; and
  
  transmit, the cryptogram via the communication interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Osborn, Kevin, Ashfield, James, Chigurupati, Srinivasa, Rule, Jeffrey
Primary Examiner(s)
Korsak, Oleg

Application Number

US16/590,429
Publication Number

US 20200104841A1
Time in Patent Office

258 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/12   specially adapted for elect...

G06Q 20/204   comprising interface for re...

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/343   Cards including a counter

G06Q 20/352   Contactless payments by cards

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/40975   using encryption therefor

G06Q 2220/00   Business processing using c...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0631   Substitution permutation ne...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0861   Generation of secret inform...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

Systems and methods for cryptographic authentication of contactless cards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for cryptographic authentication of contactless cards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links