Systems and methods for cryptographic authentication of contactless cards
First Claim
Patent Images
1. A client device comprising:
- a processor;
a memory containing a Fast Identity Online (FIDO) public key, a FIDO private key, and account information; and
a communication interface having a communication field;
wherein, upon receipt of an instruction to initiate a transaction, the processor is configured to;
transmit a transaction request to a first server, the transaction request including account information and transaction information relating to the transaction;
receive a challenge from a second server;
request a transaction verification from a contactless card;
receive, via the communication interface, a transaction verification from the contactless card after entry of the contactless card into the communication field, wherein the transaction verification permits use of the FIDO private key in connection with the challenge;
sign the challenge using the private key; and
transmit the signed challenge to the second server.
1 Assignment
0 Petitions
Accused Products
Abstract
Example embodiments of systems and methods for data transmission between a contactless card and a client device in support of a FIDO authentication are provided. In an embodiment, upon receipt of a challenge issued by a server in connection with a pending transaction, the contactless card may authorize the client device to utilize a FIDO private key to respond to the challenge. If the response to the challenge is successful, the FIDO authentication may proceed and the transaction may be completed.
-
Citations
20 Claims
-
1. A client device comprising:
-
a processor; a memory containing a Fast Identity Online (FIDO) public key, a FIDO private key, and account information; and a communication interface having a communication field; wherein, upon receipt of an instruction to initiate a transaction, the processor is configured to; transmit a transaction request to a first server, the transaction request including account information and transaction information relating to the transaction; receive a challenge from a second server; request a transaction verification from a contactless card; receive, via the communication interface, a transaction verification from the contactless card after entry of the contactless card into the communication field, wherein the transaction verification permits use of the FIDO private key in connection with the challenge; sign the challenge using the private key; and transmit the signed challenge to the second server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An authorization method comprising:
-
initiating, by a client application comprising instructions for execution on a client device, a transaction with a first server; transmitting, by the client application, transaction information to the first server; receiving, by the client application, a challenge sent by a second server; requesting, by the client application, a transaction verification after entry of a contactless card into a communication field; receiving, by the client application, the transaction verification, wherein the transaction verification authorizes the client application to utilize a Fast Identity Online (FIDO) private key stored in a memory of the client device to sign the challenge; signing, by the client application, the challenge using the FIDO private key; transmitting, by the client application, the signed challenge to the second server; and receiving, by the client application, an indication from the first server that the transaction has been approved. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A contactless card comprising:
a substrate, including; a memory containing an applet, a counter value, a master key, a diversified key, a Fast Identity Online (FIDO) public key, and a FIDO private key; a communication interface; and a processor in communication with the memory and communication interface, the processor configured to; update the counter value when the communication interface is within a range of a communication field of a client device; receive, via the communication interface, a transaction verification request; create a cryptogram using the diversified key and the counter value, wherein the cryptogram stores the FIDO public key; create a transaction verification response, the transaction verification response including the cryptogram, wherein the transaction verification permits use of the private key in connection with a challenge; and transmit, the cryptogram via the communication interface.
Specification