Systems and methods for cryptographic authentication of contactless cards

US 10,686,603 B2
Filed: 10/02/2019
Issued: 06/16/2020
Est. Priority Date: 10/02/2018
Status: Active Grant

First Claim

Patent Images

1. A data transmission system comprising:

a transmitting device having a transmitting device processor and a transmitting device memory, the transmitting device memory containing a first master key, transmission data and a counter value;

a receiving device having a receiving device processor and a receiving device memory, the receiving device memory containing a second master key;

wherein the transmitting device is configured to;

generate a first diversified key using the first master key and at least one first cryptographic algorithm and store the first diversified key in the transmitting device memory, wherein the first master key is a secret key,protect the counter value using at least one second cryptographic algorithm and the first diversified key to yield a cryptographic result including the counter value,encrypt the transmission data using at least one third cryptographic algorithm and the first diversified key to yield encrypted transmission data, andtransmit the protected counter value and the encrypted transmission data to the receiving device; and

wherein the receiving device is configured to;

generate a second diversified key based on the second master key and the counter value, and store the second diversified key in the receiving device memory, wherein the second master key is a public key; and

decrypt the encrypted transmission data and validate the protected counter value using at least one fourth cryptographic algorithm and the second diversified key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of systems and methods for data transmission between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device. The receiving device can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

573 Citations

19 Claims

1. A data transmission system comprising:
- a transmitting device having a transmitting device processor and a transmitting device memory, the transmitting device memory containing a first master key, transmission data and a counter value;
  
  a receiving device having a receiving device processor and a receiving device memory, the receiving device memory containing a second master key;
  
  wherein the transmitting device is configured to;
  
  generate a first diversified key using the first master key and at least one first cryptographic algorithm and store the first diversified key in the transmitting device memory, wherein the first master key is a secret key,protect the counter value using at least one second cryptographic algorithm and the first diversified key to yield a cryptographic result including the counter value,encrypt the transmission data using at least one third cryptographic algorithm and the first diversified key to yield encrypted transmission data, andtransmit the protected counter value and the encrypted transmission data to the receiving device; and
  
  wherein the receiving device is configured to;
  
  generate a second diversified key based on the second master key and the counter value, and store the second diversified key in the receiving device memory, wherein the second master key is a public key; and
  
  decrypt the encrypted transmission data and validate the protected counter value using at least one fourth cryptographic algorithm and the second diversified key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The data transmission system of claim 1, wherein the at least one first, second, third and fourth cryptographic algorithms each include at least one of (i) an asymmetric encryption algorithm, (ii) a digital signature algorithm, (iii) an ElGamal encryption algorithm, (iv) an elliptical curve algorithm, or (v) a Paillier cryptosystem algorithm.
  - 3. The data transmission system of claim 1, wherein the counter value includes a one-time passcode.
  - 4. The data transmission system of claim 1, wherein the transmitting device is further configured to:
    - sign the counter value using the secret key; and
      
      encrypt the signed counter value using a further public key.
  - 5. The data transmission system of claim 4, wherein the receiving device is further configured to decrypt the signed counter value using a further private key.
  - 6. The data transmission system of claim 1, wherein at least one of the first diversified key or the second diversified key is generated for each transmission between the transmitting device and the receiving device.
  - 7. The data transmission system of claim 6, wherein the at least one of the first diversified key or the second diversified key is generated using at least one of the counter value or a portion of the counter value.
  - 8. The data transmission system of claim 1, wherein the transmitting device is further configured to send the public key to the receiving device.
  - 9. The data transmission system of claim 1, wherein the public key includes a signed certificate to authenticate an issuer of the public key.
  - 10. The data transmission system of claim 1, wherein the transmission data is activation data for a smart card.

11. A method for transmitting encrypted data by a contactless card having a processor and a memory containing two master keys, an identification number, a sequence number, and a counter, the method comprising:
- generating a first diversified key using a secret encryption key and at least one first cryptographic algorithm;
  
  encrypting a counter value using at least one second cryptographic algorithm and the secret encryption key;
  
  encrypting transmission data using at least one third cryptographic algorithm and the first diversified key;
  
  transmitting the encrypted counter value and the encrypted transmission data to a receiving device;
  
  generating a second diversified key based on a public encryption key and the counter value; and
  
  decrypting the encrypted transmission data and validating the encrypted counter value using at least one fourth cryptographic algorithm and the public encryption key.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein the at least one first, second, and third cryptographic algorithms each include at least one of (i) an asymmetric encryption algorithm, (ii) a digital signature algorithm, (iii) an ElGamal encryption algorithm, (iv) an elliptical curve algorithm, or (v) a Paillier cryptosystem algorithm.
  - 13. The method of claim 11, wherein the counter value includes a one-time passcode.
  - 14. The method of claim 11, further comprising:
    - signing the counter value using the secret encryption key; and
      
      encrypt the signed counter value using a public encryption key.
  - 15. The method of claim 14, further comprising decrypting the signed counter value using a further secret encryption key.
  - 16. The method of claim 11, wherein the transmission data is activation data for a smart card.
  - 17. The method of claim 11, wherein at least one of the first diversified key or the second diversified key is generated for each transmission between a transmitting device and the receiving device.
  - 18. The method of claim 17, wherein the at least one of the first diversified key or the second diversified key is generated using at least one of the counter value or a portion of the counter value.

19. A data transmission system comprising:
- a transmitting device having a transmitting device processor and a transmitting device memory, the transmitting device memory containing a first private key and a first public key, transmission data and a counter value;
  
  a receiving device having a receiving device processor and a receiving device memory, the receiving device memory containing a second private key and a second public key;
  
  wherein the transmitting device is configured to;
  
  protect the counter value using at least one first cryptographic algorithm and the first private key to yield a cryptographic result including the counter value,encrypt the transmission data and the protected counter value using at least one second cryptographic algorithm and the first public key to yield encrypted transmission data, andtransmit the encrypted transmission data to the receiving device; and
  
  wherein the receiving device is configured to;
  
  decrypt the encrypted transmission data using a second private key; and
  
  decrypt and validate the protected counter value using a second public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Osborn, Kevin, Rule, Jeffrey, Chigurupati, Srinivasa
Primary Examiner(s)
Korsak, Oleg

Application Number

US16/591,309
Publication Number

US 20200106618A1
Time in Patent Office

258 Days
Field of Search
US Class Current
CPC Class Codes

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0863   involving passwords or one-...

H04L 9/14   using a plurality of keys o...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

H04L 9/3242   involving keyed hash functi...

Systems and methods for cryptographic authentication of contactless cards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

573 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for cryptographic authentication of contactless cards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

573 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others