Systems and methods for signaling an attack on contactless cards

US 10,542,036 B1
Filed: 03/12/2019
Issued: 01/21/2020
Est. Priority Date: 10/02/2018
Status: Active Grant

First Claim

Patent Images

1. An attack signaling system comprising:

a contactless card including a substrate, one or more processors, and a memory; and

one or more servers in data communication with the contactless card,wherein the contactless card is configured to, upon detection of a potential attack, create a one-time password (OTP) value that is transmitted to the one or more servers, the OTP value indicative of the potential attack; and

wherein the one or more servers, upon receipt of the OTP value, are configured to perform one or more protective actions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key. In an embodiment, the transmitting device can signal an attack or potential attack through the counter value. The attack signaling can further include information relating to the attack or potential attack.

542 Citations

20 Claims

1. An attack signaling system comprising:
- a contactless card including a substrate, one or more processors, and a memory; and
  
  one or more servers in data communication with the contactless card,wherein the contactless card is configured to, upon detection of a potential attack, create a one-time password (OTP) value that is transmitted to the one or more servers, the OTP value indicative of the potential attack; and
  
  wherein the one or more servers, upon receipt of the OTP value, are configured to perform one or more protective actions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The attack signaling system of claim 1, wherein the OTP value is created by one or more OTP generation algorithms.
  - 3. The attack signaling system of claim 2, wherein the OTP value is based upon at least one selected from the group of a counter, time, and a challenge-response scheme.
  - 4. The attack signaling system of claim 3, wherein:
    - the OTP value is counter-based, andthe contactless card is configured to set one or more keys of the contactless card to a zero value.
  - 5. The attack signaling system of claim 3, wherein the counter is limited to a maximum value in the absence of a potential attack.
  - 6. The attack signaling system of claim 3, wherein:
    - the OTP value is time-based, andthe OTP value comprises at least one selected from the group of;
      
      a time value of zero, a time value prior to activation of the contactless card, and a time value exceeding a maximum possible lifetime of the contactless card.
  - 7. The attack signaling system of claim 3, wherein:
    - the OTP value is challenge-response scheme-based, andthe OTP value comprises a value that is configured to exceed a value for a response associated with at least one of the OTP generation algorithms.
  - 8. The attack signaling system of claim 1, wherein the one or more protective actions includes at least one selected from the group of generating a plurality of event logs associated with the attack of the contactless card;
    - transmitting a notification to threat response personnel;
      
      rendering the contactless card mute;
      
      initiating a replacement request of the contactless card;
      
      initiating a communication session with a user indicative of compromise of the contactless card; and
      
      establishing data communication with a risk based analytics engine to adjust a risk level of the user based on the detection of the attack.
  - 9. The attack signaling system of claim 1, wherein the one or more servers are configured to detect whether a plurality of contactless cards have been subject to the potential attack during a predetermined time.

10. A method for signaling a potential attack by a contactless card in data communication with a server, comprising:
- receiving, by the server, one or more codes from the contactless card;
  
  determining, by the server that the one or more codes are indicative of the detection of a potential attack on the contactless card; and
  
  performing, by the server, one or more protective actions in response to the one or more codes.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method for signaling a potential attack of claim 10, wherein the one or more codes are based on a challenge-response scheme.
  - 12. The method for signaling a potential attack of claim 10, wherein the one or more protective actions includes at least one selected from the group of generating a plurality of event logs associated with the attack of the contactless card;
    - transmitting a notification to threat response personnel;
      
      rendering the contactless card mute;
      
      initiating a replacement request of the contactless card;
      
      initiating a communication session with a user indicative of compromise of the contactless card; and
      
      establishing data communication with a risk based analytics engine to adjust a risk level of the user based on the detection of the attack.
  - 13. The method for signaling a potential attack of claim 11, wherein the one or more codes are based on at least one selected from the group of time, a counter, and at least one OTP generation algorithm.
  - 14. The method for signaling a potential attack of claim 13, further comprising setting, by the contactless card, one or more keys of the contactless card to a zero value when the one or more codes are counter-based.
  - 15. The method for signaling a potential attack of claim 14, wherein:
    - the counter is set to a value indicative of a specific attack, andthe specific attack is at least one selected from the group of a code-modification attack, a fuzzing attack, and a clock jitter attack.
  - 16. The method for signaling a potential attack of claim 15, further comprising:
    - determining, by the server, that the contactless card has set the one or more keys to the zero value; and
      
      determining, by the server, that the contactless card has set the counter to the maximum value prior to performing the one or more protective actions.
  - 17. The method for signaling a potential attack of claim 13, wherein:
    - the one or more codes are time-based, andthe one or more codes include at least one selected from the group of a time value of zero, a time value prior to existence of the contactless card, and a time value exceeding the maximum possible lifetime of the contactless card.
  - 18. The method for signaling a potential attack of claim 13, wherein:
    - the one or more codes are challenge-response scheme-based, andthe one or more codes include a value that is configured to exceed a value for a response associated with at least one of the OTP generation algorithms.

19. A contactless card comprising:
- a substrate, one or more processors, and a memory, wherein the memory contains at least one key,wherein the contactless card is configured to, upon detection of a potential attack;
  
  generate a one-time password;
  
  transmit the one-time password;
  
  receive one or more protective action requests based on the one-time password; and
  
  destroy, responsive to one or more protective action requests, one or more, of the at least one key.
- View Dependent Claims (20)
- - 20. The contactless card of claim 19, wherein the potential attack comprises at least one selected from the group of tampering with the contactless card;
    - interference with data communications associated with the contactless card;
      
      physical intrusion into the contactless card;
      
      a code-modification attack;
      
      a fuzzing attack; and
      
      any combination thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Duane, William, Chigurupati, Srinivasa, Osborn, Kevin
Primary Examiner(s)
Korsak, Oleg

Application Number

US16/351,379
Time in Patent Office

315 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

H04L 63/0853   using an additional device,...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

Systems and methods for signaling an attack on contactless cards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

542 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for signaling an attack on contactless cards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

542 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others