Systems and methods for cryptographic authentication of contactless cards

US 10,615,981 B1
Filed: 10/01/2019
Issued: 04/07/2020
Est. Priority Date: 10/02/2018
Status: Active Grant

First Claim

Patent Images

1. A card locking system comprising:

a contactless card including one or more processors, and a memory, wherein the memory comprises a diversified master key, transmission data, first and second applets, and a counter;

a client application comprising instructions for execution on a client device including a processor and a memory, the memory containing a master key,wherein the contactless card is configured to;

generate a diversified key using the diversified master key, one or more cryptographic algorithms, and the counter,generate a cryptographic result including the counter using one or more cryptographic algorithms and the diversified key,encrypt the transmission data using the one or more cryptographic algorithms and the diversified key to yield encrypted transmission data, andtransmit the cryptographic result and encrypted transmission data to the client application; and

wherein the application is configured to;

generate an authentication diversified key based on the master key and a unique identifier,generate a session key based on the authentication diversified key and the cryptographic result, anddecrypt the encrypted transmission data and validate the cryptographic result using the one or more cryptographic algorithms and the session key,wherein the counter is independently updated by the contactless card and the client application for each transmission between the contactless card and the application,wherein the first applet is configured to establish a communication path to the second applet based on receipt of a message from the client application, andwherein the second applet is deactivated by the first applet via the communication path.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of systems and methods for data transmission between a contactless card and a client application are provided. A card key may be generated using a master key and identification number. A first and second session key may be generated using the card key and portions of the. A cryptographic result including the counter may be generated using one or more cryptographic algorithms and the card key. A cryptogram may be generated using the first session key and encrypted using the second session key. The application may be transmit one or more messages to the first applet of the contactless card. The first applet may be configured to establish one or more communication paths to the second applet based on receipt of the one or more messages from the client device. The second applet may be deactivated by the first applet via the one or more communication paths.

576 Citations

20 Claims

1. A card locking system comprising:
- a contactless card including one or more processors, and a memory, wherein the memory comprises a diversified master key, transmission data, first and second applets, and a counter;
  
  a client application comprising instructions for execution on a client device including a processor and a memory, the memory containing a master key,wherein the contactless card is configured to;
  
  generate a diversified key using the diversified master key, one or more cryptographic algorithms, and the counter,generate a cryptographic result including the counter using one or more cryptographic algorithms and the diversified key,encrypt the transmission data using the one or more cryptographic algorithms and the diversified key to yield encrypted transmission data, andtransmit the cryptographic result and encrypted transmission data to the client application; and
  
  wherein the application is configured to;
  
  generate an authentication diversified key based on the master key and a unique identifier,generate a session key based on the authentication diversified key and the cryptographic result, anddecrypt the encrypted transmission data and validate the cryptographic result using the one or more cryptographic algorithms and the session key,wherein the counter is independently updated by the contactless card and the client application for each transmission between the contactless card and the application,wherein the first applet is configured to establish a communication path to the second applet based on receipt of a message from the client application, andwherein the second applet is deactivated by the first applet via the communication path.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The card locking system of claim 1, wherein the second applet is deactivated for a predetermined period of time.
  - 3. The card locking system of claim 1, wherein the communication path comprises a secure channel.
  - 4. The card locking system of claim 1, wherein the second applet is reactivated based on one or more gestures by the contactless card to the client application.
  - 5. The card locking system of claim 4, wherein the one or more gestures comprises at least one selected from the group of a tap, a swipe, a wave, or any combination thereof.
  - 6. The card locking system of claim 4, wherein reactivation of the second applet occurs upon entry of the contactless card is placed into a communication field.
  - 7. The card locking system of claim 1, further comprising a server that is configured to provide one or more actions responsive to deactivation of the second applet.
  - 8. The card locking system of claim 7, wherein the one or more actions comprise transmission of one or more messages to the client application, the one or more messages including at least one selected from the group of:
    - a message indicative of deactivation of the contactless card for a predetermined period of time;
      
      a message indicative of location information of the contactless card;
      
      a message indicative of account information of the contactless card;
      
      a message indicative of loyalty or rewards points; and
      
      any combination thereof.
  - 9. The card locking system of claim 1, wherein the first applet is configured to monitor transaction information and a transaction amount associated with each transaction.
  - 10. The card locking system of claim 9, wherein the counter is adjusted for each transaction, the counter configured to increment for a predetermined number of transactions.
  - 11. The card locking system of claim 10, wherein, prior to deactivation of the second applet, the contactless card is configured for utilization of a predetermined scope and a predetermined duration, the deactivation of the second applet based on exceeding a threshold associated with the predetermined scope and the predetermined duration.

12. A method for locking a contactless card including a processor and a memory containing a master key, an identification number, a first applet, a second applet, and a counter, comprising:
- generating a card key using the master key and the identification number;
  
  generating a first session key using the card key and a first portion of the counter and a second session key using the card key and a second portion of the counter, wherein the first portion of the counter is different than the second portion of the counter;
  
  generating a cryptographic result including the counter using one or more cryptographic algorithms and the card key;
  
  generating a cryptogram using the first session key, the cryptogram including the cryptographic result and the identification number;
  
  encrypting the cryptogram using the second session key;
  
  transmitting the encrypted cryptogram and the cryptographic result;
  
  receiving a deactivation instruction to deactivate the contactless card;
  
  creating a communication path to the second applet; and
  
  deactivating the second applet via the communication path.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of locking a contactless card of claim 12, wherein the second applet is deactivated for a predetermined period of time.
  - 14. The method of locking a contactless card of claim 12, wherein the second applet is reactivated based on one or more gestures from the contactless card to a client application including instructions for execution on a client device.
  - 15. The method of locking a contactless card of claim 14, wherein the one or more gestures comprises at least one selected from the group of a tap, swipe, wave, or any combination thereof.
  - 16. The method of locking a contactless card of claim 14, wherein reactivation of the second applet occurs when the contactless card is placed within a communication field of the client application.
  - 17. The method of locking a contactless card of claim 12, further comprising:
    - providing, by one or more servers, one or more actions responsive to deactivation of the second applet.
  - 18. The method of locking a contactless card of claim 17, wherein the one or more actions comprise transmission of one or more messages to a client application including instructions for execution on a client device, the one or more messages including at least one selected from the group of:
    - a message indicative of deactivation of the contactless card for a predetermined period of time;
      
      a message indicative of location information of the contactless card;
      
      a message indicative of account information of the contactless card;
      
      a message indicative of loyalty or rewards points, and any combination thereof.
  - 19. The method of locking a contactless card of claim 12, wherein the counter is adjusted for each transaction, the counter configured to increment for a predetermined number of transactions.

20. A contactless card comprising:
- a processor and a memory, wherein the memory comprises first and second applets and a counter;
  
  wherein the first applet is configured to receive one or more messages,wherein the first applet is configured to create, based on receipt of the one or more messages, a communication path to the second applet,wherein the one or more messages are configured to deactivate the second applet of the contactless card,wherein the second applet is reactivated based on one or more gestures by the contactless card within a communication field, the one or more gestures comprises at least one selected from the group of a tap, swipe, wave, or any combination thereof, andwherein the counter is adjusted for each transaction, the counter configured to increment for a predetermined number of transactions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Rule, Jeffrey, Ilincic, Rajko
Primary Examiner(s)
Korsak, Oleg

Application Number

US16/590,153
Publication Number

US 20200106617A1
Time in Patent Office

189 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/0897   involving additional device...

H04L 9/14   using a plurality of keys o...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

H04L 9/3242   involving keyed hash functi...

Systems and methods for cryptographic authentication of contactless cards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

576 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for cryptographic authentication of contactless cards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

576 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links