Multi-factor authentication providing a credential via a contactless card for secure messaging
First Claim
1. A computing device implemented method, comprising:
- receiving a message at a computing device from a Short Message Service (SMS) capable device have an associated phone number, wherein the message indicates a desire to initiate an SMS session and wherein the message includes a secure component;
decrypting the secure component to obtain a hash of at least a onetime password and an account identifier;
extracting the onetime password and the account identifier;
determining if the onetime password is valid;
determining what account is associated with the account identifier;
accessing what phone number is connected with the determined account;
determining if the associated phone number is a matching phone number that matches the phone number connected with the account;
where the password is valid and the associated phone number is a matching phone number, initiating a secure SMS session by sending an SMS message to the SMS capable device; and
where the password is not valid and/or the associated password is not a matching phone number, rejecting initiation of the secure SMS session with the SMS capable device;
wherein the computing device maintains a counter and wherein the computing device uses a value of the counter in determining whether a password has expired; and
wherein the counter maintained by the computing device is in synch with a counter maintained by the contactless card.
1 Assignment
0 Petitions
Accused Products
Abstract
Exemplary embodiments may use a contactless card as a secondary form of authentication in a multi-factor authentication for a secure messaging service. The recipient party of a request to initiate a messaging service session (such as a server computing device) may be programmed to use the phone number of the originating device to look up records regarding an identity of a party and their associated phone number as a primary credential and then may require an authentication credential originating from the contactless card as a secondary credential for the initiating party. In some instances, the credential originating from the contactless card is a onetime password that is valid only for a period of time. The recipient party determines whether the onetime password is valid. If both credentials are valid, a secure messaging session may be initiated with the initiating party.
555 Citations
13 Claims
-
1. A computing device implemented method, comprising:
-
receiving a message at a computing device from a Short Message Service (SMS) capable device have an associated phone number, wherein the message indicates a desire to initiate an SMS session and wherein the message includes a secure component; decrypting the secure component to obtain a hash of at least a onetime password and an account identifier; extracting the onetime password and the account identifier; determining if the onetime password is valid; determining what account is associated with the account identifier; accessing what phone number is connected with the determined account; determining if the associated phone number is a matching phone number that matches the phone number connected with the account; where the password is valid and the associated phone number is a matching phone number, initiating a secure SMS session by sending an SMS message to the SMS capable device; and where the password is not valid and/or the associated password is not a matching phone number, rejecting initiation of the secure SMS session with the SMS capable device; wherein the computing device maintains a counter and wherein the computing device uses a value of the counter in determining whether a password has expired; and wherein the counter maintained by the computing device is in synch with a counter maintained by the contactless card. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A Short Message Service (SMS) capable device-implemented method, comprising:
-
receiving a cryptographically secure onetime password from a contactless card at the SMS capable device via a near field communication, wherein; the cryptographically secure onetime password comprises an encrypted hash of at least the onetime password and an account identifier, the onetime password is encrypted by a symmetric encryption algorithm, and the onetime password is valid for only a set period of time; sending a message from the SMS capable device to a party to request initiation of a secure SMS session, wherein the message includes the cryptographically secure onetime password and wherein the SMS capable device has an associated phone number; and where the password is valid and where the phone number of the SMS capable device is associated with an account identified by the account identifier, receiving an SMS message from the party at the SMS capable device; wherein the sending the message from the SMS capable device comprises one of sending the message to a website for the party or sending the message directly to the party. - View Dependent Claims (8, 9, 10)
-
-
11. A method performed by a contactless card, comprising:
-
initiating a near field communication (NFC) session with a computing device;
as part of the NFC session,communicating with an application program running on the computing device; passing at least a onetime password and an account identifier through a hash function to create a hash value; encrypting the hash value; passing the encrypted hash value to the application running on the computing device; and prompting the application to send a message to a remote computing device to initiate a messaging session with the remote computing device where the message includes the encrypted hash value as evidence of an identity of a party that wishes to initiate the messaging session; wherein the onetime password is a time-based password; wherein the contactless card maintains a counter and a value of the counter is used in creating the encrypted hash value; where the value of the counter is passed through the hash function; and wherein the value of the counter is passed through the hash function along with the onetime password and the account identifier. - View Dependent Claims (12, 13)
-
Specification