System and method for dynamic generation of URL by smart card

US 10,769,299 B2
Filed: 07/12/2018
Issued: 09/08/2020
Est. Priority Date: 07/12/2018
Status: Active Grant

First Claim

Patent Images

1. A smart card comprising:

a substrate;

a memory embedded in the substrate, wherein the memory contains an applet, a counter, and a unique customer identifier;

a contactless communication interface embedded in the substrate; and

a microprocessor embedded in the substrate,wherein the microprocessor is in data communication with the memory and the contactless communication interface,wherein, after entry of the contactless communication interface into a communication field of a communication device, the microprocessor increments the counter and synchronizes the value of the counter with a second counter stored in the communication device,wherein the applet generates a unique one-time uniform resource locator (URL) by cryptographically hashing the incremented value of the counter and the unique customer identifier,wherein the unique one-time URL is transmitted to the communication device via the contactless communication interface, andwherein the communication device synchronizes the incremented value of the second counter value with a third counter stored in a server prior to the transmission of the unique one-time URL.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of a smart card and systems and methods for secure data access using a smart card are described. The smart card may be formed a substrate and may include a microprocessor, a memory containing an applet, a counter, and a unique identifier. The smart card may dynamically generate a unique uniform resource location (URL) and transmit the URL to via a contactless communication interface to securely facilitate data access from other devices.

64 Citations

View as Search Results

19 Claims

1. A smart card comprising:
- a substrate;
  
  a memory embedded in the substrate, wherein the memory contains an applet, a counter, and a unique customer identifier;
  
  a contactless communication interface embedded in the substrate; and
  
  a microprocessor embedded in the substrate,wherein the microprocessor is in data communication with the memory and the contactless communication interface,wherein, after entry of the contactless communication interface into a communication field of a communication device, the microprocessor increments the counter and synchronizes the value of the counter with a second counter stored in the communication device,wherein the applet generates a unique one-time uniform resource locator (URL) by cryptographically hashing the incremented value of the counter and the unique customer identifier,wherein the unique one-time URL is transmitted to the communication device via the contactless communication interface, andwherein the communication device synchronizes the incremented value of the second counter value with a third counter stored in a server prior to the transmission of the unique one-time URL.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system for the secure access of information of claim 1, wherein prior to sending financial information to the client application, the server requests entry of authentication information on the client application.
  - 3. The system for the secure access of information of claim 2, wherein the server requests entry of authentication information based on the sensitivity of the financial information.
  - 4. The system for the secure access of information of claim 2, wherein the authentication information is at least one of a password, fingerprint scan, and a facial scan.
  - 5. The system for the secure access of information of claim 1, wherein the client application appends information identifying itself to the unique one-time URL transmitted to the server.
  - 6. The system for the secure access of information of claim 5, wherein the server declines to send financial information to the client application based on the identifying information appended to the unique one-time URL by the client application.
  - 7. The system for the secure access of information of claim 1, wherein the client application appends location information to the unique one-time URL transmitted to the server.
  - 8. The system for the secure access of information of claim 1, wherein the communication device is placed in a fixed location and the client application appends information relating to its location to the unique one-time URL transmitted to the server.
  - 9. The system for the secure access of information of claim 1, wherein the client application is located in a commercial location and the client application appends information relating to the commercial location to the unique one-time URL transmitted to the server.
  - 10. The system for the secure access of information of claim 9, wherein, upon receipt of the unique one-time URL, the server provides location-specific data to the client application based on the information appended to the unique one-time URL.
  - 11. The system for the secure access of information of claim 1, wherein the client application displays the financial information received from the server in one of a browser or a second application.
  - 12. The system for the secure access of information of claim 1, wherein the contactless communication interface is configured to support at least one of near field communication and a body area network.

13. A system for the secure access of information, comprising:
- a server containing financial information;
  
  a smart card including a microprocessor, a contactless communication interface, and a memory storing an applet, a counter, and a unique customer identifier; and
  
  a client application comprising instructions for execution on a communication device having a communication field,wherein after entry of the contactless communication interface into the communication field;
  
  the microprocessor is configured to increment a value stored in the counter and synchronize the incremented counter value with the client application,the applet is configured to generate a unique one-time uniform resource locator (URL) by cryptographically hashing the incremented value of the counter and the unique customer identifier, andthe contactless communication interface is configured to transmit the unique one-time URL to the client application;
  
  wherein the client application synchronizes the incremented counter value with the server prior to transmitting the unique one-time URL;
  
  wherein upon receipt of the unique one-time URL, the client application opens the unique one-time URL to display financial information received from the server, andwherein the server recreates the cryptographic hash using the incremented value of the counter value prior to the display of financial information by the client application.

14. A method of accessing of information, the method comprising:
- bringing a smart card containing a contactless communication interface, a microprocessor, and a memory storing an applet, a counter, and a unique customer identifier, into the communication field of a communication device;
  
  incrementing a value stored in the counter and synchronizing the value with a counter contained in the communication device;
  
  synchronizing the incremented counter value with a counter contained in the server;
  
  generating a unique one-time uniform resource locator (URL) by cryptographically hashing the incremented counter value and the unique customer identifier;
  
  transmitting the unique one-time URL to a client application comprising instructions for execution on the communication device via the contactless communication interface;
  
  appending location information relating to the communication device to the unique URL;
  
  transmitting the unique one-time URL to a server containing financial information;
  
  recreating the cryptographic hash by the server using an expected counter value and the unique customer identifier;
  
  comparing the cryptographic hash recreated by the server to the unique one-time URL transmitted to the server; and
  
  transmitting financial information from the server to the client application if the recreated cryptographic hash matches the unique one-time URL.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of accessing of information of claim 14, wherein the communication device is in a commercial location and the appended information relates to the commercial location.
  - 16. The method of accessing of information of claim 14, further comprising receiving location-specific data from the server in response to the appended location information.
  - 17. The method of accessing of information of claim 14, further comprising entering at least one of a password, fingerprint scan, or facial scan prior to receiving financial information from the server.
  - 18. The method of accessing of information of claim 14, further compromising appending information identifying the communication device to the unique one-time URL before transmitting the unique one-time URL to the server.
  - 19. The method of accessing of information of claim 18, wherein upon review of the information identifying the communication device appended to the unique one-time URL by the server, requesting additional authentication information prior to transmitting financial information from the server to the communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Rule, Jeffrey, Lutz, Wayne, Moreton, Paul, Osborn, Kevin
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US16/034,229
Publication Number

US 20200019725A1
Time in Patent Office

789 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/6245   Protecting personal data, e...

G06K 19/0723   the record carrier comprisi...

G06Q 20/326   Payment applications instal...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/352   Contactless payments by cards

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/126   the source of the received ...

System and method for dynamic generation of URL by smart card

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for dynamic generation of URL by smart card

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links