Systems and methods for cryptographic authentication of contactless cards

US 10,778,437 B2
Filed: 10/18/2019
Issued: 09/15/2020
Est. Priority Date: 10/02/2018
Status: Active Grant

First Claim

Patent Images

1. An authentication server comprising:

a processor and memory, the memory including a master key, wherein the processor is configured to;

receive a transmission comprising a cryptographic result and encrypted transmission data, wherein;

the cryptographic result includes a counter value,the cryptographic result is generated using one or more cryptographic algorithms and a diversified key,the diversified key is generated using a diversified master key, one or more cryptographic algorithms, and the counter value, andthe encrypted transmission data is encrypted using the one or more cryptographic algorithms and the diversified key;

generate an authentication diversified key based on the master key and a unique identifier;

generate a session key based on the authentication diversified key and the cryptographic result;

decrypt the encrypted transmission data and validate the cryptographic result using the one or more cryptographic algorithms and the session key; and

update the counter value for each transmission received.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

547 Citations

30 Claims

1. An authentication server comprising:
- a processor and memory, the memory including a master key, wherein the processor is configured to;
  
  receive a transmission comprising a cryptographic result and encrypted transmission data, wherein;
  
  the cryptographic result includes a counter value,the cryptographic result is generated using one or more cryptographic algorithms and a diversified key,the diversified key is generated using a diversified master key, one or more cryptographic algorithms, and the counter value, andthe encrypted transmission data is encrypted using the one or more cryptographic algorithms and the diversified key;
  
  generate an authentication diversified key based on the master key and a unique identifier;
  
  generate a session key based on the authentication diversified key and the cryptographic result;
  
  decrypt the encrypted transmission data and validate the cryptographic result using the one or more cryptographic algorithms and the session key; and
  
  update the counter value for each transmission received.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The authentication server of claim 1, wherein the counter value comprises a one-time passcode.
  - 3. The authentication server of claim 1, wherein the one or more cryptographic algorithms include a cryptographic MAC function.
  - 4. The authentication server of claim 1, wherein a unique diversified session key is generated for each transmission.
  - 5. The authentication server of claim 4, wherein the unique diversified session key is generated using a portion of the counter value.
  - 6. The authentication server of claim 4, wherein the unique diversified session key is generated utilizing a different counter value.
  - 7. The authentication server of claim 1, wherein the master key is limited to a predetermined number of uses.
  - 8. The authentication server of claim 1, wherein the master key is limited to use during a predetermined time period.
  - 9. The authentication server of claim 1, wherein the authentication server is configured to receive the transmission from a transmitting device via one or more intermediary devices.
  - 10. The authentication server of claim 9, wherein the transmitting device comprises a contactless card and one of the one or more intermediary devices comprises a smartphone.
  - 11. The authentication server of claim 1, wherein the encrypted transmission data comprises activation data for a payment card.

12. A method for transmitting data by a transmitting device having a processor and a memory, the memory containing a master key, an identification number, and a counter, the method comprising:
- generating a device key using the master key and the identification number;
  
  generating a first session key using the device key and a first portion of the counter and a second session key using the device key and a second portion of the counter, wherein the first portion of the counter is different than the second portion of the counter;
  
  generating a cryptographic result including the counter using one or more cryptographic algorithms and the device key;
  
  generating a cryptogram using the first session key, the cryptogram including the cryptographic result and the identification number;
  
  encrypting the cryptogram using the second session key; and
  
  transmitting the encrypted cryptogram and the cryptographic result.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, wherein the counter value comprises a one-time passcode.
  - 14. The method of claim 12, wherein a unique diversified session key is generated for each transmission by the transmitting device.
  - 15. The method of claim 14, wherein the unique diversified session key is generated using a portion of the counter value.
  - 16. The method of claim 15, wherein the unique diversified session key is generated utilizing a different counter value.
  - 17. The method of claim 12, wherein the master key is limited to a predetermined number of uses.
  - 18. The method of claim 12, wherein the master key is limited to use during a predetermined time period.
  - 19. The method of claim 12, wherein the transmitting device comprises a contactless card and the cryptogram comprises activation data for the contactless card.

20. A computer readable non-transitory medium comprising instructions for execution on a processor and comprising the steps of:
- receiving a transmission comprising a cryptographic result and encrypted transmission data, wherein;
  
  the cryptographic result includes a counter value,the cryptographic result is generated using one or more cryptographic algorithms and a diversified key,the diversified key is generated using a diversified master key, one or more cryptographic algorithms, and the counter value, andthe encrypted transmission data is encrypted using the one or more cryptographic algorithms and the diversified key;
  
  generating an authentication diversified key based on a master key and a unique identifier;
  
  generating a session key based on the authentication diversified key and the cryptographic result;
  
  decrypting the encrypted transmission data and validate the cryptographic result using the one or more cryptographic algorithms and the session key; and
  
  updating the counter value for each transmission received.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 21. The computer readable non-transitory medium of claim 20, wherein the counter value comprises a one-time passcode.
  - 22. The computer readable non-transitory medium of claim 20, wherein the one or more cryptographic algorithms include a cryptographic MAC function.
  - 23. The computer readable non-transitory medium of claim 20, wherein a unique diversified session key is generated for each transmission.
  - 24. The computer readable non-transitory medium of claim 23, wherein the unique diversified session key is generated using a portion of the counter value.
  - 25. The computer readable non-transitory medium of claim 23, wherein the unique diversified session key is generated using a different counter value.
  - 26. The computer readable non-transitory medium of claim 20, wherein the master key is limited to a predetermined number of uses.
  - 27. The computer readable non-transitory medium of claim 20, wherein the master key is limited to use during a predetermined time period.
  - 28. The computer readable non-transitory medium of claim 20, wherein the transmission is received from a transmitting device via one or more intermediary devices.
  - 29. The computer readable non-transitory medium of claim 28, wherein the transmitting device comprises a contactless card and one of the one or more intermediary devices comprises a smartphone.
  - 30. The computer readable non-transitory medium of claim 29, wherein the cryptographic result comprises activation data for the contactless card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Osborn, Kevin, Rule, Jeffrey, Moreton, Paul, Duane, William, Hart, Colin, Newman, Kaitlin, Mossler, Lara, Herrington, Daniel, Chigurupati, Srinivasa, Prince, Ian, Lutz, Wayne
Primary Examiner(s)
Korsak, Oleg

Application Number

US16/657,813
Publication Number

US 20200106619A1
Time in Patent Office

333 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/6245   Protecting personal data, e...

G06F 21/77   in smart cards

G06K 19/07309   Means for preventing undesi...

G06K 7/10297   arrangements for handling p...

G06Q 10/087   Inventory or stock manageme...

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/12   specially adapted for elect...

G06Q 20/204   comprising interface for re...

G06Q 20/227   characterised in that multi...

G06Q 20/32   using wireless devices

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/352   Contactless payments by cards

G06Q 20/354   Card activation or deactiva...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/3563   Software being resident on ...

G06Q 20/36 : using electronic wallets or...

G06Q 20/3674 : involving authentication

G06Q 20/382 : insuring higher security of...

G06Q 20/3823 : combining multiple encrypti...

G06Q 20/3825 : Use of electronic signatures

G06Q 20/3829 : involving key management

G06Q 20/40 : Authorisation, e.g. identif...

G06Q 20/401 : Transaction verification

G06Q 20/4014 : Identity check for transact...

G06Q 20/409 : Device specific authenticat...

G06Q 20/4097 : using mutual authentication...

G06Q 20/40975 : using encryption therefor

G07F 7/0893 : the card reader reading the...

G07F 7/122 : Online card verification

G07F 9/001 : Interfacing with vending ma...

H04B 5/24 : Inductive coupling

H04B 5/43 : Antennas

H04B 5/77 : for interrogation

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/805 : Lightweight hardware, e.g. ...

H04L 2463/102 : applying security measure f...

H04L 63/0428 : wherein the data content is...

H04L 63/068 : using time-dependent keys, ...

H04L 63/08 : for authentication of entit...

H04L 63/0807 : using tickets, e.g. Kerbero...

H04L 63/0853 : using an additional device,...

H04L 63/1441 : Countermeasures against mal...

H04L 9/002 : Countermeasures against att...

H04L 9/0625 : with splitting of the data ...

H04L 9/0631 : Substitution permutation ne...

H04L 9/0637 : Modes of operation, e.g. ci...

H04L 9/0643 : Hash functions, e.g. MD5, S...

H04L 9/0822 : using key encryption key

H04L 9/0825 : using asymmetric-key encryp...

H04L 9/0861 : Generation of secret inform...

H04L 9/0863 : involving passwords or one-...

H04L 9/0866 : involving user or device id...

H04L 9/0891 : Revocation or update of sec...

H04L 9/0897 : involving additional device...

H04L 9/14 : using a plurality of keys o...

H04L 9/3228 : One-time or temporary data,...

H04L 9/3234 : involving additional secure...

H04L 9/3242 : involving keyed hash functi...

H04L 9/3271 : using challenge-response

H04W 12/041 : Key generation or derivation

H04W 12/108 : Source integrity

H04W 12/47 : using near field communicat...

H04W 4/80 : Services using short range ...

View All

Systems and methods for cryptographic authentication of contactless cards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

547 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for cryptographic authentication of contactless cards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

547 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links