Systems and methods for cryptographic authentication of contactless cards
First Claim
Patent Images
1. An authentication server comprising:
- a processor and memory, the memory including a master key, wherein the processor is configured to;
receive a transmission comprising a cryptographic result and encrypted transmission data, wherein;
the cryptographic result includes a counter value,the cryptographic result is generated using one or more cryptographic algorithms and a diversified key,the diversified key is generated using a diversified master key, one or more cryptographic algorithms, and the counter value, andthe encrypted transmission data is encrypted using the one or more cryptographic algorithms and the diversified key;
generate an authentication diversified key based on the master key and a unique identifier;
generate a session key based on the authentication diversified key and the cryptographic result;
decrypt the encrypted transmission data and validate the cryptographic result using the one or more cryptographic algorithms and the session key; and
update the counter value for each transmission received.
1 Assignment
0 Petitions
Accused Products
Abstract
Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.
547 Citations
30 Claims
-
1. An authentication server comprising:
a processor and memory, the memory including a master key, wherein the processor is configured to; receive a transmission comprising a cryptographic result and encrypted transmission data, wherein; the cryptographic result includes a counter value, the cryptographic result is generated using one or more cryptographic algorithms and a diversified key, the diversified key is generated using a diversified master key, one or more cryptographic algorithms, and the counter value, and the encrypted transmission data is encrypted using the one or more cryptographic algorithms and the diversified key; generate an authentication diversified key based on the master key and a unique identifier; generate a session key based on the authentication diversified key and the cryptographic result; decrypt the encrypted transmission data and validate the cryptographic result using the one or more cryptographic algorithms and the session key; and update the counter value for each transmission received. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
12. A method for transmitting data by a transmitting device having a processor and a memory, the memory containing a master key, an identification number, and a counter, the method comprising:
-
generating a device key using the master key and the identification number; generating a first session key using the device key and a first portion of the counter and a second session key using the device key and a second portion of the counter, wherein the first portion of the counter is different than the second portion of the counter; generating a cryptographic result including the counter using one or more cryptographic algorithms and the device key; generating a cryptogram using the first session key, the cryptogram including the cryptographic result and the identification number; encrypting the cryptogram using the second session key; and transmitting the encrypted cryptogram and the cryptographic result. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer readable non-transitory medium comprising instructions for execution on a processor and comprising the steps of:
-
receiving a transmission comprising a cryptographic result and encrypted transmission data, wherein; the cryptographic result includes a counter value, the cryptographic result is generated using one or more cryptographic algorithms and a diversified key, the diversified key is generated using a diversified master key, one or more cryptographic algorithms, and the counter value, and the encrypted transmission data is encrypted using the one or more cryptographic algorithms and the diversified key; generating an authentication diversified key based on a master key and a unique identifier; generating a session key based on the authentication diversified key and the cryptographic result; decrypting the encrypted transmission data and validate the cryptographic result using the one or more cryptographic algorithms and the session key; and updating the counter value for each transmission received. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification