Methods and Systems for Two-Factor Authentication Using Contactless Chip Cards or Devices and Mobile Devices or Dedicated Personal Readers

US 20070278291A1
Filed: 12/22/2006
Published: 12/06/2007
Est. Priority Date: 12/22/2005
Status: Active Grant

First Claim

Patent Images

1. A method of generating authentication data for use in a transaction comprising:

providing a contactless chip device having pre-stored secret data, configured to communicate with a mobile device;

inputting a first input value into said mobile device;

placing said contactless chip device in a proximity to said mobile device to instantiate communication between said contactless chip device and said mobile device;

communicating data derived from said first input value from said mobile device to said contactless chip device;

converting data derived from said first input value and said pre-stored secret data, into at least one dynamic value;

communicating said dynamic value from said contactless chip device to said mobile device; and

communicating authentication data based at least in part on said dynamic value to a user of said mobile device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generating authentication data for use in a transaction by providing a contactless payment device or smart card configured to communicate with a mobile device, placing the contactless chip card in a proximity to the mobile device to instantiate communication between the contactless chip card and the mobile device, inputting a first input value into the mobile device, communicating data derived from the first input value from the mobile device to the contactless chip card, the contactless chip card converting a set of conversion data, including the first input value, into at least one dynamic value based at least in part on a secret value, communicating the dynamic value from the contactless chip card to the mobile device, and communicating authentication data based at least in part on the dynamic value to a user. In some embodiments the first input value is a Personal Identification Number (PIN), a challenge, or both a PIN and a challenge.

255 Citations

24 Claims

1. A method of generating authentication data for use in a transaction comprising:
- providing a contactless chip device having pre-stored secret data, configured to communicate with a mobile device;
  
  inputting a first input value into said mobile device;
  
  placing said contactless chip device in a proximity to said mobile device to instantiate communication between said contactless chip device and said mobile device;
  
  communicating data derived from said first input value from said mobile device to said contactless chip device;
  
  converting data derived from said first input value and said pre-stored secret data, into at least one dynamic value;
  
  communicating said dynamic value from said contactless chip device to said mobile device; and
  
  communicating authentication data based at least in part on said dynamic value to a user of said mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising said mobile device generating a second input value, said mobile device communicating said second input value to said contactless chip device, and said converting step further comprising converting data derived from said second input value.
  - 3. The method of claim 1 wherein said contactless chip device stores a transaction counter, said converting step further comprising converting data derived from said transaction counter.
  - 4. The method of claim 3 further comprising advancing said transaction counter by a predetermined value in response to said converting step.
  - 5. The method of claim 1 wherein said first input value comprises a PIN.
  - 6. The method of claim 5 wherein said first input value further comprises a challenge number.
  - 7. The method of claim 1 wherein said authentication data further comprises a representation of at least part of said first input value.
  - 8. The method of claim 2 wherein said authentication data further comprises a representation of at least part of said second input value.
  - 9. The method of claim 3 wherein said authentication data further comprises a representation of at least part of said transaction counter.
  - 10. The method of claim 1 wherein said mobile device is a mobile phone capable of Near Field Communication.
  - 11. The method of claim 1 wherein said mobile device comprises a visual interface and said communicating said authentication data comprises displaying said authentication data on said visual interface.

12. A method of operating a mobile device to generate authentication data for use in a transaction comprising:
- operating said mobile device in accordance with a first mode of operation wherein said mobile device is capable of permitting voice communication between a user of said mobile device and a third party; and
  
  operating said mobile device in accordance with a second mode of operation in response to a command, said second mode of operation comprising;
  
  receiving a first input value;
  
  communicating data derived from said first input value to a contactless chip device via near field communication;
  
  receiving a dynamic value from said contactless chip device; and
  
  communicating authentication data based at least in part on said dynamic value to a verification entity.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, wherein said first input value is a PIN.
  - 14. The method of claim 12, wherein said first input value is a challenge number.
  - 15. The method of claim 12, wherein said communication authentication data comprises displaying authentication data to a user via a display device.
  - 16. The method of claim 12, wherein said verification entity is an institution that maintains account data associated with said contactless chip device.
  - 17. The method of claim 16, wherein said step of communicating authentication data comprises displaying said authentication data to a user, and said user entering said authentication data into a personal computer for transmission over a data network.
  - 18. The method of claim 17, wherein said data network is the internet.
  - 19. The method of claim 16, wherein said step of communicating authentication data comprises transmitting said authentication data via a data network to said institution.
  - 20. The method of claim 16, wherein said institution is the financial institution that issued the contactless chip device.

21. A mobile device for generating authentication data, comprising:
- a data entry device capable of receiving data from a user;
  
  a communications device capable of communicating with a contactless chip device;
  
  a display capable of displaying data to a user; and
  
  a processor programmed with instructions having functionality for;
  
  receiving a first input value from said data entry device;
  
  communicating data derived from said first input value to a contactless chip device and receiving a responsive dynamic value using said transceiver; and
  
  communicating authentication data based at least in part on said responsive dynamic value via said display.
- View Dependent Claims (22, 23, 24)
- - 22. The mobile device of claim 21, wherein said first input value is a PIN.
  - 23. The mobile device of claim 21, wherein said first input value is a challenge number.
  - 24. The mobile device of claim 21, further comprising:
    - a microphone;
      
      a speaker;
      
      a transceiver in electrical communication with said microphone and said speaker, capable of receiving and transmitting signals for voice communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Vanneste, Paul, Rans, Jean-Paul

Granted Patent

US 8,511,547 B2
Time in Patent Office

Days
Field of Search
US Class Current

235/380
CPC Class Codes

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 2221/2115   Third party

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 63/0853   using an additional device,...

Methods and Systems for Two-Factor Authentication Using Contactless Chip Cards or Devices and Mobile Devices or Dedicated Personal Readers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

255 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and Systems for Two-Factor Authentication Using Contactless Chip Cards or Devices and Mobile Devices or Dedicated Personal Readers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

255 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links