What technology area does this patent fall under?

Primary CPC classification G06Q20/3829. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Systems and methods for amplifying the strength of cryptographic algorithms

US11210664B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11210664-B2
Application number	US-201916458961-A
Country	US
Kind code	B2
Filing date	Jul 1, 2019
Priority date	Oct 2, 2018
Publication date	Dec 28, 2021
Grant date	Dec 28, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Example embodiments provide systems and methods for increasing the cryptographic strength of an encryption or message-authentication-code-(MAC) generation technique. According to some embodiments, a MAC may be constructed around a shared secret (such as a random initialization number), thereby increasing strength of the MAC against brute force attacks based on the size of the shared secret. The MAC may be combined with randomized data, and may also be encrypted to further bolster the strength of the code. These elements (shared secret, MAC algorithm, and encryption algorithm) may be employed in various combinations and to varying degrees, depending on the application and desired level of security. At each stage, the cryptographic construct operates on the cyptographically modified data from the previous stage. This layering of cryptographic constructs may increase the strength of the group of contrasts more efficiently than applying any one construct with a larger key size or similar increase in complexity.

First claim

Opening claim text (preview).

What is claimed is: 1. A non-transitory computer-readable medium storing instructions that, when executed by a processor, cause the processor to: access information to be encoded, the information pertaining to a contactless card for which authentication is requested by a recipient; access a shared secret stored on the contactless card that is also known to the recipient; combine the shared secret and the information to be encoded to generate combined information; retrieve a first master key and a counter value from a memory of the contactless card; generate a first diversified session key having a first number of bits with the first master key and the counter value; apply a message authentication code (MAC) algorithm, utilizing the first diversified session key, to the combined information to generate a MAC output; determine if the first number of bits for the first diversified session key satisfies a security requirement; in response to determining the first number of bits satisfies the security requirement, transmit the MAC output to the recipient; and in response to determining the first number of bits does not satisfy the security requirement, the processor to: retrieve a second master key from the memory of the contactless card; generate a second diversified session key having second number of bits with the second master key and the counter value, wherein the first diversified session key and the second diversified session key are different keys; apply an encryption algorithm, utilizing the second diversified key, to the MAC output to generate encrypted output; determine a summation of the first number of bits and the second number of bits satisfies the security requirement; and transmit the encrypted output to the recipient. 2. The medium of claim 1 , wherein the at least a part of the MAC output is combined with a random element, and the random element is transmitted to the recipient with the encrypted output. 3. The medium of claim 1 , wherein the shared secret is a random number used to initialize the contactless card. 4. The medium of claim 1 , wherein the information to be encoded is state information relating to the contactless card. 5. The non-transitory computer-readable medium of claim 1 , the processor to combine the shared secret with the information by multiplying the shared secret with the information. 6. The non-transitory computer-readable medium of claim 1 , the processor to combine the shared secret with the information by concatenating the information with at least a portion of the shared secret. 7. The non-transitory computer-readable medium of claim 1 , wherein the summation of the first number of bits and the second number of bits is greater than or equal to the security requirement. 8. A method comprising: accessing information to be encoded, the information pertaining to a contactless card for which authentication is requested by a recipient; accessing a shared secret stored on the contactless card that is also known to the recipient; combining the shared secret and the information to be encoded to generate combined information; retrieving a first master key and a counter value from a memory of the contactless card; generating a first diversified session key having a first number of bits using the first master key and the counter value; applying a message authentication code (MAC) algorithm, using the first diversified session key, to the combined information to generate a MAC output; determining the first number of bits for the first diversified session key does not satisfy a security requirement; in response to determining the first number of bits for the first diversified session key does not satisfy the security requirement, the method includes: retrieving a second master key from the memory of the contactless card; generating the second diversified session key having a second number of bits using the second master key and the counter value, wherein the first diversified session key and the second diversified session key are different keys; applying an encryption algorithm, utilizing the second diversified key, to at least a part of the MAC output to generate encrypted output; determining a summation of the first number of bits and the second number of bits satisfies the security requirement; and transmitting the encrypted output to the recipient. 9. The method of claim 8 , wherein the at least a part of the MAC output is combined with a random element, and the random element is transmitted to the recipient with the encrypted. 10. The method of claim 8 , wherein the shared secret is a random number used to initialize the contactless card. 11. The method of claim 8 , wherein the information to be encoded is state information relating to the contactless card. 12. The method of claim 8 , wherein combining the shared secret with the information comprises multiplying the shared secret with the information. 13. The method of claim 8 , wherein combining the shared secret with the information comprising concatenating the information with at least a portion of the shared secret. 14. The method of claim 8 , wherein the summation of the first number of bits and the second number is greater than or equal to the security requirement. 15. A contactless payment card, comprising: a memory to store a secret shared with a recipient a first master key, a second master key, and a counter value; a processor configured to perform an encryption procedure on information to be encoded, the information pertaining to the contactless card for which authentication is requested by the recipient, and the processor, when performing the encryption procedure, to: combine the information to be encoded with the shared secret, retrieve the first master key, the second master key, and the counter value, generate a first diversified session key having a first number of bits using the first master key with the counter value, apply a message authentication code (MAC) algorithm using the first diversified session key to the combined information to generate a MAC output, determine if the first number of bits for the first diversified session key satisfies a security requirement, in response to the first number of bits satisfying the security requirement, transmit, via a transmitter, the MAC output to the recipient, in response to the first number of bits not satisfying the security requirement, the processor to: generate a second diversified session key having a second number of bits with the second master key and the counter value, wherein the first diversified session key and the second diversified session key are different keys, apply an encryption algorithm using the second diversified session key to the MAC output to generate encrypted output, determine a summation of the first number of bits and the second number of bits satisfies the security requirement, and transmit, via the transmitter the encrypted output to the recipient. 16. The contactless card of claim 15 , wherein the at least a part of the MAC output is combined with a random element, and the random element is transmitted to the recipient with the at least a part of the MAC output. 17. The contactless card of claim 15 , wherein the shared secret is a random number used to initialize the contactless card. 18. The contactless payment card of claim 15 , the processor to combine the shared secret with the information by multiplying the shared secret with the information. 19. The contactless payment card of claim 15 , the proces

Assignees

Capital One Services Llc

Inventors

Classifications

G06Q20/3829Primary
involving key management · CPC title
H04L9/085
Secret sharing or secret splitting, e.g. threshold schemes · CPC title
H04L9/3242
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
G06Q20/4097
using mutual authentication between devices and transaction partners · CPC title
H04L9/14
using a plurality of keys or algorithms · CPC title

Patent family

Related publications grouped by family.

View patent family 70051742

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11210664B2 cover?: Example embodiments provide systems and methods for increasing the cryptographic strength of an encryption or message-authentication-code-(MAC) generation technique. According to some embodiments, a MAC may be constructed around a shared secret (such as a random initialization number), thereby increasing strength of the MAC against brute force attacks based on the size of the shared secret. The…
Who is the assignee on this patent?: Capital One Services Llc
What technology area does this patent fall under?: Primary CPC classification G06Q20/3829. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).