Supporting proximity based security code transfer from mobile/tablet application to access device
US-9104853-B2 · Aug 11, 2015 · US
Systems and methods for cryptographic authentication of contactless cards
US11502844B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11502844-B2 |
| Application number | US-202016858357-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 24, 2020 |
| Priority date | Oct 2, 2018 |
| Publication date | Nov 15, 2022 |
| Grant date | Nov 15, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.
First claim
Opening claim text (preview).
What is claimed is: 1. An authentication server, comprising: a processor and a memory, the memory containing a master key and an identifier, wherein the processor is configured to: receive a transmission comprising encrypted transmission data, wherein: the encrypted transmission data is encrypted using one or more cryptographic algorithms and a diversified key, and the diversified key is generated using a diversified master key and the one or more cryptographic algorithms; generate an authentication diversified key based on the master key and the identifier; generate a session key based on the authentication diversified key; and decrypt the encrypted transmission data using the one or more cryptographic algorithms and the session key. 2. The authentication server of claim 1 , wherein the session key is limited to a single use. 3. The authentication server of claim 1 , wherein: the memory contains a counter, and the processor is configured to update the counter for each transmission received. 4. The authentication server of claim 1 , wherein a unique diversified session key is generated for each transmission. 5. The authentication server of claim 1 , wherein: the transmission comprises a cryptographic result including a counter, and the cryptographic result is generated using one or more cryptographic algorithms and the diversified key. 6. The authentication server of claim 5 , wherein a unique diversified session key is generated for each transmission using a portion of the counter. 7. The authentication server of claim 5 , wherein the diversified key is generated using the counter. 8. The authentication server of claim 1 , wherein the master key is limited to a predetermined number of uses. 9. The authentication server of claim 1 , wherein the authentication server is configured to receive the transmission from a transmitting device via one or more intermediary devices. 10. The authentication server of claim 9 , wherein the transmitting device comprises a contactless card and one of the one or more intermediary devices comprises a smartphone. 11. The authentication server of claim 10 , wherein the encrypted transmission data comprises activation data for a payment card. 12. A method for transmitting data by a transmitting device having a processor and a memory, the memory containing a master key and an identification number, the method comprising: generating a device key using the master key and the identification number; generating a first session key using the device key and a second session key using the device key; generating a cryptogram using the first session key, the cryptogram including the identification number; encrypting the cryptogram using the second session key; and transmitting the encrypted cryptogram. 13. The method of claim 12 , wherein the first session key and the second session key are limited to a single use. 14. The method of claim 12 , wherein a unique diversified session key is generated for each transmission by the transmitting device. 15. The method of claim 14 , wherein the memory contains a counter, comprising: generating a cryptographic result including the counter using one or more cryptographic algorithms and the device key; and transmitting the cryptographic result. 16. The method of claim 15 , wherein the first session key is generated using a first portion of the counter. 17. The method of claim 16 , wherein the second session key is generated using a second portion of the counter. 18. The method of claim 12 , wherein the master key is limited to use during a predetermined time period. 19. The method of claim 12 , wherein the transmitting device comprises a contactless card and the cryptogram comprises activation data for the contactless card. 20. A contactless card, comprising: a substrate; a memory containing a master key and an identification number; and a processor, wherein the processor is configured to: generate a device key using the master key and the identification number, generate a first session key using the device key and a second session key using the device key, generate a cryptogram using the first session key, the cryptogram including the identification number, encrypt the cryptogram using the second session key, and transmit the encrypted cryptogram. 21. The contactless card of claim 20 , wherein the first session key and the second session key are limited to a single use. 22. The contactless card of claim 20 , wherein: the memory contains a counter, and the processor is configured to: generate a cryptographic result including the counter using one or more cryptographic algorithms and the device key, and transmit the cryptographic result. 23. The contactless card of claim 22 , wherein the first session key is generated using a first portion of the counter. 24. The contactless card of claim 23 , wherein the second session key is generated using a second portion of the counter. 25. The contactless card of claim 22 , wherein the counter comprises a one-time passcode. 26. The contactless card of claim 20 , wherein: the memory contains a random nonce, and the processor is configured to generate the first session key using the random nonce. 27. The contactless card of claim 26 , wherein the processor is configured to generate the random nonce prior to each generation of the first session key. 28. The contactless card of claim 20 , wherein the master key is limited to use during a predetermined time period. 29. The contactless card of claim 20 , wherein: the cryptogram comprises activation data for the contactless card, and the processor is configured to transmit the encrypted cryptogram to an authentication server via one or more intermediary devices. 30. The contactless card of claim 20 , wherein one of the one or more intermediary devices comprises a smartphone.
Assignees
Inventors
Classifications
Countermeasures against attacks on cryptographic mechanisms (network architectures or network communication protocols for protection against malicious traffic H04L63/1441) · CPC title
- H04L9/3234Primary
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
using electronic wallets or electronic money safes · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Financial cryptography, e.g. electronic payment or e-cash · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11502844B2 cover?
- Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can ge…
- Who is the assignee on this patent?
- Capital One Services Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3234. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 15 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).