Blockchain for time-based release of information
US-2019296907-A1 · Sep 26, 2019 · US
Systems and methods for amplifying the strength of cryptographic algorithms
US12154105B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12154105-B2 |
| Application number | US-202117518387-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 3, 2021 |
| Priority date | Oct 2, 2018 |
| Publication date | Nov 26, 2024 |
| Grant date | Nov 26, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Example embodiments provide systems and methods for increasing the cryptographic strength of an encryption or message-authentication-code-(MAC) generation technique. According to some embodiments, a MAC may be constructed around a shared secret (such as a random initialization number), thereby increasing strength of the MAC against brute force attacks based on the size of the shared secret. The MAC may be combined with randomized data, and may also be encrypted to further bolster the strength of the code. These elements (shared secret, MAC algorithm, and encryption algorithm) may be employed in various combinations and to varying degrees, depending on the application and desired level of security. At each stage, the cryptographic construct operates on the cyptographically modified data from the previous stage. This layering of cryptographic constructs may increase the strength of the group of contrasts more efficiently than applying any one construct with a larger key size or similar increase in complexity.
First claim
Opening claim text (preview).
What is claimed is: 1. A non-transitory computer-readable medium storing instructions that, when executed by processing circuitry of a contactless card, cause the processing circuitry to: store a shared secret at personalization of the contactless card, the shared secret including a random number shared between the contactless card and a validation server at the personalization of the contactless card; determine data to communicate to a recipient; access the shared secret stored in memory of the contactless card; combine the shared secret and the data; generate, using a first key and a counter, a first diversified session key having a first number of bits; apply, utilizing the first diversified session key, a message authentication code (MAC) algorithm to the shared secret and the data to generate a MAC output; generate, using a second key different from the first key and the counter, a second diversified session key having a second number of bits; encrypt the MAC output with an encryption algorithm and the second diversified session key to generate encrypted data; and transmit the encrypted data to the recipient. 2. The medium of claim 1 , wherein the at least a part of the MAC output is combined with a random element, and the random element is transmitted to the recipient with the encrypted data. 3. The medium of claim 1 , wherein the shared secret is not directly sent as part of a transmission of the encrypted data to the recipient. 4. The medium of claim 1 , wherein the data is combined with the shared secret by multiplying the shared secret with the data. 5. The medium of claim 1 , wherein the data is combined with the shared secret by concatenating the data with at least a portion of the shared secret. 6. The medium of claim 1 , wherein the first diversified session key and the second diversified session key are different. 7. The medium of claim 1 , wherein utilizing the first diversified session key and the second diversified session key satisfies a security requirement. 8. The medium of claim 7 , wherein the security requirement includes a number of operations required to exhaustively search and determine the first diversified session key and the second diversified session key. 9. A computer-implemented method, comprising: storing, by a contactless card in a memory, a shared secret at personalization of the contactless card, the shared secret including a random number shared between the contactless card and a validation server at the personalization of the contactless card; determining, by the contactless card, data to communicate to a recipient; accessing, by the contactless card and from the memory the shared secret stored in the memory of the contactless card; combining, by the contactless card, the shared secret and the data; generating, by the contactless card using a first key and a counter, a first diversified session key having a first number of bits; applying, by the contactless card and utilizing the first diversified session key, a message authentication code (MAC) algorithm to the shared secret and the data to generate a MAC output; generating, by the contactless card using a second key different than the first key and the counter, a second diversified session key having a second number of bits; encrypting, by the contactless card, the MAC output with an encryption algorithm and the second diversified session key to generate encrypted data; and sending, by the contactless card via a transceiver, the encrypted data to the recipient. 10. The computer-implemented method of claim 9 , wherein the at least a part of the MAC output is combined with a random element, and the random element is transmitted to the recipient with the encrypted data. 11. The computer-implemented method of claim 9 , wherein the shared secret is not directly sent with the encrypted data to the recipient. 12. The computer-implemented method of claim 9 , wherein the data is combined with the shared secret by multiplying the shared secret with the data. 13. The computer-implemented method of claim 9 , wherein the data is combined with the shared secret by concatenating the data with at least a portion of the shared secret. 14. The computer-implemented method of claim 9 , wherein the first diversified session key and the second diversified session key are different. 15. The computer-implemented method of claim 9 , wherein utilizing the first diversified session key and the second diversified session key satisfies a security requirement. 16. The computer-implemented method of claim 15 , wherein the security requirement includes a number of operations required to exhaustively search and determine the first diversified session key and the second diversified session key. 17. A contactless card, comprising: memory configured to store instructions and a shared secret; processing circuitry coupled with the memory, the processing circuitry configured to process the instructions, that when executed, cause the processing circuitry to: store the shared secret in the memory during personalization of the contactless card, the shared secret including a random number; determine data to communicate to a recipient; access a shared secret stored in memory of the contactless card; combine the shared secret and the data; generate, using a first key and a counter, a first diversified session key having a first number of bits; apply, utilizing the first diversified session key, a message authentication code (MAC) algorithm to the shared secret and the data to generate a MAC output; generate, using a second key that is different from the first key and the counter, a second diversified session key having a second number of bits; encrypt the MAC output with an encryption algorithm and the second diversified session key to generate encrypted data; and transmit the encrypted data to the recipient. 18. The contactless card of claim 17 , wherein the at least a part of the MAC output is combined with a random element, and the random element is transmitted to the recipient with the encrypted data. 19. The contactless card of claim 17 , wherein utilizing the first diversified session key and the second diversified session key satisfies a security requirement. 20. The contactless card of claim 19 , wherein the security requirement includes a number of operations required to exhaustively search and determine the first diversified session key and the second diversified session key.
Assignees
Inventors
Classifications
Secret sharing or secret splitting, e.g. threshold schemes · CPC title
Business processing using cryptography · CPC title
using a plurality of keys or algorithms · CPC title
Financial cryptography, e.g. electronic payment or e-cash · CPC title
Contactless payments by cards · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12154105B2 cover?
- Example embodiments provide systems and methods for increasing the cryptographic strength of an encryption or message-authentication-code-(MAC) generation technique. According to some embodiments, a MAC may be constructed around a shared secret (such as a random initialization number), thereby increasing strength of the MAC against brute force attacks based on the size of the shared secret. The…
- Who is the assignee on this patent?
- Capital One Services Llc
- What technology area does this patent fall under?
- Primary CPC classification G06Q20/3829. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 26 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).