User authentication at access control server using mobile device
US-2023062507-A1 · Mar 2, 2023 · US
Secure generation of one-time passcodes using a contactless card
US12175447B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12175447-B2 |
| Application number | US-202318451237-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 17, 2023 |
| Priority date | Jan 4, 2021 |
| Publication date | Dec 24, 2024 |
| Grant date | Dec 24, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, methods, apparatuses, and computer-readable media for secure generation of one-time passcodes using a contactless card. In one example, an operating system (OS) of a device may receive a uniform resource locator (URL) and a cryptogram from a contactless card. The OS may launch an application associated with the URL. The application may transmit the cryptogram to an authentication server. The application may receive a decryption result from the authentication server indicating the authentication server decrypted the cryptogram. Based on the decryption result, the application may request an OTP. The processor may receive an OTP from an OTP generator. The application may receive an input value and compare the input value to a copy of the OTP. The application may determine that the comparison results in a match, and display, based on the determination that the comparison results in the match, one or more attributes of the account.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: receiving, by a server, a request from an application executing on a device, the request comprising a uniform resource locator (URL) and a cryptogram, the cryptogram generated by a contactless card associated with an account; decrypting, by the server, the cryptogram; transmitting, by the server to the application, a decryption result indicating the server decrypted the cryptogram; receiving, by the server from the application based on the decryption result, a request for a one-time passcode (OTP); transmitting, by the server, the OTP to the application; receiving, by the server from the application, an input value; determining, by the server, the input value matches the OTP; and transmitting, by the server to the application based on the input value matching the OTP, a result indicating the match to authorize performance of a requested operation associated with the account on the device. 2. The method of claim 1 , wherein the server generates the OTP or receives the OTP from an OTP generator prior to transmitting the OTP to the application. 3. The method of claim 1 , wherein the requested operation comprises one or more of: (i) viewing one or more attributes of the account, (ii) transferring funds from the account, (iii) receiving funds, or (iv) processing a purchase using funds from the account. 4. The method of claim 3 , wherein the request for the OTP comprises a request to perform the operation. 5. The method of claim 1 , wherein the URL is directed to an application programming interface (API) endpoint of the server. 6. The method of claim 1 , wherein the request for the OTP comprises an identifier, wherein the identifier comprises one of an identifier of the contactless card or an identifier of the account. 7. The method of claim 6 , wherein the server transmits the OTP based on one of: (i) an email address associated with the identifier, (ii) a short message service (SMS) message at a phone number associated with the identifier, or (iii) a push notification based on a device identifier of the device associated with the identifier. 8. A non-transitory computer-readable storage medium, the computer-readable storage medium including instructions that when executed by a processor, cause the processor to: receive a request from an application executing on a device, the request comprising a uniform resource locator (URL) and a cryptogram, the cryptogram generated by a contactless card associated with an account; decrypt the cryptogram; transmit, to the application, a decryption result indicating the cryptogram was decrypted; receive, from the application based on the decryption result, a request for a one-time passcode (OTP); transmit the OTP to the application; receive, from the application, an input value; determine the input value matches the OTP; and transmit, to the application based on the input value matching the OTP, a result indicating the match to authorize performance of a requested operation associated with the account on the device. 9. The computer-readable storage medium of claim 8 , wherein the processor generates the OTP or receives the OTP from an OTP generator prior to transmitting the OTP to the application. 10. The computer-readable storage medium of claim 8 , wherein the requested operation comprises one or more of: (i) view one or more attributes of the account, (ii) transferring funds from the account, (iii) receiving funds, or (iv) processing a purchase using funds from the account. 11. The computer-readable storage medium of claim 10 , wherein the request for the OTP comprises a request to perform the operation. 12. The computer-readable storage medium of claim 8 , wherein the URL is directed to an application program interface (API) endpoint. 13. The computer-readable storage medium of claim 8 , wherein the request for the OTP comprises an identifier, wherein the identifier comprises one of an identifier of the contactless card or an identifier of the account. 14. The computer-readable storage medium of claim 13 , wherein the OTP is transmitted based on one of: (i) an email address associated with the identifier, (ii) a short message service (SMS) message at a phone number associated with the identifier, or (iii) a push notification based on a device identifier of the device associated with the identifier. 15. A computing apparatus comprising: a processor; and a memory storing instructions that, when executed by the processor, cause the processor to: receive a request from an application executing on a device, the request comprising a uniform resource locator (URL) and a cryptogram, the cryptogram generated by a contactless card associated with an account; decrypt the cryptogram; transmit, to the application, a decryption result indicating the cryptogram was decrypted; receive, from the application based on the decryption result, a request for a one-time passcode (OTP); transmit the OTP to the application; receive, from the application, an input value; determine the input value matches the OTP; and transmit, to the application based on the input value matching the OTP, a result indicating the match to authorize performance of a requested operation associated with the account on the device. 16. The computing apparatus of claim 15 , wherein the processor generates the OTP or receives the OTP from an OTP generator prior to transmitting the OTP to the application. 17. The computing apparatus of claim 15 , wherein the requested operation comprises one or more of: (i) view one or more attributes of the account, (ii) transferring funds from the account, (iii) receiving funds, or (iv) processing a purchase using funds from the account. 18. The computing apparatus of claim 17 , wherein the request for the OTP comprises a request to perform the operation. 19. The computing apparatus of claim 15 , wherein the URL is directed to an application program interface (API) endpoint. 20. The computing apparatus of claim 15 , wherein the request for the OTP comprises an identifier, wherein the identifier comprises one of an identifier of the contactless card or an identifier of the account, wherein the OTP is transmitted based on one of: (i) an email address associated with the identifier, (ii) a short message service (SMS) message at a phone number associated with the identifier, or (iii) a push notification based on a device identifier of the device associated with the identifier.
Assignees
Inventors
Classifications
Device specific authentication in transaction processing · CPC title
Verifying personal identification numbers [PIN] · CPC title
using an alias or single-use codes · CPC title
Use of electronic signatures · CPC title
Payments by cards read by M-devices · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12175447B2 cover?
- Systems, methods, apparatuses, and computer-readable media for secure generation of one-time passcodes using a contactless card. In one example, an operating system (OS) of a device may receive a uniform resource locator (URL) and a cryptogram from a contactless card. The OS may launch an application associated with the URL. The application may transmit the cryptogram to an authentication serve…
- Who is the assignee on this patent?
- Capital One Services Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0838. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).