Authenticating users during and after suspicious voice calls and browsing
US-2024364684-A1 · Oct 31, 2024 · US
Contactless card personal identification system
US2021192881A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2021192881-A1 |
| Application number | US-202016826522-A |
| Country | US |
| Kind code | A1 |
| Filing date | Mar 23, 2020 |
| Priority date | Dec 23, 2019 |
| Publication date | Jun 24, 2021 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A dual-factor PIN based authentication system and method uses a cryptogram provided by a contactless card associated with the client in association with a PIN stored by the contactless card to authenticate the client. In some embodiments, cryptogram authentication may be preconditioned upon a PIN match determination by the contactless card. In other embodiments, the cryptogram may be formed at least in part using the personal identification number (PIN) stored on the contactless card encoded using a dynamic key stored by the contactless card and uniquely associated with the client. Authentication may be achieved by comparing the cryptogram formed using the PIN against an expected cryptogram generated an expected PIN and an expected dynamic key.
First claim
Opening claim text (preview).
1 . A non-transitory computer-readable storage medium comprising instructions that, when executed, cause a system to: process a personal identification number (PIN) received via a user interface to authenticate a transaction; communicate to a contactless card the PIN, and the contactless card to store a protected PIN associated with an account; determine a cryptogram is received from the contactless card, the cryptogram formed using a dynamic key of the contactless card, the dynamic key formed using a counter value maintained by the contactless card, wherein the cryptogram comprises contactless card data that is encoded using the dynamic key; communicate a request to authorize the transaction to an authentication system, the request including the cryptogram; receive a response to the request from the authentication system, the response to indicate whether the transaction is authorized or declined; and enable or prevent the transaction based on the response. 2 . The computer-readable storage medium of claim 1 , wherein the contactless card data that is encoded using the dynamic key to form the cryptogram includes the PIN stored on the contactless card, a shared secret, the counter value, or a combination thereof. 3 . The computer-readable storage medium of claim 1 , the system to prevent the transaction in response to the response indicating the transaction is declined. 4 . The computer-readable storage medium of claim 1 , the system to enable the transaction in response to the response indicating the transaction is authorized. 5 . The computer-readable storage medium of claim 1 , the system to determine the cryptogram is not received from the contactless card; prevent, in response to the cryptogram not received from the contactless card, the transaction. 6 . The computer-readable storage medium of claim 1 , wherein the cryptogram is received based on the PIN matching the protected PIN on the contactless card. 7 . The computer-readable storage medium of claim 1 , wherein the contactless card and the authentication system each use a same cryptographic hash algorithm to generate the dynamic key and an expected dynamic key. 8 . The computer-readable storage medium of claim 1 , wherein the contactless card data is encoded by applying a cryptographic hash function to the contactless card data. 9 . The computer-readable storage medium of claim 8 , wherein the cryptographic hash function is selected from a group of functions including a 3DES (Triple Data Encryption Algorithm), Advanced Encryption Standard (AES) 128, a symmetric Hash-Based Message Authentication (HMAC) algorithm, and a symmetric cypher-based message authentication code (CMAC) algorithm such as AES-CMAC. 10 . The computer-readable storage medium of claim 1 , wherein the authentication system includes one or more of a client device, a merchant device, an authentication server, or a combination thereof. 11 . A contactless card, comprising: a memory to store one or more protected personal identification numbers (PINs) and instructions, the instructions executable by processing circuitry; the processing circuitry, configured to execute the instructions, that when executed cause the processing circuitry to: receive an input PIN from a computing device; compare the input PIN to the one or more protected PINs stored in the memory; in response to the input PIN matching a protected PIN of the one or more protected PINs, generate a cryptogram using a dynamic key of the contactless card, the dynamic key formed using a counter value maintained by the contactless card, and wherein the cryptogram comprises contactless card data that is encoded using the dynamic key; and send the cryptogram to the computing device. 12 . The contactless card of claim 11 , the processing circuitry to determine the input PIN does not match any of the one or more protected PINs, and forgoing sending the cryptogram to the computing device. 13 . The contactless card of claim 11 , comprising a near-field communication (NFC) interface configured to communicate wirelessly, the NFC interface coupled with an NFC interface of the computing device to receive the input PIN and send the cryptogram. 14 . The contactless card of claim 11 , wherein the contactless card data is encoded using the dynamic key to form the cryptogram includes the protected PIN stored on the memory, a shared secret, the counter value, or a combination thereof. 15 . The contactless card of claim 11 , wherein the contactless card data is encoded by applying a cryptographic hash function to the contactless card data. 16 . The contactless card of claim 15 , wherein the cryptographic hash function is selected from a group of functions including a 3DES (Triple Data Encryption Algorithm), Advanced Encryption Standard (AES) 128, a symmetric Hash-Based Message Authentication (HMAC) algorithm, and a symmetric cypher-based message authentication code (CMAC) algorithm such as AES-CMAC. 17 . A computer-implemented method, comprising: receiving, by an interface of a contactless card, an input PIN from a mobile computing device; comparing, by circuitry of the contactless card, the input PIN to a one or more protected PINs stored in a memory of the contactless card; in response to the input PIN matching a protected PIN of the one or more protected PINs, generate, by the circuitry, a cryptogram using a dynamic key of the contactless card, the dynamic key formed using a counter value maintained by the contactless card, and wherein the cryptogram comprises contactless card data that is encoded using the dynamic key; and send, via the interface, the cryptogram to the mobile computing device. 18 . The computer-implemented method of claim 17 , comprising determining, by the circuitry, the input PIN does not match any of the one or more protected PINs, and forgoing sending the cryptogram to the computing device. 19 . The computer-implemented method of claim 17 , wherein the interface comprises a near-field communication (NFC) interface configured to communicate wirelessly, the NFC interface coupled with an interface of the mobile computing device to receive the input PIN and send the cryptogram. 20 . The computer-implemented method of claim 17 , wherein the contactless card data is encoded using the dynamic key to form the cryptogram includes the protected PIN stored on the memory, a shared secret, the counter value, or a combination thereof.
Assignees
Inventors
Classifications
- H04L63/0853Primary
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
using one-time keys (cryptographic mechanisms or cryptographic arrangements for generation of one-time passwords H04L9/0863) · CPC title
- G07F7/1008Primary
Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system · CPC title
Identity check for transactions · CPC title
combining multiple encryption tools for a transaction · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2021192881A1 cover?
- A dual-factor PIN based authentication system and method uses a cryptogram provided by a contactless card associated with the client in association with a PIN stored by the contactless card to authenticate the client. In some embodiments, cryptogram authentication may be preconditioned upon a PIN match determination by the contactless card. In other embodiments, the cryptogram may be formed at …
- Who is the assignee on this patent?
- Capital One Services Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0853. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jun 24 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).