EP3465980A1 - Amélioration de la sécurité au moyen de clés éphémères pour une carte virtuelle logicielle sans contact dans un téléphone mobile - Google Patents

Amélioration de la sécurité au moyen de clés éphémères pour une carte virtuelle logicielle sans contact dans un téléphone mobile

Info

Publication number
EP3465980A1
EP3465980A1 EP17805942.4A EP17805942A EP3465980A1 EP 3465980 A1 EP3465980 A1 EP 3465980A1 EP 17805942 A EP17805942 A EP 17805942A EP 3465980 A1 EP3465980 A1 EP 3465980A1
Authority
EP
European Patent Office
Prior art keywords
mobile device
transient
identifier
idn
dkn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP17805942.4A
Other languages
German (de)
English (en)
Inventor
Mathew Smith
Dayan Nirosha BANDULA
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Silverleap Technology Ltd
Original Assignee
Silverleap Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Silverleap Technology Ltd filed Critical Silverleap Technology Ltd
Publication of EP3465980A1 publication Critical patent/EP3465980A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • the invention relates to a method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using an adapted communication protocol, such as Near Field Communication (NFC) protocol.
  • DK derived key
  • NFC Near Field Communication
  • the invention can be used to increase the security of software emulations of contactless smartcards in NFC (Near Field Communication) mobile phones.
  • NFC Near Field Communication
  • HCE Home Card Emulation
  • TEE Trusted Execution Environment
  • white-box cryptography compilers
  • the risk for the transit operator would be the extraction of the keys of the virtual card from the mobile phone. This process would take a non-negligible amount of time due to the physical and logical complexity, and nature of the attack itself. This means that if a key is actually extracted from a phone then it could potentially be used to perform fraudulent transactions on the transport infrastructure. Therefore, a method for easily limiting the valid life of keys in a virtual card would be beneficial, so that even if they were extracted, they could not be used. For such an invention to be useful it needs to be compatible and implementable in existing contactless based environments, with minimal impact in terms of changes to software infrastructures. In addition, the validity needs to be independent of any network connection of the mobile phone, since there is no guarantee that the phone will have access to a network at the start of a contactless transaction.
  • the invention relates to a method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using Near Field Communication (NFC) protocol, the method comprising: - obtaining a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp,
  • a hardware related component such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device
  • a software related component such as a time stamp
  • the invention relates to a method for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the reader device comprising a master key and the mobile device comprising a derived key, wherein the method comprises:
  • IDn a first transient identifier for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp,
  • a hardware related component such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device
  • a software related component such as a time stamp
  • the provisioning server comprising the master key (MK)
  • the first transient identifier (IDn) is valid, calculating, in the reader device by means of the master key and the first transient identifier (IDn), the first transient derived key (DKn),
  • the invention relates to a system for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using an adapted communication protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising an identifier, such as the unique ID (UID) of an Integrated Circuit (IC) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises:
  • an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp,
  • a hardware related component such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device
  • a software related component such as a time stamp
  • provisioning server comprising the master key (MK), wherein the provisioning server comprises:
  • the mobile device further comprising: - means for receiving and storing the first transient derived key (DKn) to allow the mobile device to securely communicate with a reader device using an adapted communication protocol.
  • the invention relates to a system for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising identifier, such as the unique ID (UID) of an Integrated Circuit (IC) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises:
  • an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp,
  • a hardware related component such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device
  • a software related component such as a time stamp
  • the provisioning server comprising the master key (MK), wherein the provisioning server comprises:
  • the mobile device further comprising:
  • the reader device comprises:
  • the mobile device comprising:
  • This invention proposes a mechanism for limiting the validity of the keys of a virtual contactless card installed in a mobile phone, as a means of limiting the time window for which a particular key is vulnerable.
  • the implication is that by using this method in conjunction with additional system based security features, such as a TEE or white-box cryptography, an attacker who successfully extracts a key from a phone would not be able to use it because the validity of that key would have expired.
  • communication is possible between a mobile device and a reader device only if the reader device comprises a valid ID and a valid derived key, wherein the reader device comprises a master key and means to check the validity of the ID and the derived key of the mobile device.
  • the time window for which a derived key (on a virtual card) can be used in combination with a master key (on a reader) is limited.
  • the mobile device first receives a first transient derived key (DKn) which is valid for a determined time interval.
  • DKn first transient derived key
  • the mobile device can no longer communicate with the reader device using the first transient derived key (DKn).
  • DKn+1 further transient derived key
  • the further transient derived key (DKn+1 ) can be used until the end of its validity or until it is replaced by yet a further transient derived key (DKn+2).
  • the mobile device In order to allow the mobile device to receive a sequence of derived keys (DKn, DKn+1 , DKn+2, etc.) the mobile device should be able to generate a sequence of unique ID's for the mobile device.
  • the mobile device comprises an application to generate transient identifiers (ID), each transient identifier (ID) having a determined an limited time period wherein the transient identifier (ID) is valid.
  • the application in the mobile device will generate a first transient identifier (IDn) by combining a hardware component for the transient identifier with a software component for the transient identifier.
  • the hardware component of the transient identifier is, for instance, the Unique Identifier (UID) of the integrated circuit (IC) used in the mobile device.
  • the software component is, for instance, a time stamp.
  • the advantage of using both a hardware component and a software component is, that for a single mobile device a sequence of unique transient identifiers (IDn, IDn+1 , IDn+2, etc.) can be generated.
  • the software related part of the transient identifier (ID) can be used to check the validity of the transient identifier (ID). This checking of the validity of the transient identifier (ID) is, for instance, executed in the reader device.
  • the checker in the reader device can, for instance, determine whether the transient identifier (IDx) is valid, for instance, by checking whether the transient identifier (IDx) is in accordance with the other transient identifiers in an array of identifiers (IDx-2, IDx-1 , IDx). If the validity of the transient ID can not be established, the reader device can abort the communication with the mobile device.
  • the invention comprises the following parts:
  • a mobile phone containing one or more security features protecting software for the virtual contactless card execution, including cryptographic keys and other sensitive data;
  • a provisioning server that calculates new transient ID's and derived keys for a virtual card and sends them to the virtual card using one or more additional security features of the mobile phone.
  • the application There is a part of the application that provides user interface and network communication (amongst other functions) and runs in the open Android operating system environment.
  • the other part of the application is protected by one or more additional security features, which protect the execution of the virtual card emulation and store the cryptographic keys and other sensitive data.
  • the invention is based on the creation of a special transient ID for the virtual card, and an associated derived key for the virtual card.
  • This ID structure contains within it the details of the validity of the ID itself.
  • This data is used by a validity checker in the reader terminal that reads the virtual card, extracts the validity data of the transient ID, and assesses the validity of the virtual card prior to processing any financial transaction.
  • the following procedure can be followed to obtain a transient identifier (ID).
  • ID transient identifier
  • the transient identifier is made up of two adjoining parts to form a UID of 7 Bytes:
  • the validity checker in the reader terminal analyses the data encapsulated in the transient identifier (ID) and makes the following checks:
  • the Subscription Account Number is a sequential reference number representing the account of the subscriber owning the particular virtual card, and can verified by using standard account number verification such as black list and white list checking provided by a server to the reader checker, or potentially a separate check digit.
  • the Calculated Timestamp is the number of seconds expired since the 1 st January 2015 until the point at which the transient identifier (ID) for that virtual card was created.
  • the check for whether the Calculated Timestamp is in the correct range uses a 'time to live' value stored in the reader. This time to live value defines the validity period of a transient identifier (ID) from the moment it is created. A typical value for a time to live parameter is one day.
  • the reader checker then calculates the 'Current Timestamp' as the number of seconds since 1 st January 2015 until that moment.
  • the transient identifier (ID) is deemed valid. If the Subscriber Account Number and the transient identifier (ID) are both valid, the checker hands the virtual card processing to the next stage of the reader terminal acceptance software. Otherwise the virtual card is rejected and the processing stops.
  • the transient identifier (ID) is provided by the mobile phone when it is placed in the NFC field of the reader terminal. When this occurs, the phone behaves according to the ISO 14443 protocol standard. As part of this standard the phone must provide a transient identifier (ID) to the reader during the 'anti-collision' phase so that the reader can correctly continue the transaction.
  • the standard suggests that the reader assumes that the transient identifier (ID) provided by the phone in this phase is random and should not be used for additional processing. This means that the reader must first request the real transient identifier (ID) of the virtual card or that the transient identifier (ID) is passed some other way.
  • the virtual card application will provide the unique identifier (UID) together with some other control data such as:
  • This data together with the transient identifier (ID) for the virtual card is passed to the reader in response to the 'Select AID' command, which is sent by the reader terminal in the form of an ISO 7816 compliant APDU (application packet data unit).
  • This response which is a Status response APDU, can then be used as the input for the check process in the reader terminal.
  • the transient identifier (ID) and derived key are provided by a provisioning sever to the mobile phone based application protected by one or more additional security features.
  • a typical key diversification scheme for a general symmetric key based contactless system works along the follows lines, although other methods are available and the present invention also functions with such other methods.
  • Each card has a Unique Identification number (UID).
  • UID Unique Identification number
  • This UID is encrypted using a master key, to generate a new key - diversified key. This is done in a secure location.
  • the derived key is then injected into the contactless card and used to encrypt the contents of the card.
  • the reader uses a locally stored master key and the provided UID from the card to recreate the derived key of the card.
  • step 1 the server calculates a transient identifier (ID) for the virtual card based on the structure described above.
  • ID transient identifier
  • Step 2 is the same in that the transient derived key for the virtual card is generated using the diversification algorithm for the card scheme and the calculated transient identifier (ID). This is performed on the provisioning server in a secure environment, such as an HSM.
  • Step 3 the transient identifier (ID) and the derived key are passed securely to the virtual card in the TEE of the mobile phone, using standard secure transmission methods. This occurs each time the transient identifier (ID) validity lifetime of a particular virtual card expires.
  • the lifetime of the transient identifier (ID)s in the virtual cards can either be tracked by the server or by the mobile phone. If it is tracked by the server, a new transient identifier (ID) is generated and sent to the phone. If it is tracked by the phone, the phone requests a new transient identifier (ID) key combination from the provisional server.
  • the transient identifier (ID) checker installed in the contactless reader, as described above, performs the validity checks between steps 4 and 5.
  • This transient identifier (ID) checker requires a small amount of software code to implement, and is independent of any other business logic implemented in the reader. In this way, the reader can check the validity of the virtual card very easily at the beginning of the acceptance process, and stop if the transient identifier (ID) of the virtual card has expired.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un procédé et un système qui fournissent une clé dérivée (DK) à un dispositif mobile afin de permettre à une application de confiance (TA) dudit dispositif mobile d'exécuter une transaction avec un dispositif lecteur comprenant une clé maîtresse (MK). L'application de confiance (TA) et le dispositif lecteur sont adaptés pour communiquer de manière sécurisée à l'aide de ladite clé maîtresse (MK) et de ladite clé dérivée (DK) selon un protocole de communication adapté.
EP17805942.4A 2016-05-30 2017-05-29 Amélioration de la sécurité au moyen de clés éphémères pour une carte virtuelle logicielle sans contact dans un téléphone mobile Withdrawn EP3465980A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB1609460.9A GB201609460D0 (en) 2016-05-30 2016-05-30 Increased security through ephemeral keys for software virtual contactless card in a mobile phone
PCT/IB2017/000646 WO2017208063A1 (fr) 2016-05-30 2017-05-29 Amélioration de la sécurité au moyen de clés éphémères pour une carte virtuelle logicielle sans contact dans un téléphone mobile

Publications (1)

Publication Number Publication Date
EP3465980A1 true EP3465980A1 (fr) 2019-04-10

Family

ID=56410729

Family Applications (1)

Application Number Title Priority Date Filing Date
EP17805942.4A Withdrawn EP3465980A1 (fr) 2016-05-30 2017-05-29 Amélioration de la sécurité au moyen de clés éphémères pour une carte virtuelle logicielle sans contact dans un téléphone mobile

Country Status (5)

Country Link
EP (1) EP3465980A1 (fr)
CN (1) CN109417481A (fr)
GB (2) GB201609460D0 (fr)
PH (1) PH12018502545A1 (fr)
WO (1) WO2017208063A1 (fr)

Families Citing this family (100)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10546444B2 (en) 2018-06-21 2020-01-28 Capital One Services, Llc Systems and methods for secure read-only authentication
US10592710B1 (en) 2018-10-02 2020-03-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
CA3115084A1 (fr) 2018-10-02 2020-04-09 Capital One Services, Llc Systemes et procedes d'authentification cryptographique de cartes sans contact
US10607216B1 (en) 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
KR20210068028A (ko) 2018-10-02 2021-06-08 캐피탈 원 서비시즈, 엘엘씨 비접촉식 카드의 암호화 인증을 위한 시스템 및 방법
US10489781B1 (en) 2018-10-02 2019-11-26 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10511443B1 (en) 2018-10-02 2019-12-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10581611B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10733645B2 (en) 2018-10-02 2020-08-04 Capital One Services, Llc Systems and methods for establishing identity for order pick up
US10579998B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
SG11202101874SA (en) 2018-10-02 2021-03-30 Capital One Services Llc Systems and methods for cryptographic authentication of contactless cards
US10949520B2 (en) 2018-10-02 2021-03-16 Capital One Services, Llc Systems and methods for cross coupling risk analytics and one-time-passcodes
US10582386B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
WO2020072670A1 (fr) 2018-10-02 2020-04-09 Capital One Services, Llc Systèmes et procédés pour l'authentification cryptographique de cartes sans contact
JP2022508010A (ja) 2018-10-02 2022-01-19 キャピタル・ワン・サービシーズ・リミテッド・ライアビリティ・カンパニー 非接触カードの暗号化認証のためのシステムおよび方法
WO2020072552A1 (fr) 2018-10-02 2020-04-09 Capital One Services, Llc Systèmes et procédés pour authentification cryptographique de cartes sans contact
CA3115064A1 (fr) 2018-10-02 2020-04-09 Capital One Services, Llc Systemes et procedes d'authentification cryptographique de cartes sans contact
US10565587B1 (en) 2018-10-02 2020-02-18 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10909527B2 (en) 2018-10-02 2021-02-02 Capital One Services, Llc Systems and methods for performing a reissue of a contactless card
US10505738B1 (en) 2018-10-02 2019-12-10 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10771254B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for email-based card activation
US10680824B2 (en) 2018-10-02 2020-06-09 Capital One Services, Llc Systems and methods for inventory management using cryptographic authentication of contactless cards
US11210664B2 (en) 2018-10-02 2021-12-28 Capital One Services, Llc Systems and methods for amplifying the strength of cryptographic algorithms
US10607214B1 (en) 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
WO2020072474A1 (fr) 2018-10-02 2020-04-09 Capital One Services, Llc Systèmes et procédés d'authentification cryptographique des cartes sans contact
CA3113590A1 (fr) 2018-10-02 2020-04-09 Capital One Services, Llc Systemes et procedes pour authentification cryptographique de cartes sans contact
JP2022502891A (ja) 2018-10-02 2022-01-11 キャピタル・ワン・サービシーズ・リミテッド・ライアビリティ・カンパニーCapital One Services, LLC 非接触カードの暗号化認証のためのシステムおよび方法
AU2019354421A1 (en) 2018-10-02 2021-04-29 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10771253B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10542036B1 (en) 2018-10-02 2020-01-21 Capital One Services, Llc Systems and methods for signaling an attack on contactless cards
US10554411B1 (en) 2018-10-02 2020-02-04 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11361302B2 (en) 2019-01-11 2022-06-14 Capital One Services, Llc Systems and methods for touch screen interface interaction using a card overlay
US11037136B2 (en) 2019-01-24 2021-06-15 Capital One Services, Llc Tap to autofill card data
US10467622B1 (en) 2019-02-01 2019-11-05 Capital One Services, Llc Using on-demand applications to generate virtual numbers for a contactless card to securely autofill forms
US10510074B1 (en) 2019-02-01 2019-12-17 Capital One Services, Llc One-tap payment using a contactless card
US11120453B2 (en) 2019-02-01 2021-09-14 Capital One Services, Llc Tap card to securely generate card data to copy to clipboard
US10425129B1 (en) 2019-02-27 2019-09-24 Capital One Services, Llc Techniques to reduce power consumption in near field communication systems
US10523708B1 (en) 2019-03-18 2019-12-31 Capital One Services, Llc System and method for second factor authentication of customer support calls
US10535062B1 (en) 2019-03-20 2020-01-14 Capital One Services, Llc Using a contactless card to securely share personal data stored in a blockchain
US10643420B1 (en) 2019-03-20 2020-05-05 Capital One Services, Llc Contextual tapping engine
US10984416B2 (en) 2019-03-20 2021-04-20 Capital One Services, Llc NFC mobile currency transfer
US10438437B1 (en) 2019-03-20 2019-10-08 Capital One Services, Llc Tap to copy data to clipboard via NFC
US10970712B2 (en) 2019-03-21 2021-04-06 Capital One Services, Llc Delegated administration of permissions using a contactless card
US10467445B1 (en) 2019-03-28 2019-11-05 Capital One Services, Llc Devices and methods for contactless card alignment with a foldable mobile device
US11521262B2 (en) 2019-05-28 2022-12-06 Capital One Services, Llc NFC enhanced augmented reality information overlays
US10516447B1 (en) 2019-06-17 2019-12-24 Capital One Services, Llc Dynamic power levels in NFC card communications
US11694187B2 (en) 2019-07-03 2023-07-04 Capital One Services, Llc Constraining transactional capabilities for contactless cards
US11392933B2 (en) 2019-07-03 2022-07-19 Capital One Services, Llc Systems and methods for providing online and hybridcard interactions
US10871958B1 (en) 2019-07-03 2020-12-22 Capital One Services, Llc Techniques to perform applet programming
US10713649B1 (en) 2019-07-09 2020-07-14 Capital One Services, Llc System and method enabling mobile near-field communication to update display on a payment card
US10498401B1 (en) 2019-07-15 2019-12-03 Capital One Services, Llc System and method for guiding card positioning using phone sensors
US10885514B1 (en) 2019-07-15 2021-01-05 Capital One Services, Llc System and method for using image data to trigger contactless card transactions
US10733601B1 (en) 2019-07-17 2020-08-04 Capital One Services, Llc Body area network facilitated authentication or payment authorization
US11182771B2 (en) 2019-07-17 2021-11-23 Capital One Services, Llc System for value loading onto in-vehicle device
US10832271B1 (en) 2019-07-17 2020-11-10 Capital One Services, Llc Verified reviews using a contactless card
US11521213B2 (en) 2019-07-18 2022-12-06 Capital One Services, Llc Continuous authentication for digital services based on contactless card positioning
US10506426B1 (en) 2019-07-19 2019-12-10 Capital One Services, Llc Techniques for call authentication
US10541995B1 (en) 2019-07-23 2020-01-21 Capital One Services, Llc First factor contactless card authentication system and method
KR20220071211A (ko) 2019-10-02 2022-05-31 캐피탈 원 서비시즈, 엘엘씨 비접촉식 레거시 자기 스트라이프 데이터를 사용한 클라이언트 디바이스 인증
US11113685B2 (en) 2019-12-23 2021-09-07 Capital One Services, Llc Card issuing with restricted virtual numbers
US10733283B1 (en) 2019-12-23 2020-08-04 Capital One Services, Llc Secure password generation and management using NFC and contactless smart cards
US11651361B2 (en) 2019-12-23 2023-05-16 Capital One Services, Llc Secure authentication based on passport data stored in a contactless card
US10885410B1 (en) 2019-12-23 2021-01-05 Capital One Services, Llc Generating barcodes utilizing cryptographic techniques
US11615395B2 (en) 2019-12-23 2023-03-28 Capital One Services, Llc Authentication for third party digital wallet provisioning
US10862540B1 (en) 2019-12-23 2020-12-08 Capital One Services, Llc Method for mapping NFC field strength and location on mobile devices
US10657754B1 (en) 2019-12-23 2020-05-19 Capital One Services, Llc Contactless card and personal identification system
US11200563B2 (en) 2019-12-24 2021-12-14 Capital One Services, Llc Account registration using a contactless card
US10664941B1 (en) 2019-12-24 2020-05-26 Capital One Services, Llc Steganographic image encoding of biometric template information on a card
US10853795B1 (en) 2019-12-24 2020-12-01 Capital One Services, Llc Secure authentication based on identity data stored in a contactless card
US10909544B1 (en) 2019-12-26 2021-02-02 Capital One Services, Llc Accessing and utilizing multiple loyalty point accounts
US10757574B1 (en) 2019-12-26 2020-08-25 Capital One Services, Llc Multi-factor authentication providing a credential via a contactless card for secure messaging
US11038688B1 (en) 2019-12-30 2021-06-15 Capital One Services, Llc Techniques to control applets for contactless cards
US10860914B1 (en) 2019-12-31 2020-12-08 Capital One Services, Llc Contactless card and method of assembly
US11455620B2 (en) 2019-12-31 2022-09-27 Capital One Services, Llc Tapping a contactless card to a computing device to provision a virtual number
US11210656B2 (en) 2020-04-13 2021-12-28 Capital One Services, Llc Determining specific terms for contactless card activation
US11222342B2 (en) 2020-04-30 2022-01-11 Capital One Services, Llc Accurate images in graphical user interfaces to enable data transfer
US11030339B1 (en) 2020-04-30 2021-06-08 Capital One Services, Llc Systems and methods for data access control of personal user data using a short-range transceiver
US11823175B2 (en) 2020-04-30 2023-11-21 Capital One Services, Llc Intelligent card unlock
US10861006B1 (en) 2020-04-30 2020-12-08 Capital One Services, Llc Systems and methods for data access control using a short-range transceiver
US10915888B1 (en) 2020-04-30 2021-02-09 Capital One Services, Llc Contactless card with multiple rotating security keys
US10963865B1 (en) 2020-05-12 2021-03-30 Capital One Services, Llc Augmented reality card activation experience
US11100511B1 (en) 2020-05-18 2021-08-24 Capital One Services, Llc Application-based point of sale system in mobile operating systems
US11063979B1 (en) 2020-05-18 2021-07-13 Capital One Services, Llc Enabling communications between applications in a mobile operating system
US11062098B1 (en) 2020-08-11 2021-07-13 Capital One Services, Llc Augmented reality information display and interaction via NFC based authentication
US11482312B2 (en) 2020-10-30 2022-10-25 Capital One Services, Llc Secure verification of medical status using a contactless card
US11165586B1 (en) 2020-10-30 2021-11-02 Capital One Services, Llc Call center web-based authentication using a contactless card
US11373169B2 (en) 2020-11-03 2022-06-28 Capital One Services, Llc Web-based activation of contactless cards
US11216799B1 (en) 2021-01-04 2022-01-04 Capital One Services, Llc Secure generation of one-time passcodes using a contactless card
US11682012B2 (en) 2021-01-27 2023-06-20 Capital One Services, Llc Contactless delivery systems and methods
US11687930B2 (en) 2021-01-28 2023-06-27 Capital One Services, Llc Systems and methods for authentication of access tokens
US11792001B2 (en) 2021-01-28 2023-10-17 Capital One Services, Llc Systems and methods for secure reprovisioning
US11562358B2 (en) 2021-01-28 2023-01-24 Capital One Services, Llc Systems and methods for near field contactless card communication and cryptographic authentication
US11438329B2 (en) 2021-01-29 2022-09-06 Capital One Services, Llc Systems and methods for authenticated peer-to-peer data transfer using resource locators
US11777933B2 (en) 2021-02-03 2023-10-03 Capital One Services, Llc URL-based authentication for payment cards
US11637826B2 (en) 2021-02-24 2023-04-25 Capital One Services, Llc Establishing authentication persistence
US11245438B1 (en) 2021-03-26 2022-02-08 Capital One Services, Llc Network-enabled smart apparatus and systems and methods for activating and provisioning same
US11961089B2 (en) 2021-04-20 2024-04-16 Capital One Services, Llc On-demand applications to extend web services
US11935035B2 (en) 2021-04-20 2024-03-19 Capital One Services, Llc Techniques to utilize resource locators by a contactless card to perform a sequence of operations
US11902442B2 (en) 2021-04-22 2024-02-13 Capital One Services, Llc Secure management of accounts on display devices using a contactless card
US11354555B1 (en) 2021-05-04 2022-06-07 Capital One Services, Llc Methods, mediums, and systems for applying a display to a transaction card

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8447984B1 (en) * 2004-06-25 2013-05-21 Oracle America, Inc. Authentication system and method for operating the same
US8103804B2 (en) * 2008-11-12 2012-01-24 Flexera Software, Inc. Method and system for embedded regenerative licensing
CN101902476B (zh) * 2010-07-27 2013-04-24 浙江大学 移动p2p用户身份认证方法
US20130042112A1 (en) * 2011-02-12 2013-02-14 CertiVox Ltd. Use of non-interactive identity based key agreement derived secret keys with authenticated encryption
US20130179351A1 (en) * 2012-01-09 2013-07-11 George Wallner System and method for an authenticating and encrypting card reader
CN103268249B (zh) * 2012-03-04 2016-11-16 深圳市可秉资产管理合伙企业(有限合伙) 在移动装置中模拟多张卡的方法和装置
TW201525759A (zh) * 2013-12-31 2015-07-01 Sage Information Systems Co Ltd 一種電腦軟體的驗證系統、驗證方法及一次性金鑰產生器
EP2955872B1 (fr) * 2014-06-12 2016-10-12 Nxp B.V. Procédé de configuration d'un élément sécurisé, programme de dérivation de clé, produit de programme informatique et élément sécurisé configurable
CN104618467B (zh) * 2015-01-20 2018-12-14 西安电子科技大学 一种基于android平台的有效且抗抵赖的摔倒救助方法及系统

Also Published As

Publication number Publication date
GB2551907A (en) 2018-01-03
PH12018502545A1 (en) 2019-04-08
GB2551907B (en) 2019-11-20
CN109417481A (zh) 2019-03-01
GB201708573D0 (en) 2017-07-12
GB201609460D0 (en) 2016-07-13
WO2017208063A1 (fr) 2017-12-07

Similar Documents

Publication Publication Date Title
GB2551907B (en) Method and system for providing a symmetric keypair with a master key and a transient derived key
US20220351200A1 (en) Payment System For Authorizing A Transaction Between A User Device And A Terminal
US11157912B2 (en) Method and system for enhancing the security of a transaction
US10909531B2 (en) Security for mobile applications
AU2015334634B2 (en) Transaction messaging
EP2695148B1 (fr) Systeme de paiement
CA2838763C (fr) Procedes et systemes d'authentification de references
US20190087814A1 (en) Method for securing a payment token
US11880832B2 (en) Method and system for enhancing the security of a transaction
EP3394788B1 (fr) Procédé et système pour améliorer la sécurité d'une transaction
Cortier et al. Designing and proving an EMV-compliant payment protocol for mobile devices
Radu et al. Practical EMV relay protection
Kasper et al. Chameleon: A versatile emulator for contactless smartcards
US20170359358A1 (en) Method for making contactless transactions secure
CN105321069A (zh) 一种实现远程支付的方法及装置
CA2940465C (fr) Dispositif et methode de securisation de commandes echangees entre un terminal et un circuit integre
CN105103180B (zh) 用于处理移动信用卡的发行的方法
EP2985724B1 (fr) Support d'émulation de charge à distance et de carte de mise à jour
CN105279647A (zh) 一种实现远程支付的方法、装置及智能卡
CN103544418A (zh) 一种基于电子交易的认证装置、系统及方法
CN113807959A (zh) 一种防止数字资产近距离重复转移的方法及终端

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20181221

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20191203