EP3465980A1 - Amélioration de la sécurité au moyen de clés éphémères pour une carte virtuelle logicielle sans contact dans un téléphone mobile - Google Patents
Amélioration de la sécurité au moyen de clés éphémères pour une carte virtuelle logicielle sans contact dans un téléphone mobileInfo
- Publication number
- EP3465980A1 EP3465980A1 EP17805942.4A EP17805942A EP3465980A1 EP 3465980 A1 EP3465980 A1 EP 3465980A1 EP 17805942 A EP17805942 A EP 17805942A EP 3465980 A1 EP3465980 A1 EP 3465980A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- mobile device
- transient
- identifier
- idn
- dkn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000004891 communication Methods 0.000 claims abstract description 29
- 238000000034 method Methods 0.000 claims abstract description 29
- 230000001052 transient effect Effects 0.000 claims description 144
- 238000012545 processing Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- VJYFKVYYMZPMAB-UHFFFAOYSA-N ethoprophos Chemical compound CCCSP(=O)(OCC)SCCC VJYFKVYYMZPMAB-UHFFFAOYSA-N 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Definitions
- the invention relates to a method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using an adapted communication protocol, such as Near Field Communication (NFC) protocol.
- DK derived key
- NFC Near Field Communication
- the invention can be used to increase the security of software emulations of contactless smartcards in NFC (Near Field Communication) mobile phones.
- NFC Near Field Communication
- HCE Home Card Emulation
- TEE Trusted Execution Environment
- white-box cryptography compilers
- the risk for the transit operator would be the extraction of the keys of the virtual card from the mobile phone. This process would take a non-negligible amount of time due to the physical and logical complexity, and nature of the attack itself. This means that if a key is actually extracted from a phone then it could potentially be used to perform fraudulent transactions on the transport infrastructure. Therefore, a method for easily limiting the valid life of keys in a virtual card would be beneficial, so that even if they were extracted, they could not be used. For such an invention to be useful it needs to be compatible and implementable in existing contactless based environments, with minimal impact in terms of changes to software infrastructures. In addition, the validity needs to be independent of any network connection of the mobile phone, since there is no guarantee that the phone will have access to a network at the start of a contactless transaction.
- the invention relates to a method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using Near Field Communication (NFC) protocol, the method comprising: - obtaining a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp,
- a hardware related component such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device
- a software related component such as a time stamp
- the invention relates to a method for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the reader device comprising a master key and the mobile device comprising a derived key, wherein the method comprises:
- IDn a first transient identifier for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp,
- a hardware related component such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device
- a software related component such as a time stamp
- the provisioning server comprising the master key (MK)
- the first transient identifier (IDn) is valid, calculating, in the reader device by means of the master key and the first transient identifier (IDn), the first transient derived key (DKn),
- the invention relates to a system for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using an adapted communication protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising an identifier, such as the unique ID (UID) of an Integrated Circuit (IC) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises:
- an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp,
- a hardware related component such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device
- a software related component such as a time stamp
- provisioning server comprising the master key (MK), wherein the provisioning server comprises:
- the mobile device further comprising: - means for receiving and storing the first transient derived key (DKn) to allow the mobile device to securely communicate with a reader device using an adapted communication protocol.
- the invention relates to a system for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising identifier, such as the unique ID (UID) of an Integrated Circuit (IC) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises:
- an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp,
- a hardware related component such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device
- a software related component such as a time stamp
- the provisioning server comprising the master key (MK), wherein the provisioning server comprises:
- the mobile device further comprising:
- the reader device comprises:
- the mobile device comprising:
- This invention proposes a mechanism for limiting the validity of the keys of a virtual contactless card installed in a mobile phone, as a means of limiting the time window for which a particular key is vulnerable.
- the implication is that by using this method in conjunction with additional system based security features, such as a TEE or white-box cryptography, an attacker who successfully extracts a key from a phone would not be able to use it because the validity of that key would have expired.
- communication is possible between a mobile device and a reader device only if the reader device comprises a valid ID and a valid derived key, wherein the reader device comprises a master key and means to check the validity of the ID and the derived key of the mobile device.
- the time window for which a derived key (on a virtual card) can be used in combination with a master key (on a reader) is limited.
- the mobile device first receives a first transient derived key (DKn) which is valid for a determined time interval.
- DKn first transient derived key
- the mobile device can no longer communicate with the reader device using the first transient derived key (DKn).
- DKn+1 further transient derived key
- the further transient derived key (DKn+1 ) can be used until the end of its validity or until it is replaced by yet a further transient derived key (DKn+2).
- the mobile device In order to allow the mobile device to receive a sequence of derived keys (DKn, DKn+1 , DKn+2, etc.) the mobile device should be able to generate a sequence of unique ID's for the mobile device.
- the mobile device comprises an application to generate transient identifiers (ID), each transient identifier (ID) having a determined an limited time period wherein the transient identifier (ID) is valid.
- the application in the mobile device will generate a first transient identifier (IDn) by combining a hardware component for the transient identifier with a software component for the transient identifier.
- the hardware component of the transient identifier is, for instance, the Unique Identifier (UID) of the integrated circuit (IC) used in the mobile device.
- the software component is, for instance, a time stamp.
- the advantage of using both a hardware component and a software component is, that for a single mobile device a sequence of unique transient identifiers (IDn, IDn+1 , IDn+2, etc.) can be generated.
- the software related part of the transient identifier (ID) can be used to check the validity of the transient identifier (ID). This checking of the validity of the transient identifier (ID) is, for instance, executed in the reader device.
- the checker in the reader device can, for instance, determine whether the transient identifier (IDx) is valid, for instance, by checking whether the transient identifier (IDx) is in accordance with the other transient identifiers in an array of identifiers (IDx-2, IDx-1 , IDx). If the validity of the transient ID can not be established, the reader device can abort the communication with the mobile device.
- the invention comprises the following parts:
- a mobile phone containing one or more security features protecting software for the virtual contactless card execution, including cryptographic keys and other sensitive data;
- a provisioning server that calculates new transient ID's and derived keys for a virtual card and sends them to the virtual card using one or more additional security features of the mobile phone.
- the application There is a part of the application that provides user interface and network communication (amongst other functions) and runs in the open Android operating system environment.
- the other part of the application is protected by one or more additional security features, which protect the execution of the virtual card emulation and store the cryptographic keys and other sensitive data.
- the invention is based on the creation of a special transient ID for the virtual card, and an associated derived key for the virtual card.
- This ID structure contains within it the details of the validity of the ID itself.
- This data is used by a validity checker in the reader terminal that reads the virtual card, extracts the validity data of the transient ID, and assesses the validity of the virtual card prior to processing any financial transaction.
- the following procedure can be followed to obtain a transient identifier (ID).
- ID transient identifier
- the transient identifier is made up of two adjoining parts to form a UID of 7 Bytes:
- the validity checker in the reader terminal analyses the data encapsulated in the transient identifier (ID) and makes the following checks:
- the Subscription Account Number is a sequential reference number representing the account of the subscriber owning the particular virtual card, and can verified by using standard account number verification such as black list and white list checking provided by a server to the reader checker, or potentially a separate check digit.
- the Calculated Timestamp is the number of seconds expired since the 1 st January 2015 until the point at which the transient identifier (ID) for that virtual card was created.
- the check for whether the Calculated Timestamp is in the correct range uses a 'time to live' value stored in the reader. This time to live value defines the validity period of a transient identifier (ID) from the moment it is created. A typical value for a time to live parameter is one day.
- the reader checker then calculates the 'Current Timestamp' as the number of seconds since 1 st January 2015 until that moment.
- the transient identifier (ID) is deemed valid. If the Subscriber Account Number and the transient identifier (ID) are both valid, the checker hands the virtual card processing to the next stage of the reader terminal acceptance software. Otherwise the virtual card is rejected and the processing stops.
- the transient identifier (ID) is provided by the mobile phone when it is placed in the NFC field of the reader terminal. When this occurs, the phone behaves according to the ISO 14443 protocol standard. As part of this standard the phone must provide a transient identifier (ID) to the reader during the 'anti-collision' phase so that the reader can correctly continue the transaction.
- the standard suggests that the reader assumes that the transient identifier (ID) provided by the phone in this phase is random and should not be used for additional processing. This means that the reader must first request the real transient identifier (ID) of the virtual card or that the transient identifier (ID) is passed some other way.
- the virtual card application will provide the unique identifier (UID) together with some other control data such as:
- This data together with the transient identifier (ID) for the virtual card is passed to the reader in response to the 'Select AID' command, which is sent by the reader terminal in the form of an ISO 7816 compliant APDU (application packet data unit).
- This response which is a Status response APDU, can then be used as the input for the check process in the reader terminal.
- the transient identifier (ID) and derived key are provided by a provisioning sever to the mobile phone based application protected by one or more additional security features.
- a typical key diversification scheme for a general symmetric key based contactless system works along the follows lines, although other methods are available and the present invention also functions with such other methods.
- Each card has a Unique Identification number (UID).
- UID Unique Identification number
- This UID is encrypted using a master key, to generate a new key - diversified key. This is done in a secure location.
- the derived key is then injected into the contactless card and used to encrypt the contents of the card.
- the reader uses a locally stored master key and the provided UID from the card to recreate the derived key of the card.
- step 1 the server calculates a transient identifier (ID) for the virtual card based on the structure described above.
- ID transient identifier
- Step 2 is the same in that the transient derived key for the virtual card is generated using the diversification algorithm for the card scheme and the calculated transient identifier (ID). This is performed on the provisioning server in a secure environment, such as an HSM.
- Step 3 the transient identifier (ID) and the derived key are passed securely to the virtual card in the TEE of the mobile phone, using standard secure transmission methods. This occurs each time the transient identifier (ID) validity lifetime of a particular virtual card expires.
- the lifetime of the transient identifier (ID)s in the virtual cards can either be tracked by the server or by the mobile phone. If it is tracked by the server, a new transient identifier (ID) is generated and sent to the phone. If it is tracked by the phone, the phone requests a new transient identifier (ID) key combination from the provisional server.
- the transient identifier (ID) checker installed in the contactless reader, as described above, performs the validity checks between steps 4 and 5.
- This transient identifier (ID) checker requires a small amount of software code to implement, and is independent of any other business logic implemented in the reader. In this way, the reader can check the validity of the virtual card very easily at the beginning of the acceptance process, and stop if the transient identifier (ID) of the virtual card has expired.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Mobile Radio Communication Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GBGB1609460.9A GB201609460D0 (en) | 2016-05-30 | 2016-05-30 | Increased security through ephemeral keys for software virtual contactless card in a mobile phone |
PCT/IB2017/000646 WO2017208063A1 (fr) | 2016-05-30 | 2017-05-29 | Amélioration de la sécurité au moyen de clés éphémères pour une carte virtuelle logicielle sans contact dans un téléphone mobile |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3465980A1 true EP3465980A1 (fr) | 2019-04-10 |
Family
ID=56410729
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP17805942.4A Withdrawn EP3465980A1 (fr) | 2016-05-30 | 2017-05-29 | Amélioration de la sécurité au moyen de clés éphémères pour une carte virtuelle logicielle sans contact dans un téléphone mobile |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP3465980A1 (fr) |
CN (1) | CN109417481A (fr) |
GB (2) | GB201609460D0 (fr) |
PH (1) | PH12018502545A1 (fr) |
WO (1) | WO2017208063A1 (fr) |
Families Citing this family (100)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10546444B2 (en) | 2018-06-21 | 2020-01-28 | Capital One Services, Llc | Systems and methods for secure read-only authentication |
US10592710B1 (en) | 2018-10-02 | 2020-03-17 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
CA3115084A1 (fr) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systemes et procedes d'authentification cryptographique de cartes sans contact |
US10607216B1 (en) | 2018-10-02 | 2020-03-31 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
KR20210068028A (ko) | 2018-10-02 | 2021-06-08 | 캐피탈 원 서비시즈, 엘엘씨 | 비접촉식 카드의 암호화 인증을 위한 시스템 및 방법 |
US10489781B1 (en) | 2018-10-02 | 2019-11-26 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10511443B1 (en) | 2018-10-02 | 2019-12-17 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10581611B1 (en) | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10733645B2 (en) | 2018-10-02 | 2020-08-04 | Capital One Services, Llc | Systems and methods for establishing identity for order pick up |
US10579998B1 (en) | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
SG11202101874SA (en) | 2018-10-02 | 2021-03-30 | Capital One Services Llc | Systems and methods for cryptographic authentication of contactless cards |
US10949520B2 (en) | 2018-10-02 | 2021-03-16 | Capital One Services, Llc | Systems and methods for cross coupling risk analytics and one-time-passcodes |
US10582386B1 (en) | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
WO2020072670A1 (fr) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systèmes et procédés pour l'authentification cryptographique de cartes sans contact |
JP2022508010A (ja) | 2018-10-02 | 2022-01-19 | キャピタル・ワン・サービシーズ・リミテッド・ライアビリティ・カンパニー | 非接触カードの暗号化認証のためのシステムおよび方法 |
WO2020072552A1 (fr) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systèmes et procédés pour authentification cryptographique de cartes sans contact |
CA3115064A1 (fr) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systemes et procedes d'authentification cryptographique de cartes sans contact |
US10565587B1 (en) | 2018-10-02 | 2020-02-18 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10909527B2 (en) | 2018-10-02 | 2021-02-02 | Capital One Services, Llc | Systems and methods for performing a reissue of a contactless card |
US10505738B1 (en) | 2018-10-02 | 2019-12-10 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10771254B2 (en) | 2018-10-02 | 2020-09-08 | Capital One Services, Llc | Systems and methods for email-based card activation |
US10680824B2 (en) | 2018-10-02 | 2020-06-09 | Capital One Services, Llc | Systems and methods for inventory management using cryptographic authentication of contactless cards |
US11210664B2 (en) | 2018-10-02 | 2021-12-28 | Capital One Services, Llc | Systems and methods for amplifying the strength of cryptographic algorithms |
US10607214B1 (en) | 2018-10-02 | 2020-03-31 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
WO2020072474A1 (fr) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systèmes et procédés d'authentification cryptographique des cartes sans contact |
CA3113590A1 (fr) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systemes et procedes pour authentification cryptographique de cartes sans contact |
JP2022502891A (ja) | 2018-10-02 | 2022-01-11 | キャピタル・ワン・サービシーズ・リミテッド・ライアビリティ・カンパニーCapital One Services, LLC | 非接触カードの暗号化認証のためのシステムおよび方法 |
AU2019354421A1 (en) | 2018-10-02 | 2021-04-29 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10771253B2 (en) | 2018-10-02 | 2020-09-08 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10542036B1 (en) | 2018-10-02 | 2020-01-21 | Capital One Services, Llc | Systems and methods for signaling an attack on contactless cards |
US10554411B1 (en) | 2018-10-02 | 2020-02-04 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11361302B2 (en) | 2019-01-11 | 2022-06-14 | Capital One Services, Llc | Systems and methods for touch screen interface interaction using a card overlay |
US11037136B2 (en) | 2019-01-24 | 2021-06-15 | Capital One Services, Llc | Tap to autofill card data |
US10467622B1 (en) | 2019-02-01 | 2019-11-05 | Capital One Services, Llc | Using on-demand applications to generate virtual numbers for a contactless card to securely autofill forms |
US10510074B1 (en) | 2019-02-01 | 2019-12-17 | Capital One Services, Llc | One-tap payment using a contactless card |
US11120453B2 (en) | 2019-02-01 | 2021-09-14 | Capital One Services, Llc | Tap card to securely generate card data to copy to clipboard |
US10425129B1 (en) | 2019-02-27 | 2019-09-24 | Capital One Services, Llc | Techniques to reduce power consumption in near field communication systems |
US10523708B1 (en) | 2019-03-18 | 2019-12-31 | Capital One Services, Llc | System and method for second factor authentication of customer support calls |
US10535062B1 (en) | 2019-03-20 | 2020-01-14 | Capital One Services, Llc | Using a contactless card to securely share personal data stored in a blockchain |
US10643420B1 (en) | 2019-03-20 | 2020-05-05 | Capital One Services, Llc | Contextual tapping engine |
US10984416B2 (en) | 2019-03-20 | 2021-04-20 | Capital One Services, Llc | NFC mobile currency transfer |
US10438437B1 (en) | 2019-03-20 | 2019-10-08 | Capital One Services, Llc | Tap to copy data to clipboard via NFC |
US10970712B2 (en) | 2019-03-21 | 2021-04-06 | Capital One Services, Llc | Delegated administration of permissions using a contactless card |
US10467445B1 (en) | 2019-03-28 | 2019-11-05 | Capital One Services, Llc | Devices and methods for contactless card alignment with a foldable mobile device |
US11521262B2 (en) | 2019-05-28 | 2022-12-06 | Capital One Services, Llc | NFC enhanced augmented reality information overlays |
US10516447B1 (en) | 2019-06-17 | 2019-12-24 | Capital One Services, Llc | Dynamic power levels in NFC card communications |
US11694187B2 (en) | 2019-07-03 | 2023-07-04 | Capital One Services, Llc | Constraining transactional capabilities for contactless cards |
US11392933B2 (en) | 2019-07-03 | 2022-07-19 | Capital One Services, Llc | Systems and methods for providing online and hybridcard interactions |
US10871958B1 (en) | 2019-07-03 | 2020-12-22 | Capital One Services, Llc | Techniques to perform applet programming |
US10713649B1 (en) | 2019-07-09 | 2020-07-14 | Capital One Services, Llc | System and method enabling mobile near-field communication to update display on a payment card |
US10498401B1 (en) | 2019-07-15 | 2019-12-03 | Capital One Services, Llc | System and method for guiding card positioning using phone sensors |
US10885514B1 (en) | 2019-07-15 | 2021-01-05 | Capital One Services, Llc | System and method for using image data to trigger contactless card transactions |
US10733601B1 (en) | 2019-07-17 | 2020-08-04 | Capital One Services, Llc | Body area network facilitated authentication or payment authorization |
US11182771B2 (en) | 2019-07-17 | 2021-11-23 | Capital One Services, Llc | System for value loading onto in-vehicle device |
US10832271B1 (en) | 2019-07-17 | 2020-11-10 | Capital One Services, Llc | Verified reviews using a contactless card |
US11521213B2 (en) | 2019-07-18 | 2022-12-06 | Capital One Services, Llc | Continuous authentication for digital services based on contactless card positioning |
US10506426B1 (en) | 2019-07-19 | 2019-12-10 | Capital One Services, Llc | Techniques for call authentication |
US10541995B1 (en) | 2019-07-23 | 2020-01-21 | Capital One Services, Llc | First factor contactless card authentication system and method |
KR20220071211A (ko) | 2019-10-02 | 2022-05-31 | 캐피탈 원 서비시즈, 엘엘씨 | 비접촉식 레거시 자기 스트라이프 데이터를 사용한 클라이언트 디바이스 인증 |
US11113685B2 (en) | 2019-12-23 | 2021-09-07 | Capital One Services, Llc | Card issuing with restricted virtual numbers |
US10733283B1 (en) | 2019-12-23 | 2020-08-04 | Capital One Services, Llc | Secure password generation and management using NFC and contactless smart cards |
US11651361B2 (en) | 2019-12-23 | 2023-05-16 | Capital One Services, Llc | Secure authentication based on passport data stored in a contactless card |
US10885410B1 (en) | 2019-12-23 | 2021-01-05 | Capital One Services, Llc | Generating barcodes utilizing cryptographic techniques |
US11615395B2 (en) | 2019-12-23 | 2023-03-28 | Capital One Services, Llc | Authentication for third party digital wallet provisioning |
US10862540B1 (en) | 2019-12-23 | 2020-12-08 | Capital One Services, Llc | Method for mapping NFC field strength and location on mobile devices |
US10657754B1 (en) | 2019-12-23 | 2020-05-19 | Capital One Services, Llc | Contactless card and personal identification system |
US11200563B2 (en) | 2019-12-24 | 2021-12-14 | Capital One Services, Llc | Account registration using a contactless card |
US10664941B1 (en) | 2019-12-24 | 2020-05-26 | Capital One Services, Llc | Steganographic image encoding of biometric template information on a card |
US10853795B1 (en) | 2019-12-24 | 2020-12-01 | Capital One Services, Llc | Secure authentication based on identity data stored in a contactless card |
US10909544B1 (en) | 2019-12-26 | 2021-02-02 | Capital One Services, Llc | Accessing and utilizing multiple loyalty point accounts |
US10757574B1 (en) | 2019-12-26 | 2020-08-25 | Capital One Services, Llc | Multi-factor authentication providing a credential via a contactless card for secure messaging |
US11038688B1 (en) | 2019-12-30 | 2021-06-15 | Capital One Services, Llc | Techniques to control applets for contactless cards |
US10860914B1 (en) | 2019-12-31 | 2020-12-08 | Capital One Services, Llc | Contactless card and method of assembly |
US11455620B2 (en) | 2019-12-31 | 2022-09-27 | Capital One Services, Llc | Tapping a contactless card to a computing device to provision a virtual number |
US11210656B2 (en) | 2020-04-13 | 2021-12-28 | Capital One Services, Llc | Determining specific terms for contactless card activation |
US11222342B2 (en) | 2020-04-30 | 2022-01-11 | Capital One Services, Llc | Accurate images in graphical user interfaces to enable data transfer |
US11030339B1 (en) | 2020-04-30 | 2021-06-08 | Capital One Services, Llc | Systems and methods for data access control of personal user data using a short-range transceiver |
US11823175B2 (en) | 2020-04-30 | 2023-11-21 | Capital One Services, Llc | Intelligent card unlock |
US10861006B1 (en) | 2020-04-30 | 2020-12-08 | Capital One Services, Llc | Systems and methods for data access control using a short-range transceiver |
US10915888B1 (en) | 2020-04-30 | 2021-02-09 | Capital One Services, Llc | Contactless card with multiple rotating security keys |
US10963865B1 (en) | 2020-05-12 | 2021-03-30 | Capital One Services, Llc | Augmented reality card activation experience |
US11100511B1 (en) | 2020-05-18 | 2021-08-24 | Capital One Services, Llc | Application-based point of sale system in mobile operating systems |
US11063979B1 (en) | 2020-05-18 | 2021-07-13 | Capital One Services, Llc | Enabling communications between applications in a mobile operating system |
US11062098B1 (en) | 2020-08-11 | 2021-07-13 | Capital One Services, Llc | Augmented reality information display and interaction via NFC based authentication |
US11482312B2 (en) | 2020-10-30 | 2022-10-25 | Capital One Services, Llc | Secure verification of medical status using a contactless card |
US11165586B1 (en) | 2020-10-30 | 2021-11-02 | Capital One Services, Llc | Call center web-based authentication using a contactless card |
US11373169B2 (en) | 2020-11-03 | 2022-06-28 | Capital One Services, Llc | Web-based activation of contactless cards |
US11216799B1 (en) | 2021-01-04 | 2022-01-04 | Capital One Services, Llc | Secure generation of one-time passcodes using a contactless card |
US11682012B2 (en) | 2021-01-27 | 2023-06-20 | Capital One Services, Llc | Contactless delivery systems and methods |
US11687930B2 (en) | 2021-01-28 | 2023-06-27 | Capital One Services, Llc | Systems and methods for authentication of access tokens |
US11792001B2 (en) | 2021-01-28 | 2023-10-17 | Capital One Services, Llc | Systems and methods for secure reprovisioning |
US11562358B2 (en) | 2021-01-28 | 2023-01-24 | Capital One Services, Llc | Systems and methods for near field contactless card communication and cryptographic authentication |
US11438329B2 (en) | 2021-01-29 | 2022-09-06 | Capital One Services, Llc | Systems and methods for authenticated peer-to-peer data transfer using resource locators |
US11777933B2 (en) | 2021-02-03 | 2023-10-03 | Capital One Services, Llc | URL-based authentication for payment cards |
US11637826B2 (en) | 2021-02-24 | 2023-04-25 | Capital One Services, Llc | Establishing authentication persistence |
US11245438B1 (en) | 2021-03-26 | 2022-02-08 | Capital One Services, Llc | Network-enabled smart apparatus and systems and methods for activating and provisioning same |
US11961089B2 (en) | 2021-04-20 | 2024-04-16 | Capital One Services, Llc | On-demand applications to extend web services |
US11935035B2 (en) | 2021-04-20 | 2024-03-19 | Capital One Services, Llc | Techniques to utilize resource locators by a contactless card to perform a sequence of operations |
US11902442B2 (en) | 2021-04-22 | 2024-02-13 | Capital One Services, Llc | Secure management of accounts on display devices using a contactless card |
US11354555B1 (en) | 2021-05-04 | 2022-06-07 | Capital One Services, Llc | Methods, mediums, and systems for applying a display to a transaction card |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8447984B1 (en) * | 2004-06-25 | 2013-05-21 | Oracle America, Inc. | Authentication system and method for operating the same |
US8103804B2 (en) * | 2008-11-12 | 2012-01-24 | Flexera Software, Inc. | Method and system for embedded regenerative licensing |
CN101902476B (zh) * | 2010-07-27 | 2013-04-24 | 浙江大学 | 移动p2p用户身份认证方法 |
US20130042112A1 (en) * | 2011-02-12 | 2013-02-14 | CertiVox Ltd. | Use of non-interactive identity based key agreement derived secret keys with authenticated encryption |
US20130179351A1 (en) * | 2012-01-09 | 2013-07-11 | George Wallner | System and method for an authenticating and encrypting card reader |
CN103268249B (zh) * | 2012-03-04 | 2016-11-16 | 深圳市可秉资产管理合伙企业(有限合伙) | 在移动装置中模拟多张卡的方法和装置 |
TW201525759A (zh) * | 2013-12-31 | 2015-07-01 | Sage Information Systems Co Ltd | 一種電腦軟體的驗證系統、驗證方法及一次性金鑰產生器 |
EP2955872B1 (fr) * | 2014-06-12 | 2016-10-12 | Nxp B.V. | Procédé de configuration d'un élément sécurisé, programme de dérivation de clé, produit de programme informatique et élément sécurisé configurable |
CN104618467B (zh) * | 2015-01-20 | 2018-12-14 | 西安电子科技大学 | 一种基于android平台的有效且抗抵赖的摔倒救助方法及系统 |
-
2016
- 2016-05-30 GB GBGB1609460.9A patent/GB201609460D0/en not_active Ceased
-
2017
- 2017-05-29 EP EP17805942.4A patent/EP3465980A1/fr not_active Withdrawn
- 2017-05-29 GB GB201708573A patent/GB2551907B/en not_active Expired - Fee Related
- 2017-05-29 CN CN201780033635.3A patent/CN109417481A/zh active Pending
- 2017-05-29 WO PCT/IB2017/000646 patent/WO2017208063A1/fr unknown
-
2018
- 2018-12-03 PH PH12018502545A patent/PH12018502545A1/en unknown
Also Published As
Publication number | Publication date |
---|---|
GB2551907A (en) | 2018-01-03 |
PH12018502545A1 (en) | 2019-04-08 |
GB2551907B (en) | 2019-11-20 |
CN109417481A (zh) | 2019-03-01 |
GB201708573D0 (en) | 2017-07-12 |
GB201609460D0 (en) | 2016-07-13 |
WO2017208063A1 (fr) | 2017-12-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2551907B (en) | Method and system for providing a symmetric keypair with a master key and a transient derived key | |
US20220351200A1 (en) | Payment System For Authorizing A Transaction Between A User Device And A Terminal | |
US11157912B2 (en) | Method and system for enhancing the security of a transaction | |
US10909531B2 (en) | Security for mobile applications | |
AU2015334634B2 (en) | Transaction messaging | |
EP2695148B1 (fr) | Systeme de paiement | |
CA2838763C (fr) | Procedes et systemes d'authentification de references | |
US20190087814A1 (en) | Method for securing a payment token | |
US11880832B2 (en) | Method and system for enhancing the security of a transaction | |
EP3394788B1 (fr) | Procédé et système pour améliorer la sécurité d'une transaction | |
Cortier et al. | Designing and proving an EMV-compliant payment protocol for mobile devices | |
Radu et al. | Practical EMV relay protection | |
Kasper et al. | Chameleon: A versatile emulator for contactless smartcards | |
US20170359358A1 (en) | Method for making contactless transactions secure | |
CN105321069A (zh) | 一种实现远程支付的方法及装置 | |
CA2940465C (fr) | Dispositif et methode de securisation de commandes echangees entre un terminal et un circuit integre | |
CN105103180B (zh) | 用于处理移动信用卡的发行的方法 | |
EP2985724B1 (fr) | Support d'émulation de charge à distance et de carte de mise à jour | |
CN105279647A (zh) | 一种实现远程支付的方法、装置及智能卡 | |
CN103544418A (zh) | 一种基于电子交易的认证装置、系统及方法 | |
CN113807959A (zh) | 一种防止数字资产近距离重复转移的方法及终端 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20181221 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20191203 |