GB2551907B - Method and system for providing a symmetric keypair with a master key and a transient derived key - Google Patents

Method and system for providing a symmetric keypair with a master key and a transient derived key Download PDF

Info

Publication number
GB2551907B
GB2551907B GB201708573A GB201708573A GB2551907B GB 2551907 B GB2551907 B GB 2551907B GB 201708573 A GB201708573 A GB 201708573A GB 201708573 A GB201708573 A GB 201708573A GB 2551907 B GB2551907 B GB 2551907B
Authority
GB
United Kingdom
Prior art keywords
mobile device
transient
identifier
idn
dkn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
GB201708573A
Other versions
GB2551907A (en
GB201708573D0 (en
Inventor
Smith Matthew
Nirosha Bandula Dayan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Silverleap Tech Ltd
Original Assignee
Silverleap Tech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Silverleap Tech Ltd filed Critical Silverleap Tech Ltd
Publication of GB201708573D0 publication Critical patent/GB201708573D0/en
Publication of GB2551907A publication Critical patent/GB2551907A/en
Application granted granted Critical
Publication of GB2551907B publication Critical patent/GB2551907B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Description

METHOD AND SYSTEM FOR PROVIDING A SYMMETRIC KEYPAIR WITH A MASTER KEY AND A TRANSIENT DERIVED KEY
Field of Invention
The invention relates to a method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using an adapted communication protocol, such as Near Field Communication (NFC) protocol or Bluetooth (RTM).
The invention can be used to increase the security of software emulations of contactless smartcards in NFC (Near Field Communication) mobile phones. The introduction of HCE (Host Card Emulation) into NFC phones allowed software to emulate contactless smartcards, rather than depending on physical smartcard chips or suitable USIM cards to be physically installed in the phone. This software-based approach significantly reduced the complexity of distributing virtual contactless cards to NFC mobile phones.
It is widely recognised that the default security of standard NFC enabled mobile phones, specifically Android (RTM) based devices, is not high. The evidence being that it is relatively straightforward to remove the imposed operation system security of an Android (RTM) phone by ‘rooting’ the device which, once realised, allows an attacker to read out any data from the phone. This weakness potentially compromises any cryptographic keys used in a software virtual contactless card that uses only standard security in a mobile phone. However, the utility and commercial interest of having virtual cards in a mobile phone remains compelling.
Contactless cards are typically used in mass transit tickets for automatic fare collection. As such, substantial amounts of money are transacted using these cards and so their security is very important. If the keys of a transport card system are compromised then it becomes very expensive for the transport scheme owner to replace the cards and stop the potential losses from fraud. Hence the focus on security for the physical smartcard based contactless cards.
New security features are regularly implemented in the newer generations of mobile phones. For example, the Trusted Execution Environment (TEE) provides a secure execution and storage environment in suitably enabled phones and has been shown to be resistant to software based attacks. However, it is potentially vulnerable to advance hardware attacks. Additionally, there are new software based mechanisms called “white-box” cryptography compilers, which can successfully hide data and application software internals from potential attackers. Attacks on these software methods are proposed and are currently being analysed. All new security features have strengths and weaknesses.
The objective of all these security measures is either to defeat an attacker who wishes to access cryptographic keys in a device or, failing this, to render a successful attack infeasibly long to complete in terms of time and required resources.
Public Transit Scheme operators often use modern symmetric key contactless RFID cards to handle automatic fare collection within their transport networks. They are used to dealing with very high levels of security assurance when they use physical contactless cards, such as commercial products based on Desfire EV1 smartcard chips from NXP.
Through exhaustive analysis these commercial products have been shown to be highly resistant to attackers. In order to assist in approaching the same level of assurance in additional security measures, execution and storage of the virtual card are proposed in addition to simply using the security features described above.
When using a TEE or white-box cryptography, or other security features to store and execute a virtual contactless card, the risk for the transit operator would be the extraction of the keys of the virtual card from the mobile phone. This process would take a non-negligible amount of time due to the physical and logical complexity, and nature of the attack itself. This means that if a key is actually extracted from a phone then it could potentially be used to perform fraudulent transactions on the transport infrastructure. Therefore, a method for easily limiting the valid life of keys in a virtual card would be beneficial, so that even if they were extracted, they could not be used.
For such an invention to be useful it needs to be compatible and implementable in existing contactless based environments, with minimal impact in terms of changes to software infrastructures. In addition, the validity needs to be independent of any network connection of the mobile phone, since there is no guarantee that the phone will have access to a network at the start of a contactless transaction.
Object of Invention
According to a first aspect of the invention, the invention relates to a method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using Near Field Communication (NFC) protocol, the method comprising: - obtaining a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (1C) used in the mobile device and a software related component, such as a time stamp, - emitting the first transient identifier (ID n) for the mobile device to the provisioning server, - calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - sending the calculated first transient derived key (DKn) to the mobile device to allow the Trusted Application (TA) of the mobile device to securely communicate with a reader provided with the master key (MK), using said first transient derived key (DKn) during a determined time interval.
According to a second aspect of the invention, the invention relates to a method for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the reader device comprising a master key and the mobile device comprising a derived key, wherein the method comprises: - obtaining a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (1C) used in the mobile device and a software related component, such as a time stamp, - emitting the first transient identifier (IDn) for the mobile device to the provisioning server, the provisioning server comprising the master key (MK), - calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - sending the calculated first transient derived key (DKn) to the mobile device, - sending, by means of the mobile device, the first transient identifier (IDn) to the reader device, - checking in the reader device the validity of the first transient identifier (IDn) by reviewing the software related component of the first transient identifier (IDn), - if the first transient identifier (IDn) is valid, calculating, in the reader device by means of the master key and the first transient identifier (IDn), the first transient derived key (DKn), - using the first transient derived key (DKn) in the reader device to send an encrypted message to the mobile device, - decrypting the encrypted message in the mobile device to thereby authenticate the identity of the mobile device, and - if the identity of the mobile device is authenticated, allowing the mobile device to securely communicate with the reader device using Near Field Communication protocol
According to a third aspect of the invention, the invention relates to a system for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using an adapted communication protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising an identifier, such as the unique ID (UID) of an Integrated Circuit (1C) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises: - an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (1C) used in the mobile device and a software related component, such as a time stamp, - means for emitting the first transient identifier (IDn) for the mobile device to a provisioning server, the provisioning server comprising the master key (MK), wherein the provisioning server comprises: - means for calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - means for sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device, the mobile device further comprising: - means for receiving and storing the first transient derived key (DKn) to allow the mobile device to securely communicate with a reader device using an adapted communication protocol.
According to a fourth aspect of the invention, the invention relates to a system for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising identifier, such as the unique ID (UID) of an Integrated Circuit (1C) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises: - an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (1C) used in the mobile device and a software related component, such as a time stamp, - means for emitting the first transient identifier (IDn) for the mobile device to the provisioning server, the provisioning server comprising the master key (MK), wherein the provisioning server comprises: - means for calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - means for sending the calculated first transient derived key (DKn) to the mobile device, the mobile device further comprising: - means for sending the first transient identifier (IDn) to the reader device, using NFC protocol, wherein the reader device comprises: - means for reviewing the validity of the first transient identifier (IDn) by reviewing the software related component of the first transient identifier (IDn), and - means for calculating, if the first transient identifier (IDn) is valid, by using the master key and the first transient identifier (IDn), the first transient derived key (DKn), - means for encrypting a message using the first transient derived key (DKn), means for sending the encrypted message to the mobile device, the mobile device comprising: - means for decrypting the encrypted message received from the reader device to thereby authenticate the identity of the mobile device, and - means to allow, if the identity of the mobile device is authenticated, the mobile device to securely communicate with the reader device using Near Field Communication protocol.
Whereas for the purposes of discussion the invention has been described in detail herein with reference to Near Field Communication protocol, it would be evident to the skilled person that the necessary communication can also be effected using another adapted communication protocol, in particular Bluetooth (RTM).
Detailed description of the Invention
This invention proposes a mechanism for limiting the validity of the keys of a virtual contactless card installed in a mobile phone, as a means of limiting the time window for which a particular key is vulnerable. The implication is that by using this method in conjunction with additional system based security features, such as a TEE or white-box cryptography, an attacker who successfully extracts a key from a phone would not be able to use it because the validity of that key would have expired.
According to the invention communication is possible between a mobile device and a reader device only if the reader device comprises a valid ID and a valid derived key, wherein the reader device comprises a master key and means to check the validity of the ID and the derived key of the mobile device.
To increase the security of the communication between the mobile device and the reader device, the time window for which a derived key (on a virtual card) can be used in combination with a master key (on a reader) is limited. This means that the mobile device first receives a first transient derived key (DKn) which is valid for a determined time interval. At the end of the validity of the first transient derived key (DKn), the mobile device can no longer communicate with the reader device using the first transient derived key (DKn). To allow the mobile device to communicate with the reader device the mobile device receives a further transient derived key (DKn+1) which replaces the first transient derived key (DKn). The further transient derived key (DKn+1) can be used until the end of its validity or until it is replaced by yet a further transient derived key (DKn+2).
In order to allow the mobile device to receive a sequence of derived keys (DKn, DKn+1, DKn+2, etc.) the mobile device should be able to generate a sequence of unique ID’s for the mobile device. According to the invention the mobile device comprises an application to generate transient identifiers (ID), each transient identifier (ID) having a determined an limited time period wherein the transient identifier (ID) is valid.
The application in the mobile device will generate a first transient identifier (IDn) by combining a hardware component for the transient identifier with a software component for the transient identifier. The hardware component of the transient identifier is, for instance, the Unique Identifier (UID) of the integrated circuit (IC) used in the mobile device. The software component is, for instance, a time stamp.
The advantage of using both a hardware component and a software component is, that for a single mobile device a sequence of unique transient identifiers (IDn, IDn+1, IDn+2, etc.) can be generated. The software related part of the transient identifier (ID) can be used to check the validity of the transient identifier (ID). This checking of the validity of the transient identifier (ID) is, for instance, executed in the reader device. The checker in the reader device can, for instance, determine whether the transient identifier (IDx) is valid, for instance, by checking whether the transient identifier (IDx) is in accordance with the other transient identifiers in an array of identifiers (IDx-2, IDx-1, IDx). If the validity of the transient ID can not be established, the reader device can abort the communication with the mobile device. According to an embodiment the invention comprises the following parts: • A mobile phone containing one or more security features protecting software for the virtual contactless card execution, including cryptographic keys and other sensitive data; • A specific structure of a transient ID of the virtual card, combined with a derived key in the virtual card; • A reader device having validity checker included into the reader terminal software that checks the validity of the transient ID of the virtual card; • A provisioning server that calculates new transient ID’s and derived keys for a virtual card and sends them to the virtual card using one or more additional security features of the mobile phone. • A mobile phone with NFC, capable of supporting HCE transactions and equipped with one or more security features protecting the installed virtual card software application.
There is a part of the application that provides user interface and network communication (amongst other functions) and runs in the open Android (RTM) operating system environment. The other part of the application is protected by one or more additional security features, which protect the execution of the virtual card emulation and store the cryptographic keys and other sensitive data.
The invention is based on the creation of a special transient ID for the virtual card, and an associated derived key for the virtual card. This ID structure contains within it the details of the validity of the ID itself. This data is used by a validity checker in the reader terminal that reads the virtual card, extracts the validity data of the transient ID, and assesses the validity of the virtual card prior to processing any financial transaction.
According to an embodiment of the invention the following procedure can be followed to obtain a transient identifier (ID).
The transient identifier (ID) is made up of two adjoining parts to form a UID of 7 Bytes: • Subscription Account Number: 3 Bytes • Calculated Timestamp: 4 Bytes
The validity checker in the reader terminal analyses the data encapsulated in the transient identifier (ID) and makes the following checks: • Is the Subscription Account Number Valid? • Is the Calculated Timestamp in the correct range?
The Subscription Account Number is a sequential reference number representing the account of the subscriber owning the particular virtual card, and can verified by using standard account number verification such as black list and white list checking provided by a server to the reader checker, or potentially a separate check digit.
The Calculated Timestamp is the number of seconds expired since the 1st January 2015 until the point at which the transient identifier (ID) for that virtual card was created. The check for whether the Calculated Timestamp is in the correct range uses a ‘time to live’ value stored in the reader. This time to live value defines the validity period of a transient identifier (ID) from the moment it is created. A typical value for a time to live parameter is one day.
The reader checker then calculates the ‘Current Timestamp’ as the number of seconds since 1st January 2015 until that moment. If the sum of the transient identifier (ID) Calculated Timestamp, plus the time to live value is greater than the Current Timestamp then the transient identifier (ID) is deemed valid.
Ifthe Subscriber Account Number and the transient identifier (ID) are both valid, the checker hands the virtual card processing to the next stage of the reader terminal acceptance software. Otherwise the virtual card is rejected and the processing stops.
The transient identifier (ID) is provided by the mobile phone when it is placed in the NFC field of the reader terminal. When this occurs, the phone behaves according to the ISO 14443 protocol standard. As part of this standard the phone must provide a transient identifier (ID) to the reader during the ‘anti-collision’ phase so that the reader can correctly continue the transaction. The standard suggests that the reader assumes that the transient identifier (ID) provided by the phone in this phase is random and should not be used for additional processing. This means that the reader must first request the real transient identifier (ID) of the virtual card or that the transient identifier (ID) is passed some other way.
In an embodiment of this invention the virtual card application will provide the unique identifier (UID) together with some other control data such as:
• Virtual Card Issuer ID • Major version of the virtual card • Minor version of the card • Processing Instructions
This data together with the transient identifier (ID) for the virtual card is passed to the reader in response to the ‘Select AID’ command, which is sent by the reader terminal in the form of an ISO 7816 compliant APDU (application packet data unit). This response, which is a Status response APDU, can then be used as the input for the check process in the reader terminal.
In a full embodiment of the invention the transient identifier (ID) and derived key are provided by a provisioning sever to the mobile phone based application protected by one or more additional security features. A typical key diversification scheme for a general symmetric key based contactless system works along the follows lines, although other methods are available and the present invention also functions with such other methods. 1. Each card has a Unique Identification number (UID). 2. This UID is encrypted using a master key, to generate a new key - diversified key. This is done in a secure location. 3. The derived key is then injected into the contactless card and used to encrypt the contents of the card. 4. When the card is used at a reader terminal it presents its UID to the reader. 5. The reader uses a locally stored master key and the provided UID from the card to recreate the derived key of the card. 6. The reader then uses the diversified key to read and update the card.
The present invention functions in a similar way, with the addition of the following points:
In step 1, the server calculates a transient identifier (ID) for the virtual card based on the structure described above.
Step 2 is the same in that the transient derived key for the virtual card is generated using the diversification algorithm for the card scheme and the calculated transient identifier (ID). This is performed on the provisioning server in a secure environment, such as an HSM.
In Step 3, the transient identifier (ID) and the derived key are passed securely to the virtual card in the TEE of the mobile phone, using standard secure transmission methods. This occurs each time the transient identifier (ID) validity lifetime of a particular virtual card expires. The lifetime of the transient identifier (ID)s in the virtual cards can either be tracked by the server or by the mobile phone. If it is tracked by the server, a new transient identifier (ID) is generated and sent to the phone. If it is tracked by the phone, the phone requests a new transient identifier (ID) key combination from the provisional server.
The transient identifier (ID) checker installed in the contactless reader, as described above, performs the validity checks between steps 4 and 5. This transient identifier (ID) checker requires a small amount of software code to implement, and is independent of any other business logic implemented in the reader. In this way, the reader can check the validity of the virtual card very easily at the beginning of the acceptance process, and stop if the transient identifier (ID) of the virtual card has expired.

Claims (14)

Claims
1. Method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using an adapted communication protocol, the method comprising: - obtaining a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp, - emitting the first transient identifier (IDn) for the mobile device to a provisioning server, - calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device to allow the Trusted Application (TA) of the mobile device to securely communicate with a reader provided with the master key (MK), using said first transient derived key (DKn) during a determined time interval.
2. Method according to claim 1, wherein the Trusted Application (TA) and the reader device are adapted to securely communicate using said master key (MK) and said derived key (DK) using Near Field Communication (NFC) protocol.
3. Method according to claim 1, wherein the Trusted Application (TA) and the reader device are adapted to securely communicate using said master key (MK) and said derived key (DK) using Bluetooth ®.
4. Method according to claim 1,2 or 3, comprising: - obtaining a further transient identifier (IDn+1) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp, - emitting the further transient identifier (ID n+1) for the mobile device to the provisioning server, - calculating, using the master key (MK) and the further transient identifier (IDn+1) of the mobile device, a further transient derived key (DKn+1) for the mobile device, - sending the calculated further transient derived key (DKn+1) to the mobile device, - replacing the first transient derived key (DKn) by the further transient derived key (DKn+1) to allow the Trusted Application (TA) of the mobile device to securely communicate with a reader provided with the master key (MK), using said further transient derived key (DKn+1) during a determined time interval.
5. Method according to any of the claims 1 to 4, wherein the first transient identifier (IDn) and the further transient identifier (IDn+1) comprise business data provided by the Trusted Application (TA).
6. Method according to any of the claims 1 to 5, wherein the Trusted Application (TA) is run in the Trusted Execution Environment (TEE) of the mobile device.
7. Method according to any of the preceding claims, wherein the Trusted Application (TA) is a wallet application and the transaction with the reader comprises a transfer of a monetary value.
8. Method for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the reader device comprising a master key and the mobile device comprising a derived key, wherein the method comprises: - obtaining a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (1C) used in the mobile device and a software related component, such as a time stamp, - emitting the first transient identifier (IDn) for the mobile device to a provisioning server, the provisioning server comprising the master key (MK), - calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device, - sending, by means of the mobile device, the first transient identifier (IDn) to the reader device, - checking in the reader device the validity of the first transient identifier (IDn) by reviewing the software related component of the first transient identifier (IDn), - if the first transient identifier (IDn) is valid, calculating, in the reader device by means of the master key and the first transient identifier (IDn), the first transient derived key (DKn), - using the first transient derived key (DKn) in the reader device to send an encrypted message to the mobile device, - decrypting the encrypted message in the mobile device to thereby authenticate the identity of the mobile device, and - if the identity of the mobile device is authenticated, allowing the mobile device to securely communicate with the reader device using Near Field Communication protocol.
9. Method according to claim 8, comprising: - obtaining a further transient identifier (IDn+1) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp, - emitting the further transient identifier (ID n+1) for the mobile device to the provisioning server, - calculating, using the master key (MK) and the further transient identifier (IDn+1) of the mobile device, a further transient derived key (DKn+1) for the mobile device, - sending the calculated further transient derived key (DKn+1) to the mobile device, - replacing the first transient derived key (DKn) by the further transient derived key (DKn+1).
10. Method according to claim 8 or 9, wherein the first transient identifier (IDn) and the further transient identifier (IDn+1) comprise business data provided by the Trusted Application (TA).
11. Method according to any of the claims 8 to 10, wherein the Trusted Application (TA) is run in the Trusted Execution Environment (TEE) of the mobile device.
12. Method according to any of the claims 8 to 11, wherein the Trusted Application (TA) is a wallet application and the transaction with the reader comprises a transfer of a monetary value.
13. System for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using an adapted communication protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising an identifier, such as the unique ID (UID) of an Integrated Circuit (IC) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises: - an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (1C) used in the mobile device and a software related component, such as a time stamp, - means for emitting the first transient identifier (IDn) for the mobile device to a provisioning server, the provisioning server comprising the master key (MK), wherein the provisioning server comprises: - means for calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - means for sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device, the mobile device further comprising: - means for receiving and storing the first transient derived key (DKn) to allow the mobile device to securely communicate with a reader device using an adapted communication protocol.
14. System for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising an identifier, such as the unique ID (UID) of an Integrated Circuit (IC) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises: - an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp, - means for emitting the first transient identifier (IDn) for the mobile device to a provisioning server, the provisioning server comprising the master key (MK), wherein the provisioning server comprises: - means for calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - means for sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device, the mobile device further comprising: - means for sending the first transient identifier (IDn) to the reader device, using NFC protocol, wherein the reader device comprises: - means for reviewing the validity of the first transient identifier (IDn) by reviewing the software related component of the first transient identifier (IDn), and - means for calculating, if the first transient identifier (IDn) is valid, by using the master key and the first transient identifier (IDn), the first transient derived key (DKn), - means for encrypting a message using the first transient derived key (DKn), - means for sending the encrypted message to the mobile device, the mobile device comprising - means for decrypting the encrypted message received from the reader device to thereby authenticate the identity of the mobile device, and - means to allow, if the identity of the mobile device is authenticated, the mobile device to securely communicate with the reader device using Near Field Communication protocol.
GB201708573A 2016-05-30 2017-05-29 Method and system for providing a symmetric keypair with a master key and a transient derived key Expired - Fee Related GB2551907B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB1609460.9A GB201609460D0 (en) 2016-05-30 2016-05-30 Increased security through ephemeral keys for software virtual contactless card in a mobile phone
PCT/IB2017/000646 WO2017208063A1 (en) 2016-05-30 2017-05-29 Increased security through ephemeral keys for software virtual contactless card in mobile phone

Publications (3)

Publication Number Publication Date
GB201708573D0 GB201708573D0 (en) 2017-07-12
GB2551907A GB2551907A (en) 2018-01-03
GB2551907B true GB2551907B (en) 2019-11-20

Family

ID=56410729

Family Applications (2)

Application Number Title Priority Date Filing Date
GBGB1609460.9A Ceased GB201609460D0 (en) 2016-05-30 2016-05-30 Increased security through ephemeral keys for software virtual contactless card in a mobile phone
GB201708573A Expired - Fee Related GB2551907B (en) 2016-05-30 2017-05-29 Method and system for providing a symmetric keypair with a master key and a transient derived key

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GBGB1609460.9A Ceased GB201609460D0 (en) 2016-05-30 2016-05-30 Increased security through ephemeral keys for software virtual contactless card in a mobile phone

Country Status (5)

Country Link
EP (1) EP3465980A1 (en)
CN (1) CN109417481A (en)
GB (2) GB201609460D0 (en)
PH (1) PH12018502545A1 (en)
WO (1) WO2017208063A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11848724B2 (en) 2021-03-26 2023-12-19 Capital One Services, Llc Network-enabled smart apparatus and systems and methods for activating and provisioning same
US12003490B2 (en) 2022-07-26 2024-06-04 Capital One Services, Llc Systems and methods for card information management

Families Citing this family (99)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10546444B2 (en) 2018-06-21 2020-01-28 Capital One Services, Llc Systems and methods for secure read-only authentication
US10592710B1 (en) 2018-10-02 2020-03-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
CA3115084A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10607216B1 (en) 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
KR20210068028A (en) 2018-10-02 2021-06-08 캐피탈 원 서비시즈, 엘엘씨 System and method for cryptographic authentication of contactless card
US10489781B1 (en) 2018-10-02 2019-11-26 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10511443B1 (en) 2018-10-02 2019-12-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10581611B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10733645B2 (en) 2018-10-02 2020-08-04 Capital One Services, Llc Systems and methods for establishing identity for order pick up
US10579998B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
SG11202101874SA (en) 2018-10-02 2021-03-30 Capital One Services Llc Systems and methods for cryptographic authentication of contactless cards
US10949520B2 (en) 2018-10-02 2021-03-16 Capital One Services, Llc Systems and methods for cross coupling risk analytics and one-time-passcodes
US10582386B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
WO2020072670A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
JP2022508010A (en) 2018-10-02 2022-01-19 キャピタル・ワン・サービシーズ・リミテッド・ライアビリティ・カンパニー Systems and methods for cryptographic authentication of non-contact cards
WO2020072552A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
CA3115064A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10565587B1 (en) 2018-10-02 2020-02-18 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10909527B2 (en) 2018-10-02 2021-02-02 Capital One Services, Llc Systems and methods for performing a reissue of a contactless card
US10505738B1 (en) 2018-10-02 2019-12-10 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10771254B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for email-based card activation
US10680824B2 (en) 2018-10-02 2020-06-09 Capital One Services, Llc Systems and methods for inventory management using cryptographic authentication of contactless cards
US11210664B2 (en) 2018-10-02 2021-12-28 Capital One Services, Llc Systems and methods for amplifying the strength of cryptographic algorithms
US10607214B1 (en) 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
WO2020072474A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
CA3113590A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
JP2022502891A (en) 2018-10-02 2022-01-11 キャピタル・ワン・サービシーズ・リミテッド・ライアビリティ・カンパニーCapital One Services, LLC Systems and methods for cryptographic authentication of non-contact cards
AU2019354421A1 (en) 2018-10-02 2021-04-29 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10771253B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10542036B1 (en) 2018-10-02 2020-01-21 Capital One Services, Llc Systems and methods for signaling an attack on contactless cards
US10554411B1 (en) 2018-10-02 2020-02-04 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11361302B2 (en) 2019-01-11 2022-06-14 Capital One Services, Llc Systems and methods for touch screen interface interaction using a card overlay
US11037136B2 (en) 2019-01-24 2021-06-15 Capital One Services, Llc Tap to autofill card data
US10467622B1 (en) 2019-02-01 2019-11-05 Capital One Services, Llc Using on-demand applications to generate virtual numbers for a contactless card to securely autofill forms
US10510074B1 (en) 2019-02-01 2019-12-17 Capital One Services, Llc One-tap payment using a contactless card
US11120453B2 (en) 2019-02-01 2021-09-14 Capital One Services, Llc Tap card to securely generate card data to copy to clipboard
US10425129B1 (en) 2019-02-27 2019-09-24 Capital One Services, Llc Techniques to reduce power consumption in near field communication systems
US10523708B1 (en) 2019-03-18 2019-12-31 Capital One Services, Llc System and method for second factor authentication of customer support calls
US10535062B1 (en) 2019-03-20 2020-01-14 Capital One Services, Llc Using a contactless card to securely share personal data stored in a blockchain
US10643420B1 (en) 2019-03-20 2020-05-05 Capital One Services, Llc Contextual tapping engine
US10984416B2 (en) 2019-03-20 2021-04-20 Capital One Services, Llc NFC mobile currency transfer
US10438437B1 (en) 2019-03-20 2019-10-08 Capital One Services, Llc Tap to copy data to clipboard via NFC
US10970712B2 (en) 2019-03-21 2021-04-06 Capital One Services, Llc Delegated administration of permissions using a contactless card
US10467445B1 (en) 2019-03-28 2019-11-05 Capital One Services, Llc Devices and methods for contactless card alignment with a foldable mobile device
US11521262B2 (en) 2019-05-28 2022-12-06 Capital One Services, Llc NFC enhanced augmented reality information overlays
US10516447B1 (en) 2019-06-17 2019-12-24 Capital One Services, Llc Dynamic power levels in NFC card communications
US11694187B2 (en) 2019-07-03 2023-07-04 Capital One Services, Llc Constraining transactional capabilities for contactless cards
US11392933B2 (en) 2019-07-03 2022-07-19 Capital One Services, Llc Systems and methods for providing online and hybridcard interactions
US10871958B1 (en) 2019-07-03 2020-12-22 Capital One Services, Llc Techniques to perform applet programming
US10713649B1 (en) 2019-07-09 2020-07-14 Capital One Services, Llc System and method enabling mobile near-field communication to update display on a payment card
US10498401B1 (en) 2019-07-15 2019-12-03 Capital One Services, Llc System and method for guiding card positioning using phone sensors
US10885514B1 (en) 2019-07-15 2021-01-05 Capital One Services, Llc System and method for using image data to trigger contactless card transactions
US10733601B1 (en) 2019-07-17 2020-08-04 Capital One Services, Llc Body area network facilitated authentication or payment authorization
US11182771B2 (en) 2019-07-17 2021-11-23 Capital One Services, Llc System for value loading onto in-vehicle device
US10832271B1 (en) 2019-07-17 2020-11-10 Capital One Services, Llc Verified reviews using a contactless card
US11521213B2 (en) 2019-07-18 2022-12-06 Capital One Services, Llc Continuous authentication for digital services based on contactless card positioning
US10506426B1 (en) 2019-07-19 2019-12-10 Capital One Services, Llc Techniques for call authentication
US10541995B1 (en) 2019-07-23 2020-01-21 Capital One Services, Llc First factor contactless card authentication system and method
KR20220071211A (en) 2019-10-02 2022-05-31 캐피탈 원 서비시즈, 엘엘씨 Client Device Authentication Using Contactless Legacy Magnetic Stripe Data
US11113685B2 (en) 2019-12-23 2021-09-07 Capital One Services, Llc Card issuing with restricted virtual numbers
US10733283B1 (en) 2019-12-23 2020-08-04 Capital One Services, Llc Secure password generation and management using NFC and contactless smart cards
US11651361B2 (en) 2019-12-23 2023-05-16 Capital One Services, Llc Secure authentication based on passport data stored in a contactless card
US10885410B1 (en) 2019-12-23 2021-01-05 Capital One Services, Llc Generating barcodes utilizing cryptographic techniques
US11615395B2 (en) 2019-12-23 2023-03-28 Capital One Services, Llc Authentication for third party digital wallet provisioning
US10862540B1 (en) 2019-12-23 2020-12-08 Capital One Services, Llc Method for mapping NFC field strength and location on mobile devices
US10657754B1 (en) 2019-12-23 2020-05-19 Capital One Services, Llc Contactless card and personal identification system
US11200563B2 (en) 2019-12-24 2021-12-14 Capital One Services, Llc Account registration using a contactless card
US10664941B1 (en) 2019-12-24 2020-05-26 Capital One Services, Llc Steganographic image encoding of biometric template information on a card
US10853795B1 (en) 2019-12-24 2020-12-01 Capital One Services, Llc Secure authentication based on identity data stored in a contactless card
US10909544B1 (en) 2019-12-26 2021-02-02 Capital One Services, Llc Accessing and utilizing multiple loyalty point accounts
US10757574B1 (en) 2019-12-26 2020-08-25 Capital One Services, Llc Multi-factor authentication providing a credential via a contactless card for secure messaging
US11038688B1 (en) 2019-12-30 2021-06-15 Capital One Services, Llc Techniques to control applets for contactless cards
US10860914B1 (en) 2019-12-31 2020-12-08 Capital One Services, Llc Contactless card and method of assembly
US11455620B2 (en) 2019-12-31 2022-09-27 Capital One Services, Llc Tapping a contactless card to a computing device to provision a virtual number
US11210656B2 (en) 2020-04-13 2021-12-28 Capital One Services, Llc Determining specific terms for contactless card activation
US11222342B2 (en) 2020-04-30 2022-01-11 Capital One Services, Llc Accurate images in graphical user interfaces to enable data transfer
US11030339B1 (en) 2020-04-30 2021-06-08 Capital One Services, Llc Systems and methods for data access control of personal user data using a short-range transceiver
US11823175B2 (en) 2020-04-30 2023-11-21 Capital One Services, Llc Intelligent card unlock
US10861006B1 (en) 2020-04-30 2020-12-08 Capital One Services, Llc Systems and methods for data access control using a short-range transceiver
US10915888B1 (en) 2020-04-30 2021-02-09 Capital One Services, Llc Contactless card with multiple rotating security keys
US10963865B1 (en) 2020-05-12 2021-03-30 Capital One Services, Llc Augmented reality card activation experience
US11100511B1 (en) 2020-05-18 2021-08-24 Capital One Services, Llc Application-based point of sale system in mobile operating systems
US11063979B1 (en) 2020-05-18 2021-07-13 Capital One Services, Llc Enabling communications between applications in a mobile operating system
US11062098B1 (en) 2020-08-11 2021-07-13 Capital One Services, Llc Augmented reality information display and interaction via NFC based authentication
US11482312B2 (en) 2020-10-30 2022-10-25 Capital One Services, Llc Secure verification of medical status using a contactless card
US11165586B1 (en) 2020-10-30 2021-11-02 Capital One Services, Llc Call center web-based authentication using a contactless card
US11373169B2 (en) 2020-11-03 2022-06-28 Capital One Services, Llc Web-based activation of contactless cards
US11216799B1 (en) 2021-01-04 2022-01-04 Capital One Services, Llc Secure generation of one-time passcodes using a contactless card
US11682012B2 (en) 2021-01-27 2023-06-20 Capital One Services, Llc Contactless delivery systems and methods
US11687930B2 (en) 2021-01-28 2023-06-27 Capital One Services, Llc Systems and methods for authentication of access tokens
US11792001B2 (en) 2021-01-28 2023-10-17 Capital One Services, Llc Systems and methods for secure reprovisioning
US11562358B2 (en) 2021-01-28 2023-01-24 Capital One Services, Llc Systems and methods for near field contactless card communication and cryptographic authentication
US11438329B2 (en) 2021-01-29 2022-09-06 Capital One Services, Llc Systems and methods for authenticated peer-to-peer data transfer using resource locators
US11777933B2 (en) 2021-02-03 2023-10-03 Capital One Services, Llc URL-based authentication for payment cards
US11637826B2 (en) 2021-02-24 2023-04-25 Capital One Services, Llc Establishing authentication persistence
US11961089B2 (en) 2021-04-20 2024-04-16 Capital One Services, Llc On-demand applications to extend web services
US11935035B2 (en) 2021-04-20 2024-03-19 Capital One Services, Llc Techniques to utilize resource locators by a contactless card to perform a sequence of operations
US11902442B2 (en) 2021-04-22 2024-02-13 Capital One Services, Llc Secure management of accounts on display devices using a contactless card
US11354555B1 (en) 2021-05-04 2022-06-07 Capital One Services, Llc Methods, mediums, and systems for applying a display to a transaction card

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100121990A1 (en) * 2008-11-12 2010-05-13 Acresso Software, Inc. Method and system for embedded regenerative licensing
TW201525759A (en) * 2013-12-31 2015-07-01 Sage Information Systems Co Ltd Authentication system and authentication method of computer software, and one-time password generator for authenticating the computer software

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8447984B1 (en) * 2004-06-25 2013-05-21 Oracle America, Inc. Authentication system and method for operating the same
CN101902476B (en) * 2010-07-27 2013-04-24 浙江大学 Method for authenticating identity of mobile peer-to-peer user
US20130042112A1 (en) * 2011-02-12 2013-02-14 CertiVox Ltd. Use of non-interactive identity based key agreement derived secret keys with authenticated encryption
US20130179351A1 (en) * 2012-01-09 2013-07-11 George Wallner System and method for an authenticating and encrypting card reader
CN103268249B (en) * 2012-03-04 2016-11-16 深圳市可秉资产管理合伙企业(有限合伙) The method and apparatus simulating multiple cards in the mobile device
EP2955872B1 (en) * 2014-06-12 2016-10-12 Nxp B.V. Method for configuring a secure element, key derivation program, computer program product and configurable secure element
CN104618467B (en) * 2015-01-20 2018-12-14 西安电子科技大学 A kind of effective and resisting denying based on Android platform falls down rescue skills and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100121990A1 (en) * 2008-11-12 2010-05-13 Acresso Software, Inc. Method and system for embedded regenerative licensing
TW201525759A (en) * 2013-12-31 2015-07-01 Sage Information Systems Co Ltd Authentication system and authentication method of computer software, and one-time password generator for authenticating the computer software

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11848724B2 (en) 2021-03-26 2023-12-19 Capital One Services, Llc Network-enabled smart apparatus and systems and methods for activating and provisioning same
US12008558B2 (en) 2021-10-26 2024-06-11 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US12003490B2 (en) 2022-07-26 2024-06-04 Capital One Services, Llc Systems and methods for card information management
US12010238B2 (en) 2022-08-22 2024-06-11 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards

Also Published As

Publication number Publication date
GB2551907A (en) 2018-01-03
PH12018502545A1 (en) 2019-04-08
EP3465980A1 (en) 2019-04-10
CN109417481A (en) 2019-03-01
GB201708573D0 (en) 2017-07-12
GB201609460D0 (en) 2016-07-13
WO2017208063A1 (en) 2017-12-07

Similar Documents

Publication Publication Date Title
GB2551907B (en) Method and system for providing a symmetric keypair with a master key and a transient derived key
US11157912B2 (en) Method and system for enhancing the security of a transaction
US10909531B2 (en) Security for mobile applications
CA2838763C (en) Credential authentication methods and systems
KR102477453B1 (en) Transaction messaging
EP2695148B1 (en) Payment system
US20190087814A1 (en) Method for securing a payment token
US11880832B2 (en) Method and system for enhancing the security of a transaction
EP3394788B1 (en) Method and system for enhancing the security of a transaction
JP2019517229A (en) System and method for generating, storing, managing and using digital secrets associated with portable electronic devices
Cortier et al. Designing and proving an EMV-compliant payment protocol for mobile devices
Radu et al. Practical EMV relay protection
CN105321069A (en) Method and device for realizing remote payment
CA2940465C (en) Device and method for securing commands exchanged between a terminal and an integrated circuit
EP2985724B1 (en) Remote load and update card emulation support
CN103544418A (en) Authentication device, system and method based on electronic transaction

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20220530