System and method for encrypted authentication of contactless cards

The cryptographic authentication system for contactless cards addresses data security and authentication issues by using a contactless card, client application, and server to verify transactions securely, reducing vulnerabilities and side-channel attacks through key diversification.

JP7880911B2Active Publication Date: 2026-06-26CAPITAL ONE SERVICES LLC

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Patents
Current Assignee / Owner
CAPITAL ONE SERVICES LLC
Filing Date
2024-04-03
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

Existing contactless cards face challenges in data security and authentication, with vulnerabilities in email and SMS verification, and reliance on login credentials compromising account access, necessitating improved methods for activation and authentication.

Method used

A cryptographic authentication system for contactless cards involving an authentication server, client application, and contactless card with a processor and memory, where transactions exceeding a predetermined value require authentication via a ciphertext generated by the card within the communication range of the client device, verified by the client application and approved by the server.

Benefits of technology

Enhances data security and transaction integrity by ensuring secure authentication without revealing the master symmetric key, reducing exposure to side-channel attacks through key diversification and periodic key changes.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 0007880911000004
    Figure 0007880911000004
  • Figure 0007880911000005
    Figure 0007880911000005
  • Figure 0007880911000006
    Figure 0007880911000006
Patent Text Reader

Abstract

To provide a system and a method that authorize data transmission and transaction between a transmission device and a reception device.SOLUTION: A method according to an authentication system including an authentication server, a client application comprising an instruction executed on a client device in data communication with the authentication server, and a non-contact card including a processor and a memory, comprises the steps of: receiving, by the authentication server, a transaction request including account information and transaction information requesting execution of a transaction thereof; in response to receiving the transaction request, transmitting, when a value of the transaction exceeds a predetermined value, an authentication request to the client application requesting at least one authentication element that includes a cryptogram generated by placing the non-contact card within a communication range of the client device; and receiving, from the client device, an authentication signal that includes the cryptogram and that, when received, authorizes the transaction.SELECTED DRAWING: Figure 14
Need to check novelty before this filing date? Find Prior Art