Search

US-12621155-B2 - Secure management of accounts on display devices using a contactless card

US12621155B2US 12621155 B2US12621155 B2US 12621155B2US-12621155-B2

Abstract

Systems, methods, apparatuses, and computer-readable media for secure management of accounts on display devices using a contactless card. An application executing on a display device may receive a request specifying a service provider. The display device may receive a cryptogram generated a contactless card, and transmit the cryptogram to an authentication server. The authentication server may decrypt the cryptogram and generate a virtual account number associated with the contactless card. The authentication server may transmit the virtual account number to the service provider, which may create an account based at least in part on the virtual account number and the decryption of the cryptogram by the authentication server. The display may receive an authentication token generated by the service provider for the account, and access the account created by the service provider based at least in part on the authentication token.

Inventors

  • Jeffrey Rule
  • Kevin Osborn

Assignees

  • CAPITAL ONE SERVICES, LLC

Dates

Publication Date
20260505
Application Date
20231220

Claims (20)

  1. 1 . A method, comprising: receiving, by an application executing on a processor of a display device, a first request to access one or more accounts with a plurality of service providers; receiving, by a wireless interface of the display device, encrypted data; transmitting, by the application, the encrypted data and an identifier of the application to an authentication server; receiving, by the application from the authentication server, a decryption result specifying the encrypted data was decrypted by the authentication server; receiving, by the application from the authentication server based on the decryption of the encrypted data and the identifier of the application, a confirmation result specifying that an account database of the one or more accounts includes a payment record reflecting payment for an account with a first service provider of the plurality of service providers; receiving, by the application from the first service provider, a first authentication token for the first service provider; and accessing, by the application, the account with the first service provider using the first authentication token.
  2. 2 . The method of claim 1 , further comprising: receiving, by the application, a second request comprising a content item; receiving, from the first service provider, a first portion of the content item; and displaying, by the display device, the first portion of the content item.
  3. 3 . The method of claim 1 , wherein the account with the first service provider is generated by the first service provider based at least in part on payment information generated by the authentication server.
  4. 4 . The method of claim 2 , wherein the payment information comprises an account number, an expiration date of the account number, and a card verification value (CVV) of the account number.
  5. 5 . The method of claim 4 , wherein the account number is restricted to use with the first service provider.
  6. 6 . The method of claim 1 , further comprising: transmitting, by the application, location information for the display device to the authentication server; and receiving, by the application from the authentication server, an indication specifying the location information of the display device is within a predefined distance of an address.
  7. 7 . The method of claim 1 , wherein the encrypted data is received using Near Field Communication (NFC).
  8. 8 . A method, comprising: receiving, by an application executing on a processor of a display device, a first request comprising a service provider; receiving, by the application via a wireless interface of the display device, encrypted data; transmitting, by the application, the encrypted data and an identifier of the application to an authentication server; receiving, by the application from the authentication server, a decryption result specifying the authentication server decrypted the encrypted data; receiving, by the application from the service provider based on the authentication server decrypting the encrypted data and the identifier of the application, an authentication token for an account generated by the service provider; and accessing, by the application, the account created by the service provider based at least in part on the authentication token.
  9. 9 . The method of claim 8 , wherein the account is generated by the service provider based at least in part on the authentication server decrypting the encrypted data.
  10. 10 . The method of claim 9 , wherein the account is generated by the service provider based at least in part on payment information generated by the authentication server.
  11. 11 . The method of claim 10 , wherein the payment information comprises an account number, an expiration date of the account number, and a card verification value (CVV) of the account number.
  12. 12 . The method of claim 8 , further comprising: receiving, by the application, a second request comprising a content item; receiving, from the service provider, a first portion of the content item; and displaying, by the display device, the first portion of the content item.
  13. 13 . The method of claim 8 , further comprising: transmitting, by the application, location information for the display device to the authentication server; and receiving, by the application from the authentication server, an indication specifying the location information of the display device is within a predefined distance of an address.
  14. 14 . The method of claim 8 , wherein the encrypted data is received using Near Field Communication (NFC).
  15. 15 . A non-transitory computer-readable storage medium, the computer-readable storage medium including instructions that when executed by a processor of a display device, cause the processor to: receive a first request comprising a service provider; receive, via a wireless interface of the display device, encrypted data; transmit the encrypted data and an identifier of an application running on the display device to an authentication server; receive, from the authentication server, a decryption result specifying the authentication server decrypted the encrypted data; receive, from the service provider based on the authentication server decrypting the encrypted data and the identifier of the application, an authentication token for an account generated by the service provider; and access the account created by the service provider based at least in part on the authentication token.
  16. 16 . The computer-readable storage medium of claim 15 , wherein the account is generated by the service provider based at least in part on the authentication server decrypting the encrypted data.
  17. 17 . The computer-readable storage medium of claim 16 , wherein the account is generated by the service provider based at least in part on payment information generated by the authentication server.
  18. 18 . The computer-readable storage medium of claim 17 , wherein the payment information comprises an account number, an expiration date of the account number, and a card verification value (CVV) of the account number.
  19. 19 . The computer-readable storage medium of claim 15 , wherein the instructions further cause the processor to: receive a second request comprising a content item; receive, from the service provider, a first portion of the content item; and display the first portion of the content item.
  20. 20 . The computer-readable storage medium of claim 15 , wherein the encrypted data is received using Near Field Communication (NFC).

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation of U.S. patent application Ser. No. 17/237,717, filed on Apr. 22, 2021, the disclosure of which is incorporated herein by reference in its entirety. BACKGROUND Display devices, such as televisions, may provide different applications that allow users to access content hosted by service providers. Often, a user is required to pay for such services. However, most televisions do not have input interfaces that allow a user to easily enter their personal information. Furthermore, users of these input interfaces often make errors, requiring multiple attempts to enter correct information. These input interfaces may also pose security risks, as personal information may be visible on the display when entered by the user. Similarly, malicious users may be able to copy the input as the user enters the information via the input interfaces, thereby posing security risks. SUMMARY In one aspect, a method, includes receiving, by an application executing on a processor of a display device, a request includes a service provider, receiving, by a wireless card reader of the display device, a cryptogram generated by an applet of a contactless card, transmitting, by the application, the cryptogram to an authentication server associated with the contactless card, decrypting, by the authentication server, the cryptogram, generating, by the authentication server based on the decryption of the cryptogram, a virtual account number associated with the contactless card, transmitting, by the authentication server, the virtual account number to the service provider, creating, by the service provider, an account based at least in part on the virtual account number and the decryption of the cryptogram by the authentication server, receiving, by the application, an authentication token generated by the service provider for the account, accessing, by the application, the account created by the service provider based at least in part on the authentication token, and displaying, by the application, one or more attributes of the account generated by the service provider based on the authentication token. Other embodiments are described and claimed. BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS FIG. 1A illustrates an aspect of the subject matter in accordance with one embodiment. FIG. 1B illustrates an aspect of the subject matter in accordance with one embodiment. FIG. 1C illustrates an aspect of the subject matter in accordance with one embodiment. FIG. 1D illustrates an aspect of the subject matter in accordance with one embodiment. FIG. 1E illustrates an aspect of the subject matter in accordance with one embodiment. FIG. 2A illustrates an aspect of the subject matter in accordance with one embodiment. FIG. 2B illustrates an aspect of the subject matter in accordance with one embodiment. FIG. 2C illustrates an aspect of the subject matter in accordance with one embodiment. FIG. 3A illustrates an aspect of the subject matter in accordance with one embodiment. FIG. 3B illustrates an aspect of the subject matter in accordance with one embodiment. FIG. 4A illustrates an aspect of the subject matter in accordance with one embodiment. FIG. 4B illustrates an aspect of the subject matter in accordance with one embodiment. FIG. 5 illustrates a logic flow in accordance with one embodiment. FIG. 6 illustrates a logic flow in accordance with one embodiment. FIG. 7A illustrates a contactless card in accordance with one embodiment. FIG. 7B illustrates a contactless card in accordance with one embodiment. FIG. 8 illustrates a sequence flow in accordance with one embodiment. FIG. 9 illustrates a data structure in accordance with one embodiment. FIG. 10 illustrates a computer architecture in accordance with one embodiment. FIG. 11 illustrates a communications architecture in accordance with one embodiment. DETAILED DESCRIPTION Embodiments disclosed herein provide techniques to securely manage service provider accounts on a display device, such as a television, using a contactless card. Generally, the display device may have a wireless card reader, such as a near-field communications (NFC) reader, that allows the display device to wirelessly communicate with a contactless card. To create a new account for a first service provider (or extend an existing account), such as a video-on-demand (VOD) service provider, a user may tap their contactless card to the display device. In response, the display device may instruct an applet executing on the contactless card to generate a cryptogram. The wireless card reader of the display may read the cryptogram and transmit the cryptogram to an authentication server for processing. If the authentication server is able to decrypt the cryptogram, the authentication server may generate a virtual account number for the contactless card. In some embodiments, the virtual account number is restricted to use with the first service provider (e.g., the