Search

US-20260128903-A1 - SYSTEMS AND DEVICES CONFIGURED TO GENERATE AND UTILIZE SHORT-RANGE COMMUNICATION-BASED AUTHENTICATION TOKENS, AND METHODS OF USE THEREOF

US20260128903A1US 20260128903 A1US20260128903 A1US 20260128903A1US-20260128903-A1

Abstract

Systems and methods of the present disclosure enable improved cryptographic security using an integrated circuit of a short range wireless card. The integrated circuit receives, via a short range wireless signal, from a user device, a bearer token request including an identifier that identifies a user, the user device or both. The integrated circuit determines a cryptographic key and uses a time keeping circuit to generate a time value indicative of a window of time for which a bearer token is to be valid. The integrated circuit uses a cryptographic hash to produce the bearer token based on: the identifier, the time value and the cryptographic key. The integrated circuit transmits, via a return short range wireless signal to the user device, the bearer token to enable authentication of the user upon the bearer token being equivalent to a comparison token within the time window.

Inventors

  • Kelly Jo BROWN
  • Emily Wallar
  • Kevin Osborn

Assignees

  • CAPITAL ONE SERVICES, LLC

Dates

Publication Date
20260507
Application Date
20260105

Claims (20)

  1. 1 . A method comprising: receiving, by an integrated circuit of a short-range wireless card, via a short-range wireless signal, from a user device, a bearer token request comprising a device identifier that identifies the user device associated with a particular user; wherein the short-range wireless card is associated with the particular user; utilizing, by the integrated circuit of the short-range wireless card, at least one first cryptographic hash to produce a bearer token comprising at least one first hashed value based at least in part on: the device identifier , and the first cryptographic key; transmitting, by the integrated circuit of the short-range wireless card, to the user device, the bearer token; wherein the user device is configured to transmit the bearer token to at least one access control device upon being in communication with the at least one access control device; wherein the bearer token is configured to authenticate the user of the user device with the at least one access control device upon the bearer token being equivalent to a comparison token; wherein the comparison token comprises at least one second hashed value produced by at least one second cryptographic hash based at least in part on: the device identifier, and a second cryptographic key.
  2. 2 . The method of claim 1 , wherein the short-range wireless card comprises a smart card associated with an electronic account of the user.
  3. 3 . The method of claim 1 , wherein the short-range wireless signal is transmitted in accordance with a Bluetooth Low Energy protocol.
  4. 4 . The method of claim 1 , wherein the first cryptographic hash comprises a keyed-hash message authentication code (HMAC) algorithm.
  5. 5 . The method of claim 1 , further comprising: generating, by the integrated circuit of the short-range wireless card, a monotonic counter; and wherein the at least one first hashed value is additionally based on the monotonic counter.
  6. 6 . The method of claim 1 , wherein the bearer token further comprises an expiration timestamp that indicates a validity period of the bearer token.
  7. 7 . A method comprising: receiving, by an integrated circuit of a short-range wireless card, via a short-range wireless signal, from a user device, a bearer token request comprising a device ID that identifies the user device associated with a particular user; wherein the short-range wireless card is associated with the particular user; utilizing, by the integrated circuit of the short-range wireless card, at least one first cryptographic hash to produce a bearer token comprising at least one first hashed value based at least in part on: the device ID, and the first cryptographic key; transmitting, by the integrated circuit of the short-range wireless card, the bearer token to at least one access control device in response to a short-range communication authentication request associated with at least one access control device and via a return short range wireless signal; wherein the bearer token is configured to authenticate the user of the short-range wireless card with the at least one access control device upon the bearer token being equivalent to a comparison token; wherein the comparison token comprises at least one second hashed value produced by at least one second cryptographic hash based at least in part on: the device ID, and a second cryptographic key.
  8. 8 . The method of claim 7 , wherein the short-range wireless card comprises a smart card associated with an electronic account of the user.
  9. 9 . The method of claim 7 , wherein the short-range wireless signal is transmitted in accordance with a Bluetooth Low Energy protocol.
  10. 10 . The method of claim 7 , wherein the first cryptographic hash comprises a keyed-hash message authentication code (HMAC) algorithm.
  11. 11 . The method of claim 7 , further comprising: generating, by the integrated circuit of the short-range wireless card, a monotonic counter; and wherein the at least one first hashed value is additionally based on the monotonic counter.
  12. 12 . The method of claim 7 , wherein the bearer token further comprises an expiration timestamp that indicates a validity period of the bearer token.
  13. 13 . A method comprising: transmitting, by a user device associated with a user, a bearer token request to an integrated circuit of a short-range wireless card, via a short-range wireless signal, the bearer token request comprising a device ID that identifies the user device associated with a particular user; wherein the short-range wireless card is associated with the user; wherein the integrated circuit of the short-range wireless card is configured to use at least one first cryptographic hash to produce a bearer token comprising at least one first hashed value based at least in part on: the device ID, and the first cryptographic key; receiving, by the user device from the integrated circuit of the short-range wireless card, via a return short range wireless signal, the bearer token; transmitting, by the user device, via a subsequent short-range communication, the bearer token to at least one access control device; wherein the bearer token is configured to authenticate the user of the user device with the at least one access control device upon the bearer token being equivalent to a comparison token; wherein the comparison token comprises at least one second hashed value produced by at least one second cryptographic hash based at least in part on: the device ID, and a second cryptographic key.
  14. 14 . The method of claim 13 , wherein the short-range wireless card comprises a smart card associated with an electronic account of the user.
  15. 15 . The method of claim 13 , wherein the short-range wireless signal is transmitted in accordance with a Bluetooth Low Energy protocol.
  16. 16 . The method of claim 13 , wherein the first cryptographic hash comprises a keyed-hash message authentication code (HMAC) algorithm.
  17. 17 . The method of claim 13 , further comprising: generating, by the integrated circuit of the short-range wireless card, a monotonic counter; and wherein the at least one first hashed value is additionally based on the monotonic counter.
  18. 18 . The method of claim 13 , wherein the bearer token further comprises an expiration timestamp that indicates a validity period of the bearer token.
  19. 19 . The method of claim 13 , wherein the bearer token request further comprises authentication data associated with the user device.
  20. 20 . The method of claim 13 , wherein the user device is a mobile phone.

Description

FIELD OF TECHNOLOGY The present disclosure generally relates to computer-based systems and methods configured for short-range communication-based authentication token, including authentication of user permissions and/or user identity based on a cryptographic token carried by a device, such as, without limitation, a card having a radio-frequency enabled chip. BACKGROUND OF TECHNOLOGY A security token facilitates access to services, for example in the so-called “cloud”, and which improves the security of authentication. Security tokens are typically used in connection with a desktop PC or a laptop to access corporate computing services or networks or on-line bank accounts. This type of authentication is called two-factor authentication, since the user needs, besides the normal user account details, also the security token to be able to get access. SUMMARY OF DESCRIBED SUBJECT MATTER In some aspects, the techniques described herein relate to a method including: receiving, by an integrated circuit of a short range wireless card, via a short range wireless signal, from a user device, a bearer token request including an identifier that identifies: a user associated with the user device and a device ID that identifies the user device; determining, by the integrated circuit of the short range wireless card, a first cryptographic key associated with the identifier of the bearer token request; utilizing, by the integrated circuit of the short range wireless card, a time keeping circuit to generate a first time value associated with a current time; wherein the first time value is representative of a window of time starting at the current time so as to be valid throughout the window of time and to become expired upon an end of the window of time from the current time; utilizing, by the integrated circuit of the short range wireless card, at least one first cryptographic hash to produce a bearer token including at least one first hashed value based at least in part on: the identifier, the device ID, the first time value and the first cryptographic key; transmitting, by the integrated circuit of the short range wireless card and via a return short range wireless signal, to the user device, the bearer token; wherein the bearer token is configured to authenticate the user of the user device upon the bearer token being equivalent to a comparison token; wherein the comparison token includes at least one second hashed value produced by at least one second cryptographic hash based at least in part on: the identifier, the device ID, a second time value and a second cryptographic key; wherein the second cryptographic key is associated with the first cryptographic key; and wherein the comparison token is equivalent to the bearer token when the second time value is representative of the time window. In some aspects, the techniques described herein relate to a method, wherein the short range wireless signal includes a Near-Field Communication (NFC) signal. In some aspects, the techniques described herein relate to a method, wherein the authentication of the bearer token causes an access control device to actuate a locking mechanism to unlock a door so as to allow access by the user. In some aspects, the techniques described herein relate to a method, further including: storing, by the integrated circuit of the short range wireless card, the bearer token in a cache; receiving, by the integrated circuit of the short range wireless card, a second bearer token request within the window of time; and transmitting, by the integrated circuit of the short range wireless card and via a second return short range wireless signal, the bearer token to the user device. In some aspects, the techniques described herein relate to a method, wherein the first key includes a private key associated with the integrated circuit of the short range wireless card, and the second cryptographic key includes a public key associated with the integrated circuit of the short range wireless card. In some aspects, the techniques described herein relate to a method, wherein the first cryptographic key includes a public key associated with an access control device; wherein the access control device is configured to restrict access until authentication of the bearer token; and wherein the second cryptographic key includes a private key associated with the access control device and held by the access control device. In some aspects, the techniques described herein relate to a method, wherein the second cryptographic key is published to a network of access control devices as a public key; and wherein each access control device is configured to restrict access until authentication of the bearer token based on the public key. In some aspects, the techniques described herein relate to a method, wherein the bearer token request further includes at least one restriction associated with authentication of the bearer token; wherein the at least one restriction includes at least