| CPC G06Q 20/3829 (2013.01) [G06Q 20/4014 (2013.01)] | 20 Claims |
|
1. A method, comprising:
receiving, by an application executing on a processor of a device, a request to perform an operation associated with an account using a first function of a plurality of functions of the application;
receiving, by the application, encrypted data from a contactless card associated with the account;
receiving, by the application from an authentication server, a first permissions level for the account and an indication specifying that the authentication server verified the encrypted data;
determining, by the application, that the first permissions level for the account does not meet a required permissions level to perform the operation using the first function of the application;
determining, by the application based on the first permissions level not meeting the required permissions level and a first rule of a plurality of rules, that authentication using encrypted passport data is required to initiate performance of the operation using the first function of the application;
receiving, by the application, encrypted passport data and a digital signature for the encrypted passport data from the contactless card, the encrypted passport data for a passport associated with the account;
decrypting, by the application, the encrypted passport data;
validating, by the application, the digital signature of the encrypted passport data based on a public key;
transmitting, by the application to the authentication server based on the decryption of the encrypted passport data and the validation of the digital signature, an indication of the first permissions level for the account, an indication reflecting the validation of the digital signature, and an indication specifying that the encrypted passport data was decrypted;
receiving, by the application from the authentication server, a second permissions level assigned to the account based on the decryption of the encrypted passport data, the second permissions level having greater permissions than the first permissions level; and
initiating, by the first function of the application, performance of the operation based on the received indication specifying that the authentication server verified the encrypted data, the decryption of the encrypted passport data, the second permissions level of the account, and the determination that the digital signature is valid.
|