| CPC G07C 9/00896 (2013.01) [H04B 5/0056 (2013.01); H04L 9/3073 (2013.01); H04L 9/3247 (2013.01); H04W 4/33 (2018.02); H04W 12/041 (2021.01); H04W 12/068 (2021.01); H04L 2209/80 (2013.01)] | 20 Claims |
|
1. A method for performing an authentication between a mobile device and a reader device, the method comprising performing, by the mobile device:
receiving, from a provisioning device, a static reader public key of the reader device and one or more access credentials to access one or more parts of a building;
detecting, from the reader device, a beacon signal indicating a wireless protocol used to initiate an authentication procedure;
receiving a message over the wireless protocol, the message including an ephemeral reader public key, a reader identifier, and a transaction identifier;
generating an ephemeral key pair that includes an ephemeral mobile private key and an ephemeral mobile public key;
generating a session key using the ephemeral mobile private key and the ephemeral reader public key; sending the ephemeral mobile public key to the reader device;
receiving a reader signature that is generated by signing, using a static reader private key, a signature message, including the ephemeral mobile public key, the reader identifier, and the transaction identifier;
verifying the reader signature using the static reader public key, and values for the ephemeral reader public key, the reader identifier, and the transaction identifier; and
sending an encrypted credential to the reader device, the encrypted credential generated by encrypting a first access credential of the one or more access credentials using the session key.
|