Efficient methods for protecting identity in authenticated transmissions

US 10,129,020 B2
Filed: 03/13/2018
Issued: 11/13/2018
Est. Priority Date: 01/13/2014
Status: Active Grant

First Claim

Patent Images

1. An access device, comprising:

a processor; and

a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising;

receiving, from a user device, a message including a blinded user device identifier and encrypted user device data;

using the blinded user device identifier to identify a shared secret stored in association with the blinded user device identifier, the storing of the stored shared secret occurring before the receiving of the message;

decrypting the encrypted user device data using the stored shared secret to obtain user device data;

determining a user device public key from a user device certificate, the user device data including the user device certificate and a first cryptographic nonce;

generating the blinded user device identifier based on the user device public key and the first cryptographic nonce;

verifying that the blinded user device identifier generated based on the user device public key and the first cryptographic nonce is the same as the blinded user device identifier included in the message from the user device; and

authenticating the user device based on the verifying of the blinded user device identifier.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device'"'"'s public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.

39 Citations

View as Search Results

29 Claims

1. An access device, comprising:
- a processor; and
  
  a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising;
  
  receiving, from a user device, a message including a blinded user device identifier and encrypted user device data;
  
  using the blinded user device identifier to identify a shared secret stored in association with the blinded user device identifier, the storing of the stored shared secret occurring before the receiving of the message;
  
  decrypting the encrypted user device data using the stored shared secret to obtain user device data;
  
  determining a user device public key from a user device certificate, the user device data including the user device certificate and a first cryptographic nonce;
  
  generating the blinded user device identifier based on the user device public key and the first cryptographic nonce;
  
  verifying that the blinded user device identifier generated based on the user device public key and the first cryptographic nonce is the same as the blinded user device identifier included in the message from the user device; and
  
  authenticating the user device based on the verifying of the blinded user device identifier.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The access device of claim 1, wherein the method further comprises:
    - generating a session key based on a key derivation function, the stored shared secret, and the blinded user device identifier, wherein the decrypting of the encrypted user device data using the stored shared secret is accomplished by using the session key generated based on the stored shared secret.
  - 3. The access device of claim 1, wherein the method further comprises:
    - generating a second shared secret and a second cryptographic nonce, the generating of the second shared secret and the second cryptograph nonce based on a key derivation function and the stored shared secret;
      
      generating a second blinded user device identifier based on the second cryptographic nonce and a user device public key or the blinded user device identifier, wherein the user device data optionally includes the user device public key when the user device public key is used; and
      
      storing the second shared secret in association with the second blinded user device identifier for use in decrypting a next message from the user device.
  - 4. The access device of claim 3, wherein the method further comprises:
    - generating an access device public key, wherein the generating of the second shared secret and the second cryptographic nonce is further based on the access device public key.
  - 5. The access device of claim 3, wherein the user device data includes protocol control information, wherein the method further comprises:
    - determining that the protocol control information indicates to store the second shared secret, wherein the generating of the second blinded user device identifier and the storing of the second shared secret occur in response to the determining that the protocol control information indicates to store the second shared secret.
  - 6. The access device of claim 1, wherein the user device data includes a user device certificate, wherein the method further comprises:
    - verifying the user device certificate using a signature of the user device certificate; and
      
      authenticating the user device based on the verifying of the user device certificate.

7. A method for communicating, comprising:
- receiving, from a user device, a message including a blinded user device identifier and encrypted user device data;
  
  using the blinded user device identifier to identify a shared secret stored in association with the blinded user device identifier, the storing of the stored shared secret occurring before the receiving of the message;
  
  decrypting the encrypted user device data using the stored shared secret to obtain user device data;
  
  determining a user device public key from a user device certificate, the user device data including the user device certificate and a first cryptographic nonce;
  
  generating the blinded user device identifier based on the user device public key and the first cryptographic nonceverifying that the blinded user device identifier generated based on the user device public key and the first cryptographic nonce is the same as the blinded user device identifier included in the message from the user device; and
  
  authenticating the user device based on the verifying of the blinded user device identifier.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising:
    - generating a session key based on a key derivation function, the stored shared secret, and the blinded user device identifier, wherein the decrypting of the encrypted user device data using the stored shared secret is accomplished by using the session key generated based on the stored shared secret.
  - 9. The method of claim 7, further comprising:
    - generating a second shared secret and a second cryptographic nonce, the generating of the second shared secret and the second cryptograph nonce based on a key derivation function and the stored shared secret;
      
      generating a second blinded user device identifier based on the second cryptographic nonce and a user device public key or the blinded user device identifier, wherein the user device data optionally includes the user device public key when the user device public key is used; and
      
      storing the second shared secret in association with the second blinded user device identifier for use in decrypting a next message from the user device.
  - 10. The method of claim 9, wherein the user device data includes protocol control information, wherein the method further comprises:
    - determining that the protocol control information indicates to store the second shared secret, wherein the generating of the second blinded user device identifier and the storing of the second shared secret occur in response to the determining that the protocol control information indicates to store the second shared secret.
  - 11. The method of claim 9, further comprising:
    - generating an access device public key, wherein the generating of the second shared secret and the second cryptographic nonce is further based on the access device public key.
  - 12. The method of claim 7, wherein the method further comprises:
    - verifying the user device certificate using a signature of the user device certificate, wherein the authenticating of the user device is further based on the verifying of the user device certificate.

13. A user device, comprising:
- a processor; and
  
  a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising;
  
  receiving, from an access device, a request message including an access device identifier;
  
  identifying a stored shared secret associated with the access device identifier, the stored shared secret generated based on an access device public key, a user device private key, and a first cryptographic nonce;
  
  encrypting user device data using the stored shared secret to obtain encrypted user device data;
  
  sending, to the access device, a response message including a blinded user device identifier and the encrypted user device data, wherein the blinded user device identifier is generated from a user device public key associated with the user device private key and the first cryptographic nonce;
  
  generating a second shared secret and a second cryptographic nonce, wherein generating the second shared secret is based on a key derivation function, the stored shared secret, the access device identifier, and the blinded user device identifier;
  
  generating a second blinded user device identifier based on the second cryptographic nonce and the user device public key; and
  
  storing the second shared secret in association with and the second blinded user device identifier for use in decrypting a next message from the user device.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The user device of claim 13, wherein the method further comprises:
    - identifying the blinded user device public key stored in association with the access device identifier; and
      
      determining the blinded user device identifier using the stored blinded user device public key.
  - 15. The user device of claim 13, wherein the method further comprises:
    - generating a session key based on a key derivation function, the stored shared secret, the access device identifier, and the blinded user device identifier, wherein the encrypting of the user device data further uses the session key.
  - 16. The user device of claim 13, wherein the user device data includes a user device certificate, thereby allowing the access device to authenticate the user device based on a signature of the user device certificate.
  - 17. The user device of claim 13, wherein the user device data includes a user device public key and a first cryptographic nonce, thereby allowing the access device to verify the blinded user device identifier by generating the blinded user device identifier based on the user device public key and the first cryptographic nonce.

18. An access device, comprising:
- a processor; and
  
  a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising;
  
  sending, to a user device, a request message including an access device identifier;
  
  receiving, from the user device, a response message including a blinded user device identifier and encrypted user device data;
  
  using the blinded user device identifier to identify a shared secret stored in association with the blinded user device identifier, the storing of the stored shared secret occurring before the receiving of the message;
  
  decrypting the encrypted user device data using the stored shared secret to obtain user device data;
  
  generating a second shared secret and a second cryptographic nonce, the generating of the second shared secret and the second cryptograph nonce based on a key derivation function and the stored shared secret;
  
  generating a second blinded user device identifier based on the second cryptographic nonce and a user device public key or the blinded user device identifier, wherein the user device data optionally includes the user device public key when the user device public key is used; and
  
  storing the second shared secret in association with the second blinded user device identifier for use in decrypting a next message from the user device.
- View Dependent Claims (19, 20, 21)
- - 19. The access device of claim 18, wherein the method further comprises:
    - generating a session key based on a key derivation function, the stored shared secret, and the blinded user device identifier, wherein the decrypting of the encrypted user device data using the stored shared secret is accomplished by using the session key generated based on the stored shared secret.
  - 20. The access device of claim 18, wherein the method further comprises:
    - generating an access device public key, wherein the generating of the second shared secret and the second cryptographic nonce is further based on the access device public key.
  - 21. The access device of claim 18, wherein the user device data includes protocol control information, wherein the method further comprises:
    - determining that the protocol control information indicates to store the second shared secret, wherein the generating of the second blinded user device identifier and the storing of the second shared secret occur in response to the determining that the protocol control information indicates to store the second shared secret.

22. A method for communicating, comprising:
- sending, to a user device, a request message including an access device identifierreceiving, from the user device, a response message including a blinded user device identifier and encrypted user device data;
  
  using the blinded user device identifier to identify a shared secret stored in association with the blinded user device identifier, the storing of the stored shared secret occurring before the receiving of the message;
  
  decrypting the encrypted user device data using the stored shared secret to obtain user device data;
  
  generating a second shared secret and a second cryptographic nonce, the generating of the second shared secret and the second cryptograph nonce based on a key derivation function and the stored shared secret;
  
  generating a second blinded user device identifier based on the second cryptographic nonce and a user device public key or the blinded user device identifier, wherein the user device data optionally includes the user device public key when the user device public key is used; and
  
  storing the second shared secret in association with the second blinded user device identifier for use in decrypting a next message from the user device.
- View Dependent Claims (23, 24, 25)
- - 23. The method of claim 22, further comprising:
    - generating a session key based on a key derivation function, the stored shared secret, and the blinded user device identifier, wherein the decrypting of the encrypted user device data using the stored shared secret is accomplished by using the session key generated based on the stored shared secret.
  - 24. The method of claim 22, further comprising:
    - generating an access device public key, wherein the generating of the second shared secret and the second cryptographic nonce is further based on the access device public key.
  - 25. The method of claim 24, wherein the user device data includes protocol control information, wherein the method further comprises:
    - determining that the protocol control information indicates to store the second shared secret, wherein the generating of the second blinded user device identifier and the storing of the second shared secret occur in response to the determining that the protocol control information indicates to store the second shared secret.

26. A user device, comprising:
- a processor; and
  
  a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising;
  
  receiving, from an access device, a request message including an access device identifier;
  
  identifying a stored shared secret associated with the access device identifier, the stored shared secret generated based on an access device public key, a user device private key, and a first cryptographic nonce;
  
  encrypting user device data using the stored shared secret to obtain encrypted user device data, the user device data including a user device certificate and a first cryptographic nonce, the user device certificate including a user device public key; and
  
  sending, to the access device, a response message including a blinded user device identifier and the encrypted user device data, wherein the blinded user device identifier is generated from a user device public key associated with the user device private key and the first cryptographic nonce, the user device data allowing the access device to generate the blinded user device identifier based on the user device public key and the first cryptographic nonce, verify that the blinded user device identifier generated based on the user device public key and the first cryptographic nonce matches the blinded user device identifier included in the response message, and authenticate the user device based on the verifying of the blinded user device identifier.
- View Dependent Claims (27, 28, 29)
- - 27. The user device of claim 26, wherein the method further comprises:
    - identifying the blinded user device public key stored in association with the access device identifier; and
      
      determining the blinded user device identifier using the stored blinded user device public key.
  - 28. The user device of claim 26, wherein the method further comprises:
    - generating a session key based on a key derivation function, the stored shared secret, the access device identifier, and the blinded user device identifier, wherein the encrypting of the user device data further uses the session key.
  - 29. The user device of claim 26, wherein the user device data includes a user device public key and a first cryptographic nonce, thereby allowing the access device to verify the blinded user device identifier by generating the blinded user device identifier based on the user device public key and the first cryptographic nonce.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Le Saint, Eric
Primary Examiner(s)
Hailu, Teshome

Application Number

US15/920,271
Publication Number

US 20180205539A1
Time in Patent Office

245 Days
Field of Search

713171
US Class Current
CPC Class Codes

H04L 2209/04   Masking or blinding

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0819   Key transport or distributi...

H04L 9/0844   with user authentication or...

H04L 9/14   using a plurality of keys o...

H04W 12/041   Key generation or derivation

Efficient methods for protecting identity in authenticated transmissions

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Efficient methods for protecting identity in authenticated transmissions

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links