Key pair infrastructure for secure messaging
First Claim
Patent Images
1. A verification server comprising:
- a processor; and
a memory coupled to the processor, the memory storing instructions, which when executed by the processor, cause the verification server to perform operations including;
receiving, over a first network, a request for a public key from an access device, wherein the access device sends the request in response to an interaction with a client device;
generating the public key, a private key that corresponds to the public key, and a key identifier associated with the private key, wherein the public key and the private key are limited-use keys;
transmitting the public key and the key identifier to the access device, wherein the access device transmits the public key and the key identifier to the client device;
receiving, from the client device over a second network, a message and the key identifier from the client device, wherein the message is encrypted using the public key;
retrieving the private key associated with the key identifier;
decrypting the message using the private key;
generating a signature of the public key using a shared secret, wherein the shared secret was previously shared between the verification server and the access device; and
transmitting the signature of the public key to the access device with the public key and the key identifier, wherein the access device validates the signature of the public key using the shared secret, and wherein the access device transmits the public key and the key identifier to the client device after validation.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention use a limited-use public/private key pair to encrypt and decrypt messages sent through an intermediary. The messages may contain sensitive information and may be transmitted between entities over one or more networks. In some embodiments, the entities and/or the networks may be untrusted. Nevertheless, the content of the messages may remain protected by virtue of the limited-use key pair infrastructure.
33 Citations
22 Claims
-
1. A verification server comprising:
-
a processor; and a memory coupled to the processor, the memory storing instructions, which when executed by the processor, cause the verification server to perform operations including; receiving, over a first network, a request for a public key from an access device, wherein the access device sends the request in response to an interaction with a client device; generating the public key, a private key that corresponds to the public key, and a key identifier associated with the private key, wherein the public key and the private key are limited-use keys; transmitting the public key and the key identifier to the access device, wherein the access device transmits the public key and the key identifier to the client device; receiving, from the client device over a second network, a message and the key identifier from the client device, wherein the message is encrypted using the public key; retrieving the private key associated with the key identifier; decrypting the message using the private key; generating a signature of the public key using a shared secret, wherein the shared secret was previously shared between the verification server and the access device; and transmitting the signature of the public key to the access device with the public key and the key identifier, wherein the access device validates the signature of the public key using the shared secret, and wherein the access device transmits the public key and the key identifier to the client device after validation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
receiving, by a verification server over a first network, a request for a public key from an access device, wherein the access device sends the request in response to an interaction with a client device; generating, by the verification server, the public key, a private key that corresponds to the public key, and a key identifier associated with the private key, wherein the public key and the private key are limited-use keys; transmitting the public key and the key identifier to the access device, wherein the access device transmits the public key and the key identifier to the client device; receiving, by the verification server from the client device over a second network, a message and the key identifier from the client device, wherein the message is encrypted using the public key; retrieving the private key associated with the key identifier; decrypting the message using the private key; generating a signature of the public key using a shared secret, wherein the shared secret was previously shared between the verification server and the access device; and transmitting the signature of the public key to the access device with the public key and the key identifier, wherein the access device validates the signature of the public key using the shared secret, and wherein the access device transmits the public key and the key identifier to the client device after validation. - View Dependent Claims (11, 12)
-
-
13. An access device comprising:
-
a processor; and a memory coupled to the processor, the memory storing instructions, which when executed by the processor, cause the access device to perform operations including; receiving a request to send a message from a client device; in response to the request, requesting a public key from a verification server, wherein the verification server generates the public key, a private key that corresponds to the public key, and a key identifier associated with the private key, and wherein the public key and the private key are limited-use keys; receiving the public key and the key identifier from the verification server; transmitting the public key and the key identifier to the client device, wherein the client device encrypts the message using the public key and transmits the message and the key identifier to the verification server, and wherein the verification server retrieves the private key using the key identifier and decrypts the message using the private key, wherein the verification server generates a signature of the public key using the public key and a shared secret that was previously shared between the verification server and the access device, wherein the signature of the public key is received by the access device with the key identifier; and validating the signature of the public key using the shared secret, wherein the public key and the key identifier are transmitted to the client device after validation. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A method comprising performing, by an access device:
-
receiving a request to send a message from a client device; in response to the request, requesting a public key from a verification server, wherein the verification server generates the public key, a private key that corresponds to the public key, and a key identifier associated with the private key, and wherein the public key and the private key are limited-use keys; receiving the public key and the key identifier from the verification server; transmitting the public key and the key identifier to the client device, wherein the client device encrypts the message using the public key and transmits the message and the key identifier to the verification server, and wherein the verification server retrieves the private key using the key identifier and decrypts the message using the private key, wherein the verification server generates a signature of the public key using the public key and a shared secret that was previously shared between the verification server and the access device, wherein the signature of the public key is received by the access device with the key identifier; and validating the signature of the public key using the shared secret, wherein the public key and the key identifier are transmitted to the client device after validation. - View Dependent Claims (19, 20, 21, 22)
-
Specification