Secure communications using loop-based authentication flow
First Claim
1. A method implemented by a first party, comprising:
- electronically receiving a first digital message from a second party, wherein the first digital message has been encrypted using a first secret key associated with the second party;
further encrypting the first digital message using a computing device of the first party and using a second secret key associated with the first party;
transmitting the further encrypted first digital message as a second digital message to a third party, the third party to decrypt the second digital message using the second secret key, to thereby recover the first digital message therefrom;
transmitting to the third party identification information for the second party, wherein the third party is to use the identification information to obtain decryption of the first digital message according to the first secret key, to obtain from the first digital message payload information provided by the second party which was encrypted using the first secret key, wherein the payload information comprises at least one of a federated credential, a token and a secret key;
electronically receiving from the third party a third digital message comprising the payload information provided by the second party, encrypted using the second secret key; and
decrypting the third digital message using the second secret key;
wherein the method further comprisesreceiving a header with the third digital message which identifies the second party,determining based on the header that the third digital message corresponds to the first digital message, andstoring the payload information provided by the second party in digital storage.
1 Assignment
0 Petitions
Accused Products
Abstract
A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party'"'"'s connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.
-
Citations
25 Claims
-
1. A method implemented by a first party, comprising:
-
electronically receiving a first digital message from a second party, wherein the first digital message has been encrypted using a first secret key associated with the second party; further encrypting the first digital message using a computing device of the first party and using a second secret key associated with the first party; transmitting the further encrypted first digital message as a second digital message to a third party, the third party to decrypt the second digital message using the second secret key, to thereby recover the first digital message therefrom; transmitting to the third party identification information for the second party, wherein the third party is to use the identification information to obtain decryption of the first digital message according to the first secret key, to obtain from the first digital message payload information provided by the second party which was encrypted using the first secret key, wherein the payload information comprises at least one of a federated credential, a token and a secret key; electronically receiving from the third party a third digital message comprising the payload information provided by the second party, encrypted using the second secret key; and decrypting the third digital message using the second secret key; wherein the method further comprises receiving a header with the third digital message which identifies the second party, determining based on the header that the third digital message corresponds to the first digital message, and storing the payload information provided by the second party in digital storage. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising instructions stored on non-transitory, machine-readable media, the instructions when executed to cause at least one processor to:
-
electronically receive a first digital message from a second party, wherein the first digital message has been encrypted using a first secret key associated with the second party; further encrypt the first digital message using a second secret key associated with the first part; transmit the further encrypted first digital message as a second digital message to a third party, the third party to decrypt the second digital message using the second secret key, to thereby recover the first digital message therefrom; transmit to the third party identification information for the second party, wherein the third party is to use the identification information to obtain decryption of the first digital message according to the first secret key, to obtain from the first digital message payload information provided by the second party which was encrypted using the first secret key, wherein the payload information comprises at least one of a federated credential, a token and a secret key; electronically receive from the third party a third digital message comprising the payload information provided by the second party, encrypted using the second secret key; and decrypt the payload information provided by the third party using the second secret key; wherein the instructions when executed are to further cause the at least one processor to receive a header with the third digital message which identifies the second party, determine based on the header that the third digital message corresponds to the first digital message, and store the payload information provided by the second party in digital storage. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A method implemented by a computing device of a first party, comprising:
-
engaging in a session-based exchange with a digital device of the second party and, as part of said session-based exchange, determining that transaction data is to be securely conveyed from the second party to the first party as a subset of the session-based exchange; and establishing a private session key between the first party and the second party for the secure exchange of the transaction data, by electronically receiving a first digital message from a second party, wherein the first digital message comprises information representing the private session key, provided by the second party, and encrypted using a first secret key associated with the second party, further encrypting the first digital message using the computing device of the first party and using a second secret key associated with the first party, transmitting the further encrypted first digital message as a second digital message to a third party, the third party to decrypt the second digital message using the second secret key, to thereby recover the first digital message therefrom, transmitting to the third party identification information for the second party, wherein the third party is to use the identification information to obtain decryption of the first digital message according to the first secret key to recover therefrom the information representing the private session key, electronically receiving from the third party a third digital message comprising the information representing the private session key, said information representing the private session key encrypted using the second secret key, and decrypting the third digital message using the second secret key; wherein the method further comprises receiving a header with the third digital message which identifies the second party, determining based on the header that the third digital message corresponds to the first digital message, and storing the information representing the private session key in digital storage.
-
Specification