Secure verification system

US 10,361,852 B2
Filed: 03/08/2017
Issued: 07/23/2019
Est. Priority Date: 03/08/2017
Status: Active Grant

First Claim

Patent Images

1. A system for providing secure applications of an organization, the system comprising:

one or more memory devices having computer readable code stored thereon; and

one or more processing devices operatively coupled to the one or more memory devices, wherein the one or more processing devices are configured to execute the computer readable code to;

request a first certificate from a first certification authority, wherein the first certificate includes a first digital signature indicating validation of the organization providing an organization application;

request at least a second certificate from a second certification authority, wherein the second certificate includes a second digital signature indicating validation of the organization providing the organization application, and wherein the second certification authority provides certificates separately from the first certification authority;

receive a request from a user application to access the organization application, wherein the user application is located on a user computer system;

provide two or more digital signatures to the user application on the user computer system, wherein the two or more digital signatures are used by the user application in order to verify the organization as owner of the organization application; and

receive and send information from and to the user application after the user application verifies the organization application using one or more of the two or more digital signatures;

wherein the two or more digital signatures are provided on one or more digital certificates;

wherein the first digital signature indicating validation of the organization providing the organization application is provided by the first certification authority;

wherein the second digital signature indicating validation of the organization providing the organization application is provided by the second certification authority;

wherein when the user application is unable to verify the first digital signature of the two or more digital signatures, the user application is able to verify the second digital signature of the two or more digital signatures to allow for receiving and sending of the information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, computer products, and methods are described herein for an improved secure certificate system that utilizes multiple digital signatures, and in some cases multiple public keys within one or more certificates. The improved secure certificate systems allows for additional security by having multiple certification authorities validate the organization as the owner of the organization application (e.g., website, dedicated application, or the like), as well as allowing for the use of the multiple digital signatures and/or certificates to provide seamless verification of the organization application should one or more of the digital signatures and/or certificates become compromised. Moreover, security may be improved by utilizing multiple public keys to encrypt a session key for use in sending and receiving data.

Citations

19 Claims

1. A system for providing secure applications of an organization, the system comprising:
- one or more memory devices having computer readable code stored thereon; and
  
  one or more processing devices operatively coupled to the one or more memory devices, wherein the one or more processing devices are configured to execute the computer readable code to;
  
  request a first certificate from a first certification authority, wherein the first certificate includes a first digital signature indicating validation of the organization providing an organization application;
  
  request at least a second certificate from a second certification authority, wherein the second certificate includes a second digital signature indicating validation of the organization providing the organization application, and wherein the second certification authority provides certificates separately from the first certification authority;
  
  receive a request from a user application to access the organization application, wherein the user application is located on a user computer system;
  
  provide two or more digital signatures to the user application on the user computer system, wherein the two or more digital signatures are used by the user application in order to verify the organization as owner of the organization application; and
  
  receive and send information from and to the user application after the user application verifies the organization application using one or more of the two or more digital signatures;
  
  wherein the two or more digital signatures are provided on one or more digital certificates;
  
  wherein the first digital signature indicating validation of the organization providing the organization application is provided by the first certification authority;
  
  wherein the second digital signature indicating validation of the organization providing the organization application is provided by the second certification authority;
  
  wherein when the user application is unable to verify the first digital signature of the two or more digital signatures, the user application is able to verify the second digital signature of the two or more digital signatures to allow for receiving and sending of the information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein providing the two or more digital signatures to the user application on the user computer system occurs at a same time or at different times.
  - 3. The system of claim 1, wherein the one or more processing devices are configured to execute the computer readable code to:
    - receive the first certificate from the first certification authority with the first digital signature;
      
      receive the second certificate from the second certification authority with the second digital signature; and
      
      associate the first certificate and the second certificate with the organization application to allow for the verification of the organization application using at least the first certificate or the second certificate.
  - 4. The system of claim 1, wherein the user application verifies at least one of the two or more digital signatures in two or more certificates.
  - 5. The system of claim 1, wherein receiving and sending the information comprises receiving and sending the information over a secure session, and wherein the one or more processing devices are configured to execute the computer readable code to create the secure session by:
    - providing one or more public keys associated with the two or more digital signatures to the user application on the user computer system, wherein the user application creates a symmetric session key and encrypts the symmetric session key to create an encrypted symmetric session key using a public key from the one or more public keys;
      
      receiving the encrypted symmetric session key from the user application;
      
      decrypting the encrypted symmetric session key using a private key to identify the symmetric session key;
      
      utilizing the symmetric session key to create the secure session; and
      
      wherein the one or more public keys is a single public key associated with the two or more digital signatures, or wherein the one or more public keys are two or more public keys, each of the two or more public keys are associated with a digital signature from the two or more digital signatures.
  - 6. The system of claim 5, wherein the one or more public keys provided are two or more public keys, and wherein encrypting the symmetric session key to create the encrypted symmetric session key comprises encrypting the symmetric session key using the two or more public keys in a string configuration, in an embedding configuration, or in a function configuration;
    - andwherein decrypting the encrypted symmetric session key comprises utilizing two or more private keys associated with the two or more public keys.
  - 7. The system of claim 1, wherein the two or more digital signatures are verified and an order in which the two or more digital signatures were verified by the user application is utilized to create a secure session between the user application and the organization application.

8. A computer implemented method for providing secure applications of an organization, the method comprising:
- requesting, by one or more processors, a first certificate from a first certification authority, wherein the first certificate includes a first digital signature indicating validation of the organization providing an organization application;
  
  requesting, by the one or more processors, at least a second certificate from a second certification authority, wherein the second certificate includes a second digital signature indicating validation of the organization providing the organization application, and wherein the second certification authority provides certificates separately from the first certification authority;
  
  receiving, by the one or more processors, a request from a user application to access the organization application, wherein the user application is located on a user computer system;
  
  providing, by the one or more processors, two or more digital signatures to the user application on the user computer system, wherein the two or more digital signatures are used by the user application in order to verify the organization as owner of the organization application; and
  
  receiving and sending, by the one or more processors, information from and to the user application after the user application verifies the organization application using one or more of the two or more digital signatures;
  
  wherein the two or more digital signatures are provided on one or more digital certificates;
  
  wherein the first digital signature indicating validation of the organization providing the organization application is provided by the first certification authority;
  
  wherein the second digital signature indicating validation of the organization providing the organization application is provided by the second certification authority;
  
  wherein when the user application is unable to verify the first digital signature of the two or more digital signatures, the user application is able to verify the second digital signature of the two or more digital signatures to allow for receiving and sending of the information.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein providing the two or more digital signatures to the user application on the user computer system occurs at a same time or at different times.
  - 10. The method of claim 8, further comprising:
    - receiving, by the one or more processors, the first certificate from the first certification authority with the first digital signature;
      
      receiving, by the one or more processors, the second certificate from the second certification authority with the second digital signature; and
      
      associating, by the one or more processors, the first certificate and the second certificate with the organization application to allow for the verification of the organization application using at least the first certificate or the second certificate.
  - 11. The method of claim 8, wherein the user application verifies at least one of the two or more digital signatures in two or more certificates.
  - 12. The method of claim 8, wherein receiving and sending the information comprising receiving and sending the information over a secure session, and wherein the secure session is created by:
    - providing, by the one or more processors, one or more public keys associated with the two or more digital signatures to the user application on the user computer system, wherein the user application creates a symmetric session key and encrypts the symmetric session key to create an encrypted symmetric session key using a public key from the one or more public keys;
      
      receiving, by the one or more processors, the encrypted symmetric session key from the user application;
      
      decrypting, by the one or more processors, the encrypted symmetric session key using a private key to identify the symmetric session key;
      
      utilizing, by the one or more processors, the symmetric session key to create the secure session; and
      
      wherein the one or more public keys is a single public key associated with the two or more digital signatures, or wherein the one or more public keys are two or more public keys, each of the two or more public keys are associated with a digital signature from the two or more digital signatures.
  - 13. The method of claim 12, wherein the one or more public keys provided are two or more public keys, and wherein encrypting the symmetric session key to create the encrypted symmetric session key comprises encrypting the symmetric session key using the two or more public keys in a string configuration, in an embedding configuration, or in a function configuration;
    - andwherein decrypting the encrypted symmetric session key comprises utilizing two or more private keys associated with the two or more public keys.

14. A computer program product for providing secure applications of an organization, the computer program product comprising at least one non-transitory computer-readable medium having computer-readable program code portions embodied therein, the computer-readable program code portions comprising:
- an executable portion configured to request a first certificate from a first certification authority, wherein the first certificate includes a first digital signature indicating validation of the organization providing an organization application;
  
  an executable portion configured to request at least a second certificate from a second certification authority, wherein the second certificate includes a second digital signature indicating validation of the organization providing the organization application, and wherein the second certification authority provides certificates separately from the first certification authority;
  
  an executable portion configured to receive a request from a user to access the organization application, wherein the request is received from a user application on a user computer system;
  
  an executable portion configured to provide two or more digital signatures to the user application on the user computer system, wherein the two or more digital signatures are used by the user application in order to verify the organization as owner of the organization application; and
  
  an executable portion configured to receive and send information from and to the user application after the user application verifies the organization application using one or more of the two or more digital signatures;
  
  wherein the two or more digital signatures are provided on one or more digital certificates;
  
  wherein the first digital signature indicating validation of the organization providing the organization application is provided by the first certification authority;
  
  wherein the second digital signature indicating validation of the organization providing the organization application is provided by the second certification authority;
  
  wherein when the user application is unable to verify the first digital signature of the two or more digital signatures, the user application is able to verify the second digital signature of the two or more digital signatures to allow for receiving and sending of the information.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer program product of claim 14, wherein providing the two or more digital signatures to the user application on the user computer system occurs at a same time or at different times.
  - 16. The computer program product of claim 14, wherein the computer-readable program code portions further comprise:
    - an executable portion configured to receive the first certificate from the first certification authority with the first digital signature;
      
      an executable portion configured to receive the second certificate from the second certification authority with the second digital signature; and
      
      an executable portion configured to associate the first certificate and the second certificate with the organization application to allow for the verification of the organization application using at least the first certificate or the second certificate.
  - 17. The computer program product of claim 14, wherein the user application verifies at least one of the two or more digital signatures in two or more certificates.
  - 18. The computer program product of claim 14, wherein receiving and sending the information comprises receiving and sending information over a secure session, and wherein the computer-readable program code portions further comprise:
    - an executable portion configured to provide one or more public keys associated with the two or more digital signatures to the user application on the user computer system, wherein the user application creates a symmetric session key and encrypts the symmetric session key to create an encrypted symmetric session key using a public key from the one or more public keys;
      
      an executable portion configured to receive the encrypted symmetric session key from the user application;
      
      an executable portion configured to decrypt the encrypted symmetric session key using a private key to identify the symmetric session key;
      
      an executable portion configured to utilize the symmetric session key to create the secure session; and
      
      wherein the one or more public keys is a single public key associated with the two or more digital signatures, or wherein the one or more public keys are two or more public keys, each of the two or more public keys are associated with a digital signature from the two or more digital signatures.
  - 19. The computer program product of claim 18, wherein the one or more public keys provided are two or more public keys, and wherein encrypting the symmetric session key to create the encrypted symmetric session key comprises encrypting the symmetric session key using the two or more public keys in a string configuration, in an embedding configuration, or in a function configuration;
    - andwherein decrypting the encrypted symmetric session key comprises utilizing two or more private keys associated with the two or more public keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Kazin, Joel S., Frederick, Carl R.
Primary Examiner(s)
Pham, Luu T
Assistant Examiner(s)
Long, Edward X

Application Number

US15/453,635
Publication Number

US 20180262339A1
Time in Patent Office

867 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/045   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04L 9/006   involving public key infras...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/14   using a plurality of keys o...

H04L 9/3263   involving certificates, e.g...

H04L 9/3265   using certificate chains, t...

Secure verification system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure verification system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links