Verification system for creating a secure link

US 10,374,808 B2
Filed: 03/08/2017
Issued: 08/06/2019
Est. Priority Date: 03/08/2017
Status: Active Grant

First Claim

Patent Images

1. A system for accessing secure applications provided by an organization, the system comprising:

one or more memory devices having computer readable code store thereon; and

one or more processing devices operatively coupled to the one or more memory devices, wherein the one or more processing devices are configured to execute the computer readable code to;

access an organization application, through an organization system or a third party system;

access two or more digital signatures associated with the organization application, wherein the two or more digital signatures are included within a single certificate on the organization application;

attempt to verify at least one of the two or more digital signatures as being signed by a certification authority that is trusted, wherein attempting to verify the at least one of the two or more digital signatures comprises;

attempting to verify a first digital signature, wherein the first digital signature indicating validation of the organization providing the organization application is provided by a first certification authority;

failing to verify the first digital signature;

attempting to verify a second digital signature, wherein the second digital signature indicating validation of the organization providing the organization application is provided by a second certification authority; and

verifying the second digital signature; and

receive and send information from and to the organization application after verifying the organization application using the at least one of the two or more digital signatures;

wherein the two or more digital signatures are provided on the single certificate by the first certification authority and the second certification authority.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, computer products, and methods are described herein for an improved secure certificate system that utilizes multiple digital signatures, and in some cases multiple public keys within one or more certificates. The improved secure certificate systems allows for additional security by having multiple certification authorities validate the organization as the owner of the organization application (e.g., website, dedicated application, or the like), as well as allowing for the use of the multiple digital signatures and/or certificates to provide seamless verification of the organization application should one or more of the digital signatures and/or certificates become compromised. Moreover, security may be improved by utilizing multiple public keys to encrypt a session key for use in sending and receiving data.

97 Citations

View as Search Results

20 Claims

1. A system for accessing secure applications provided by an organization, the system comprising:
- one or more memory devices having computer readable code store thereon; and
  
  one or more processing devices operatively coupled to the one or more memory devices, wherein the one or more processing devices are configured to execute the computer readable code to;
  
  access an organization application, through an organization system or a third party system;
  
  access two or more digital signatures associated with the organization application, wherein the two or more digital signatures are included within a single certificate on the organization application;
  
  attempt to verify at least one of the two or more digital signatures as being signed by a certification authority that is trusted, wherein attempting to verify the at least one of the two or more digital signatures comprises;
  
  attempting to verify a first digital signature, wherein the first digital signature indicating validation of the organization providing the organization application is provided by a first certification authority;
  
  failing to verify the first digital signature;
  
  attempting to verify a second digital signature, wherein the second digital signature indicating validation of the organization providing the organization application is provided by a second certification authority; and
  
  verifying the second digital signature; and
  
  receive and send information from and to the organization application after verifying the organization application using the at least one of the two or more digital signatures;
  
  wherein the two or more digital signatures are provided on the single certificate by the first certification authority and the second certification authority.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein attempting to verify the at least one of the two or more digital signatures comprises:
    - attempting to verify a third digital signature;
      
      verifying the third digital signature; and
      
      wherein receiving and sending the information is allowed after the second digital signature and the third digital signature are verified.
  - 3. The system of claim 1, wherein receiving and sending the information comprises receiving and sending the information over a secure session, and wherein the one or more processing devices are configured to execute the computer readable code to create the secure session by:
    - identifying a public key associated with the at least one of the two or more digital signatures within the single certificate when the at least one of the two or more digital signatures are verified;
      
      creating a symmetric session key for the secure session with the organization application;
      
      encrypting the symmetric session key to create an encrypted symmetric session key using the public key;
      
      sending the encrypted symmetric session key to the organization application, wherein the organization application utilizes a private key to decrypt the encrypted symmetric session key to identify the symmetric session key; and
      
      receiving and sending the information from and to the organization application using the symmetric session key.
  - 4. The system of claim 3, wherein the public key is associated with the two or more digital signatures.
  - 5. The system of claim 3, wherein the public key is from two or more public keys associated with the two or more digital signatures.
  - 6. The system of claim 3, wherein the one or more processing devices are further configured to execute the computer readable code to:
    - identify two or more public keys associated with the two or more digital signatures;
      
      wherein encrypting the symmetric session key to create the encrypted symmetric session key comprises encrypting the symmetric session key using the two or more public keys in a string configuration, in an embedding configuration, or in a function configuration; and
      
      wherein the organization application utilizes two or more private keys associated with the two or more public keys to decrypt the encrypted symmetric session key to identify the symmetric session key.
  - 7. The system of claim 1, wherein the two or more digital signatures are verified and an order in which the two or more digital signatures are verified is provided to the organization application, and wherein the order in which the two or more digital signatures are verified is utilized to create a secure session between a user application and the organization application.

8. A computer implemented method for accessing secure applications provided by an organization, the method comprising:
- accessing, by one or more processors, an organization application, through an organization system or a third party system;
  
  accessing, by the one or more processors, two or more digital signatures associated with the organization application, wherein the two or more digital signatures are included within a single certificate on the organization application;
  
  attempting, by the one or more processors, to verify at least one of the two or more digital signatures as being signed by a certification authority that is trusted, wherein attempting to verify the at least one of the two or more digital signatures comprises;
  
  attempting to verify a first digital signature, wherein the first digital signature indicating validation of the organization providing the organization application is provided by a first certification authority;
  
  failing to verify the first digital signature;
  
  attempting to verify a second digital signature, wherein the second digital signature indicating validation of the organization providing the organization application is provided by a second certification authority; and
  
  verifying the second digital signature; and
  
  receiving and sending, by the one or more processors, information from and to the organization application after verifying the organization application using the at least one of the two or more digital signatures;
  
  wherein the two or more digital signatures are provided on the single certificate by the first certification authority and the second certification authority.
- View Dependent Claims (9, 10, 11, 12, 19, 20)
- - 9. The method of claim 8, wherein attempting to verify the at least one of the two or more digital signatures comprises:
    - attempting to verify a third digital signature;
      
      verifying the third digital signature; and
      
      wherein receiving and sending the information is allowed after the second digital signature and the third digital signature are verified.
  - 10. The method of claim 8, wherein receiving and sending the information comprises receiving and sending the information over a secure session, and wherein the secure session is created by:
    - identifying, by the one or more processors, a public key associated with the at least one of the two or more digital signatures within the single certificate when the at least one of the two or more digital signatures are verified;
      
      creating, by the one or more processors, a symmetric session key for the secure session with the organization application;
      
      encrypting, by the one or more processors, the symmetric session key to create an encrypted symmetric session key using the public key;
      
      sending, by the one or more processors, the encrypted symmetric session key to the organization application, wherein the organization application utilizes a private key to decrypt the encrypted symmetric session key to identify the symmetric session key; and
      
      receiving and sending, by the one or more processors, the information from and to the organization application using the symmetric session key.
  - 11. The method of claim 10, further comprising:
    - identifying, by the one or more processors, two or more public keys associated with the two or more digital signatures;
      
      wherein encrypting the symmetric session key to create the encrypted symmetric session key comprises encrypting the symmetric session key using the two or more public keys in a string configuration, in an embedding configuration, or in a function configuration; and
      
      wherein the organization application utilizes two or more private keys associated with the two or more public keys to decrypt the encrypted symmetric session key to identify the symmetric session key.
  - 12. The method of claim 8, wherein the two or more digital signatures are verified and an order in which the two or more digital signatures are verified is provided to the organization application, and wherein the order in which the two or more digital signatures are verified is utilized to create a secure session between a user application and the organization application.
  - 19. The method of claim 10, wherein the public key is associated with the two or more digital signatures.
  - 20. The method of claim 10, wherein the public key is from two or more public keys associated with the two or more digital signatures.

13. A computer program product for accessing secure applications provided by an organization, the computer program product comprising at least one non-transitory computer-readable medium having computer-readable program code portions embodied therein, the computer-readable program code portions comprising:
- an executable portion configured to access an organization application, through an organization system or a third party system;
  
  an executable portion configured to access two or more digital signatures associated with the organization application, wherein the two or more digital signatures are included within a single certificate on the organization application;
  
  an executable portion configured to attempt to verify at least one of the two or more digital signatures as being signed by a certification authority that is trusted, wherein attempting to verify the at least one of the two or more digital signatures comprises;
  
  attempting to verify a first digital signature, wherein a first digital signature indicating validation of the organization providing the organization application is provided by a first certification authority;
  
  failing to verify the first digital signature;
  
  attempting to verify a second digital signature, wherein a second digital signature indicating validation of the organization providing the organization application is provided by a second certification authority; and
  
  verifying the second digital signature; and
  
  an executable portion configured to receive and send information from and to the organization application after verifying the organization application using the at least one of the two or more digital signatures;
  
  wherein the two or more digital signatures are provided on the single certificate by the first certification authority and the second certification authority.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13, wherein attempting to verify the at least one of the two or more digital signatures comprises:
    - attempting to verify a third digital signature;
      
      verifying the third digital signature; and
      
      wherein receiving and sending the information is allowed after the second digital signature and the third digital signature are verified.
  - 15. The computer program product of claim 13, wherein the executable portion configured to receive and send the information comprises receiving and sending the information over a secure session, and wherein the computer-readable program code portions further comprise:
    - an executable portion configured to identify a public key associated with the at least one of the two or more digital signatures within the single certificate when the at least one of the two or more digital signatures are verified;
      
      an executable portion configured to create a symmetric session key for the secure session with the organization application;
      
      an executable portion configured to encrypt the symmetric session key to create an encrypted symmetric session key using the public key;
      
      an executable portion configured to send the encrypted symmetric session key to the organization application, wherein the organization application utilizes a private key to decrypt the encrypted symmetric session key to identify the symmetric session key; and
      
      an executable portion configured to receive and send the information from and to the organization application using the symmetric session key.
  - 16. The computer program product of claim 15, wherein the public key is associated with the two or more digital signatures, or wherein the public key is from two or more public keys associated with the two or more digital signatures.
  - 17. The computer program product of claim 15, wherein the computer-readable program code portions further comprises:
    - an executable portion configured to identify two or more public keys associated with the two or more digital signatures;
      
      wherein encrypting the symmetric session key to create the encrypted symmetric session key comprises encrypting the symmetric session key using the two or more public keys in a string configuration, in an embedding configuration, or in a function configuration; and
      
      wherein the organization application utilizes two or more private keys associated with the two or more public keys to decrypt the encrypted symmetric session key to identify the symmetric session key.
  - 18. The computer program product of claim 13, wherein the two or more digital signatures are verified and an order in which the two or more digital signatures are verified is provided to the organization application, and wherein the order in which the two or more digital signatures are verified is utilized to create a secure session between a user application and the organization application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Frederick, Carl R., Kazin, Joel S.
Primary Examiner(s)
Pham, Luu T
Assistant Examiner(s)
Long, Edward X

Application Number

US15/453,642
Publication Number

US 20180262345A1
Time in Patent Office

881 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/126   the source of the received ...

H04L 67/02   based on web technology, e....

H04L 9/14   using a plurality of keys o...

H04L 9/3247   involving digital signatures

H04L 9/3265   using certificate chains, t...

H04L 9/3268   using certificate validatio...

H04W 12/082   using revocation of authori...

Verification system for creating a secure link

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

97 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Verification system for creating a secure link

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links