Secure multi-party protocol
First Claim
1. A method for securing communications between a first computer and a second computer, the method comprising:
- securing an application programming interface at least in part by;
receiving, by the second computer from the first computer over a communications network, a request data packet of the application programming interface, the request data packet including a first control block comprising a first symmetric key, and a first data block encrypted with the first symmetric key, wherein the first control block is encrypted with a public key of a public-private key pair;
decrypting, by the second computer, the first control block with a private key of the public-private key pair;
extracting, by the second computer, the first symmetric key from the first control block;
decrypting, by the second computer, the encrypted first data block with the extracted first symmetric key;
generating, by the second computer, a second symmetric key using a predetermined algorithm based on data in the first control block;
generating, by the second computer, a response data packet of the application programming interface, the response data packet comprising a second data block and a second control block comprising the first symmetric key; and
transmitting, by the second computer, the response data packet to the first computer over the communications network.
1 Assignment
0 Petitions
Accused Products
Abstract
A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.
5 Citations
20 Claims
-
1. A method for securing communications between a first computer and a second computer, the method comprising:
-
securing an application programming interface at least in part by; receiving, by the second computer from the first computer over a communications network, a request data packet of the application programming interface, the request data packet including a first control block comprising a first symmetric key, and a first data block encrypted with the first symmetric key, wherein the first control block is encrypted with a public key of a public-private key pair; decrypting, by the second computer, the first control block with a private key of the public-private key pair; extracting, by the second computer, the first symmetric key from the first control block; decrypting, by the second computer, the encrypted first data block with the extracted first symmetric key; generating, by the second computer, a second symmetric key using a predetermined algorithm based on data in the first control block; generating, by the second computer, a response data packet of the application programming interface, the response data packet comprising a second data block and a second control block comprising the first symmetric key; and transmitting, by the second computer, the response data packet to the first computer over the communications network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer system comprising:
-
a processor; and a computer readable medium coupled with the processor, the computer readable medium comprising code executable to perform a method for securing communications between a first computer and a second computer, the method comprising; securing an application programming interface at least in part by; receiving from the first computer over a communications network, a request data packet, the request data packet of the application programming interface, the request data packet including a first control block comprising a first symmetric key, and a first data block encrypted with the first symmetric key, wherein the first control block is encrypted with a public key of a public-private key pair; decrypting the first control block with a private key of the public-private key pair; extracting from the first control block, the first symmetric key; decrypting the encrypted first data block with the extracted first symmetric key; generating a second symmetric key using a predetermined algorithm based on data in the first control block; generating a response data packet of the application programming interface, the response data packet comprising a second control block comprising the first symmetric key, and a second data block; and transmitting the response data packet to the first computer over the communications network. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. One or more non-transient computer-readable media having collectively stored thereon computer-executable instructions that, when executed with one or more computers, collectively perform a method comprising:
-
securing an application programming interface at least in part by; receiving, by a second computer from a first computer over a communications network, a request data packet of the application programming interface, the request data packet including a first control block comprising a first symmetric key, and a first data block encrypted with the first symmetric key, wherein the first control block is encrypted with a public key of a public-private key pair; decrypting, by the second computer, the first control block with a private key of the public-private key pair; extracting, by the second computer, the first symmetric key from the first control block; decrypting, by the second computer, the encrypted first data block with the extracted first symmetric key; generating, by the second computer, a second symmetric key using a predetermined algorithm based on data in the first control block; generating, by the second computer, a response data packet of the application programming interface, the response data packet comprising a second data block and a second control block comprising the first symmetric key; and transmitting, by the second computer, the response data packet to the first computer over the communications network. - View Dependent Claims (20)
-
Specification