Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography

US 10,396,988 B2
Filed: 09/11/2018
Issued: 08/27/2019
Est. Priority Date: 01/20/2016
Status: Active Grant

First Claim

Patent Images

1. A method for distributing multiple cryptographic keys used to access data, comprising:

receiving, by a receiving device of a processing server, a data signal superimposed with an access key request, wherein the access key request includes at least a number, n, greater than 2, of requested keys;

generating, by the processing server, n key pairs using a key pair generation algorithm, wherein each key pair includes a private key and a public key;

deriving, by the processing server, an access private key by applying the private key included in each of the n key pairs to a key derivation algorithm;

generating, by the processing server, an access public key corresponding to the derived access private key using the key pair generation algorithm;

electronically transmitting, by a transmitting device of the processing server, a data signal superimposed with a private key included in one of the n key pairs for each of the n key pairs;

storing, in a memory of the processing server, a transfer key pair including a transfer public key and a transfer private key;

receiving, by the receiving device of the processing server, a data signal superimposed with a shared public key from each of n computing devices;

generating, by the processing server, n shared secrets, wherein each shared secret is generated using a shared public key of the n shared public keys and the transfer private key and the key pair generation algorithm; and

encrypting, by the processing server, the private key included in each of the n key pairs with one of the n shared secrets using an encryption algorithm, whereinthe private key included superimposed in the electronically transmitted data signal is the respective encrypted private key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for distributing multiple cryptographic keys used to access data includes: receiving a data signal superimposed with an access key request, wherein the access key request includes at least a number, n, greater than 1, of requested keys; generating n key pairs using a key pair generation algorithm, wherein each key pair includes a private key and a public key; deriving an access private key by applying the private key included in each of the n key pairs to a key derivation algorithm; generating an access public key corresponding to the derived access private key using the key pair generation algorithm; and electronically transmitting a data signal superimposed with a private key included in one of the n key pairs for each of the n key pairs.

6 Citations

24 Claims

1. A method for distributing multiple cryptographic keys used to access data, comprising:
- receiving, by a receiving device of a processing server, a data signal superimposed with an access key request, wherein the access key request includes at least a number, n, greater than 2, of requested keys;
  
  generating, by the processing server, n key pairs using a key pair generation algorithm, wherein each key pair includes a private key and a public key;
  
  deriving, by the processing server, an access private key by applying the private key included in each of the n key pairs to a key derivation algorithm;
  
  generating, by the processing server, an access public key corresponding to the derived access private key using the key pair generation algorithm;
  
  electronically transmitting, by a transmitting device of the processing server, a data signal superimposed with a private key included in one of the n key pairs for each of the n key pairs;
  
  storing, in a memory of the processing server, a transfer key pair including a transfer public key and a transfer private key;
  
  receiving, by the receiving device of the processing server, a data signal superimposed with a shared public key from each of n computing devices;
  
  generating, by the processing server, n shared secrets, wherein each shared secret is generated using a shared public key of the n shared public keys and the transfer private key and the key pair generation algorithm; and
  
  encrypting, by the processing server, the private key included in each of the n key pairs with one of the n shared secrets using an encryption algorithm, whereinthe private key included superimposed in the electronically transmitted data signal is the respective encrypted private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - electronically transmitting, by the transmitting device of the processing server, a data signal superimposed with the transfer public key to the n computing devices.
  - 3. The method of claim 2, wherein the data signal superimposed with the transfer public key is electronically transmitted to the n computing devices prior to receiving the data signal superimposed with the shared public key.
  - 4. The method of claim 2, wherein each data signal superimposed with the transfer public key is a same data signal as each data signal superimposed with an encrypted private key.
  - 5. The method of claim 1, wherein the transmitted data signal is electronically transmitted to a node in a blockchain network and where the encrypted private key is included in a transaction request that further includes a destination address corresponding to the respective shared public key.
  - 6. The method of claim 1, wherein the key pair generation algorithm is an elliptic curve key agreement scheme.
  - 7. The method of claim 6, wherein the elliptic curve key agreement scheme is the elliptic curve Diffie-Hellman key agreement protocol.
  - 8. The method of claim 1, wherein the key derivation algorithm includes use of an XOR logical operation.

9. A method for distributing multiple cryptographic keys used to access data, comprising:
- receiving, by a receiving device of a processing server, a data signal superimposed with an access key request, wherein the access key request includes at least a number, n, greater than 2, of requested keys;
  
  generating, by the processing server, n key pairs using a key pair generation algorithm, wherein each key pair includes a private key and a public key;
  
  deriving, by the processing server, an access private key by applying the private key included in each of the n key pairs to a key derivation algorithm;
  
  generating, by the processing server, an access public key corresponding to the derived access private key using the key pair generation algorithm;
  
  electronically transmitting, by a transmitting device of the processing server, a data signal superimposed with a private key included in one of the n key pairs for each of the n key pairs; and
  
  electronically transmitting, by the transmitting device of the processing server, a data signal superimposed with a transaction request to a node in a blockchain network, wherein the transaction request includes at least a destination address signed using the derived access private key.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 9, wherein the key pair generation algorithm is an elliptic curve key agreement scheme.
  - 20. The method of claim 19, wherein the elliptic curve key agreement scheme is the elliptic curve Diffie-Hellman key agreement protocol.
  - 21. The method of claim 9, wherein the key derivation algorithm includes use of an XOR logical operation.

10. A system for distributing multiple cryptographic keys used to access data, comprising:
- a transmitting device of a processing server;
  
  a memory of the processing server configured to store a transfer key pair including a transfer public key and a transfer private key;
  
  a receiving device of the processing server configured to receive a data signal superimposed with an access key request, wherein the access key request includes at least a number, n, greater than 2, of requested keys; and
  
  a processor of the processing server configured togenerate n key pairs using a key pair generation algorithm, wherein each key pair includes a private key and a public key,derive an access private key by applying the private key included in each of the n key pairs to a key derivation algorithm, andgenerate an access public key corresponding to the derived access private key using the key pair generation algorithm, whereinthe transmitting device of the processing server is configured to electronically transmit a data signal superimposed with a private key included in one of the n key pairs for each of the n key pairs,the receiving device of the processing server is further configured to receive a data signal superimposed with a shared public key from each of n computing devices,the processor of the processing server is further configured to generate n shared secrets, wherein each shared secret is generated using a shared public key of the n shared public keys and the transfer private key and the key pair generation algorithm, and encrypt the private key included in each of the n key pairs with one of the n shared secrets using an encryption algorithm, andthe private key included superimposed in the electronically transmitted data signal is the respective encrypted private key.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the transmitting device of the processing server is further configured to electronically transmit a data signal superimposed with the transfer public key to the n computing devices.
  - 12. The system of claim 11, wherein the data signal superimposed with the transfer public key is electronically transmitted to the n computing devices prior to receiving the data signal superimposed with the shared public key.
  - 13. The system of claim 11, wherein each data signal superimposed with the transfer public key is a same data signal as each data signal superimposed with an encrypted private key.
  - 14. The system of claim 10, wherein the transmitted data signal is electronically transmitted to a node in a blockchain network and where the encrypted private key is included in a transaction request that further includes a destination address corresponding to the respective shared public key.
  - 15. The system of claim 10, wherein the key pair generation algorithm is an elliptic curve key agreement scheme.
  - 16. The system of claim 15, wherein the elliptic curve key agreement scheme is the elliptic curve Diffie-Hellman key agreement protocol.
  - 17. The system of claim 10, wherein the key derivation algorithm includes use of an XOR logical operation.

18. A system for distributing multiple cryptographic keys used to access data, comprising:
- a transmitting device of a processing server;
  
  a receiving device of the processing server configured to receive a data signal superimposed with an access key request, wherein the access key request includes at least a number, n, greater than 2, of requested keys; and
  
  a processor of the processing server configured togenerate n key pairs using a key pair generation algorithm, wherein each key pair includes a private key and a public key,derive an access private key by applying the private key included in each of the n key pairs to a key derivation algorithm, andgenerate an access public key corresponding to the derived access private key using the key pair generation algorithm, whereinthe transmitting device of the processing server is configured toelectronically transmit a data signal superimposed with a private key included in one of the n key pairs for each of the n key pairs, andelectronically transmit a data signal superimposed with a transaction request to a node in a blockchain network, wherein the transaction request includes at least a destination address signed using the derived access private key.
- View Dependent Claims (22, 23, 24)
- - 22. The system of claim 18, wherein the key pair generation algorithm is an elliptic curve key agreement scheme.
  - 23. The system of claim 22, wherein the elliptic curve key agreement scheme is the elliptic curve Diffie-Hellman key agreement protocol.
  - 24. The system of claim 18, wherein the key derivation algorithm includes use of an XOR logical operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Davis, Steven Charles
Primary Examiner(s)
Gee, Jason K
Assistant Examiner(s)
Holmes, Angela R

Application Number

US16/127,733
Publication Number

US 20190028275A1
Time in Patent Office

350 Days
Field of Search

713171
US Class Current
CPC Class Codes

H04L 63/045   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/14   using a plurality of keys o...

H04L 9/3066   involving algebraic varieti...

Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

6 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others