Cloud encryption key broker apparatuses, methods and systems

US 10,547,444 B2
Filed: 02/17/2016
Issued: 01/28/2020
Est. Priority Date: 02/17/2015
Status: Active Grant

First Claim

Patent Images

1. A processor-implemented method for use in cryptographic operations to prevent theft of encryption keys in payment processing, comprising:

generating, at a key broker server, a key in processing a remote transaction on a client device of a user between the user and a merchant via a merchant application;

splitting, at the key broker server, the key into a first portion and a second portion;

sending the second portion of the key from the key broker server to the client device;

storing, by one or more data processors accessible by the key broker server, the first portion of the key, at the key broker server in a secure fashion;

receiving, at the key broker server, a remote payment request from the client device for retrieval of the first portion of the key corresponding to the second portion of the key;

in response to receiving the remote payment request, performing, at the key broker server, a security analysis upon the remote payment request according to a security analysis criteria; and

transmitting the first portion of the key from the key broker server to the client device after the security analysis criteria has been satisfied;

wherein the key is reconstituted at the client device by combining the first portion of the key with the second portion of the key;

wherein the reconstituted key is only available to the client device after the remote payment request meets the security analysis criteria and the first portion of the key is provided to the client device, wherein the client device uses the reconstituted key to complete the remote transaction at the client device, wherein the reconstituted key is stored on the client device only in temporary memory or other secure type memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer-implemented systems and methods are disclosed herein for use in cryptographic operations over a cloud-based service. The cloud-based service securely stores and transmits parts of encryption/decryption keys. Split key processing can include splitting the key in two and storing one of them on a remote secure server.

Citations

20 Claims

1. A processor-implemented method for use in cryptographic operations to prevent theft of encryption keys in payment processing, comprising:
- generating, at a key broker server, a key in processing a remote transaction on a client device of a user between the user and a merchant via a merchant application;
  
  splitting, at the key broker server, the key into a first portion and a second portion;
  
  sending the second portion of the key from the key broker server to the client device;
  
  storing, by one or more data processors accessible by the key broker server, the first portion of the key, at the key broker server in a secure fashion;
  
  receiving, at the key broker server, a remote payment request from the client device for retrieval of the first portion of the key corresponding to the second portion of the key;
  
  in response to receiving the remote payment request, performing, at the key broker server, a security analysis upon the remote payment request according to a security analysis criteria; and
  
  transmitting the first portion of the key from the key broker server to the client device after the security analysis criteria has been satisfied;
  
  wherein the key is reconstituted at the client device by combining the first portion of the key with the second portion of the key;
  
  wherein the reconstituted key is only available to the client device after the remote payment request meets the security analysis criteria and the first portion of the key is provided to the client device, wherein the client device uses the reconstituted key to complete the remote transaction at the client device, wherein the reconstituted key is stored on the client device only in temporary memory or other secure type memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein a cloud-based service is used for the storing of the first portion of the key.
  - 3. The method of claim 1, wherein the cloud-based service is provided by a payment processing entity.
  - 4. The method of claim 1, wherein the reconstituted key is generated by combining the first portion of the key with the second portion of the key and with one or more additional portions of the key.
  - 5. The method of claim 1, wherein the remote transaction comprises an encryption operation.
  - 6. The method of claim 1, wherein the remote transaction comprises a decryption operation.
  - 7. The method of claim 1, wherein the security analysis includes IP checks, risk analysis of requests, IP blocking, and access rule restrictions.
  - 8. The method of claim 7, wherein the security analysis criteria includes the security analysis not detecting any unauthorized access or malicious activity associated with the remote payment request.
  - 9. The method of claim 1, wherein the remote transaction comprises a “
    - card—
      
      not present”
      
      transaction, an in-store transaction not completed using a merchant point-of-sale (POS) device, or a transaction involving devices of the user and merchant that are not at the same location.
  - 10. The method of claim 1, wherein transmitting the first portion of the key in an encrypted form.

11. A processor-implemented system for use with cryptographic operations to prevent theft of encryption keys in payment processing, comprising:
- a memory; and
  
  one or more processors disposed in communication with the memory and configured to issue processing instructions stored in the memory to;
  
  generate, at a key broker, a key in processing a remote transaction on a client device of a user between the user and a merchant via a merchant application;
  
  store a first portion of the key, at the key broker;
  
  send a second portion of the key to the client device;
  
  receive a payment request from the client device for retrieval of the first portion of the key;
  
  in response to receiving the payment request, perform a security analysis on the payment request to determine compliance to a security analysis criteria, wherein the security analysis includes IP checks, risk analysis of requests, IP blocking, and access rule restrictions; and
  
  transmit the first portion of the key from the key broker to the client device responsive to the security analysis criteria being satisfied;
  
  wherein the key is reconstituted by combining the first portion of the key with the second portion of the key;
  
  wherein the reconstituted key is used to complete the remote transaction at the client device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The processor-implemented system of claim 11, wherein the one or more processors are configured to store the first portion of the key with a cloud-based service.
  - 13. The processor-implemented system of claim 11, wherein the cloud-based service is provided by a payment processing entity.
  - 14. The processor-implemented system of claim 11, wherein the reconstituted key is generated by combining the first portion of the key with the second portion of the key and with one or more additional portions of the key.
  - 15. The processor-implemented system of claim 11, wherein the remote transaction comprises an encryption operation or a decryption operation.
  - 16. The processor-implemented system of claim 11, wherein the reconstituted key is stored on the client device only in temporary memory or other secure type memory.
  - 17. The processor-implemented system of claim 11, wherein the security analysis criteria includes the security analysis not detecting any unauthorized access or malicious activity associated with the payment request.
  - 18. The processor-implemented system of claim 11, wherein the remote transaction comprises a “
    - card—
      
      not present”
      
      transaction, an in-store transaction not completed using a merchant point-of-sale (POS) device, or a transaction involving devices of the user and merchant that are not at the same location.
  - 19. The processor-implemented system of claim 18, wherein the one or more processors are configured to transmit the first portion of the key.

20. A non-transitory tangible processor-readable medium storing processor-issuable instructions to:
- generate, at a key broker, a key for processing a payment transaction on a client device of a user between the user and a merchant via a merchant application;
  
  split, at the key broker, the key into a first portion and a second portion;
  
  send the second portion of the key from the key broker to the client device;
  
  receive a payment request from the client device for retrieval of the first portion of the key corresponding to the second portion of the key;
  
  in response to receiving the payment request, perform, at the key broker, a security analysis criteria upon the payment request; and
  
  transmit the first portion of the key, from the key broker to the client device after the security analysis criteria has been satisfied;
  
  wherein the key is reconstituted at the client device by combining the first portion of the key with the second portion of the key;
  
  wherein the reconstituted key at the client device is used to complete the payment transaction at the client device, wherein the payment transaction comprises a “
  
  card—
  
  not present”
  
  transaction, an in-store transaction not completed using a merchant point-of-sale (POS) device, or a transaction involving devices of the user and merchant that are not at the same location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Harris, Theodore, Edington, Scott
Primary Examiner(s)
Garcia Cervetti, David

Application Number

US15/045,435
Publication Number

US 20160241390A1
Time in Patent Office

1,441 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

H04L 63/06   for supporting key manageme...

H04L 9/083   involving central third par...

H04L 9/085   Secret sharing or secret sp...

Cloud encryption key broker apparatuses, methods and systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud encryption key broker apparatuses, methods and systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links