Cloud encryption key broker apparatuses, methods and systems
First Claim
Patent Images
1. A processor-implemented method for use in cryptographic operations to prevent theft of encryption keys in payment processing, comprising:
- generating, at a key broker server, a key in processing a remote transaction on a client device of a user between the user and a merchant via a merchant application;
splitting, at the key broker server, the key into a first portion and a second portion;
sending the second portion of the key from the key broker server to the client device;
storing, by one or more data processors accessible by the key broker server, the first portion of the key, at the key broker server in a secure fashion;
receiving, at the key broker server, a remote payment request from the client device for retrieval of the first portion of the key corresponding to the second portion of the key;
in response to receiving the remote payment request, performing, at the key broker server, a security analysis upon the remote payment request according to a security analysis criteria; and
transmitting the first portion of the key from the key broker server to the client device after the security analysis criteria has been satisfied;
wherein the key is reconstituted at the client device by combining the first portion of the key with the second portion of the key;
wherein the reconstituted key is only available to the client device after the remote payment request meets the security analysis criteria and the first portion of the key is provided to the client device, wherein the client device uses the reconstituted key to complete the remote transaction at the client device, wherein the reconstituted key is stored on the client device only in temporary memory or other secure type memory.
1 Assignment
0 Petitions
Accused Products
Abstract
Computer-implemented systems and methods are disclosed herein for use in cryptographic operations over a cloud-based service. The cloud-based service securely stores and transmits parts of encryption/decryption keys. Split key processing can include splitting the key in two and storing one of them on a remote secure server.
-
Citations
20 Claims
-
1. A processor-implemented method for use in cryptographic operations to prevent theft of encryption keys in payment processing, comprising:
-
generating, at a key broker server, a key in processing a remote transaction on a client device of a user between the user and a merchant via a merchant application; splitting, at the key broker server, the key into a first portion and a second portion; sending the second portion of the key from the key broker server to the client device; storing, by one or more data processors accessible by the key broker server, the first portion of the key, at the key broker server in a secure fashion; receiving, at the key broker server, a remote payment request from the client device for retrieval of the first portion of the key corresponding to the second portion of the key; in response to receiving the remote payment request, performing, at the key broker server, a security analysis upon the remote payment request according to a security analysis criteria; and transmitting the first portion of the key from the key broker server to the client device after the security analysis criteria has been satisfied; wherein the key is reconstituted at the client device by combining the first portion of the key with the second portion of the key; wherein the reconstituted key is only available to the client device after the remote payment request meets the security analysis criteria and the first portion of the key is provided to the client device, wherein the client device uses the reconstituted key to complete the remote transaction at the client device, wherein the reconstituted key is stored on the client device only in temporary memory or other secure type memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A processor-implemented system for use with cryptographic operations to prevent theft of encryption keys in payment processing, comprising:
-
a memory; and one or more processors disposed in communication with the memory and configured to issue processing instructions stored in the memory to; generate, at a key broker, a key in processing a remote transaction on a client device of a user between the user and a merchant via a merchant application; store a first portion of the key, at the key broker; send a second portion of the key to the client device; receive a payment request from the client device for retrieval of the first portion of the key; in response to receiving the payment request, perform a security analysis on the payment request to determine compliance to a security analysis criteria, wherein the security analysis includes IP checks, risk analysis of requests, IP blocking, and access rule restrictions; and transmit the first portion of the key from the key broker to the client device responsive to the security analysis criteria being satisfied; wherein the key is reconstituted by combining the first portion of the key with the second portion of the key; wherein the reconstituted key is used to complete the remote transaction at the client device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory tangible processor-readable medium storing processor-issuable instructions to:
-
generate, at a key broker, a key for processing a payment transaction on a client device of a user between the user and a merchant via a merchant application; split, at the key broker, the key into a first portion and a second portion; send the second portion of the key from the key broker to the client device; receive a payment request from the client device for retrieval of the first portion of the key corresponding to the second portion of the key; in response to receiving the payment request, perform, at the key broker, a security analysis criteria upon the payment request; and transmit the first portion of the key, from the key broker to the client device after the security analysis criteria has been satisfied; wherein the key is reconstituted at the client device by combining the first portion of the key with the second portion of the key; wherein the reconstituted key at the client device is used to complete the payment transaction at the client device, wherein the payment transaction comprises a “
card—
not present”
transaction, an in-store transaction not completed using a merchant point-of-sale (POS) device, or a transaction involving devices of the user and merchant that are not at the same location.
-
Specification