PRE-GENERATION OF SESSION KEYS FOR ELECTRONIC TRANSACTIONS AND DEVICES THAT PRE-GENERATE SESSION KEYS FOR ELECTRONIC TRANSACTIONS

US 20150019442A1
Filed: 07/10/2013
Published: 01/15/2015
Est. Priority Date: 07/10/2013
Status: Active Grant

First Claim

Patent Images

1. A method of securing a transaction between a user terminal and a transaction terminal, comprising:

generating a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter;

encrypting the plurality of session cryptographic keys to provide a plurality of encrypted session cryptographic keys;

storing the plurality of encrypted session cryptographic keys and one of the respective plurality of values of the transaction counter in the user terminal;

generating a cryptogram based on a first one of the plurality of encrypted session cryptographic keys and transaction data for the transaction;

transmitting the cryptogram to the transaction terminal;

updating the transaction counter; and

deleting the first one of the plurality of encrypted session cryptographic keys from the user terminal after generating the cryptogram.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and devices for pre-generating session keys for securing transactions are provided. A plurality of session cryptographic keys are generated from a master cryptographic key and a respective plurality of possible values of a transaction counter. The session cryptographic keys are encrypted to provide a plurality of encrypted session cryptographic keys, which are stored in the user terminal. The master cryptographic key is deleted from the user terminal after the session keys are generated. To secure a transaction, a cryptogram is generated based on one of the encrypted session cryptographic keys and transaction data for the transaction, and the cryptogram is transmitted to a transaction terminal. The transaction counter is updated, and the encrypted session cryptographic key is deleted from the user terminal.

91 Citations

View as Search Results

23 Claims

1. A method of securing a transaction between a user terminal and a transaction terminal, comprising:
- generating a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter;
  
  encrypting the plurality of session cryptographic keys to provide a plurality of encrypted session cryptographic keys;
  
  storing the plurality of encrypted session cryptographic keys and one of the respective plurality of values of the transaction counter in the user terminal;
  
  generating a cryptogram based on a first one of the plurality of encrypted session cryptographic keys and transaction data for the transaction;
  
  transmitting the cryptogram to the transaction terminal;
  
  updating the transaction counter; and
  
  deleting the first one of the plurality of encrypted session cryptographic keys from the user terminal after generating the cryptogram.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein encrypting the plurality of session cryptographic keys comprises encrypting with a personal identification number.
  - 3. The method of claim 2, wherein encrypting the plurality of session cryptographic keys comprises camouflaging the plurality of session cryptographic keys.
  - 4. The method of claim 3, wherein camouflaging the plurality of session cryptographic keys comprises encrypting the plurality of session cryptographic keys in such a manner that decrypting any of the plurality of session cryptographic keys with an incorrect personal identification number produces a valid session cryptographic key.
  - 5. The method of claim 4, further comprising providing the master cryptographic key in the user terminal, and deleting the master cryptographic key from the user terminal after generating the plurality of session cryptographic keys, wherein following deletion of the master cryptographic key from the user terminal, there is no data remaining on the user terminal that can be reliably used to decrypt the remaining session cryptographic keys using the transaction data and the cryptogram.
  - 6. The method of claim 1, further comprising providing the master cryptographic key in the user terminal, and deleting the master cryptographic key from the user terminal after generating the plurality of session cryptographic keys.
  - 7. The method of claim 1, wherein transmitting the cryptogram comprises transmitting the cryptogram to the transaction terminal using a near field communication link, a Bluetooth communication link, a Wi-Fi communication link, or other wireless communication link.
  - 8. The method of claim 1, wherein the number of session cryptographic keys generated comprises a number of possible values of the transaction counter.
  - 9. The method of claim 1, wherein the number of session cryptographic keys generated comprises less than a number of possible values of the transaction counter.
  - 10. The method of claim 1, wherein the master cryptographic key comprises a plurality of cryptographic keys.
  - 11. The method of claim 1, wherein generating the cryptogram comprises applying a hash function to the transaction data and the first one of the encrypted session cryptographic keys.
  - 12. The method of claim 1, wherein updating the transaction counter comprises incrementing the transaction counter.

13. A user terminal, comprising:
- a processor;
  
  a memory coupled to the processor; and
  
  a communication module coupled to the processor;
  
  wherein the processor is configured to generate a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter, to encrypt the plurality of session cryptographic keys to provide a plurality of encrypted session cryptographic keys, to store the plurality of encrypted session cryptographic keys, to exchange transaction data relating to a proposed transaction with a transaction terminal, to generate a cryptogram based on a first one of the plurality of encrypted session cryptographic keys and the transaction data, to transmit the cryptogram to the transaction terminal using the communication module, to update the transaction counter, and to delete the first one of the plurality of encrypted session cryptographic keys from the user terminal.
- View Dependent Claims (14, 15, 16)
- - 14. The user terminal of claim 13, wherein encrypting the session cryptographic keys comprises encrypting the plurality of session cryptographic keys with a personal identification number.
  - 15. The user terminal of claim 14, wherein the processor is configured to camouflage the plurality of session cryptographic keys in such a manner that decrypting any of the plurality of encrypted session cryptographic keys with an incorrect personal identification number produces a valid session cryptographic key.
  - 16. The user terminal of claim 13, wherein the number of session cryptographic keys generated comprises a number of possible values of the transaction counter.

17. A provisioning server, comprising:
- a processor;
  
  a memory coupled to the processor; and
  
  a communication module coupled to the processor;
  
  wherein the processor is configured to generate a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter, and to transmit the plurality of session cryptographic keys and the transaction counter to a user terminal for use in securing a financial transaction.
- View Dependent Claims (18, 19)
- - 18. The provisioning server of claim 17, wherein the number of session cryptographic keys generated comprises a number of possible values of the transaction counter.
  - 19. The provisioning server of claim 17, wherein the session cryptographic keys comprise first session cryptographic keys, wherein the number of first session cryptographic keys comprises less than a number of possible values of the transaction counter, and wherein the processor is configured to generate additional session cryptographic keys and transmit the additional session cryptographic keys to the user terminal when the supply of first session cryptographic keys is reduced to a predetermined level.

20. A computer program product for securing a transaction between a user terminal and a transaction terminal, comprising:
- a computer readable storage medium having computer readable program code embodied in the medium, the computer readable program code comprising;
  
  computer readable program code to generate a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter;
  
  computer readable program code to store the session cryptographic keys and one of the plurality of transaction counters in the user terminal;
  
  computer readable program code to generate a cryptogram based on a first one of the plurality of session cryptographic keys and transaction data for the transaction;
  
  computer readable program code to transmit the cryptogram to the transaction terminal;
  
  computer readable program code to update the transaction counter; and
  
  computer readable program code to delete the first one of the plurality of session cryptographic keys from the user terminal after generating the cryptogram.

21. A method, comprising:
- generating a plurality of secret items corresponding to a respective plurality of possible values of an index;
  
  storing the plurality of secret items and a first one of the plurality of possible values of the index in a first terminal;
  
  generating an message corresponding to the first one of the plurality of possible values of the index using a first one of the secret items;
  
  transmitting the message to the second terminal;
  
  updating the index; and
  
  deleting the first one of the plurality of secret items from the first terminal after generating the message.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21, wherein the plurality of secret items comprise one time passwords.
  - 23. The method of claim 21, wherein the index comprises a transaction index, and wherein the message comprises a transaction digest for a transaction between the first terminal and the second terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Hird, Geoffrey R., Hoover, Douglas N.

Granted Patent

US 10,460,314 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06Q 20/3829   involving key management

H04L 2463/061   applying further key deriva...

H04L 2463/062   applying encryption of the ...

H04L 63/062   for key distribution, e.g. ...

H04L 63/12   Applying verification of th...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

PRE-GENERATION OF SESSION KEYS FOR ELECTRONIC TRANSACTIONS AND DEVICES THAT PRE-GENERATE SESSION KEYS FOR ELECTRONIC TRANSACTIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

91 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

PRE-GENERATION OF SESSION KEYS FOR ELECTRONIC TRANSACTIONS AND DEVICES THAT PRE-GENERATE SESSION KEYS FOR ELECTRONIC TRANSACTIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links