EFFICIENT METHODS FOR PROTECTING IDENTITY IN AUTHENTICATED TRANSMISSIONS
First Claim
1. An access device comprising:
- a processor; and
a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising;
sending an access device public key to a user device, wherein the access device public key is associated with an access device private key;
receiving a blinded user device public key and encrypted user device data from the user device, wherein the blinded user device public key is generated using a user device public key and a cryptographic nonce; and
generating a shared secret using the access device private key and the blinded user device public key; and
decrypting the encrypted user device data using the shared secret.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device'"'"'s public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.
72 Citations
21 Claims
-
1. An access device comprising:
-
a processor; and a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising; sending an access device public key to a user device, wherein the access device public key is associated with an access device private key; receiving a blinded user device public key and encrypted user device data from the user device, wherein the blinded user device public key is generated using a user device public key and a cryptographic nonce; and generating a shared secret using the access device private key and the blinded user device public key; and decrypting the encrypted user device data using the shared secret. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method comprising:
-
sending, by an access device having one or more processors, an access device public key to a user device, wherein the access device public key is associated with an access device private key; receiving, by the access device, a blinded user device public key from the user device, wherein the blinded user device public key is generated using a user device public key and a cryptographic nonce; and generating, by the access device, a shared secret using the access device private key and the blinded user device public key, wherein the shared secret is known to the user device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented method comprising:
-
receiving, by a user device, an access device public key from an access device; generating, by the user device, a shared secret using the access device public key and a user device private key; generating, by the user device, a blinded user device public key using a user device public key and a cryptographic nonce; encrypting, by the user device, user device data using the shared secret; and sending, by the user device, the blinded user device public key and the encrypted user device data to the access device, thereby allowing the access device to generate the shared secret using the blinded user device public key and an access device private key corresponding to the access device public key and to decrypt the encrypted user device data using the shared secret. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification