SYSTEMS AND METHODS FOR DECRYPTION AS A SERVICE
First Claim
Patent Images
1. A system for decryption of payloads, the system comprising:
- a frontend server operatively connected to a read-only database, the frontend server configured for;
a) receiving a plurality of payloads from one or more third parties, wherein each of the payloads includes at least one encrypted element;
b) retrieving authentication data from the read-only database;
c) comparing the authentication data with each of the plurality of payloads to determine whether one or more of the payloads of the plurality of payloads has been compromised;
d) upon determining that one or more of the payloads of the plurality of payloads has not been compromised, transmitting the one or more payloads of the plurality of payloads to a hardware security module for decryption of the at least one encrypted element;
the read-only database operatively connected to the frontend server and configured for storing read-only authentication data for use in determining whether payloads have been compromised; and
the hardware security module operatively connected to the frontend server, the hardware security module configured for decrypting the one or more payloads of the plurality of encrypted payloads based on an encryption key and transmitting the decrypted one or more payloads to the one or more third parties.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for decryption of payloads are disclosed herein. In various embodiments, systems and methods herein are configured for decrypting thousands of transactions per second. Further, in particular embodiments, the systems and methods herein are scalable, such that many thousands of transactions can be processed per second upon replicating particular architectural components.
52 Citations
77 Claims
-
1. A system for decryption of payloads, the system comprising:
-
a frontend server operatively connected to a read-only database, the frontend server configured for;
a) receiving a plurality of payloads from one or more third parties, wherein each of the payloads includes at least one encrypted element;
b) retrieving authentication data from the read-only database;
c) comparing the authentication data with each of the plurality of payloads to determine whether one or more of the payloads of the plurality of payloads has been compromised;
d) upon determining that one or more of the payloads of the plurality of payloads has not been compromised, transmitting the one or more payloads of the plurality of payloads to a hardware security module for decryption of the at least one encrypted element;the read-only database operatively connected to the frontend server and configured for storing read-only authentication data for use in determining whether payloads have been compromised; and the hardware security module operatively connected to the frontend server, the hardware security module configured for decrypting the one or more payloads of the plurality of encrypted payloads based on an encryption key and transmitting the decrypted one or more payloads to the one or more third parties. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method for decryption of payloads, the method comprising:
-
providing a frontend server operatively connected to a read-only database, the frontend server configured for;
a) receiving a plurality of payloads from one or more third parties, wherein each of the payloads includes at least one encrypted element;
b) retrieving authentication data from the read-only database;
c) comparing the authentication data with each of the plurality of payloads to determine whether one or more of the payloads of the plurality of payloads has been compromised;
d) upon determining that one or more of the payloads of the plurality of payloads has not been compromised, transmitting the one or more payloads of the plurality of payloads to a hardware security module for decryption of the at least one encrypted element;providing the read-only database operatively connected to the frontend server and configured for storing read-only authentication data for use in determining whether payloads have been compromised; and providing the hardware security module operatively connected to the frontend server, the hardware security module configured for decrypting the one or more payloads of the plurality of encrypted payloads based on an encryption key and transmitting the decrypted one or more payloads to the one or more third parties. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A scalable system for fast decryption of payloads, the system comprising:
-
at least one hardware security module operatively connected to one or more frontend servers and configured for decrypting encrypted elements of payloads; the one or more frontend servers configured to receive and authenticate payloads based at least in part upon retrieving authentication data from a particular read-only database of one or more read-only databases; the one or more read-only databases operatively connected to the one or more frontend servers, wherein the one or more read-only databases comprise the authentication data for authenticating payloads; a read-only master database operatively connected to the one or more read-only databases, the read-only master database configured to refresh the authentication data stored at the one or more read-only databases; and a backend read/write database for logging decryptions and authentications, the backend read-write database operatively connected to the at least one hardware security module and the read-only master database. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A system for fast decryption of one or more payloads, the system comprising a message queuing protocol operatively connected to a read-only database and a read/write database, the message queuing protocol configured for:
-
receiving event notifications from a read-only database, wherein the event notifications each comprise one or more notifications regarding the authentication of one or more received payloads; queuing the event notifications received from the read-only database; and transmitting the event notifications to the read/write database upon determining that the read/write database is configured to accept event notifications. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47)
-
-
48. A computer-implemented method for fast decryption of one or more payloads, the method comprising providing a message queuing protocol operatively connected to a read-only database and a read/write database, the message queuing protocol configured for:
-
receiving event notifications from a read-only database, wherein the event notifications each comprise one or more notifications regarding the authentication of one or more received payloads; queuing the event notifications received from the read-only database; and transmitting the event notifications to the read/write database upon determining that the read/write database is configured to accept event notifications. - View Dependent Claims (49, 50, 51, 52, 53, 54, 55)
-
-
56. A system for fast decryption of one or more payloads, the system comprising:
-
a frontend server for receiving encrypted payloads; a plurality of read-only databases operatively connected to the frontend server; a master read-only database operatively connected to each of the plurality of read-only databases; and a read/write database operatively connected to the master database, the read/write database for transmitting event messages to the master read-only database, wherein the system is configured for; receiving event information at the read/write database; upon receiving the event information at the read/write database, automatically transmitting authentication data to the master read-only database, wherein the authentication data has been updated by the event information; refreshing the read-only master database to include the authentication data; and refreshing each of the plurality of read-only databases with authentication data matching the refreshed read-only master database, wherein the authentication data is for determining whether a payload has been transmitted by a tampered device. - View Dependent Claims (57, 58, 59, 60, 61)
-
-
62. A computer-implemented method for fast decryption of one or more payloads, the method comprising the steps of:
-
providing a frontend server for receiving encrypted payloads; providing a plurality of read-only databases operatively connected to the frontend server; providing a master read-only database operatively connected to each of the plurality of read-only databases; providing a read/write database operatively connected to the master database, the read/write database for transmitting event messages to the master read-only database; receiving event information at the read/write database; upon receiving the event information at the read/write database, automatically transmitting authentication data to the master read-only database, wherein the authentication data has been updated by the event information; refreshing the read-only master database to include the authentication data; and refreshing each of the plurality of read-only databases with authentication data matching the refreshed read-only master database, wherein the authentication data is for determining whether a payload has been transmitted by a tampered device. - View Dependent Claims (63, 64, 65, 66, 67)
-
-
68. A system for decryption of one or more payloads, the system comprising:
-
a hardware security module for decrypting encrypted elements of received payloads, the hardware security module operatively connected to at least one decryption server; the at least one decryption server, wherein the at least one decryption server is configured to; receive a particular payload, the particular payload comprising at least one encrypted element; transmit the particular payload to the hardware security module for decryption of the at least one encrypted element; upon receiving the particular payload from the hardware security module, parse the particular payload to determine whether the at least one encrypted element has been decrypted by the hardware security module; upon determining that the at least one encrypted element has not been decrypted by the hardware security module, transmit an error message to a read/write database operatively coupled to the frontend server. - View Dependent Claims (69, 70, 71, 72)
-
-
73. A computer-implemented method for decryption of one or more payloads, the method comprising:
-
providing a hardware security module for decrypting encrypted elements of received payloads, the hardware security module operatively connected to at least one decryption server; providing the at least one decryption server, receiving a particular payload, the particular payload comprising at least one encrypted element; transmitting the particular payload to the hardware security module for decryption of the at least one encrypted element; upon receiving the particular payload from the hardware security module, parsing the particular payload to determine whether the at least one encrypted element has been decrypted by the hardware security module; and upon determining that the at least one encrypted element has not been decrypted by the hardware security module, transmitting an error message to a read/write database operatively coupled to the frontend server. - View Dependent Claims (74, 75, 76, 77)
-
Specification