EFFICIENT METHODS FOR AUTHENTICATED COMMUNICATION

US 20150372811A1
Filed: 06/18/2015
Published: 12/24/2015
Est. Priority Date: 06/18/2014
Status: Active Grant

First Claim

Patent Images

1. A first computing device comprising:

a processor; and

a non-transitory computer-readable storage medium comprising instructions stored thereon, that when executed on the processor, perform;

determining an ephemeral key pair comprising an ephemeral public key and an ephemeral private key;

generating a first shared secret using the ephemeral private key and a static second device public key;

encrypting request data using the first shared secret to obtain encrypted request data;

sending a request message including the encrypted request data and the ephemeral public key to a second computing device;

receiving a response message including encrypted response data and a blinded static second device public key from the second computing device;

determining a second shared secret using the ephemeral private key and the blinded static second device public key; and

decrypting the encrypted response data using the second shared secret to determine response data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate an ephemeral key pair comprising an ephemeral public key and an ephemeral private key. The first computing device can generate a first shared secret using the ephemeral private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the ephemeral public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the ephemeral private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.

114 Citations

20 Claims

1. A first computing device comprising:
- a processor; and
  
  a non-transitory computer-readable storage medium comprising instructions stored thereon, that when executed on the processor, perform;
  
  determining an ephemeral key pair comprising an ephemeral public key and an ephemeral private key;
  
  generating a first shared secret using the ephemeral private key and a static second device public key;
  
  encrypting request data using the first shared secret to obtain encrypted request data;
  
  sending a request message including the encrypted request data and the ephemeral public key to a second computing device;
  
  receiving a response message including encrypted response data and a blinded static second device public key from the second computing device;
  
  determining a second shared secret using the ephemeral private key and the blinded static second device public key; and
  
  decrypting the encrypted response data using the second shared secret to determine response data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The first computing device of claim 1, wherein the request data includes identification data operable by the second computing device to identify the first computing device or a user.
  - 3. The first computing device of claim 1, wherein the ephemeral public key is a combined ephemeral public key, wherein the ephemeral private key is a combined ephemeral private key, and wherein the combined ephemeral public key and the combined ephemeral private key are determined using an identification factor generated using identification data and authentication data.
  - 4. The first computing device of claim 1, wherein the ephemeral public key is an ephemeral first device public key, wherein the ephemeral private key is an ephemeral first device private key, wherein the request data includes a first device certificate comprising a static first device public key, wherein the response message further includes an ephemeral second device public key, and wherein the instructions, when executed on the processor, further perform:
    - generating an auxiliary shared secret using the ephemeral second device public key and a static first device private key corresponding to the static first device public key, wherein decrypting the encrypted response data also uses the auxiliary shared secret.
  - 5. The first computing device of claim 1, wherein the instructions, when executed on the processor, further perform:
    - generating a next shared secret and a next blinded static second device public key using the second shared secret; and
      
      associating the next blinded static second device public key with the next shared secret, wherein the next shared secret is used to decrypt subsequent encrypted response data received from the second computing device.
  - 6. The first computing device of claim 1, wherein the response data includes a second device certificate comprising the static second device public key, wherein the response data also includes a cryptographic nonce used to generate the blinded static second device public key, and wherein the instructions, when executed on the processor, further perform:
    - validating the second device certificate;
      
      generating a second device session identifier using the static second device public key and the cryptographic nonce; and
      
      comparing the second device session identifier with the blinded static second device public key received from the second computing device, wherein the second computing device is authenticated if the second device session second device identifier matches the blinded static second device public key.
  - 7. The first computing device of claim 1, wherein the response data includes a payment credential, and wherein the instructions, when executed on the processor, further perform:
    - conducting a payment transaction using the payment credential.
  - 8. A system comprising:
    - the first computing device of claim 1; and
      
      the second computing device, wherein the second computing device is configured to;
      
      receive, from the first computing device, the request message;
      
      generate the first shared secret using the ephemeral public key and a static second device private key;
      
      decrypt the encrypted request data using the first shared secret to obtain the request data;
      
      blind the static second device private key to determine a blinded static second device private key;
      
      generate the second shared secret using the blinded static second device private key and the ephemeral public key;
      
      encrypt the response data using the second shared secret to obtain the encrypted response data; and
      
      send, to the first computing device, the response message.

9. A second computing device comprising:
- a processor; and
  
  a non-transitory computer-readable storage medium comprising instructions stored thereon, that when executed on the processor, perform;
  
  receiving, from a first computing device, a request message including encrypted request data and an ephemeral public key;
  
  generating a first shared secret using the ephemeral public key and a static second device private key;
  
  decrypting the encrypted request data using the first shared secret to obtain request data;
  
  generating a second shared secret using a blinded static second device private key and the ephemeral public key;
  
  encrypting response data using the second shared secret to determine encrypted response data; and
  
  sending, to the first computing device, a response message including the encrypted response data and a blinded static second device public key.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The second computing device of claim 9, wherein the instructions, when executed on the processor, further perform:
    - generating a cryptographic nonce;
      
      determining the blinded static second device public key using a static second device public key and the cryptographic nonce; and
      
      determining the blinded static second device private key using the static second device private key and the cryptographic nonce.
  - 11. The second computing device of claim 9, wherein the ephemeral public key is a first combined ephemeral public key, wherein the request data includes an ephemeral public key used to generate the combined ephemeral public key, wherein the request data further includes identification data, and wherein the instructions, when executed on the processor, further perform:
    - retrieving second authentication data from a device database using the identification data;
      
      generating a second identification factor using the second authentication data and the identification data;
      
      determining a second combined ephemeral public key using the second identification factor and the ephemeral public key; and
      
      comparing the first combined ephemeral public key to the second combined ephemeral public key, wherein the first computing device is authenticated if the first combined ephemeral public key matches the second combined ephemeral public key.
  - 12. The second computing device of claim 9, wherein the ephemeral public key is an ephemeral first device public key, and wherein the instructions, when executed on the processor, further perform:
    - determining, from the request data, a first device certificate associated with the first computing device, the first device certificate comprising a static first device public key;
      
      determining an ephemeral second device key pair comprising an ephemeral second device public key and an ephemeral second device private key;
      
      generating an auxiliary shared secret using the static first device public key and the ephemeral second device private key, wherein encrypting the response data further uses the auxiliary shared secret, and wherein the response message further includes the ephemeral second device public key.
  - 13. The second computing device of claim 9, wherein the request data includes a first device identifier, and wherein the instructions, when executed on the processor, further perform:
    - generating a next shared secret and a next blinded static second device public key using the second shared secret; and
      
      associating the first device identifier with the next blinded static second device public key and the next shared secret, wherein the next shared secret is used to encrypt subsequent encrypted response data sent to the first computing device, and wherein the next blinded static second device public key is included in a subsequent response message sent to the first computing device.
  - 14. The second computing device of claim 9, wherein the response data includes a payment credential, wherein the payment credential is operable by the first computing device to conduct a payment transaction.

15. A computer-implemented method comprising:
- receiving, by a second computing device, from a first computing device, a request message including encrypted request data and an ephemeral public key;
  
  generating, by the second computing device, a first shared secret using the ephemeral public key and a static second device private key;
  
  decrypting, by the second computing device, the encrypted request data using the first shared secret to obtain request data;
  
  generating, by the second computing device, a second shared secret using a blinded static second device private key and the ephemeral public key;
  
  encrypting, by the second computing device, response data using the second shared secret to determine encrypted response data; and
  
  sending, by the second computing device to the first computing device, a response message including the encrypted response data and a blinded static second device public key.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-implemented method of claim 15, further comprising:
    - generating, by the second computing device, a cryptographic nonce;
      
      determining, by the second computing device, the blinded static second device public key using a static second device public key and the cryptographic nonce; and
      
      determining, by the second computing device, the blinded static second device private key using the static second device private key and the cryptographic nonce.
  - 17. The computer-implemented method of claim 15, wherein the ephemeral public key is a combined ephemeral public key, wherein the request data includes an original ephemeral public key used to generate the combined ephemeral public key, wherein the request data further includes identification data, and wherein the computer-implemented method further comprises:
    - retrieving, by the second computing device, second authentication data from a device database using the identification data;
      
      generating, by the second computing device, a second identification factor using the second authentication data and the identification data;
      
      determining, by the second computing device, a second combined ephemeral public key using the second identification factor and the original ephemeral public key; and
      
      comparing, by the second computing device, the combined ephemeral public key to the second combined ephemeral public key, wherein the first computing device is authenticated if the combined ephemeral public key and the second combined ephemeral public key match.
  - 18. The computer-implemented method of claim 15, wherein the ephemeral public key is an ephemeral first device public key, and wherein the computer-implemented method further comprises:
    - determining, by the second computing device, from the request data, a first device certificate associated with the first computing device, the first device certificate comprising a static first device public key;
      
      determining, by the second computing device, an ephemeral second device key pair comprising an ephemeral second device public key and an ephemeral second device private key;
      
      generating, by the second computing device, an auxiliary shared secret using the static first device public key and the ephemeral second device private key, wherein encrypting the response data further uses the auxiliary shared secret, and wherein the response message further includes the ephemeral second device public key.
  - 19. The computer-implemented method of claim 15, wherein the request data includes a first device identifier, and wherein the computer-implemented method further comprises:
    - generating, by the second computing device, a next shared secret and a next blinded static second device public key using the second shared secret; and
      
      associating, by the second computing device, the first device identifier with the next blinded static second device public key and the next shared secret, wherein the next shared secret is used to encrypt subsequent encrypted response data sent to the first computing device, and wherein the next blinded static second device public key is included in a subsequent response message sent to the first computing device.
  - 20. The computer-implemented method of claim 15, wherein the response data includes a payment credential, wherein the payment credential is operable by the first computing device to conduct a payment transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Le Saint, Eric, Mardikar, Upendra, Fedronic, Dominique

Granted Patent

US 10,574,633 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/3227   using secure elements embed...

G06Q 20/3829   involving key management

H04L 2209/04   Masking or blinding

H04L 2463/061   applying further key deriva...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/068   using time-dependent keys, ...

H04L 63/0823   using certificates cryptogr...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/3228   One-time or temporary data,...

EFFICIENT METHODS FOR AUTHENTICATED COMMUNICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

114 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

EFFICIENT METHODS FOR AUTHENTICATED COMMUNICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links