SECURE MULTI-PARTY PROTOCOL

US 20170149740A1
Filed: 11/25/2016
Published: 05/25/2017
Est. Priority Date: 11/25/2015
Status: Active Grant

First Claim

Patent Images

1. A method for securing communications between a first computer and a second computer, the method comprising:

receiving, by the second computer from the first computer over a communications network, a request data packet, the request data packet including a control block comprising a symmetric key, and a data block encrypted with the symmetric key, wherein the control block is encrypted with a public key of a public-private key pair;

decrypting, by the second computer, the control block with a private key of the public-private key pair;

extracting, by the second computer, the symmetric key from the control block; and

decrypting, by the second computer, the encrypted data block with the extracted symmetric key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.

Citations

20 Claims

1. A method for securing communications between a first computer and a second computer, the method comprising:
- receiving, by the second computer from the first computer over a communications network, a request data packet, the request data packet including a control block comprising a symmetric key, and a data block encrypted with the symmetric key, wherein the control block is encrypted with a public key of a public-private key pair;
  
  decrypting, by the second computer, the control block with a private key of the public-private key pair;
  
  extracting, by the second computer, the symmetric key from the control block; and
  
  decrypting, by the second computer, the encrypted data block with the extracted symmetric key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the symmetric key is an ephemeral key.
  - 3. The method of claim 1, wherein the symmetric key is generated using a shared secret and a variable datum previously supposed by the second computer.
  - 4. The method of claim 3, wherein the variable datum is a salt.
  - 5. The method of claim 1, wherein the data block is a first data block, the control block is a first control block, the symmetric key is a first symmetric key, and wherein the method further comprises:
    - generating, by the second computer, a second symmetric key using a predetermined algorithm based on data in the first control block;
      
      generating, by the second computer, a response data packet comprising a second data block and a second control block comprising the first symmetric key; and
      
      transmitting, by the second computer, the response data packet to the first computer over the communications network.
  - 6. The method of claim 5, further comprising:
    - encrypting, by the second computer, the second data block using the first symmetric key; and
      
      encrypting, by the second computer, the second control block using the second symmetric key.
  - 7. The method of claim 5, wherein the data in the first control block utilized to generate the second symmetric key includes the first symmetric key.
  - 8. The method of claim 1 wherein the first computer is an authorization entity computer and the second computer is a token service computer.
  - 9. The method of claim 5, wherein the request data packet further comprises a first leader block and a first signature block, and the response data packet further comprises a second leader block and a second signature block.
  - 10. The method of claim 9, wherein the first leader block includes information indicating an encryption algorithm utilized to obtain the key for decrypting the first control block, and wherein the second leader block includes information indicating an encryption algorithm utilized to obtain the key for decrypting the second control block.

11. A computer comprising:
- a processor; and
  
  a computer readable medium coupled to the processor, the computer readable medium comprising code executable to perform a method for securing communications between a first computer and a second computer, the method comprising performing, by the second computer;
  
  receiving from the first computer over a communications network, a request data packet, the request data packet including a control block comprising a symmetric key, and a data block encrypted with the symmetric key, wherein the control block is encrypted with a public key of a public-private key pair;
  
  decrypting the control block with a private key of the public-private key pair;
  
  extracting from the control block, the symmetric key; and
  
  decrypting the encrypted data block with the extracted symmetric key.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer of claim 11, wherein the symmetric key is an ephemeral key.
  - 13. The computer of claim 11, wherein the symmetric key is generated using a shared secret and a variable datum previously supposed by the second computer.
  - 14. The computer of claim 13, wherein the variable datum is a salt.
  - 15. The computer of claim 11, wherein the data block is a first data block, the control block is a first control block, the symmetric key is a first symmetric key, and wherein the method further comprises:
    - generating a second symmetric key using a predetermined algorithm based on data in the first control block;
      
      generating a response data packet comprising a second control block comprising the first symmetric key, and a second data block; and
      
      transmitting the response data packet to the first computer over the communications network.
  - 16. The computer of claim 15, wherein the method further comprises:
    - encrypting the second data block using the first symmetric key; and
      
      encrypting the second control block using the second symmetric key.
  - 17. The computer of claim 15, wherein the data in the first control block utilized to generate the second symmetric key includes the first symmetric key.
  - 18. The computer of claim 11, wherein the first computer is an authorization entity computer and the second computer is a token service computer.
  - 19. The computer of claim 15, wherein the request data packet further comprises a first leader block and a first signature block, and the response data packet further comprises a second leader block and a second signature block.
  - 20. The computer of claim 19, wherein the first leader block includes information indicating an encryption algorithm utilized to obtain the key for decrypting the first control block, and wherein the second leader block includes information indicating an encryption algorithm utilized to obtain the key for decrypting the second control block.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Mansour, Rasta A., Law, Simon

Granted Patent

US 10,382,409 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/045   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

SECURE MULTI-PARTY PROTOCOL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE MULTI-PARTY PROTOCOL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links