SECURE MULTI-PARTY PROTOCOL

US 20190327210A1
Filed: 06/28/2019
Published: 10/24/2019
Est. Priority Date: 11/25/2015
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.

0 Citations

40 Claims

1-20. -20. (canceled)

21. A method for securing communications between a first computer and a second computer, the method comprising:
- securing a communication connection over a communications network at least in part by;
  
  encrypting, by the first computer, a first data block with a first symmetric key;
  
  generating, by the first computer, a first control block comprising the first symmetric key;
  
  generating, by the first computer, a request data packet of the communication connection, the request data packet including the first control block and the encrypted first data block;
  
  sending, by the first computer, the request data packet to the second computer over the communications network;
  
  receiving, by the first computer, a response data packet of the communication connection from the second computer over the communications network;
  
  generating, by the first computer, a second symmetric key using a predetermined algorithm based on data in the second control block;
  
  decrypting, by the first computer, the second control block with the generated second symmetric key;
  
  extracting, by the first computer, the first symmetric key from the second control block; and
  
  decrypting, by the first computer, the second data block with the extracted first symmetric key.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The method of claim 21, wherein the first symmetric key is an ephemeral key.
  - 23. The method of claim 21, wherein the first symmetric key is generated using a shared secret and a variable datum previously supplied by the second computer.
  - 24. The method of claim 23, wherein the variable datum is a salt.
  - 25. The method of claim 21, wherein the second data block is encrypted with the first symmetric key, the second control block is encrypted with the second symmetric key, and the second symmetric key is different from the first symmetric key.
  - 26. The method of claim 21, wherein the data in the first control block utilized to generate the second symmetric key includes the first symmetric key.
  - 27. The method of claim 21 wherein the first computer is an authorization entity computer and the second computer is a token service computer.
  - 28. The method of claim 21, wherein the request data packet further comprises a first leader block and a first signature block, and the response data packet further comprises a second leader block and a second signature block.
  - 29. The method of claim 28, wherein the first leader block includes information indicating an encryption algorithm utilized to obtain a key for decrypting the first control block, and wherein the second leader block includes information indicating an encryption algorithm utilized to obtain a key for decrypting the second control block.

30. A computer system comprising:
- a processor; and
  
  a computer readable medium coupled with the processor, the computer readable medium comprising code executable to perform a method for securing communications between a first computer and a second computer, the method comprising;
  
  securing a communication connection over a communications network at least in part by;
  
  encrypting, by the first computer, a first data block with a first symmetric key;
  
  generating, by the first computer, a first control block comprising the first symmetric key;
  
  generating, by the first computer, a request data packet of the communication connection, the request data packet including the first control block and the encrypted first data block;
  
  sending, by the first computer, the request data packet to the second computer over the communications network;
  
  receiving, by the first computer, a response data packet of the communication connection from the second computer over the communications network;
  
  generating, by the first computer, a second symmetric key using a predetermined algorithm based on data in the second control block;
  
  decrypting, by the first computer, the second control block with the generated second symmetric key;
  
  extracting, by the first computer, the first symmetric key from the second control block; and
  
  decrypting, by the first computer, the second data block with the extracted first symmetric key.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
- - 31. The computer system of claim 30, wherein the first symmetric key is an ephemeral key.
  - 32. The computer system of claim 30, wherein the first symmetric key is generated using a shared secret and a variable datum previously supplied by the second computer.
  - 33. The computer system of claim 32, wherein the variable datum is a salt.
  - 34. The computer system of claim 30, wherein the second data block is encrypted with the first symmetric key, the second control block is encrypted with the second symmetric key, and the second symmetric key is different from the first symmetric key.
  - 35. The computer system of claim 30, wherein the data in the first control block utilized to generate the second symmetric key includes the first symmetric key.
  - 36. The computer system of claim 30, wherein the first computer is an authorization entity computer and the second computer is a token service computer.
  - 37. The computer system of claim 30, wherein the request data packet further comprises a first leader block and a first signature block, and the response data packet further comprises a second leader block and a second signature block.
  - 38. The computer system of claim 37, wherein the first leader block includes information indicating an encryption algorithm utilized to obtain the key for decrypting the first control block, and wherein the second leader block includes information indicating an encryption algorithm utilized to obtain the key for decrypting the second control block.

39. One or more non-transient computer-readable media having collectively stored thereon computer-executable instructions that, when executed with one or more computers, collectively perform a method comprising:
- securing a communication connection over a communications network at least in part by;
  
  encrypting, by a first computer, a first data block with a first symmetric key;
  
  generating, by the first computer, a first control block comprising the first symmetric key;
  
  generating, by the first computer, a request data packet of the communication connection, the request data packet including the first control block and the encrypted first data block;
  
  sending, by the first computer, the request data packet to a second computer over the communications network;
  
  receiving, by the first computer, a response data packet of the communication connection from the second computer over the communications network;
  
  generating, by the first computer, a second symmetric key using a predetermined algorithm based on data in the second control block;
  
  decrypting, by the first computer, the second control block with the generated second symmetric key;
  
  extracting, by the first computer, the first symmetric key from the second control block; and
  
  decrypting, by the first computer, the second data block with the extracted first symmetric key.
- View Dependent Claims (40)
- - 40. The one or more computer-readable media of claim 39, wherein the second data block is encrypted with the first symmetric key, the second control block is encrypted with the second symmetric key, and the second symmetric key is different from the first symmetric key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Mansour, Rasta, Law, Simon

Granted Patent

US 11,038,853 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/045   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

SECURE MULTI-PARTY PROTOCOL

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

0 Citations

40 Claims

Specification

Use Cases

Quick Links

Others

SECURE MULTI-PARTY PROTOCOL

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

0 Citations

40 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others