System and method of secure information transfer

US 7,387,240 B2
Filed: 03/08/2005
Issued: 06/17/2008
Est. Priority Date: 12/11/2003
Status: Active Grant

First Claim

Patent Images

1. A method for securely transferring data between a first device and a second device over an open network, comprising the steps of:

establishing a secure connection to the first device over the open network through an open network server;

generating a public/private encryption key pair at the first device;

transmitting a public encryption key of the public/private encryption key pair to the second device on the secure connection over the open network;

generating a first encryption key for encrypting communications between the first device and the second device and a second encryption key for encrypting the data transmitted between the first device and the second device;

providing a first cryptogram including the first encryption key to the second device and the first device;

providing a second cryptogram including the second encryption key to the second device and the first device;

providing a third cryptogram including both the first encryption key and the second encryption key to the second device and the first device;

decrypting the first, second and third cryptograms at the first device to determine the first encryption key and the second encryption key; and

providing secure information transfer between the first device and the second device using the public/private encryption key pair, the first encryption key and the second encryption key.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information may be securely transferred from a first device to a second device over an open network by transferring software to the first device and executing the software. Data representing the information is entered at the first device and transferred to the second device. The second device uses the data to determine the information.

Citations

23 Claims

1. A method for securely transferring data between a first device and a second device over an open network, comprising the steps of:
- establishing a secure connection to the first device over the open network through an open network server;
  
  generating a public/private encryption key pair at the first device;
  
  transmitting a public encryption key of the public/private encryption key pair to the second device on the secure connection over the open network;
  
  generating a first encryption key for encrypting communications between the first device and the second device and a second encryption key for encrypting the data transmitted between the first device and the second device;
  
  providing a first cryptogram including the first encryption key to the second device and the first device;
  
  providing a second cryptogram including the second encryption key to the second device and the first device;
  
  providing a third cryptogram including both the first encryption key and the second encryption key to the second device and the first device;
  
  decrypting the first, second and third cryptograms at the first device to determine the first encryption key and the second encryption key; and
  
  providing secure information transfer between the first device and the second device using the public/private encryption key pair, the first encryption key and the second encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1 further including the step of downloading software to the first device over the secure connection providing for the processing of the public/private encryption key pair, the first encryption key and the second encryption key.
  - 3. The method of claim 1, wherein the step of establishing further comprises the step of establishing an SSL secured session.
  - 4. The method of claim 1, wherein the step of generating further comprises the step of generating an RSA public/private encryption key pair at the first device.
  - 5. The method of claim 1, wherein the step of providing a first cryptogram further comprises the steps of:
    - salting the first encryption key;
      
      generating a first cryptographic hash of the salted first encryption key; and
      
      encrypting the salted first encryption key and the first cryptographic hash using the public encryption key to create the first cryptogram.
  - 6. The method of claim 1, wherein the step of providing a second cryptogram further comprises the steps of:
    - salting the second encryption key;
      
      generating a second cryptographic hash of the salted second encryption key;
      
      encrypting the salted first encryption key and the first cryptographic hash using the public encryption key to create a temporary cryptogram; and
      
      encrypting the temporary cryptogram using the first encryption key to create the second cryptogram.
  - 7. The method of claim 1, wherein the step of providing a third cryptogram further comprises the steps of:
    - combining the first encryption key with the second encryption key;
      
      salting the combined first and second encryption keys;
      
      generating a third cryptographic hash of the salted, combined first and second encryption keys; and
      
      encrypting the salted combination of the first and second encryption keys and the third cryptographic hash using the public encryption key to create the third cryptogram.
  - 8. The method of claim 1, wherein the step of decrypting further comprises the steps of:
    - decrypting the third cryptogram using the first encryption key;
      
      decrypting the decrypted third cryptogram using the private key of the public/private key pair to obtain the second encryption key.
  - 9. The method of claim 8, further including the steps of:
    - generating a fourth cryptographic hash of the decrypted third cryptogram;
      
      comparing the fourth cryptographic hash to the third cryptographic hash.
  - 10. The method of claim 1, wherein the step decrypting further comprises the steps of:
    - decrypting the first cryptogram using the private key of the public/private key pair to obtain the first encryption key;
      
      generating a fifth cryptographic hash of the decrypted first cryptogram; and
      
      comparing the fifth cryptographic hash with the first cryptographic hash.
  - 11. The method of claim 1, wherein the step decrypting further comprises the steps of:
    - decrypting the second cryptogram using the private key of the public/private key pair to obtain the second encryption key;
      
      generating a sixth cryptographic hash of the decrypted second cryptogram; and
      
      comparing the sixth cryptographic hash with the second cryptographic hash.
  - 12. The method of claim 1, wherein the step of providing secure information transfer further comprises the steps of:
    - salting the data to be transferred from the first device to the second device;
      
      encrypting the salted data using the second encryption key;
      
      performing a final cryptographic hash of the encrypted, salted data;
      
      appending a CRC to the final cryptographic hash; and
      
      transmitting the final cryptographic hash with appended CRC from the first device to the second device.
  - 13. The method of claim 12, wherein the step of establishing further comprises the steps of:
    - establishing a secure connection to the first device over the open network through an open network server;
      
      generating a public/private encryption key pair at the first device;
      
      transmitting a public encryption key of the public/private encryption key pair to the second device on the secure connection over the open network;
      
      generating a first encryption key for encrypting communications between the first device and the second device and a second encryption key for encrypting the data transmitted between the first device and the second device.
  - 14. The method of claim 13, wherein the step of providing a first cryptogram further comprises the steps of:
    - salting the first encryption key;
      
      generating a first cryptographic hash of the salted first encryption key; and
      
      encrypting the salted first encryption key and the first cryptographic hash using the public encryption key to create the first cryptogram.
  - 15. The method of claim 13, wherein the step of providing a second cryptogram further comprises the steps of:
    - salting the second encryption key;
      
      generating a second cryptographic hash of the salted, second encryption key;
      
      encrypting the salted first encryption key and the first cryptographic hash using the public encryption key to create a temporary cryptogram; and
      
      encrypting the temporary cryptogram using the first encryption key to create the second cryptogram.
  - 16. The method of claim 13, wherein the step of providing a third cryptogram further comprises the steps of:
    - combining the first encryption key with the second encryption key;
      
      salting the combined first and second encryption keys;
      
      generating a third cryptographic hash of the salted combined first and second encryption keys; and
      
      encrypting the salted combination of the first and second encryption keys and the third cryptographic hash using the public encryption key to create the third cryptogram.
  - 17. The method of claim 13, wherein the step of decrypting further comprises the steps of:
    - decrypting the third cryptogram using the first encryption key;
      
      decrypting the decrypted third cryptogram using the private key of the public/private key pair to obtain the second encryption key.
  - 18. The method of claim 13, further including the steps of:
    - generating a fourth cryptographic hash of the decrypted third cryptogram;
      
      comparing the fourth cryptographic hash to the third cryptographic hash.
  - 19. The method of claim 13, wherein the step decrypting further comprises the steps of:
    - decrypting the second cryptogram using the private key of the public/private key pair to obtain the second encryption key;
      
      generating a sixth cryptographic hash of the decrypted second cryptogram; and
      
      comparing the sixth cryptographic hash with the second cryptographic hash.
  - 20. The method of claim 13, wherein the step of providing secure information transfer further comprises the steps of:
    - salting the data to be transferred from the first device to the second device;
      
      encrypting the salted data using the second encryption key;
      
      performing a final cryptographic hash of the encrypted, salted data;
      
      appending a CRC to the final cryptographic hash; and
      
      transmitting the final cryptographic hash with appended CRC from the first device to the second device.

21. A method for securely transferring data between a first device and a second device over an open network, comprising the steps of:
- receiving a request for data at the second device from the first device;
  
  establishing secure communications paths between the first device and the second device over the open network using a plurality of encryption keys said step of establishing further comprising the steps of;
  
  providing a plurality of cryptograms including the plurality of encryption keys to the first and second devices;
  
  decrypting the plurality of cryptograms to determine the plurality of encryption keys;
  
  providing secure information transfer between the first device and the second device using the plurality of encryption keys.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21 wherein the step of providing further comprises the steps of:
    - providing a first cryptogram including the first encryption key to the second device and the first device;
      
      providing a second cryptogram including the second encryption key to the second device and the first device; and
      
      providing a third cryptogram including both the first encryption key and the second encryption key to the second device and the first device.
  - 23. The method of claim 22 wherein the step of decrypting further comprises the step of decrypting the first, second and third cryptograms at the first device to determine the first encryption key and the second encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Merchant Services LLC (Fiserv Incorporated)
Original Assignee
Accullink Incorporated (Fiserv Incorporated)
Inventors
Ziegler, Robert
Primary Examiner(s)
Lee; Seung H

Application Number

US11/010,191
Publication Number

US 20050194438A1
Time in Patent Office

1,197 Days
Field of Search

235/382, 235/379, 235/380, 705/50, 380/277, 713/182
US Class Current

235/382
CPC Class Codes

G06Q 20/3552   Downloading or loading of p...

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

G07F 7/1041   PIN input keyboard gets new...

H04L 63/0853   using an additional device,...

H04L 63/166   at the transport layer

System and method of secure information transfer

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of secure information transfer

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links