Methods and systems for secure electronic communication

US 8,745,394 B1
Filed: 08/22/2013
Issued: 06/03/2014
Est. Priority Date: 08/22/2013
Status: Active Grant

First Claim

Patent Images

1. A method for secure electronic communication between a client application processor and a server processor, comprising:

generating, using a server processor coupled to memory, a client application public/private key pair and storing the client application public/private key pair on a physical hardware security module without sending a client application private key to, or storing the client application private key on, a user'"'"'s communication device;

receiving, using the server processor, a request message from a user'"'"'s communication device processor consisting at least in part of a session key encrypted with the client application public key of the public/private key pair;

retrieving, using the server processor, the client application private key of the public/private key pair stored on the physical hardware security module;

decrypting, using the server processor, the request message with the client application private key of the public/private key pair and retrieving the decrypted session key from the decrypted request message;

generating, using the server processor, a response message and encrypting the response message with the retrieved session key; and

sending, using the server processor, the session key-encrypted response message to the user'"'"'s communication device processor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for secure electronic communication involve, for example, using a processor coupled to memory to receive a request message from a user'"'"'s communication device processor including a session key encrypted with a public key of a public/private key pair without sending a private key of the public/private key pair to, or storing the private key on, the user'"'"'s communication device. Using the processor, the request message is decrypted with a private key of the public/private key pair and the session key is retrieved from the decrypted request message. Thereafter, also using the processor, a response message is generated and encrypted with the retrieved session key and sent to the user'"'"'s communication device processor.

40 Citations

View as Search Results

13 Claims

1. A method for secure electronic communication between a client application processor and a server processor, comprising:
- generating, using a server processor coupled to memory, a client application public/private key pair and storing the client application public/private key pair on a physical hardware security module without sending a client application private key to, or storing the client application private key on, a user'"'"'s communication device;
  
  receiving, using the server processor, a request message from a user'"'"'s communication device processor consisting at least in part of a session key encrypted with the client application public key of the public/private key pair;
  
  retrieving, using the server processor, the client application private key of the public/private key pair stored on the physical hardware security module;
  
  decrypting, using the server processor, the request message with the client application private key of the public/private key pair and retrieving the decrypted session key from the decrypted request message;
  
  generating, using the server processor, a response message and encrypting the response message with the retrieved session key; and
  
  sending, using the server processor, the session key-encrypted response message to the user'"'"'s communication device processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein receiving the request message further comprises receiving the request message from the user'"'"'s communication device processor consisting at least in part of the session key and user authentication credentials encrypted with the client application public key of the public/private key pair.
  - 3. The method of claim 1, wherein receiving the request message further comprises receiving the request message from the user'"'"'s communication device processor consisting at least in part of the session key and a user password encrypted with the client application public key of the public/private key pair.
  - 4. The method of claim 3, wherein receiving the request message further comprises receiving the request message consisting at least in part of the session key appended with the user password and encrypted with the client application public key of the public/private key pair.
  - 5. The method of claim 1, wherein receiving the request message consisting at least in part of the session key encrypted with the client application public key further comprises receiving the request message consisting at least in part of the session key generated by a client application on the user'"'"'s communication device processor and encrypted with the client application public key of the public/private key pair.
  - 6. The method of claim 1, wherein receiving the request message consisting at least in part of the session key generated by the client application and encrypted with the client application public key of the public/private key pair further comprises receiving the request message consisting at least in part of a session-specific random number generated by the client application on the user'"'"'s communication device processor and encrypted with the client application public key of the public/private key.
  - 7. The method of claim 6, wherein receiving the request message consisting at least in part of the session-specific random number generated by the client application on the user'"'"'s communication device processor and encrypted with the client application public key of the public/private key pair further comprises receiving the request message consisting at least in part of a 128-bit session-specific random number generated by the client application on the user'"'"'s communication device processor and encrypted with the client application public key of the public/private key pair.
  - 8. The method of claim 1, wherein receiving the request message further comprises receiving the request message from the user'"'"'s communication device processor consisting at least in part of a session key and a login request encrypted with the client application public key of the public/private key pair.
  - 9. The method of claim 1, wherein retrieving the decrypted session key from the decrypted request message further comprises retrieving the decrypted session key that was generated by a client application on the user'"'"'s communication device processor and encrypted with the client application public key of the public/private key pair.
  - 10. The method of claim 1, wherein generating and encrypting the response message further comprise generating a log-in response message and encrypting the log-in response message with the retrieved session key.
  - 11. The method of claim 1, wherein sending the session key-encrypted response message further comprises sending the session key-encrypted response message to a client application on the processor of the user'"'"'s communication device encrypted with the session key generated and stored by the client application in volatile memory on the user'"'"'s communication device.

12. A machine for secure electronic communication, comprising:
- a server processor coupled to memory, the server processor being programmed for;
  
  generating a client application public/private key pair and storing the client application public/private key pair on a physical hardware security module without sending a client application private key to, or storing the client application private key on, a user'"'"'s communication device;
  
  receiving a request message from a user'"'"'s communication device processor consisting at least in part of a session key encrypted with the client application public key of the public/private key pair;
  
  retrieving, using the server processor, the client application private key of the public/private key pair stored on the physical hardware security module;
  
  decrypting the request message with the client application private key of the public/private key pair and retrieving the decrypted session key from the decrypted request message;
  
  generating a response message and encrypting the response message with the retrieved session key; and
  
  sending the session key-encrypted response message to the processor of the user'"'"'s communication device.

13. A non-transitory computer-readable storage medium with an executable program stored thereon, wherein the program instructs a server processor to perform the following steps:
- generate a client application public/private key pair and storing the client application public/private key pair on a physical hardware security module without sending a client application private key to, or storing the client application private key on, a user'"'"'s communication device;
  
  receive a request message from a user'"'"'s communication device processor consisting at least in part of a session key encrypted with the client application public key of the public/private key pair;
  
  retrieve the client application private key of the public/private key pair stored on the physical hardware security module;
  
  decrypt the request message with the client application private key of the public/private key pair and retrieve the decrypted session key from the decrypted request message;
  
  generate a response message and encrypt the response message with the retrieved session key; and
  
  send the session key-encrypted response message to the processor of the user'"'"'s communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Original Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Inventors
Rahat, Syed, Browning, Wayne
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US13/973,173
Time in Patent Office

285 Days
Field of Search

None
US Class Current

713/171
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/0884   by delegation of authentica...

H04L 9/0825   using asymmetric-key encryp...

Methods and systems for secure electronic communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for secure electronic communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links