Systems and methods for decryption as a service via a hardware security module

US 9,686,250 B2
Filed: 07/25/2016
Issued: 06/20/2017
Est. Priority Date: 03/19/2014
Status: Active Grant

First Claim

Patent Images

1. A system for decryption of one or more payloads, the system comprising:

a hardware security module for decrypting encrypted elements of received payloads, the hardware security module operatively connected to at least one decryption server;

at least one read-only database operatively connected to a frontend server, the at least one read-only database configured to store authentication data for payloads;

a master read-only database operatively connected to the at least one read-only database, the master read-only database configured for refreshing the authentication data stored at the at least one read-only database;

the at least one decryption server, wherein the at least one decryption server is configured to;

receive a particular payload, the particular payload comprising at least one encrypted element;

transmit the particular payload to the hardware security module for decryption of the at least one encrypted element;

upon receiving the particular payload from the hardware security module, parse the particular payload to determine whether the at least one encrypted element has been decrypted by the hardware security module; and

upon determining that the at least one encrypted element has not been decrypted by the hardware security module, transmit an error message to a read/write database operatively coupled to the frontend server; and

the frontend server, the frontend server configured to;

1) retrieve authentication data associated with the particular payload;

2) compare the authentication data to the particular payload to authenticate the particular payload before the particular payload is transmitted to the hardware security module.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for decryption of payloads are disclosed herein. In various embodiments, systems and methods herein are configured for decrypting thousands of transactions per second. Further, in particular embodiments, the systems and methods herein are scalable, such that many thousands of transactions can be processed per second upon replicating particular architectural components.

36 Citations

6 Claims

1. A system for decryption of one or more payloads, the system comprising:
- a hardware security module for decrypting encrypted elements of received payloads, the hardware security module operatively connected to at least one decryption server;
  
  at least one read-only database operatively connected to a frontend server, the at least one read-only database configured to store authentication data for payloads;
  
  a master read-only database operatively connected to the at least one read-only database, the master read-only database configured for refreshing the authentication data stored at the at least one read-only database;
  
  the at least one decryption server, wherein the at least one decryption server is configured to;
  
  receive a particular payload, the particular payload comprising at least one encrypted element;
  
  transmit the particular payload to the hardware security module for decryption of the at least one encrypted element;
  
  upon receiving the particular payload from the hardware security module, parse the particular payload to determine whether the at least one encrypted element has been decrypted by the hardware security module; and
  
  upon determining that the at least one encrypted element has not been decrypted by the hardware security module, transmit an error message to a read/write database operatively coupled to the frontend server; and
  
  the frontend server, the frontend server configured to;
  
  1) retrieve authentication data associated with the particular payload;
  
  2) compare the authentication data to the particular payload to authenticate the particular payload before the particular payload is transmitted to the hardware security module.
- View Dependent Claims (2, 3)
- - 2. The system of claim 1, wherein the at least one decryption server is further configured to, upon determining that the at least one encrypted element has been decrypted by the hardware security module, transmitting the particular payload to a third-party partner.
  - 3. The system of claim 1, wherein the system further comprises the read/write database operatively connected to the master database, the read/write database configured for transmitting updated authentication data to the master database.

4. A computer-implemented method for decryption of one or more payloads, the method comprising:
- providing a hardware security module for decrypting encrypted elements of received payloads, the hardware security module operatively connected to at least one decryption server;
  
  providing the at least one decryption server;
  
  providing at least one read-only database operatively connected to a frontend server, the at least one read-only database configured to store authentication data for payloads;
  
  providing the frontend server, the frontend server configured to;
  
  1) retrieve authentication data associated with the payloads;
  
  2) compare the authentication data to the payloads to authenticate the payloads before the payloads are transmitted to the hardware security module;
  
  providing a master read-only database operatively connected to the at least one read-only database, the master read-only database configured for refreshing the authentication data stored at the at least one read-only database;
  
  receiving a particular payload, the particular payload comprising at least one encrypted element;
  
  retrieving authentication data associated with the particular payload;
  
  comparing the particular payload authentication data to the particular payload to authenticate the particular payload;
  
  transmitting the particular payload to the hardware security module for decryption of the at least one encrypted element;
  
  upon receiving the particular payload from the hardware security module, parsing the particular payload to determine whether the at least one encrypted element has been decrypted by the hardware security module; and
  
  upon determining that the at least one encrypted element has not been decrypted by the hardware security module, transmitting an error message to a read/write database operatively coupled to the frontend server.
- View Dependent Claims (5, 6)
- - 5. The computer-implemented method of claim 4, wherein the computer-implemented method further comprises the step of, upon determining that the at least one encrypted element has been decrypted by the hardware security module, transmitting the particular payload to a third-party partner.
  - 6. The computer-implemented method of claim 4, wherein the computer-implemented method further comprises the step of providing the read/write database operatively connected to the master database, the read/write database configured for transmitting updated authentication data to the master database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bluefin Payment Systems LLC
Original Assignee
Bluefin Payment Systems LLC
Inventors
Barnett, Timothy William, Kasatkin, Alexander I., Miyata, Christopher Hozumi, Ruehle, Daniel
Primary Examiner(s)
Okeke, Izunna

Application Number

US15/218,352
Publication Number

US 20170093809A1
Time in Patent Office

330 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/0766   Error or fault reporting or...

G06F 16/23   Updating

G06F 16/2379   Updates performed during on...

G06F 16/955   using information identifie...

G06F 21/44   Program or device authentic...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 21/73   by creating or determining ...

G06Q 10/10   Office automation; Time man...

G06Q 20/223   based on the use of peer-to...

G06Q 20/382   insuring higher security of...

G06Q 20/401   Transaction verification

G06Q 20/4014   Identity check for transact...

G06Q 2220/00   Business processing using c...

G16H 10/60   for patient-specific data, ...

G16H 70/00   ICT specially adapted for t...

G16H 70/60   relating to pathologies

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/0435 : wherein the sending and rec...

H04L 63/061 : for key exchange, e.g. in p...

H04L 63/08 : for authentication of entit...

H04L 63/0876 : based on the identity of th...

H04L 63/123 : received data contents, e.g...

H04L 63/20 : for managing network securi...

H04L 9/0861 : Generation of secret inform...

H04L 9/14 : using a plurality of keys o...

H04L 9/3226 : using a predetermined code,...

H04L 9/3234 : involving additional secure...

View All

Systems and methods for decryption as a service via a hardware security module

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for decryption as a service via a hardware security module

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links