×

Method and system for secure key rotation

  • US 9,953,317 B2
  • Filed: 03/13/2013
  • Issued: 04/24/2018
  • Est. Priority Date: 03/13/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computer system for executing electronic payment transactions while conducting a key rotation and re-keying comprising:

  • a transaction server comprised of memory comprised of a first decryption key and a second decryption key corresponding to a first key identifier and a second key identifier stored in the memory,the transaction server further comprised of a data structure representing a key table, said key table comprised of data representing a third key identifier and a fourth key identifier;

    the transaction server further comprised of logic configured to;

    receive from the key table the third key identifier and the fourth key identifier;

    receive a first encrypted data representing a first payment token encrypted by a third encryption key and a second encrypted data representing the first payment token encrypted by a fourth encryption key, each of the third and fourth encryption keys corresponding to the third and fourth key identifiers comprising the key table;

    determine which one of either the third or fourth key identifiers correspond to the first or second key identifiers;

    select one of the first or second received encrypted data that corresponds to the determined one of the third or fourth key identifiers; and

    decrypt the selected received encrypted data using the one of the first or second decryption keys whose key identifier was determined to correspond to the third or fourth key identifier; and

    a keying server comprised of logic configured to;

    receive the first and the second key identifiers, where the first key identifier corresponds to the youngest of the first or second encryption keys;

    receive the third and the fourth key identifiers;

    receive the first encrypted data and the second encrypted data;

    determine whether the pair of third and fourth key identifiers fail to correspond to the pair of first and second key identifiers, and in dependence on such determination, decrypting whichever of the first or second encrypted data corresponds to the fourth key identifier and re-encrypting the decrypted data using the first encryption key that corresponds to the younger of the first or second encryption keys.

View all claims
  • 10 Assignments
Timeline View
Assignment View
    ×
    ×