Efficient methods for protecting identity in authenticated transmissions
First Claim
Patent Images
1. An access device comprising:
- a processor; and
a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising;
sending a request message including an access device public key to a user device, wherein the access device public key is associated with an access device private key;
receiving a response message including a blinded user device public key and encrypted user device data from the user device, the response message being received in response to the sending of the request message, wherein the blinded user device public key is generated by the user device obfuscating a user device public key using a cryptographic nonce, the cryptographic nonce being a randomly generated value or a pseudo-randomly generated value, and wherein the encrypted user device data is encrypted by the user device using a shared secret, the shared secret being different from the cryptographic nonce; and
generating the shared secret using the access device private key associated with the access device public key that is included in the request message and using the blinded user device public key; and
decrypting the encrypted user device data using the shared secret.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device'"'"'s public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.
-
Citations
25 Claims
-
1. An access device comprising:
-
a processor; and a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising; sending a request message including an access device public key to a user device, wherein the access device public key is associated with an access device private key; receiving a response message including a blinded user device public key and encrypted user device data from the user device, the response message being received in response to the sending of the request message, wherein the blinded user device public key is generated by the user device obfuscating a user device public key using a cryptographic nonce, the cryptographic nonce being a randomly generated value or a pseudo-randomly generated value, and wherein the encrypted user device data is encrypted by the user device using a shared secret, the shared secret being different from the cryptographic nonce; and generating the shared secret using the access device private key associated with the access device public key that is included in the request message and using the blinded user device public key; and decrypting the encrypted user device data using the shared secret. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented method comprising:
-
sending, by an access device having one or more processors, a request message including an access device public key to a user device, wherein the access device public key is associated with an access device private key; receiving, by the access device, a response message including a blinded user device public key and encrypted user device data from the user device, the response message being received in response to the sending of the request message, wherein the blinded user device public key is generated by the user device obfuscating a user device public key using a cryptographic nonce, the cryptographic nonce being a randomly generated value or a pseudo-randomly generated value, and wherein the encrypted user device data is encrypted by the user device using a shared secret, the shared secret being different from the cryptographic nonce; and generating, by the access device, the shared secret using the access device private key associated with the access device public key that is included in the request message and using the blinded user device public key included in the response message, wherein the shared secret is known to the user device. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-implemented method comprising:
-
receiving, by a user device, a request message including an access device public key from an access device; generating, by the user device, a cryptographic nonce, the cryptographic nonce being a randomly generated value or a pseudo-randomly generated value; generating, by the user device, a shared secret using the access device public key included in the request message, a user device private key, and the cryptographic nonce, the shared secret being different from the cryptographic nonce; generating, by the user device, a blinded user device public key by obfuscating a user device public key using the cryptographic nonce; encrypting, by the user device, user device data using the shared secret; and sending, by the user device, a response message including the blinded user device public key and the encrypted user device data to the access device in response to the receiving of the request message, thereby allowing the access device to generate the shared secret using the blinded user device public key and an access device private key corresponding to the access device public key and to decrypt the encrypted user device data using the shared secret. - View Dependent Claims (21, 22)
-
-
23. An user device comprising:
-
a processor; and a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising; receiving a request message including an access device public key from an access device; generating a cryptographic nonce, the cryptographic nonce being a randomly generated value or a pseudo-randomly generated value; generating a shared secret using the access device public key included in the request message, a user device private key, and the cryptographic nonce, the shared secret being different from the cryptographic nonce; generating a blinded user device public key by obfuscating a user device public key using the cryptographic nonce; encrypting user device data using the shared secret; and sending a response message including the blinded user device public key and the encrypted user device data to the access device in response to the receiving of the request message, thereby allowing the access device to generate the shared secret using the blinded user device public key and an access device private key corresponding to the access device public key and to decrypt the encrypted user device data using the shared secret. - View Dependent Claims (24, 25)
-
Specification