Secure multi-party protocol
First Claim
1. A method for securing communications between a first computer and a second computer, the method comprising:
- securing a communication connection over a communications network at least in part by;
encrypting, by the first computer, a first data block with a first symmetric key;
generating, by the first computer, a first control block comprising the first symmetric key;
generating, by the first computer, a request data packet of the communication connection, the request data packet including the first control block and the encrypted first data block;
sending, by the first computer, the request data packet to the second computer over the communications network, wherein the second computer generates a response data packet comprising an encrypted second control block and an encrypted second data block;
receiving, by the first computer, the response data packet of the communication connection from the second computer over the communications network;
generating, by the first computer, a second symmetric key using a predetermined algorithm;
decrypting, by the first computer, the encrypted second control block with the generated second symmetric key to obtain a second control block;
extracting, by the first computer, the first symmetric key from the second control block; and
decrypting, by the first computer, the encrypted second data block with the extracted first symmetric key.
0 Assignments
0 Petitions
Accused Products
Abstract
A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.
-
Citations
20 Claims
-
1. A method for securing communications between a first computer and a second computer, the method comprising:
-
securing a communication connection over a communications network at least in part by; encrypting, by the first computer, a first data block with a first symmetric key; generating, by the first computer, a first control block comprising the first symmetric key; generating, by the first computer, a request data packet of the communication connection, the request data packet including the first control block and the encrypted first data block; sending, by the first computer, the request data packet to the second computer over the communications network, wherein the second computer generates a response data packet comprising an encrypted second control block and an encrypted second data block; receiving, by the first computer, the response data packet of the communication connection from the second computer over the communications network; generating, by the first computer, a second symmetric key using a predetermined algorithm; decrypting, by the first computer, the encrypted second control block with the generated second symmetric key to obtain a second control block; extracting, by the first computer, the first symmetric key from the second control block; and decrypting, by the first computer, the encrypted second data block with the extracted first symmetric key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer system comprising:
-
a processor; and a computer readable medium coupled with the processor, the computer readable medium comprising code executable to perform a method for securing communications between a first computer and a second computer, the method comprising; securing a communication connection over a communications network at least in part by; encrypting, by the first computer, a first data block with a first symmetric key; generating, by the first computer, a first control block comprising the first symmetric key; generating, by the first computer, a request data packet of the communication connection, the request data packet including the first control block and the encrypted first data block; sending, by the first computer, the request data packet to the second computer over the communications network, wherein the second computer generates a response data packet comprising an encrypted second control block and an encrypted second data block; receiving, by the first computer, the response data packet of the communication connection from the second computer over the communications network; generating, by the first computer, a second symmetric key using a predetermined algorithm; decrypting, by the first computer, the encrypted second control block with the generated second symmetric key to obtain a second control block; extracting, by the first computer, the first symmetric key from the second control block; and decrypting, by the first computer, the encrypted second data block with the extracted first symmetric key. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. One or more non-transient computer-readable media having collectively stored thereon computer-executable instructions that, when executed with one or more computers, collectively perform a method comprising:
-
securing a communication connection over a communications network at least in part by; encrypting, by a first computer, a first data block with a first symmetric key; generating, by the first computer, a first control block comprising the first symmetric key; generating, by the first computer, a request data packet of the communication connection, the request data packet including the first control block and the encrypted first data block; sending, by the first computer, the request data packet to a second computer over the communications network, wherein the second computer generates a response data packet comprising an encrypted second control block and an encrypted second data block; receiving, by the first computer, the response data packet of the communication connection from the second computer over the communications network; generating, by the first computer, a second symmetric key using a predetermined algorithm; decrypting, by the first computer, the encrypted second control block with the generated second symmetric key to obtain a second control block; extracting, by the first computer, the first symmetric key from the second control block; and decrypting, by the first computer, the encrypted second data block with the extracted first symmetric key. - View Dependent Claims (20)
-
Specification