Stateless Server-Based Encryption Associated with a Distribution List
US-2016248745-A1 · Aug 25, 2016 · US
Key pair infrastructure for secure messaging
US10356057B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10356057-B2 |
| Application number | US-201816192602-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 15, 2018 |
| Priority date | Dec 14, 2016 |
| Publication date | Jul 16, 2019 |
| Grant date | Jul 16, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the present invention use a limited-use public/private key pair to encrypt and decrypt messages sent through an intermediary. The messages may contain sensitive information and may be transmitted between entities over one or more networks. In some embodiments, the entities and/or the networks may be untrusted. Nevertheless, the content of the messages may remain protected by virtue of the limited-use key pair infrastructure.
First claim
Opening claim text (preview).
What is claimed is: 1. A verification server comprising: a processor; and a memory coupled to the processor, the memory storing instructions, which when executed by the processor, cause the verification server to perform operations including: receiving, over a first network, a request for a public key from an access device, wherein the access device sends the request in response to an interaction with a client device; generating the public key, a private key that corresponds to the public key, and a key identifier associated with the private key, wherein the public key and the private key are limited-use keys; transmitting the public key and the key identifier to the access device, wherein the access device transmits the public key and the key identifier to the client device; receiving, from the client device over a second network, a message and the key identifier from the client device, wherein the message is encrypted using the public key; retrieving the private key associated with the key identifier; decrypting the message using the private key; generating a token in response to the message, wherein the token authorizes access to a resource; generating a signature using the token and the private key; and transmitting the token and the signature to the access device, wherein the access device validates the signature using the public key and the token. 2. The verification server of claim 1 , wherein the token is transmitted to the access device via the client device. 3. The verification server of claim 1 , wherein the token and the signature are transmitted to the access device via the client device. 4. The verification server of claim 1 , wherein the operations further include: expiring the private key after generating the signature. 5. The verification server of claim 1 , wherein the private key associated with the key identifier is retrieved after determining that the key identifier has not expired. 6. The verification server of claim 1 , wherein receiving the request for the public key occurs after generating the public key, the private key, and the key identifier. 7. The verification server of claim 1 , wherein generating the public key, the private key, and the key identifier comprises generating a plurality of public keys including the public key, a plurality of private keys including the private key, and a plurality of key identifiers including the key identifier prior to receiving the request, and wherein after receiving the request, the operations further include: selecting the public key from the plurality of public keys, the private key from the plurality of private keys, and the key identifier from the plurality of key identifiers. 8. A method comprising: receiving, by a verification server over a first network, a request for a public key from an access device, wherein the access device sends the request in response to an interaction with a client device; generating, by the verification server, the public key, a private key that corresponds to the public key, and a key identifier associated with the private key, wherein the public key and the private key are limited-use keys; transmitting the public key and the key identifier to the access device, wherein the access device transmits the public key and the key identifier to the client device; receiving, by the verification server from the client device over a second network, a message and the key identifier from the client device, wherein the message is encrypted using the public key; retrieving the private key associated with the key identifier; decrypting the message using the private key; generating a token in response to the message, wherein the token authorizes access to a resource; generating a signature using the token and the private key; and transmitting the token and the signature to the access device, wherein the access device validates the signature using the public key and the token. 9. The method of claim 8 , wherein the token is transmitted to the access device via the client device. 10. The method of claim 8 , further comprising: expiring the private key after generating the signature. 11. An access device comprising: a processor; and a memory coupled to the processor, the memory storing instructions, which when executed by the processor, cause the access device to perform operations including: receiving a request to send a message from a client device; in response to the request, requesting a public key from a verification server, wherein the verification server generates the public key, a private key that corresponds to the public key, and a key identifier associated with the private key, and wherein the public key and the private key are limited-use keys; receiving the public key and the key identifier from the verification server; transmitting the public key and the key identifier to the client device, wherein the client device encrypts the message using the public key and transmits the message and the key identifier to the verification server, and wherein the verification server retrieves the private key using the key identifier and decrypts the message using the private key, and wherein after the verification server decrypts the message using the private key, the verification server generates a token corresponding to the message and generates a signature using the token and the private key, wherein the token authorizes access to a resource, and wherein the operations further include: receiving the token and the signature from the verification server; and validating the signature using the public key. 12. A method comprising performing, by an access device: receiving a request to send a message from a client device; in response to the request, requesting a public key from a verification server, wherein the verification server generates the public key, a private key that corresponds to the public key, and a key identifier associated with the private key, and wherein the public key and the private key are limited-use keys; receiving the public key and the key identifier from the verification server; transmitting the public key and the key identifier to the client device, wherein the client device encrypts the message using the public key and transmits the message and the key identifier to the verification server, and wherein the verification server retrieves the private key using the key identifier and decrypts the message using the private key, and wherein after the verification server decrypts the message using the private key, the verification server generates a token corresponding to the message and generates a signature using the token and the private key, wherein the token authorizes access to a resource; receiving the token and the signature of the private key from the verification server; and validating the signature of the private key using the public key.
Assignees
Inventors
Classifications
- H04L9/0825Primary
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms (network architectures or network communication protocols for using time-dependent keys in a packet data network H04L63/068) · CPC title
Revocation or update of secret information, e.g. encryption key update or rekeying · CPC title
involving digital signatures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10356057B2 cover?
- Embodiments of the present invention use a limited-use public/private key pair to encrypt and decrypt messages sent through an intermediary. The messages may contain sensitive information and may be transmitted between entities over one or more networks. In some embodiments, the entities and/or the networks may be untrusted. Nevertheless, the content of the messages may remain protected by virt…
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0825. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 16 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).