What technology area does this patent fall under?

Primary CPC classification H04L63/045. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Aug 13 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Secure multi-party protocol

US10382409B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10382409-B2
Application number	US-201615361180-A
Country	US
Kind code	B2
Filing date	Nov 25, 2016
Priority date	Nov 25, 2015
Publication date	Aug 13, 2019
Grant date	Aug 13, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for securing communications between a first computer and a second computer, the method comprising: securing an application programming interface at least in part by: receiving, by the second computer from the first computer over a communications network, a request data packet of the application programming interface, the request data packet including a first control block comprising a first symmetric key, and a first data block encrypted with the first symmetric key, wherein the first control block is encrypted with a public key of a public-private key pair; decrypting, by the second computer, the first control block with a private key of the public-private key pair; extracting, by the second computer, the first symmetric key from the first control block; decrypting, by the second computer, the encrypted first data block with the extracted first symmetric key; generating, by the second computer, a second symmetric key using a predetermined algorithm based on data in the first control block; generating, by the second computer, a response data packet of the application programming interface, the response data packet comprising a second data block and a second control block comprising the first symmetric key; and transmitting, by the second computer, the response data packet to the first computer over the communications network. 2. The method of claim 1 , wherein the first symmetric key is an ephemeral key. 3. The method of claim 1 , wherein the first symmetric key is generated using a shared secret and a variable datum previously supposed by the second computer. 4. The method of claim 3 , wherein the variable datum is a salt. 5. The method of claim 1 , further comprising: encrypting, by the second computer, the second data block using the first symmetric key; and encrypting, by the second computer, the second control block using the second symmetric key. 6. The method of claim 1 , wherein the data in the first control block utilized to generate the second symmetric key includes the first symmetric key. 7. The method of claim 1 wherein the first computer is an authorization entity computer and the second computer is a token service computer. 8. The method of claim 1 , wherein the request data packet further comprises a first leader block and a first signature block, and the response data packet further comprises a second leader block and a second signature block. 9. The method of claim 8 , wherein the first leader block includes information indicating an encryption algorithm utilized to obtain the key for decrypting the first control block, and wherein the second leader block includes information indicating an encryption algorithm utilized to obtain the key for decrypting the second control block. 10. A computer system comprising: a processor; and a computer readable medium coupled with the processor, the computer readable medium comprising code executable to perform a method for securing communications between a first computer and a second computer, the method comprising: securing an application programming interface at least in part by: receiving from the first computer over a communications network, a request data packet, the request data packet of the application programming interface, the request data packet including a first control block comprising a first symmetric key, and a first data block encrypted with the first symmetric key, wherein the first control block is encrypted with a public key of a public-private key pair; decrypting the first control block with a private key of the public-private key pair; extracting from the first control block, the first symmetric key; decrypting the encrypted first data block with the extracted first symmetric key; generating a second symmetric key using a predetermined algorithm based on data in the first control block; generating a response data packet of the application programming interface, the response data packet comprising a second control block comprising the first symmetric key, and a second data block; and transmitting the response data packet to the first computer over the communications network. 11. The computer system of claim 10 , wherein the first symmetric key is an ephemeral key. 12. The computer system of claim 10 , wherein the first symmetric key is generated using a shared secret and a variable datum previously supposed by the second computer. 13. The computer system of claim 12 , wherein the variable datum is a salt. 14. The computer system of claim 10 , wherein the method further comprises: encrypting the second data block using the first symmetric key; and encrypting the second control block using the second symmetric key. 15. The computer system of claim 10 , wherein the data in the first control block utilized to generate the second symmetric key includes the first symmetric key. 16. The computer system of claim 10 , wherein the first computer is an authorization entity computer and the second computer is a token service computer. 17. The computer system of claim 10 , wherein the request data packet further comprises a first leader block and a first signature block, and the response data packet further comprises a second leader block and a second signature block. 18. The computer system of claim 17 , wherein the first leader block includes information indicating an encryption algorithm utilized to obtain the key for decrypting the first control block, and wherein the second leader block includes information indicating an encryption algorithm utilized to obtain the key for decrypting the second control block. 19. One or more non-transient computer-readable media having collectively stored thereon computer-executable instructions that, when executed with one or more computers, collectively perform a method comprising: securing an application programming interface at least in part by: receiving, by a second computer from a first computer over a communications network, a request data packet of the application programming interface, the request data packet including a first control block comprising a first symmetric key, and a first data block encrypted with the first symmetric key, wherein the first control block is encrypted with a public key of a public-private key pair; decrypting, by the second computer, the first control block with a private key of the public-private key pair; extracting, by the second computer, the first symmetric key from the first control block; decrypting, by the second computer, the encrypted first data block with the extracted first symmetric key; generating, by the second computer, a second symmetric key using a predetermined algorithm based on data in the first control block; generating, by the second computer, a response data packet of the application programming interface, the response data packet comprising a second data block and a second control block comprising the first symmetric key; and transmitting, by the second computer, the response data packet to the first computer over the communications network. 20. The one or more computer-readable media of claim 19 , wherein the method further comprises: encrypting the second data block using the first symmetric key; and encrypting the second control block using the second symmetric key.

Assignees

Visa Int Service Ass

Inventors

Classifications

H04L9/0822
using key encryption key · CPC title
H04L63/045Primary
wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption (cryptographic mechanisms or cryptographic arrangements using a plurality of keys or algorithms H04L9/14) · CPC title
H04L63/061
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
H04L9/0825
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title

Patent family

Related publications grouped by family.

View patent family 58721345

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10382409B2 cover?: A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data …
Who is the assignee on this patent?: Visa Int Service Ass
What technology area does this patent fall under?: Primary CPC classification H04L63/045. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Aug 13 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).