Method for setting up a secure connection between clients
US-2015326395-A1 · Nov 12, 2015 · US
Mutual authentication of software layers
US11068608B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11068608-B2 |
| Application number | US-201916660578-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 22, 2019 |
| Priority date | Mar 12, 2015 |
| Publication date | Jul 20, 2021 |
| Grant date | Jul 20, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques for establishing mutual authentication of software layers of an application are described. During initialization of the application, the software layers execute a binding algorithm to exchange secrets to bind the software layers to one another. During subsequent runtime of the software application, the software layers execute a runtime key derivation algorithm to combine the secrets shared during initialization with dynamic time information to generate a data encryption key. The software layers can then securely transfer data with each other by encrypting and decrypting data exchanged between the software layers using the dynamically generated data encryption key.
First claim
Opening claim text (preview).
What is claimed is: 1. A computing device comprising: a processor; and a memory coupled to the processor and storing computer readable code for implementing a first software layer associated with a first nonce that interacts with a second software layer associated with a second nonce, wherein the computer readable code, when executed by the processor, causes the first software layer to perform operations including: retrieving binding information stored by the first software layer; decrypting the binding information to obtain the second nonce and initialization time information; receiving an encrypted first nonce from the second software layer; decrypting the encrypted first nonce to obtain the first nonce; determining dynamic time information based on the initialization time information; deriving a data encryption key based on the first nonce, the second nonce, and the dynamic time information determined based on the initialization time information; and encrypting data being sent from the first software layer to the second software layer using the data encryption key. 2. The computing device of claim 1 , wherein the data encryption key is derived by: combining the first nonce and the second nonce to generate a combined nonce; concatenating the combined nonce with the dynamic time information; and hashing a result of the concatenating. 3. The computing device of claim 2 , wherein the combined nonce is generated by applying a logical operation to the first nonce and the second nonce. 4. The computing device of claim 1 , wherein the operations further include: receiving an encrypted second nonce and encrypted initialization time information; decrypting the encrypted second nonce and the encrypted initialization time information to obtain the second nonce and the initialization time information; re-encrypting the second nonce and the initialization time information to generate a re-encrypted second nonce and re-encrypted initialization time information; and storing the re-encrypted second nonce and the re-encrypted initialization time information as the binding information. 5. The computing device of claim 1 , wherein the operations further include: generating the first nonce; encrypting the first nonce; and sending the encrypted first nonce to the second software layer. 6. The computing device of claim 5 , wherein the first nonce is encrypted using a binding key derived from at least a computing device identifier associated with the computing device. 7. The computing device of claim 5 , wherein the first nonce is encrypted using a binding key derived from at least an issuer identifier associated with an issuer of the first software layer or the second software layer. 8. A computing device comprising: a processor; and a memory coupled to the processor and storing computer readable code for implementing a second software layer associated with a second nonce that interacts with a first software layer associated with a first nonce, wherein the computer readable code, when executed by the processor, causes the second software layer to perform operations including: retrieving binding information stored by the second software layer; decrypting the binding information to obtain the first nonce and initialization time information; receiving an encrypted second nonce from the first software layer; decrypting the encrypted second nonce to obtain the second nonce; determining dynamic time information based on the initialization time information; deriving a data encryption key based on the first nonce, the second nonce, and the dynamic time information determined based on the initialization time information; and encrypting data being sent from the second software layer to the first software layer using the data encryption key. 9. The computing device of claim 8 , wherein the data encryption key is derived by: combining the first nonce and the second nonce to generate a combined nonce; concatenating the combined nonce with the dynamic time information; and hashing a result of the concatenating. 10. The computing device of claim 9 , wherein the combined nonce is generated by applying a logical operation to the first nonce and the second nonce. 11. The computing device of claim 8 , wherein the operations further include: receiving an encrypted first nonce; decrypting the encrypted first nonce to obtain the first nonce; re-encrypting the first nonce to generate a re-encrypted first nonce; encrypting the initialization time information to generate encrypted initialization time information; and storing the re-encrypted first nonce and the encrypted initialization time information as the binding information. 12. The computing device of claim 8 , wherein the operations further include: generating the second nonce; encrypting the second nonce; encrypting the initialization time information; and sending the encrypted second nonce and the encrypted initialization time information to the first software layer. 13. The computing device of claim 12 , wherein the second nonce and the initialization time information are encrypted using a binding key derived from at least a computing device identifier associated with the computing device. 14. The computing device of claim 12 , wherein the first nonce is encrypted using a binding key derived from at least the first nonce generated by the first software layer. 15. A method comprising: receiving, by a first software layer, an encrypted first nonce from a second software layer; decrypting, by the first software layer, the encrypted first nonce to obtain a first nonce; retrieving, by the first software layer, first binding information; decrypting, by the first software layer, the first binding information to obtain a second nonce and initialization time information; deriving, by the first software layer, a data encryption key based on the first nonce, the second nonce, and dynamic time information derived from the initialization time information; retrieving, by the second software layer, second binding information; decrypting, by the second software layer, the second binding information to obtain the first nonce and the initialization time information; receiving, by the second software layer, an encrypted second nonce from the first software layer; decrypting, by the second software layer, the encrypted second nonce to obtain the second nonce; and deriving, by the second software layer, the data encryption key based on the first nonce, the second nonce, and the dynamic time information derived from the initialization time information, wherein data being transferred between the first and second software layers are encrypted using the data encryption key. 16. The method of claim 15 , wherein the initialization time information is generated by the second software layer, and provided to the first software layer by the second software layer. 17. The method of claim 16 , wherein the initialization time information is encrypted prior to being provided to the first software layer. 18. The method of claim 17 , wherein the initialization time information is encrypted using a binding key derived from at least the first nonce. 19. The method of claim 18 , wherein the binding key is derived from at least a computing device identifier associated with a computing device executing the first software layer or the second software layer. 20. The method of claim 15 , wherein the first software layer and the second software layer are part
Assignees
Inventors
Classifications
by mutual authentication, e.g. between devices or programs · CPC title
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
against software analysis or reverse engineering, e.g. by obfuscation · CPC title
for mutual authentication (network architectures or network communication protocols for achieving mutual authentication in a packet data network H04L63/0869) · CPC title
Mutual Authentication Bi-Directional Authentication, Dialogue, Handshake · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11068608B2 cover?
- Techniques for establishing mutual authentication of software layers of an application are described. During initialization of the application, the software layers execute a binding algorithm to exchange secrets to bind the software layers to one another. During subsequent runtime of the software application, the software layers execute a runtime key derivation algorithm to combine the secrets …
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification G06F21/12. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 20 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).