Confidential authentication and provisioning
US-10826712-B2 · Nov 3, 2020 · US
Mutual authentication of confidential communication
US11323276B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11323276-B2 |
| Application number | US-202016891755-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 3, 2020 |
| Priority date | Jun 30, 2015 |
| Publication date | May 3, 2022 |
| Grant date | May 3, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for performing communications between a first computer and a second computer, the method comprising performing, by the second computer: receiving a first message including a first computer blinded public key and first encrypted authentication information from the first computer, wherein the first computer blinded public key is generated by the first computer using a first computer blinding factor and a first computer public key; in response to receiving the first message, generating a first shared secret using the first computer blinded public key and a second computer private key; decrypting the first encrypted authentication information using the first shared secret to obtain first authentication information of the first computer, wherein the first authentication information includes the first computer public key, a first signature of the first computer public key, and a signer key identifier; authenticating the first computer using the first authentication information, wherein authenticating the first computer includes: using the signer key identifier to retrieve a signer public key; and validating the first signature using the signer public key and the first computer public key; in response to the authenticating of the first computer, encrypting second authentication information of the second computer to obtain second encrypted authentication information, the encrypting of the second authentication information based on the second computer private key and the first computer public key; and sending a second message including the second encrypted authentication information to the first computer, thereby enabling the first computer to authenticate the second computer using the second authentication information. 2. The method of claim 1 , wherein the second computer performs the encrypting of the second authentication information using the first shared secret, thereby enabling the first computer to decrypt the encrypted second authentication information and authenticate the second computer based on the second computer performing the encrypting of the second authentication information using the first shared secret. 3. The method of claim 1 , wherein the first authentication information includes the first computer public key, and wherein authenticating the first computer includes comparing the first computer public key to one or more stored computer public keys to identify a matching computer public key. 4. The method of claim 1 , wherein the first authentication information includes a first timestamp of the first computer, and wherein authenticating the first computer includes comparing the first timestamp to a second timestamp of the second computer. 5. The method of claim 1 , wherein the first authentication information includes the first computer blinding factor and the first computer public key, wherein authenticating the first computer includes: applying the first computer blinding factor to the first computer public key to obtain a generated blinded public key; and comparing the generated blinded public key to the first computer blinded public key. 6. A computer-implemented method for performing communications between a first computer and second computer, the method comprising performing, by the first computer: generating a first computer blinded public key using a first computer blinding factor and a first computer public key; generating a first shared secret using a first computer private key corresponding to the first computer public key, the first computer blinding factor, and a second computer public key of the second computer; encrypting first authentication information of the first computer using the first shared secret to obtain first encrypted authentication information; and sending, to the second computer, a first message including the first computer blinded public key and the first encrypted authentication information, thereby enabling the second computer to generate the first shared secret using the first computer blinded public key and a second computer private key corresponding to the second computer public key, to decrypt the first encrypted authentication information, and to authenticate the first computer using the first authentication information; receiving a second message from the second computer, the second message including second encrypted authentication information; in response to receiving the second message, decrypting the second encrypted authentication information based on the first computer private key and the second computer public key to obtain second authentication information of the second computer, wherein the second authentication information includes a second computer blinding factor and the second computer public key; and authenticating the second computer using the second authentication information, wherein authenticating the second computer includes: applying the second computer blinding factor to the second computer public key to obtain a generated blinded public key; and comparing the generated blinded public key to a second computer blinded public key. 7. The method of claim 6 , further comprising performing, by the first computer, communicating with the second computer in response to the authenticating of the second computer. 8. The method of claim 6 , further comprising performing, by the first computer: generating, a second shared secret using the first computer private key, the first computer blinding factor, and the second computer blinded public key, wherein the second message included the second computer blinded public key, wherein the first computer performs the decrypting of the second encrypted authentication information using the second shared secret; and verifying the second computer blinded public key using the second computer blinding factor and the second computer public key, wherein the authenticating of the second computer is based on the verifying of the second computer blinded public key. 9. The method of claim 6 , wherein the second authentication information includes the second computer public key, and wherein authenticating the second computer includes comparing the second computer public key to one or more stored computer public keys to identify a matching computer public key. 10. A computer-implemented method for performing communications between a first computer and a second computer, the method comprising performing, by the first computer: receiving a first message including a second computer blinded public key from the second computer, wherein the second computer blinded public key is generated by the second computer using a second computer blinding factor and a second computer public key that corresponds to a second computer private key; receiving an encrypted second computer counter value from the second computer; generating a second shared secret using the second computer blinded public key and a first computer private key; decrypting the encrypted second computer counter value using the second shared secret to obtain a second computer counter value; and verifying the second computer counter value received from the second computer using a first computer counter value of a counter stored at the first computer; generating a first computer blinded public key using a first computer blinding factor and a first computer public key; generating a first shared secret using the first computer private key corresponding to the first computer public key, the first computer blinding factor, and the second computer blinded public key; sending a second message including the first computer blinded public key to the second computer, thereby enabling the second computer to generate
Assignees
Inventors
Classifications
- H04L63/0442Primary
wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for public-key encryption H04L9/30) · CPC title
using certificate chains, trees or paths; Hierarchical trust model · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
using hash chains, e.g. blockchains or hash trees · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11323276B2 cover?
- Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using …
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0442. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 03 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).