Push notification authentication
US-2019305955-A1 · Oct 3, 2019 · US
Systems and methods for secure communication
US11451376B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11451376-B2 |
| Application number | US-202016850151-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 16, 2020 |
| Priority date | Apr 25, 2019 |
| Publication date | Sep 20, 2022 |
| Grant date | Sep 20, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
There is presented a method, a computing device and a computing system for establishing secure communication between computing devices. A method for a first computing device to establish trusted communication with a second computing device comprises the first computing device sending a request to create a secure channel to the second computing device, the request comprising a first cryptographic element and a device identifier. The first computing device receives a channel identifier from the second computing device in response to the request, and a notification over a secure channel using the device identifier, the notification comprising a channel identifier and a second cryptographic element. The first computing device compares the channel identifier received in the response to the request and the channel identifier received in the notification and, if the first computing device determines that the two channel identifiers match, the first computing device deriving a secret key using the first cryptographic element and the second cryptographic element.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for a first computing device to establish trusted communication with a second computing device, the method comprising: sending, via the first computing device, a request to create a secure channel to the second computing device, the request comprising a first cryptographic element and a device identifier, wherein the device identifier is associated with at least one parameter of the first computing device; receiving, from the second computing device via the first computing device, a channel identifier computed by the second computing device in response to the request, wherein the channel identifier is one or more of the following: not identical to any channel identifier previously generated by the second computing device; not identical to any channel identifier currently in use by the second computing device; and not identical to any channel currently recorded in a database associated with the second computing device; receiving, via the first computing device, a notification from the second computing device over a secure channel using the device identifier, the notification comprising a channel identifier and a second cryptographic element; comparing, via the first computing device, the channel identifier received in the response to the request and the channel identifier received in the notification, and; and based on a determination that the two channel identifiers match, deriving, via the first computing device, a secret key using the first cryptographic element and the second cryptographic element. 2. The method of claim 1 , wherein the device identifier is a device token. 3. The method of claim 1 , wherein the first computing device sends the request through an application installed on the first computing device. 4. The method of claim 1 , further comprising at least one or more of the following steps: sending, via the first computing device, one or more messages to the second computing device, wherein each message comprises the channel identifier, and sending each message comprise the first computing device encrypting the message using the secret key; and receiving, via the first computing device, one or more messages from the second computing device, wherein each message comprises the channel identifier, and receiving each message comprises decrypting the message using the secret key. 5. The method of claim 1 , further comprising: based on a determination that the two channel identifiers do not match, the method further comprises one or more of the following steps: discarding, via the first computing device, the information received in one or more of the response to the request and in the notification; and generating, via the first computing device, the first cryptographic element as a random string. 6. The method of claim 5 , wherein the random string is generated based on at least one parameter of the first computing device. 7. The method of claim 1 , wherein the method further comprises performing, via the first computing device, a biometric authentication of a user prior to sending the request to the second computing device, and based upon a determination that the biometric authentication is successful, sending the request to the second computing device. 8. The method of claim 1 , wherein one or more of the following is true: the request to create a secure channel is communicated through a public channel; the response to the request is communicated through a public channel; the channel identifier is a unique string; and the secret key is derived using a Diffie-Hellman or Elliptic-curve Diffie Hellman protocol. 9. The method of claim 1 , wherein the method is used as part of a method of establishing trusted communication with a first computing device wherein authentication of the user is performed by biometric authentication. 10. A method for a second computing device to establish trusted communication with a first computing device, the method comprising: receiving, via the second computing device, a request to create a secure channel from the first computing device, the request comprising a first cryptographic element and a device identifier, wherein the device identifier is associated with at least one parameter of the first computing device; computing a channel identifier by the second computing device; sending, via the second computing device, the channel identifier to the first computing device in response to the request, wherein the channel identifier is one or more of the following: not identical to any channel identifier previously generated by the second computing device; not identical to any channel identifier currently in use by the second computing device; and not identical to any channel currently recorded in a database associated with the second computing device; sending, via the second computing device, a notification to the first computing device over a secure channel using the device identifier, the notification comprising the channel identifier and a second cryptographic element; and based on a determination that the two channel identifiers match, deriving, via the second computing device, a secret key using the first cryptographic element and the second cryptographic element. 11. The method of claim 10 , further comprising one or more of the following: recording, via the second computing device, an association between the device identifier and the channel identifier, and receiving, via the second computing device, a request to associate a device identifier with a user identifier, and recording an association between the user identifier and the device identifier. 12. The method of claim 10 , further comprising one or more of the following: sending, via the second computing device, one or more messages to the first computing device, wherein each message comprises the channel identifier, and sending each message comprise the second computing device encrypting the message using the secret key; or receiving, via the second computing device, one or more messages from the first computing device, wherein each message comprises the channel identifier, and receiving each message comprises decrypting the message using the secret key. 13. The method of claim 12 , wherein each of the one or more messages communicated using the channel identifier comprises a counter, and the method comprises computing, via the second computing device, a counter associated with the channel identifier and incrementing the counter when a message is sent or received using the channel identifier. 14. The method of claim 13 , further comprising, after receipt of a message comprising a channel identifier, the second computing device: comparing the recorded counter associated with the channel identifier and the counter in the message, and recording the channel identifier as expired if the second computing device determines that the counter in the message does not correspond to a single increment of the recorded counter associated with the channel identifier. 15. The method of claim 10 , further comprising generating, via the second computing device, the second cryptographic element as a random string. 16. The method of claim 10 , further comprising recording, via the second computing device, a channel identifier as expired based on the determination that one or more of the following occurs: the second computing device does not receive any messages associated with the channel identifier for a predetermined period of time; the second computing device does not receive any messages associated with the channel identifier with
Assignees
Inventors
Classifications
- H04L63/18Primary
using different networks or channels, e.g. using out of band channels (cryptographic mechanisms or cryptographic arrangements for key distribution involving distinctive intermediate devices or communication paths H04L9/0827; cryptographic mechanisms or cryptographic arrangements for authentication using a plurality of channels H04L9/3215) · CPC title
involving distinctive intermediate devices or communication paths (network architectures or network communication protocols using different networks H04L63/18) · CPC title
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
using a plurality of channels (network architectures or network communication protocols using different networks H04L63/18) · CPC title
involving Diffie-Hellman or related key agreement protocols · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11451376B2 cover?
- There is presented a method, a computing device and a computing system for establishing secure communication between computing devices. A method for a first computing device to establish trusted communication with a second computing device comprises the first computing device sending a request to create a secure channel to the second computing device, the request comprising a first cryptographi…
- Who is the assignee on this patent?
- Mastercard International Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/18. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 20 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).