Secure multi-party protocol
US-10382409-B2 · Aug 13, 2019 · US
Secure multi-party protocol
US11677729B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11677729-B2 |
| Application number | US-202117307214-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 4, 2021 |
| Priority date | Nov 25, 2015 |
| Publication date | Jun 13, 2023 |
| Grant date | Jun 13, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for securing communications between a first computer and a second computer, the method comprising: securing a communication connection over a communications network at least in part by: encrypting, by the first computer, a first data block with a cryptographic key; generating, by the first computer, an encrypted first control block by encrypting a first control block; generating, by the first computer, a request data packet of the communication connection, the request data packet including the encrypted first control block and the encrypted first data block; sending, by the first computer, the request data packet to the second computer over the communications network, wherein the second computer generates a response data packet comprising an encrypted second control block and an encrypted second data block; receiving, by the first computer, the response data packet of the communication connection from the second computer over the communications network; generating, by the first computer, a second symmetric key using a predetermined algorithm; decrypting, by the first computer, the encrypted second control block with the generated second symmetric key to obtain a second control block; and decrypting, by the first computer, the encrypted second data block with a cryptographic key that is determined using data in the second control block to obtain a second data block. 2. The method of claim 1 , wherein the cryptographic key used to encrypt the first data block and the cryptographic key used to encrypt the second data block are each a first symmetric key, which is an ephemeral key. 3. The method of claim 2 , wherein the first symmetric key is generated using a shared secret and a variable datum previously supplied by the second computer. 4. The method of claim 3 , wherein the variable datum is a salt. 5. The method of claim 1 , wherein the encrypted second data block is formed by encrypting the second data block with a first symmetric key, and the second symmetric key is different from the first symmetric key. 6. The method of claim 1 , wherein data utilized to generate the second symmetric key is in a leader block in the response data packet. 7. The method of claim 1 wherein the first computer is an authorization entity computer and the second computer is a token service computer. 8. The method of claim 1 , wherein the request data packet further comprises a first leader block and a first signature block, and the response data packet further comprises a second leader block and a second signature block. 9. The method of claim 8 , wherein the first leader block includes information indicating an encryption algorithm utilized to obtain a key for decrypting the encrypted first control block, and wherein the second leader block includes information indicating an encryption algorithm utilized to obtain a key for decrypting the encrypted second control block. 10. A first computer comprising: a processor; and a computer readable medium coupled with the processor, the computer readable medium comprising code executable to perform a method comprising: securing a communication connection over a communications network at least in part by: encrypting a first data block with a cryptographic key; generating an encrypted first control block by encrypting a first control block; generating a request data packet of the communication connection, the request data packet including the encrypted first control block and the encrypted first data block; sending the request data packet to a second computer over the communications network, wherein the second computer generates a response data packet comprising an encrypted second control block and an encrypted second data block; receiving, the response data packet of the communication connection from the second computer over the communications network; generating a second symmetric key using a predetermined algorithm; decrypting the encrypted second control block with the generated second symmetric key to obtain a second control block; and decrypting the encrypted second data block with a cryptographic key that is determined using data in the second control block to obtain a second data block. 11. The first computer of claim 10 , wherein the encrypted first control block further comprises a timestamp. 12. The first computer of claim 10 , wherein the first data block comprises a token. 13. The first computer of claim 12 , wherein the first control block comprises a sequence number. 14. The first computer of claim 10 , wherein the first control block comprises a device ID and sequence number. 15. A method for securing communications between a first computer and a second computer, the method comprising: receiving, by the second computer from the first computer over a communications network, a request data packet, the request data packet including an encrypted first control block, and an encrypted first data block; decrypting, by the second computer, the encrypted first control block with a cryptographic key to obtain a first control block; decrypting, by the second computer, the encrypted first data block with a first symmetric key to obtain a first data block, the first symmetric key based on data in the first control block; generating, by the second computer, a second symmetric key using a predetermined algorithm based on data in the first control block; generating, by the second computer, a response data packet, the response data packet comprising an encrypted second data block and an encrypted second control block, the encrypted second control block formed by encrypting a second control block with the second symmetric key; and transmitting, by the second computer, the response data packet to the first computer over the communications network. 16. The method of claim 15 , wherein the first symmetric key is an ephemeral key. 17. The method of claim 15 , wherein the first symmetric key is generated using a shared secret and a variable datum previously supposed by the second computer. 18. The method of claim 17 , wherein the variable datum is a salt. 19. The method of claim 15 , wherein the first data block comprises a token. 20. The method of claim 15 , wherein the first computer and the second computer interact via an API.
Assignees
Inventors
Classifications
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
using key encryption key · CPC title
- H04L63/045Primary
wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption (cryptographic mechanisms or cryptographic arrangements using a plurality of keys or algorithms H04L9/14) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11677729B2 cover?
- A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data …
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification H04L63/045. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 13 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).