Systems and methods for inter-service authentication
US-11012237-B1 · May 18, 2021 · US
Transaction configuration using cryptographic authentication
US12073393B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12073393-B2 |
| Application number | US-202016887836-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 29, 2020 |
| Priority date | May 29, 2020 |
| Publication date | Aug 27, 2024 |
| Grant date | Aug 27, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A cryptographic scheme associated with a transaction service is received at a first computer system. Subsequent to receiving the cryptographic schema, the first computer system performs a configuration process for a transaction to be performed with the transaction service. The configuration process includes receiving a request for transaction configuration information from a client device. The request includes a cryptographic token generated by a second computer system the transaction service. The first computer system determines whether to grant the request based on analyzing the cryptographic token according to the cryptographic schema. Based on the determining, the first computer system sends transaction configuration information. The configuration process is performed by first computer system independent of communication between the second computer system and the first computer system.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer system comprising: a first computer processor circuit of a transaction service; a second computer processor circuit of the transaction service; and the first computer processor circuit being configured to: access a cryptographic schema associated with the transaction service, the cryptographic schema comprising a public key of a public-private key pair, a cryptographic algorithm, and a payload schema identifying privileges granted to a client device; receive, from the client device, a request for transaction configuration information for a transaction, the request comprising a cryptographic token and information about one or more applications running on the client device and a geographic indicator corresponding to a location of the client device; authenticate, without performing any communication with the second computer processor circuit, the cryptographic token from the request using the public key and the payload schema from the accessed cryptographic schema on a payload of the cryptographic token to determine whether the privileges granted to the client device satisfy one or more criteria; determine to grant the request based on the authentication of the cryptographic token according to the accessed cryptographic schema; generate the transaction configuration information using the payload of the cryptographic token and the information about the one or more applications running on the client device and the geographic indicator, wherein the transaction configuration information is formatted for the one or more applications; in response to determining to grant the request, send the generated transaction configuration information to the client device; the second computer processor circuit being configured to: access the cryptographic schema associated with the transaction service; generate the cryptographic token using a private key of the public-private key pair using the cryptographic algorithm and the payload schema, wherein the cryptographic token comprises a cryptographic key signed with the private key, metadata about the cryptographic token, and the payload identifying privileges granted to the client device; and transmit the cryptographic token to the client device. 2. The computer system of claim 1 , wherein the first computer processor circuit is an edge server computer processor circuit that is associated with the transaction service and the second computer processor circuit is a security computer processor circuit that is associated with the transaction service. 3. The computer system of claim 2 , further comprising a second edge server computer processor circuit that is associated with the transaction service; wherein the configuration process includes the second edge server computer processor circuit performing a second configuration process for the transaction; and wherein the edge server computer processor circuit, the second edge server computer processor circuit, and the security computer processor circuit do not communicate during the configuration process or the second configuration process. 4. The computer system of claim 1 , wherein the transaction is associated with a particular merchant, the cryptographic token includes a merchant identifier indicative of the particular merchant, and the transaction configuration information includes information corresponding to the particular merchant. 5. The computer system of claim 1 , wherein the transaction configuration information is generated using the geographic indicator and includes information corresponding to the location of the client device. 6. A method comprising: accessing, by a first computer processor circuit of a transaction service, a cryptographic schema associated with the transaction service, the cryptographic schema comprising a public key of a public-private key pair, a cryptographic algorithm, and a payload schema identifying privileges granted to a client device; generating, by the first computer processor circuit, a cryptographic token using a private key of the public-private key pair using the cryptographic algorithm and the payload schema, wherein the cryptographic token comprises a cryptographic key signed with the private key, metadata about the cryptographic token, and the payload identifying privileges granted to the client device; transmitting, by the first computer processor circuit, the cryptographic token to the client device; receiving, at a second computer processor circuit from the client device, a request for transaction configuration information for a transaction, the request comprising the cryptographic token and information about one or more applications running on the client device and a geographic indicator corresponding to a location of the client device; accessing, by second computer processor circuit, the cryptographic schema associated with the transaction service; authenticating, at the second computer processor circuit and without performing any communication with the first computer processor circuit, the cryptographic token from the request using the public key and the payload schema from the accessed cryptographic schema on a payload of the cryptographic token to determine whether the privileges granted to the client device satisfy one or more criteria; determining, at the second computer processor circuit, to grant the request based on the authentication of the cryptographic token according to the accessed cryptographic schema; generating, at the second computer processor circuit, the transaction configuration information using the payload of the cryptographic token and the information about the one or more applications running on the client device and the geographic indicator, wherein the transaction configuration information is formatted for the one or more applications; and in response to determining to grant the request at the second computer processor circuit, sending the generated transaction configuration information to the client device. 7. The method of claim 6 , further comprising: sending, from the client device to a third computer processor circuit, a second request for second transaction configuration information for a particular transaction to be performed using the transaction service, wherein the second request includes the cryptographic token, and wherein the cryptographic token is usable by the third computer processor circuit to authenticate the client device for the particular transaction according to the cryptographic schema and generate the second transaction configuration information without additional communication with the first computer processor circuit that affects the cryptographic token or the generation of the second transaction configuration information; wherein the privileges include a first set of privileges associated with tasks performed by the second computer processor circuit and a second, different set of privileges associated with tasks performed by the third computer processor circuit. 8. The method of claim 6 , wherein the second computer processor circuit is geographically closer to the client device than the first computer processor circuit. 9. The method of claim 6 , wherein the transaction configuration information includes application-specific configuration information. 10. The method of claim 6 , wherein the transaction configuration information includes region-specific configuration information. 11. The method of claim 6 , wherein the request is associated with a particular end user who is not registered with the first computer processor circuit, and the cryptographic token does not include a user identifier indicative of the particular end user. 12. The met
Assignees
Inventors
Classifications
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
Transactions dependent on location of M-devices · CPC title
Financial cryptography, e.g. electronic payment or e-cash · CPC title
using mutual authentication without cards, e.g. challenge-response · CPC title
involving authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12073393B2 cover?
- A cryptographic scheme associated with a transaction service is received at a first computer system. Subsequent to receiving the cryptographic schema, the first computer system performs a configuration process for a transaction to be performed with the transaction service. The configuration process includes receiving a request for transaction configuration information from a client device. The …
- Who is the assignee on this patent?
- Paypal Inc
- What technology area does this patent fall under?
- Primary CPC classification G06Q20/3829. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 27 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).