Creation of a cryptographically secure electronic identity
US-2025097052-A1 · Mar 20, 2025 · US
Browser authentication of server public key certificate (BAS-PKC)
US12470403B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12470403-B2 |
| Application number | US-202318216283-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 29, 2023 |
| Priority date | Jun 29, 2023 |
| Publication date | Nov 11, 2025 |
| Grant date | Nov 11, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for determining, by a browser, data cipher by encrypting data using a first encryption key, the first encryption key is generated using a first random number, a second random number, and a third random number. The browser sends to a server, the data cipher. The browser determines a key cipher by encrypting the third random number using a certificate of the server. The browser sends to the server the key cipher.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method, comprising: receiving, by a browser from a first server, a certificate of the first server and a first random number; sending, by the browser to a second server, a second random number; receiving, by the browser from the second server, a first hash value generated by the second server using the first random number, the second random number, and the certificate; determining, by the browser, a second hash value using the first random number, the second random number, and the certificate; and performing, by the browser, communication with the first server in response to determining that the first hash value and the second hash value are the same. 2 . The method of claim 1 , further comprising sending, by the browser to the first server, browser information of the browser, wherein the certificate and the first random number is received in response to sending the browser information. 3 . The method of claim 1 , further comprising receiving, by the browser from the first server, redirect information comprising an Identifier (ID) of the second server, wherein the second random number is sent to the second server using the ID of the second server. 4 . The method of claim 1 , wherein the first random number is a first Random Number Used Once (NONCE) generated by the first server; and the second random number is a second NONCE generated by the browser. 5 . The method of claim 1 , wherein the first hash value is generated by the second server by running the first random number, the second random number, and the certificate through a first hash function; generating the second hash value comprises running, by the browser, the first random number, the second random number, and the certificate through a second hash function; and the first hash function and the second hash function are the same. 6 . The method of claim 1 , wherein the first hash value is generated using a string of the first random number, a string of the second random number, and a string of the certificate; and the second hash value is generated using the string of the first random number, the string of the second random number, and the string of the certificate. 7 . The method of claim 6 , wherein the first hash value is generated by running a first value through a first hash function, the first value is generated by concatenating the string of the first random number, the string of the second random number, and the string of the certificate; and the second hash value is generated by running a second value through a second hash function, the second value is generated by concatenating the string of the first random number, the string of the second random number, and the string of the certificate. 8 . The method of claim 1 , wherein the second server receives the certificate and the first random number from the first server. 9 . The method of claim 1 , wherein performing communication with the first server comprises: performing certificate chain validation for the certificate in response to determining that the first hash value and the second hash value are the same; and establishing a Transport Layer Security (TLS) connection between the browser and the first server in response to validating the certificate through the certificate chain validation. 10 . A method, comprising: determining, by a browser, data cipher by encrypting data using a first encryption key, the first encryption key is generated using a first random number, a second random number, and a third random number; sending, by the browser to a server, the data cipher; determining, by the browser, a key cipher by encrypting the third random number using a certificate of the server; and sending, by the browser to the server, the key cipher. 11 . The method of claim 10 , wherein the first random number is a first Random Number Used Once (NONCE) generated by the server; and the second random number is a second NONCE generated by the browser. 12 . The method of claim 10 , wherein the first encryption key is generated by combining the first random number, the second random number, and the third random number using XOR. 13 . The method of claim 10 , wherein the certificate of the server comprises a second encryption key; and encrypting the third random number using the certificate comprises encrypting the third random number using the second encryption key. 14 . The method of claim 13 , wherein the second encryption key comprises a public key of the server, the public key of the server corresponds to a private key of the server that is used by the server to decrypt the key cipher. 15 . The method of claim 10 , further comprising encrypting, by the browser, the data cipher using a session key for a Transport Layer Security (TLS) session, wherein sending the data cipher to the server comprises sending the encrypted data cipher to the server, wherein the server decrypts the encrypted data cipher using the session key. 16 . A method, comprising: receiving, by a server from a browser, a data cipher and a key cipher, wherein the data cipher is generated by the browser by encrypting data using a first encryption key, the first encryption key is determined using a first random number, a second random number, and a third random number, and the key cipher is generated by the browser using a certificate of the server; determining, by the server, the third random number by decrypting the key cipher; determining, by the server, the first encryption key using the first random number, the second random number, and the third random number; and determining, by the server, the data by decrypting the data cipher using the first encryption key. 17 . The method of claim 16 , wherein the certificate of the server comprises a second encryption key; and the key cipher is decrypted by the server using a third encryption key corresponding to the second encryption key. 18 . The method of claim 17 , wherein the second encryption key comprises a public key of the server; and the third encryption key comprises a private key of the server. 19 . The method of claim 16 , wherein the first encryption key is generated by combining the first random number, the second random number, and the third random number using XOR. 20 . The method of claim 16 , wherein the first random number is a first Random Number Used Once (NONCE) generated by the server; and the second random number is a second NONCE generated by the browser.
Assignees
Inventors
Classifications
involving random numbers or seeds · CPC title
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
using key encryption key · CPC title
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
using cryptographic hash functions · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12470403B2 cover?
- The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for determining, by a browser, data cipher by encrypting data using a first encryption key, the first encryption key is generated using a first random number, a second random number, and a third random number. The browser sends to a server, the data cipher. The browser determines …
- Who is the assignee on this patent?
- Wells Fargo Bank Na
- What technology area does this patent fall under?
- Primary CPC classification H04L67/02. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 11 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).