Whitelisting clients accessing resources via a secure web gateway with time-based one time passwords for authentication
US-2022360448-A1 · Nov 10, 2022 · US
Systems and methods for mobile-mediated secure key exchange for general end-user connectivity
US12574358B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12574358-B2 |
| Application number | US-202318362595-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 31, 2023 |
| Priority date | Jul 31, 2023 |
| Publication date | Mar 10, 2026 |
| Grant date | Mar 10, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method may include: receiving, by a webserver computer program, shared key material shared with a client application; receiving from a browser, a request for a secure connection; establishing a session with the browser over a first secure connection; establishing a shared secret key with the browser, wherein the browser creates a browser secret key encrypted with the shared secret key, encrypts the browser secret key with the shared secret key, and provides the browser secret key encrypted with the shared secret key and session information the client application over a second secure connection that is protected with the shared key material; decrypting the browser secret key encrypted with the shared secret key using the shared secret key; identifying the session with the browser from the session information; and establishing, end-to-end encryption on top of the second secure connection using the browser secret key or a derivation thereof.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for mobile-mediated secure key exchange, comprising: receiving, by a webserver computer program executed by a remote webserver, shared key material, the shared key material shared with a client application executed by a first client electronic device; receiving, by the webserver computer program and from a browser executed by a second electronic device, a request for a secure connection with the browser; establishing, by the webserver computer program, a session with the browser over a first secure connection; establishing, by the webserver computer program with the browser, a shared secret key, wherein the browser is configured to create a browser secret key encrypted with the shared secret key, encrypt the browser secret key with the shared secret key, and provide the browser secret key encrypted with the shared secret key and session information for the session to the client application over a second secure connection that is protected with the shared key material; decrypting, by the webserver computer program, the browser secret key encrypted with the shared secret key using the shared secret key; identifying, by the webserver computer program, the session with the browser from the session information; and establishing, by the webserver computer program and with the browser, end-to-end encryption on top of the second secure connection using the browser secret key or a derivation thereof. 2 . The method of claim 1 , wherein the shared secret key is established through classical key exchange. 3 . The method of claim 1 , wherein the browser is configured to encode the encrypted browser secret key in a machine-readable code. 4 . The method of claim 3 , wherein the machine-readable code is communicated optically, by radio frequency communication, or audibly. 5 . The method of claim 1 , wherein the session information received over the second secure connection is encrypted with the browser secret key, and the webserver computer program decrypts the session information with the browser secret key. 6 . The method of claim 1 , wherein the webserver computer program also receives an indication from the client application that a user of the client application has been authenticated over the second secure connection, and the webserver computer program authenticates the session with the browser without further authentication. 7 . A system, comprising: a first client electronic device executing a client application; a second client electronic device executing a browser; and a remote webserver executing a webserver computer program; wherein: the webserver computer program and the client application are configured to receive shared key material; the webserver computer program is configured to receive a request for a secure connection from the browser; the webserver computer program is configured to establish a session with the browser over a first secure connection with the browser; the webserver computer program and the browser are configured to establish a shared secret key; the browser is configured to create a browser secret key encrypted with the shared secret key; the browser is configured to encrypt the browser secret key with the shared secret key; the browser is configured to provide the browser secret key encrypted with the shared secret key and session information for the session to the client application over a second secure connection that is protected with the shared key material; the webserver computer program is configured to decrypt the browser secret key encrypted with the shared secret key using the shared secret key; the webserver computer program is configured to identify the session with the browser from the session information; and the webserver computer program is configured to establish end-to-end encryption with the browser on top of the second secure connection using the browser secret key or a derivation thereof. 8 . The system of claim 7 , wherein the webserver computer program and the browser are configured to establish the shared secret key through classical key exchange. 9 . The system of claim 7 , wherein the browser is configured to encode the encrypted browser secret key in a machine-readable code. 10 . The system of claim 9 , wherein the machine-readable code is communicated optically, by radio frequency communication, or audibly. 11 . The system of claim 7 , wherein the browser is configured to encrypt the session information with the browser secret key, and the webserver computer program is configured to decrypt the session information with the browser secret key. 12 . The system of claim 7 , wherein the client application is configured to communicate, over the second secure connection, an indication that a user of the client application has been authenticated, and the webserver computer program is configured to authenticate the session with the browser without further authentication. 13 . A non-transitory computer readable storage medium, including instructions stored thereon, which when read and executed by one or more computer processors, cause the one or more computer processors to perform steps comprising: receiving shared key material, the shared key material shared with a client application executed by a first client electronic device; receiving, from a browser executed by a second electronic device, a request for a secure connection with the browser; establishing a session with the browser over a first secure connection with the browser; establishing, with the browser, a shared secret key; receive, from the client application, a browser secret key encrypted with the shared secret key and session information for the session over a second secure connection that is protected with the shared key material, wherein the browser secret key was encrypted with the shared secret key by the browser; decrypting the browser secret key encrypted with the shared secret key using the shared secret key; identifying the session with the browser from the session information; and establishing, with the browser, end-to-end encryption on top of the second secure connection using the browser secret key or a derivation thereof. 14 . The non-transitory computer readable storage medium of claim 13 , wherein the shared secret key is established through classical key exchange. 15 . The non-transitory computer readable storage medium of claim 13 , wherein the session information received over the second secure connection is encrypted with the browser secret key, and further including instructions stored thereon, which when read and executed by one or more computer processors, cause the one or more computer processors to decrypt the session information with the browser secret key. 16 . The non-transitory computer readable storage medium of claim 13 , further including instructions stored thereon, which when read and executed by one or more computer processors, cause the one or more computer processors to receive an indication from the client application that a user of the client application has been authenticated over the second secure connection and authenticate the session with the browser without further authentication.
Assignees
Inventors
Classifications
using different networks or channels, e.g. using out of band channels (cryptographic mechanisms or cryptographic arrangements for key distribution involving distinctive intermediate devices or communication paths H04L9/0827; cryptographic mechanisms or cryptographic arrangements for authentication using a plurality of channels H04L9/3215) · CPC title
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) (network architectures or network communication protocols for key distribution in a packet data network H04L63/062) · CPC title
wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for symmetric key encryption H04L9/06) · CPC title
applying encryption of the keys · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12574358B2 cover?
- A method may include: receiving, by a webserver computer program, shared key material shared with a client application; receiving from a browser, a request for a secure connection; establishing a session with the browser over a first secure connection; establishing a shared secret key with the browser, wherein the browser creates a browser secret key encrypted with the shared secret key, encryp…
- Who is the assignee on this patent?
- Jpmorgan Chase Bank Na
- What technology area does this patent fall under?
- Primary CPC classification H04L63/061. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 10 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).