Coordinating peer-to-peer data transfer using blockchain
US-2024356755-A1 · Oct 24, 2024 · US
System and method for authenticated encryption based on device fingerprint
US2020092090A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2020092090-A1 |
| Application number | US-201816131426-A |
| Country | US |
| Kind code | A1 |
| Filing date | Sep 14, 2018 |
| Priority date | Sep 14, 2018 |
| Publication date | Mar 19, 2020 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and system for encryption and decryption. The system includes a user computing device, a root secret server, and a backend server. The root secret server has a root secret code, and when receiving a fingerprint of the user computing device, calculates a device secret code for that device using the fingerprint. When sensitive data needs to be encrypted, the user computing device calculates a data key for the data based on the device secret code and the data information, and encrypts the data. The backend server retrieves the root secret code from the root secret server, and in response to receiving the encrypted data, retrieves data information and calculates the data key to decrypt the data. Similarly, the backend server can encrypt data and the user computing device can decrypt data. The root secret code, the device code, and the data key form a three level encryption mechanism.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for encryption and decryption, the method comprising: sending, by a user computing device, a device fingerprint of the user computing device to a root secret server, wherein the root secret server has a root secret code, and the root secret server is configured to calculate, in response to receiving the device fingerprint, a device secret code using the device fingerprint and the root secret code, and send the device secret code to the user computing device; calculating, by the user computing device, a data key using the device secret code, the device fingerprint, a name of an application generating data, and a timestamp of generating the data; encrypting, by the user computing device, the data using the data key to form encrypted data; encoding, by the user computing device, the encrypted data with the device fingerprint, the name of the application, and the timestamp to form an encoded data packet, and sending the encoded data packet to a backend server, wherein the backend server is configured to: obtain the root secret code from the root secret server; in response to receiving the encoded data packet, decode the encoded data packet to obtain the encrypted data packet; calculate the data key using the root secret code obtained from the root secret server and the device fingerprint, the name of the application, and the timestamp from the encoded data packet; and decrypt the encrypted data packet using the data key. 2 . The method of claim 1 , further comprising, before the step of sending the device fingerprint: encrypting, by the user computing device, the device fingerprint using a public key retrieved from the root secret server, wherein the root secret server is further configured to decrypt the fingerprint by the root secret server using a private key associated with the public key, and the public key and the private key form a pair of asymmetric keys. 3 . The method of claim 1 , wherein the root secret server is further configured to, before calculating the device secret code, validate the device fingerprint using a fingerprint validation service. 4 . The method of claim 1 , wherein the root secret server is further configured to, before sending the device secret code to the user computing device: encrypt the device secret code using a randomly generated key provided by the user computing device, and the method further comprises, before the step of calculating the data key by the user computing device: decrypting, by the user computing device, the encrypted device secret code received from the root secret server using the randomly generated key, and storing the obtained device secret code on the user computing device, wherein the randomly generated key is a symmetric key. 5 . The method of claim 1 , wherein the root secret server is further configured to obtain a management key from a key management service; wherein the backend server is further configured to, before obtaining the root secret code from the root secret server: obtain the management key from the key management service; send a request for requesting the root secret code to the root secret server, the request encrypted by the management key, wherein the root secret server is further configured to decrypt the request using the management key, prepare a response having the root secret key and encrypted by the management key, and send the response to the backend server; and receive the response and decrypt the response using the management key to obtain the root secret code; and wherein the management key is a symmetric key. 6 . The method of claim 1 , wherein the data key is a symmetric key and the encrypted data packet is coded by JavaScript Object Notation (JSON). 7 . A non-transitory computer readable medium storing computer executable code, wherein the computer executable code, when executed at a processor of a user computing device, is configured to perform the method of claim 1 . 8 . A method for encryption and decryption, the method comprising: obtaining, by a backend server, a root secret code from a root secret server; decoding, by the backend server in response to receiving an encoded data packet from a user computing device, the encoded data packet to obtain an encrypted data packet; calculating a data key using the root secret code obtained from the root secret server and a device fingerprint, a name of the application, and a timestamp from the encoded data packet; and decrypting, by the backend server, the encrypted data packet using the calculated data key, wherein the user computing device is configured to send the device fingerprint of the user computing device to the root secret server, calculate the data key using the device secret code received from the root secret server, the device fingerprint, the name of the application generating the data, and the timestamp of generating the data, encrypt the data using the data key to form the encrypted data, encode the encrypted data with the device fingerprint, the name of the application, the timestamp to form the encoded data packet, and send the encoded data packet to the backend server; and wherein the root secret server is configured to calculate, in response to receiving the device fingerprint, the device secret code using the device fingerprint and the root secret code, and send the device secret code to the user computing device. 9 . The method of claim 8 , wherein the user computing device is further configured to encrypt the device fingerprint using a public key retrieved from the root secret server, the root secret server is further configured to decrypt the fingerprint by the root secret server using a private key associated with the public key, and the public key and the private key form a pair of asymmetric keys. 10 . The method of claim 8 , wherein the root secret server is further configured to, before calculating the device secret code, validate the device fingerprint using a fingerprint validation service. 11 . The method of claim 8 , wherein the root secret server is further configured to, before sending the device secret code to the user computing device: encrypt the device secret code using a randomly generated key provided by the user computing device, and the method further comprises: decrypting, by the user computing device, the encrypted device secret code received from the root secret server using the randomly generated key, and storing the obtained device secret code on the user computing device, wherein the randomly generated key is a symmetric key. 12 . The method of claim 8 , further comprising: obtaining, by the backend server, a management key from the key management service; sending, by the back end server, a request for requesting the root secret code by the backend server to the root secret server, the request encrypted by the management key, wherein the root secret server is configured to obtain the management key from the key management service, decrypt the request using the management key, prepare a response having the root secret key and encrypted by the management key, and send the response to the backend server; and receiving, by the backend server, the response; and decrypting, by the backend server, the response using the management key to obtain the root secret code, wherein the management key is a symmetric key. 13 . The method of claim 8 , wherein the data key is a symmetric key, and wherein the encrypted data packet is coded by JavaScript Object Notation (JSON). 14 . A non-transitory computer readable medium storing computer executable code, wherein the computer executa
Assignees
Inventors
Classifications
- H04L9/3242Primary
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
involving random numbers or seeds · CPC title
- H04L9/0866Primary
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2020092090A1 cover?
- A method and system for encryption and decryption. The system includes a user computing device, a root secret server, and a backend server. The root secret server has a root secret code, and when receiving a fingerprint of the user computing device, calculates a device secret code for that device using the fingerprint. When sensitive data needs to be encrypted, the user computing device calcula…
- Who is the assignee on this patent?
- Beijing Jingdong Shangke Information Technology Co Ltd, Jd Com American Tech Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3242. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Mar 19 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).