Abstract: Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate an ephemeral key pair comprising an ephemeral public key and an ephemeral private key. The first computing device can generate a first shared secret using the ephemeral private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the ephemeral public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the ephemeral private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.

Abstract: Embodiments can provide methods for securely provisioning sensitive credential data, such as a limited use key (LUK) onto a user device. In some embodiments, the credential data can be encrypted using a separate storage protection key and decrypted only at the time of a transaction to generate a cryptogram for the transaction. Thus, end-to-end protection can be provided during the transit and storage of the credential data, limiting the exposure of the credential data only when the credential data is required, thereby reducing the risk of compromise of the credential data.

Abstract: Embodiments can provide methods for securely provisioning sensitive credential data, such as a limited use key (LUK) onto a user device. In some embodiments, the credential data can be encrypted using a separate storage protection key and decrypted only at the time of a transaction to generate a cryptogram for the transaction. Thus, end-to-end protection can be provided during the transit and storage of the credential data, limiting the exposure of the credential data only when the credential data is required, thereby reducing the risk of compromise of the credential data.

Abstract: Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. The user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key, which can be used to generate a cryptogram for conducting secure communications.

Abstract: Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device's public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.

Abstract: Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. The user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key, which can be used to generate a cryptogram for conducting secure communications.

Abstract: Embodiments of the invention can establish secure communications using a single non-traceable request message from a first computer and a single non-traceable response message from a second computer. Non-traceability may be provided through the use of blinding factors. The request and response messages can also include signatures that provide for non-repudiation. In addition, the encryption of the request and response message is not based on the static keys pairs, which are used for validation of the signatures. As such, perfect forward secrecy is maintained.

Abstract: Systems and methods are provided for confidential communication management. For example, a client computer can determine a client key pair comprising a client private key and a client public key. The client computer can further determine a protected server key identifier, identify a server public key associated with the protected server key identifier, and generating a shared secret using the server public key and the client private key. The client computer can further encrypt message data using the shared secret and sending, to a server computer, a message including the encrypted message data, the protected server key identifier, and the client public key. The protected server key identifier can be associated with the server computer and can be usable by the server computer to identify a server private key to be used in decrypting the encrypted message data.

Abstract: Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device's public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.

Abstract: Embodiments of the invention can establish secure communications using a single non-traceable request message from a first computer and a single non-traceable response message from a second computer. Non-traceability may be provided through the use of blinding factors. The request and response messages can also include signatures that provide for non-repudiation. In addition, the encryption of the request and response message is not based on the static keys pairs, which are used for validation of the signatures. As such, perfect forward secrecy is maintained.

Abstract: Techniques are provided to generate a secure communication for use in a transaction. In some embodiments, a user device is provided a first set of encryption keys associated with one or more authorizing entities. The user device may, prior to or during a transaction, receive one or more second encryption keys related to a second party to the transaction. In some embodiments, the one or more second encryption keys may be provided to the user device via a local communication means. Once the user device has been provided with transaction details, it may generate a transaction request using the multiple encryption keys that it has been provided, such that portions of the message are encrypted using different encryption keys.

Abstract: Systems and methods are provided for confidential communication management. For example, a client computer can determine a client key pair comprising a client private key and a client public key. The client computer can further determine a protected server key identifier, identify a server public key associated with the protected server key identifier, and generating a shared secret using the server public key and the client private key. The client computer can further encrypt message data using the shared secret and sending, to a server computer, a message including the encrypted message data, the protected server key identifier, and the client public key. The protected server key identifier can be associated with the server computer and can be usable by the server computer to identify a server private key to be used in decrypting the encrypted message data.

Abstract: Embodiments extend protocols for secure communication between two parties to allow a party to securely communicate with multiple parties using a single message. For example, the sending party can determine a unique shared secret for each recipient and encrypt data for a recipient using a session key generated from the corresponding shared secret. The encrypted data can be combined into a single message, and each recipient can decrypt only the subset of the message that it is authorized to.

Abstract: Embodiments of the invention can establish secure communications using a single non-traceable request message from a first computer and a single non-traceable response message from a second computer. Non-traceability may be provided through the use of blinding factors. The request and response messages can also include signatures that provide for non-repudiation. In addition, the encryption of the request and response message is not based on the static keys pairs, which are used for validation of the signatures. As such, perfect forward secrecy is maintained.

Abstract: Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device's public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.

Abstract: Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.

Abstract: Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device's public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.

Abstract: Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device's public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.

Abstract: Systems and methods are provided for confidential communication management. For example, a client computer can determine a client key pair comprising a client private key and a client public key. The client computer can further determine a protected server key identifier, identify a server public key associated with the protected server key identifier, and generating a shared secret using the server public key and the client private key. The client computer can further encrypt message data using the shared secret and sending, to a server computer, a message including the encrypted message data, the protected server key identifier, and the client public key. The protected server key identifier can be associated with the server computer and can be usable by the server computer to identify a server private key to be used in decrypting the encrypted message data.

Abstract: Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.