Abstract: A method for performing a key recovery process is disclosed. The method comprises entering, in a user device, a user identifier unique to a user. The user device may then obscure the user identifier to form an obscured user identifier. The user device may then transmit the obscured user identifier to a first and second entity computer. The method may then include the first entity computer generating a first output using the obscured user identifier and a first share, and the second entity computer generates a second output using the obscured user identifier and a second share. As a response to transmitting the obscured identifier, the user device may receive the first output from the first entity computer and the second output from the second entity computer. The user device may then generate a secret key after processing the first output and the second output, completing the key recovery process.

Abstract: A method is disclosed. The method includes generating, by a first user device in association with a second user device, a second secret key on the second user device. The second secret key is derived from a first secret held by the first user device. The method includes generating a first commitment, transmitting., to the second user device, the first commitment, receiving, from the second user device, a second commitment, receiving, from the second user device, a random value and a ciphertext. The ciphertext is generated using the first commitment, the second commitment, and the random value. The method also includes verifying the ciphertext, and in response to verifying the ciphertext, modifying a group to include the second user device.

Abstract: Methods and systems for gateway agnostic tokenization are disclosed. Gateway agnostic tokenization enables a resource provider to quickly, safely, and efficiently route a token for authorization via any appropriate gateway computer. As part of an interaction with a user, a resource provider can transmit a token to an edge computer. The edge computer can then forward the token to a gateway computer. The gateway computer can identify a data item comprising two ciphertexts associated with the token. The edge computer and gateway computer can collectively decrypt the two ciphertexts to obtain a credential. The gateway computer can then forward the credential to an authorizing entity computer. The authorizing entity computer can then determine whether or not to authorize the interaction.

Abstract: Embodiments can perform efficient OT (oblivious transfer) protocols to efficiently establish OT correlations that could be used for an MPC protocol. The present embodiments relate to a non-interactive OT (NIOT) protocol using a key encapsulation mechanism (KEM). Two OT protocols are non-interactive OTs, in which a sender generates private, public key pair (pk, sk) that is independent of its input or generated OT correlations. The two OT protocols use a cryptographic hash function and a one-way secure dense key encapsulation mechanism (KEM).

Abstract: Methods and systems for gateway agnostic tokenization are disclosed. Gateway agnostic tokenization enables a resource provider to quickly, safely, and efficiently route a token for authorization via any appropriate gateway computer. As part of an interaction with a user, a resource provider can transmit a token to an edge computer. The edge computer can then forward the token to a gateway computer. The gateway computer can identify a data item comprising two ciphertexts associated with the token. The edge computer and gateway computer can collectively decrypt the two ciphertexts to obtain a credential. The gateway computer can then forward the credential to an authorizing entity computer. The authorizing entity computer can then determine whether or not to authorize the interaction.

Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.

Abstract: Embodiments are directed to methods and systems for crypto-agile encryption and decryption. A computer system can possess a protocol file that identifies one or more cryptographic software modules. Using these cryptographic software modules, the computer system can generate a plurality of shared secrets and a session key, then use the session key to encrypt a message. The message can be sent to a server computer that can subsequently decrypt the message. At a later time, the protocol file can be updated to identify a different set of cryptographic software modules, which can be used to encrypt messages. Further, the server computer can transmit additional cryptographic software modules to the computer system, enabling the computer system to use those cryptographic software modules to generate cryptographic keys. As such, the cryptographic protocol file can be changed in response to changes in the cryptographic needs of the computer system.

Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.

Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.

Abstract: Methods and systems for gateway agnostic tokenization are disclosed. Gateway agnostic tokenization enables a resource provider to quickly, safely, and efficiently route a token for authorization via any appropriate gateway computer. As part of an interaction with a user, a resource provider can transmit a token to an edge computer. The edge computer can then forward the token to a gateway computer. The gateway computer can identify a data item comprising two ciphertexts associated with the token. The edge computer and gateway computer can collectively decrypt the two ciphertexts to obtain a credential. The gateway computer can then forward the credential to an authorizing entity computer. The authorizing entity computer can then determine whether or not to authorize the interaction.

Abstract: Blinding techniques can be used to obfuscate or otherwise modify a quantum-secure public key (and the corresponding private, or secret, key) such as a lattice-based public key. Blinding of a public key can include selecting a blinding parameter, which can be a vector or matrix, and applying the blinding parameter to the public key. A corresponding modification can be applied to the private key such that data encrypted using the blinded public key can be decrypted using the blinded public key. When a device needs to send a public key in the clear, e.g., in the course of establishing a secure communication session, the device can generate a blinded public key from its static public key and send the blinded key instead of the static public key.

Abstract: Systems, methods, and computer readable media are provided for improving the usability of a cryptogram generated in a first cryptographic protocol such as triple-DES. The methods may generate a first cryptogram using a first identifier in a first cryptographic protocol, stored in a key store within an insecure memory of the mobile communication device, generate, within a secure memory of the mobile communication device, a second cryptogram using a second identifier in a second cryptographic protocol, stored in the secure memory, combining, the first cryptogram and a number of characters of the second cryptogram equal to the length of the first cryptogram to generate a third cryptogram and transmitting the third cryptogram to an payment processing network to validate a transaction. A transaction associated with the third cryptogram may be validated by an authorization entity or an issue entity.