Processing

Please wait...

Settings

Settings

Goto Application

1. WO2017083071 - METHODS AND SYSTEMS FOR PKI-BASED AUTHENTICATION

Publication Number WO/2017/083071
Publication Date 18.05.2017
International Application No. PCT/US2016/057744
International Filing Date 19.10.2016
IPC
H04L 9/32 2006.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system
H04L 9/06 2006.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
06the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
CPC
H04L 2209/56
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
2209Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
56Financial cryptography, e.g. electronic payment or e-cash
H04L 2209/76
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
2209Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
76Proxy, i.e. using intermediary entity to perform cryptographic operations
H04L 63/0209
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
H04L 63/0218
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
0218Distributed architectures, e.g. distributed firewalls
H04L 63/0428
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
04for providing a confidential data exchange among entities communicating through data packet networks
0428wherein the data content is protected, e.g. by encrypting or encapsulating the payload
H04L 63/06
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
06for supporting key management in a packet data network
Applicants
  • VISA INTERNATIONAL SERVICE ASSOCIATION [US]/[US]
Inventors
  • XU, Minghua
  • TREVINO, Jose
  • HAO, Ying
Agents
  • RACZKOWSKI, David B.
  • JEWIK, Patrick R.
  • MATHISON, Mark P.
  • BOUQUET, Bert E.
  • DAVIS, Christopher R.
Priority Data
14/941,36413.11.2015US
Publication Language English (en)
Filing Language English (EN)
Designated States
Title
(EN) METHODS AND SYSTEMS FOR PKI-BASED AUTHENTICATION
(FR) PROCÉDÉS ET SYSTÈMES D’AUTHENTIFICATION À BASE D’ICP
Abstract
(EN) Methods, systems, and devices are provided for authenticating API messages using PK1- based authentication techniques. A client system can generate a private/public key pair associated with the client system and sign an API message using the private key of the private/public key pair and a PKI-based cryptographic algorithm, before sending the signed API message to a server system. The server system (e.g., operated by a service provider) can authenticate the incoming signed API message using a proxy authenticator located in less trusted zone (e.g., a perimeter network) of the server system. In particular, the proxy authenticator can be configured to v erify the signature of the signed API message using the public key corresponding to the private key and the same cryptographic algorithm.. The authenticated API message can then be forwarded to a more trusted zone (e.g., an internal network) of the server system for further processing.
(FR) L’invention concerne des procédés, des systèmes, et des dispositifs d’authentification de messages API au moyen de techniques d’authentification à base d’ICP. Un système client peut générer une paire de clés privée/publique associée au système client et signer un message API au moyen de la clé privée de la paire de clés privée/publique et d’un algorithme cryptographique à base d’ICP, avant d’envoyer le message API signé à un système serveur. Le système serveur (par ex. exploité par un prestataire de service) peut authentifier le message API signé entrant au moyen d’un authentificateur mandataire situé dans une zone moins sécurisée (par ex., un réseau de périmètre) du système serveur. En particulier, l’authentificateur mandataire peut être configuré pour vérifier la signature du message API au moyen de la clé publique correspondant à la clé privée et du même algorithme cryptographique. Le message API authentifié peut alors être transféré à une zone plus sécurisée (par ex., un réseau interne) du système serveur pour continuer le traitement.
Related patent documents
SG11201802678UThis application is not viewable in PATENTSCOPE because the national phase entry has not been published yet or the national entry is issued from a country that does not share data with WIPO or there is a formatting issue or an unavailability of the application.
Latest bibliographic data on file with the International Bureau