US 12,289,409 B2
Privacy preserving identity data exchange based on hybrid encryption
Sunpreet Singh Arora, Union City, CA (US); Saikrishna Badrinarayanan, Fremont, CA (US); Srinivasan Raghuraman, Cambridge, MA (US); Kim Wagner, Sunnyvale, CA (US); and Gaven Watson, Palo Alto, CA (US)
Assigned to Visa International Service Association, San Francisco, CA (US)
Filed by Visa International Service Association, San Francisco, CA (US)
Filed on Mar. 11, 2024, as Appl. No. 18/601,742.
Application 18/601,742 is a continuation of application No. 18/264,684, granted, now 11,956,359, previously published as PCT/US2022/015949, filed on Feb. 10, 2022.
Claims priority of provisional application 63/149,125, filed on Feb. 12, 2021.
Prior Publication US 2024/0223365 A1, Jul. 4, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/14 (2006.01); H04L 9/06 (2006.01)
CPC H04L 9/14 (2013.01) [H04L 9/065 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
transmitting, by a relying party computer operated by a relying party to a processing network computer, a request for data associated with a user operating a user device, and a public encryption key associated with the relying party, wherein the processing network computer, generates a second symmetric key, encrypts the second symmetric key with the public encryption key associated with the relying party to form an encrypted second symmetric key, encrypts first encrypted data associated with the user with a second keystream to form first doubly encrypted data, wherein the second keystream is generated using a keystream generation function with the second symmetric key and a second nonce as input, wherein the first encrypted data associated with the user comprises plaintext data associated with the user, and wherein the plaintext data associated with the user is encrypted with a first keystream that is generated using the keystream generation function with a first symmetric key and a first nonce as input, transmits, to the user device, an encrypted first symmetric key, the first nonce, the first doubly encrypted data, and the public encryption key associated with the relying party, and receives, from the user device, an encrypted third symmetric key, a third nonce, and second doubly encrypted data, wherein the second doubly encrypted data was formed by encrypting second encrypted data associated with the user with a third keystream that is generated using the keystream generation function with a third symmetric key and the third nonce as input;
receiving, by the relying party computer from the processing network computer, the encrypted second symmetric key, the encrypted third symmetric key, the second nonce, the third nonce, and the second doubly encrypted data;
decrypting, by the relying party computer, the encrypted second symmetric key and the encrypted third symmetric key to obtain the second symmetric key and the third symmetric key; and
decrypting, by the relying party computer, the second doubly encrypted data using the second symmetric key, the second nonce, the third symmetric key, and the third nonce to obtain the plaintext data associated with the user.