	US 11,736,295 B2
	Method, system, and computer program product for network bound proxy re-encryption and PIN translation
Sivanarayana Gaddam, Santa Clara, CA (US); Gaven James Watson, Palo Alto, CA (US); Rohit Sinha, Fremont, CA (US); and Pratyay Mukherjee, Sunnyvale, CA (US)
Assigned to Visa International Service Association, San Francisco, CA (US)
Appl. No. 17/421,608
Filed by VISA INTERNATIONAL SERVICE ASSOCIATION, San Francisco, CA (US)
PCT Filed Jan. 9, 2020, PCT No. PCT/US2020/012891 § 371(c)(1), (2) Date Jul. 8, 2021, PCT Pub. No. WO2020/146602, PCT Pub. Date Jul. 16, 2020.
Claims priority of provisional application 62/929,344, filed on Nov. 1, 2019.
Claims priority of provisional application 62/790,163, filed on Jan. 9, 2019.
Prior Publication US 2022/0044233 A1, Feb. 10, 2022
Int. Cl. G06Q 20/38 (2012.01); H04L 9/32 (2006.01); G06Q 20/02 (2012.01); G06Q 20/10 (2012.01); G06Q 20/20 (2012.01); G06Q 20/40 (2012.01); H04L 9/08 (2006.01); H04L 9/30 (2006.01); H04L 9/40 (2022.01)

CPC H04L 9/3226 (2013.01) [G06Q 20/027 (2013.01); G06Q 20/108 (2013.01); G06Q 20/202 (2013.01); G06Q 20/206 (2013.01); G06Q 20/385 (2013.01); G06Q 20/3823 (2013.01); G06Q 20/3829 (2013.01); G06Q 20/4012 (2013.01); H04L 9/0819 (2013.01); H04L 9/0869 (2013.01); H04L 9/30 (2013.01); H04L 63/0471 (2013.01); H04L 2209/56 (2013.01)]

9 Claims

1. A computer-implemented method for verifying a user identity based on encryption and re-encryption of a transaction message, comprising:

generating, with a payment network, a first value (a) and a second value (g^a), the second value (g^a) generated based on the first value (a) and a generator value (g);

generating, with the payment network, a plurality of random merchant numbers (m_i) for a respective plurality of merchant banks;

determining, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (m_i) for the respective plurality of merchant banks, wherein the merchant product (M) comprises a result of multiplication of the plurality of random merchant numbers (m_i);

generating, with the payment network, a public key (pk_i) based on the second value (g^a), the merchant product (M), and the random merchant number (m_i) and a random key (rk_i) based on the merchant product (M) and the random merchant number (m_i) for each respective merchant bank of the plurality of merchant banks;

communicating, with the payment network, the public key (pk_i) and the random key (rk_i) to at least one respective merchant bank of the plurality of merchant banks;

generating, with the at least one respective merchant bank of the plurality of merchant banks, a plurality of random payment gateway numbers (p_i) for a respective plurality of payment gateways;

generating, with the at least one respective merchant bank of the plurality of merchant banks, a payment gateway public key based on the second value (g^a), the merchant product (M), and the random payment gateway number (p_i) and a payment gateway random key based on the random payment gateway number (p_i) for each respective payment gateway of the plurality of payment gateways;

generating, with the at least one respective merchant bank of the plurality of merchant banks, a plurality of terminal numbers (t_i) for a respective plurality of point-of-sale (POS) terminals;

generating, with the at least one respective merchant bank of the plurality of merchant banks, a terminal public key based on the second value (g^a), the merchant product (M), the random payment gateway number (p_i), and the terminal number (t_i) and a terminal random key based on the random payment gateway number (p_i) and the terminal number (t_i) for each respective POS terminal of the plurality of POS terminals;

generating, with at least one POS terminal, a random number (r) for a transaction message (m) associated with a transaction, wherein the transaction message (m) contains sensitive data, and wherein the sensitive data comprises an identification number associated with a user;

generating, with the at least one POS terminal, a first ciphertext associated with the transaction, the first ciphertext comprising:

i) a first ciphertext value associated with the transaction message (m), the first ciphertext value encrypted based on the random number (r), a generator value (g), and the transaction message (m); and

ii) a second ciphertext value associated with the random number (r), the second ciphertext value encrypted based on the random number (r), and the terminal public key;

communicating, with the at least one POS terminal, the first ciphertext to at least one payment gateway;

re-encrypting, with the at least one payment gateway, the second ciphertext value based on the terminal random key to transform the second ciphertext value to a re-encrypted second ciphertext value based on the second value (g^a), the merchant product (M), and the random number (r);

communicating, with the at least one payment gateway, the re-encrypted second ciphertext value and the first ciphertext value to the at least one respective merchant bank of the plurality of merchant banks;

re-encrypting, with the at least one respective merchant bank of the plurality of merchant banks, the re-encrypted second ciphertext value to transform the re-encrypted second ciphertext value to a second re-encrypted second ciphertext value;

communicating, with the at least one merchant bank, the second re-encrypted second ciphertext value and the first ciphertext value to the payment network;

decrypting, with the payment network, the first ciphertext value to form the transaction message (m) based on the second re-encrypted second ciphertext value, the merchant product (M), the random merchant number (m_i), and the first ciphertext value;

communicating, with the payment network, the transaction message (m) associated with the transaction to a consumer bank;

verifying, with the consumer bank, the identification number associated with the user; and

in response to verifying the identification number, authorizing, with the consumer bank, the transaction.