CPC H04L 9/3226 (2013.01) [G06Q 20/027 (2013.01); G06Q 20/108 (2013.01); G06Q 20/202 (2013.01); G06Q 20/206 (2013.01); G06Q 20/385 (2013.01); G06Q 20/3823 (2013.01); G06Q 20/3829 (2013.01); G06Q 20/4012 (2013.01); H04L 9/0819 (2013.01); H04L 9/0869 (2013.01); H04L 9/30 (2013.01); H04L 63/0471 (2013.01); H04L 2209/56 (2013.01)] | 9 Claims |
1. A computer-implemented method for verifying a user identity based on encryption and re-encryption of a transaction message, comprising:
generating, with a payment network, a first value (a) and a second value (ga), the second value (ga) generated based on the first value (a) and a generator value (g);
generating, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks;
determining, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (mi) for the respective plurality of merchant banks, wherein the merchant product (M) comprises a result of multiplication of the plurality of random merchant numbers (mi);
generating, with the payment network, a public key (pki) based on the second value (ga), the merchant product (M), and the random merchant number (mi) and a random key (rki) based on the merchant product (M) and the random merchant number (mi) for each respective merchant bank of the plurality of merchant banks;
communicating, with the payment network, the public key (pki) and the random key (rki) to at least one respective merchant bank of the plurality of merchant banks;
generating, with the at least one respective merchant bank of the plurality of merchant banks, a plurality of random payment gateway numbers (pi) for a respective plurality of payment gateways;
generating, with the at least one respective merchant bank of the plurality of merchant banks, a payment gateway public key based on the second value (ga), the merchant product (M), and the random payment gateway number (pi) and a payment gateway random key based on the random payment gateway number (pi) for each respective payment gateway of the plurality of payment gateways;
generating, with the at least one respective merchant bank of the plurality of merchant banks, a plurality of terminal numbers (ti) for a respective plurality of point-of-sale (POS) terminals;
generating, with the at least one respective merchant bank of the plurality of merchant banks, a terminal public key based on the second value (ga), the merchant product (M), the random payment gateway number (pi), and the terminal number (ti) and a terminal random key based on the random payment gateway number (pi) and the terminal number (ti) for each respective POS terminal of the plurality of POS terminals;
generating, with at least one POS terminal, a random number (r) for a transaction message (m) associated with a transaction, wherein the transaction message (m) contains sensitive data, and wherein the sensitive data comprises an identification number associated with a user;
generating, with the at least one POS terminal, a first ciphertext associated with the transaction, the first ciphertext comprising:
i) a first ciphertext value associated with the transaction message (m), the first ciphertext value encrypted based on the random number (r), a generator value (g), and the transaction message (m); and
ii) a second ciphertext value associated with the random number (r), the second ciphertext value encrypted based on the random number (r), and the terminal public key;
communicating, with the at least one POS terminal, the first ciphertext to at least one payment gateway;
re-encrypting, with the at least one payment gateway, the second ciphertext value based on the terminal random key to transform the second ciphertext value to a re-encrypted second ciphertext value based on the second value (ga), the merchant product (M), and the random number (r);
communicating, with the at least one payment gateway, the re-encrypted second ciphertext value and the first ciphertext value to the at least one respective merchant bank of the plurality of merchant banks;
re-encrypting, with the at least one respective merchant bank of the plurality of merchant banks, the re-encrypted second ciphertext value to transform the re-encrypted second ciphertext value to a second re-encrypted second ciphertext value;
communicating, with the at least one merchant bank, the second re-encrypted second ciphertext value and the first ciphertext value to the payment network;
decrypting, with the payment network, the first ciphertext value to form the transaction message (m) based on the second re-encrypted second ciphertext value, the merchant product (M), the random merchant number (mi), and the first ciphertext value;
communicating, with the payment network, the transaction message (m) associated with the transaction to a consumer bank;
verifying, with the consumer bank, the identification number associated with the user; and
in response to verifying the identification number, authorizing, with the consumer bank, the transaction.
|