US 11,784,799 B2
Secure distribution and management of cryptographic keys within a computing environment using distributed ledgers
Alexey Shpurov, Toronto (CA); Albert Louis Rothenstein, Toronto (CA); Adrian Chung-Hey Ma, Richmond Hill (CA); Buturab Rizvi, Vaughan (CA); Alexandra Tsourkis, Toronto (CA); and Francis James Alexander Guttridge, Vaughan (CA)
Assigned to The Toronto-Dominion Bank, Toronto (CA)
Filed by The Toronto-Dominion Bank, Toronto (CA)
Filed on Dec. 16, 2019, as Appl. No. 16/715,061.
Prior Publication US 2021/0184841 A1, Jun. 17, 2021
Int. Cl. H04L 9/08 (2006.01); H04L 9/32 (2006.01); G06Q 30/0226 (2023.01); H04L 9/30 (2006.01); H04L 9/00 (2022.01)
CPC H04L 9/0825 (2013.01) [G06Q 30/0226 (2013.01); H04L 9/30 (2013.01); H04L 9/321 (2013.01); H04L 9/3226 (2013.01); H04L 9/3247 (2013.01); H04L 9/3265 (2013.01); H04L 9/50 (2022.05)] 21 Claims
OG exemplary drawing
 
1. An apparatus, comprising:
a communications interface;
a memory storing instructions; and
at least one processor coupled to the communications interface and the memory, the at least one processor being configured to execute the instructions to:
receive, from a device via the communications interface, a registration request and a first digital signature applied to the registration request, the registration request being generated by an application program executed at the device and associated with the apparatus, the registration request comprising a public cryptographic key of the application program and a first digital token indicative of a prior authentication associated with the device, and the first digital token being associated with a predetermined geographic region;
validate the first digital signature based on at least on the public cryptographic key of the application program, and obtain a second digital token associated with at least one of a network address of the device or an application cryptogram of the application program;
validate the first digital token based on a determination that the predetermined geographic region includes a geographic location associated with the registration request;
based on the validation of the first digital token, based on a determination that the first digital token corresponds to the second digital token, and based on the validation of the first digital signature, approve the registration request and apply a second digital signature to the registration request and the first digital signature, the second digital signature being indicative of the approval of the registration request by the apparatus; and
transmit, via the communications interface, the registration request, the first digital signature, and the second digital signature to a computing system, the computing system performing operations that validate the first digital signature and the second digital signature, and based on the validation of the first and second digital signatures, performing operations that record the public cryptographic key of the application program within an element of a distributed ledger.