logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 12301704 B1

PDFFull Text
Date of Patent:
May. 13, 2025

Filed:

Dec. 08, 2021

Diversified protection of cryptographic keys using device identification

Applicant:

American Express Travel Related Services Company, Inc., New York, NY (US);

Inventors:

Hicham Lozi, Palo Alto, CA (US);

Rana Dasgupta, Scottsdale, AZ (US);

Ramgopal Malathkar, Phoenix, AZ (US);

Ajit Patra, Bangalore, IN;

Amit Kumar Atap, Bangalore, IN;

Abhijeet Dutta, Bengaluru, IN;

Neelanjana Dasgupta, Phoenix, AZ (US);

Ritwik Bhar, Chandannagar, IN;

Sharma L. Putrevu, Bangalore, IN;

Lei Ma, Phoenix, AZ (US);

Assignee:

American Express Travel Related Services Company, Inc., New York, NY (US);

Attorney:

Sterne, Kessler, Goldstein, & Fox, P.L.L.C.

Primary Examiner:

Sm A Rahman

Int. Cl.
CPC ...
H04L 9/08 (2006.01); H04L 9/14 (2006.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01);
U.S. Cl.
CPC ...
H04L 9/0822 (2013.01); H04L 9/0866 (2013.01); H04L 9/14 (2013.01); H04L 9/3226 (2013.01); H04L 63/0428 (2013.01);
Abstract

Disclosed herein are system, method, and computer program product embodiments for providing a diversified cryptographic Root of Trust for application instances installed on different user devices. After installing an application, a client device transmits, to a cryptography server, (1) an application identification corresponding to a key from an operating system key store on the client device and (2) a device identification specific to an instance of the application on the client device. The cryptography server uses this data to generate and transmit a unique device fingerprint to the client device. The client device then diversifies a white-box cryptography (WBC) library using the application identification, the device identification, and the device fingerprint. The diversified WBC library protects the storage of cryptographic keys obtained from the cryptography server. These keys protect sensitive data on the client device and sensitive data sent to the cryptography server and other application servers.

Find Patent Forward Citations

Loading…