公开(公告)号：US20170134168A1

公开(公告)日：2017-05-11

申请号：US15283861

申请日：2016-10-03

Applicant: The Toronto-Dominion Bank

Inventor： Jonathan K. Barnett ,  Roy D'Souza ,  John Jong Suk Lee ,  Christopher Arthur Holland McAlpine ,  Aleksandar Roskic ,  Douglas Edward William Watson ,  Zheng Xi ,  Shannon Rose Yeoman

IPC: H04L9/32 ,  H04L9/14 ,  H04L9/08

Abstract: A message processing server includes a memory and a message processor. The message processor is configured to receive first data; save an identifier in association with a first-layer access restriction indicator and a first key, generate a first encrypted layer by encrypting the first data with the first key, and generate a token from the identifier and the first encrypted layer; receive second data and the token; recover the identifier and the first encrypted layer from the token; confirm that the identifier was saved in the memory in association with the first indicator; save the identifier in association with a second-layer access restriction indicator and a second key, generate a second encrypted layer by encrypting the first encrypted layer and the second data with the second key, and regenerate the token from the identifier and the second encrypted layer.

公开(公告)号：US11120439B2

公开(公告)日：2021-09-14

申请号：US16725361

申请日：2019-12-23

Applicant: The Toronto-Dominion Bank

Inventor： Jonathan K. Barnett ,  Roy D'Souza ,  John Jong Suk Lee ,  Christopher Arthur Holland McAlpine ,  Aleksandar Roskic ,  Douglas Edward William Watson ,  Zheng Xi ,  Shannon Rose Yeoman

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  G06Q20/38 ,  G06Q20/28 ,  G06Q20/40 ,  H04L9/14 ,  H04L9/30

Abstract: A server includes a memory and a message processor. The memory stores a data record that includes a credential stored in association with an access restriction indicator, and further includes a cryptographic key. The processor is configured to receive from a network device an access request that includes the credential and a token. The token includes a first data layer and a second data layer that incorporates the first data layer and is encrypted with the cryptographic key. The processor is configured to determine that, prior to the access request, the credential was stored in the data record in association with the access restriction indicator; recover the first data layer from the token by (i) locating the cryptographic key in the data record, and (ii) decrypting the second encrypted data layer with the cryptographic key. The processor is configured to provide the network device with the first data layer.

公开(公告)号：US10552831B2

公开(公告)日：2020-02-04

申请号：US15283861

申请日：2016-10-03

Applicant: The Toronto-Dominion Bank

Inventor： Jonathan K. Barnett ,  Roy D'Souza ,  John Jong Suk Lee ,  Christopher Arthur Holland McAlpine ,  Aleksandar Roskic ,  Douglas Edward William Watson ,  Zheng Xi ,  Shannon Rose Yeoman

IPC: H04L9/32 ,  G06Q20/38 ,  G06Q20/40 ,  H04L9/14 ,  H04L9/30 ,  H04L9/08

Abstract: A message processing server includes a memory and a message processor. The message processor is configured to receive first data; save an identifier in association with a first-layer access restriction indicator and a first key, generate a first encrypted layer by encrypting the first data with the first key, and generate a token from the identifier and the first encrypted layer; receive second data and the token; recover the identifier and the first encrypted layer from the token; confirm that the identifier was saved in the memory in association with the first indicator; save the identifier in association with a second-layer access restriction indicator and a second key, generate a second encrypted layer by encrypting the first encrypted layer and the second data with the second key, and regenerate the token from the identifier and the second encrypted layer.