Search

US-12621274-B2 - Secure encryption using tokenized data

US12621274B2US 12621274 B2US12621274 B2US 12621274B2US-12621274-B2

Abstract

In some implementations, a device may receive a request for cryptographic transmission of payload data. The device may obtain the payload data for encryption. The device may encrypt the payload data, to generate encrypted payload data, using a first encryption key, wherein the first encryption key is configured such that the encrypted payload data is decryptable using a second encryption key that corresponds to the first encryption key. The device may generate tokenized data. The device may combine, using a combining algorithm of a set of combining algorithms, the encrypted payload data and the tokenized data to generate combined data, wherein the combined data is not directly decryptable using the second encryption key. The device may provide the combined data and an indicator of the combining algorithm as a response to the request.

Inventors

  • Srinivasan Rangaraj

Assignees

  • CAPITAL ONE SERVICES, LLC

Dates

Publication Date
20260505
Application Date
20231020

Claims (20)

  1. 1 . A system for cryptographic communication, the system comprising: one or more memories; and one or more processors, communicatively coupled to the one or more memories, configured to: receive payload data for encryption; encrypt the payload data, to generate encrypted payload data, using a first encryption key, wherein the first encryption key is configured such that the encrypted payload data is decryptable using a second encryption key that corresponds to the first encryption key; generate tokenized data; combine, using a combining algorithm, the encrypted payload data and the tokenized data to generate combined data, wherein the combined data is not directly decryptable using the second encryption key; output the combined data and an indicator of the combining algorithm; receive a request to decrypt the combined data; identify, based on receiving the request to decrypt the combined data, the combining algorithm based on the indicator of the combining algorithm; remove, based on identifying the combining algorithm, the tokenized data from the combined data, wherein the encrypted payload data is recovered based on removing the tokenized data from the combined data; and decrypt the encrypted payload data, to recover the payload data, using the second encryption key based on recovery of the encrypted payload data from the combined data; perform a checksum using the removed tokenized data; and verify the payload data using the checksum.
  2. 2 . The system of claim 1 , wherein the one or more processors are further configured to: append the indicator of the combining algorithm to the combined data to generate output data; and wherein the one or more processors, when configured to output the combined data, are configured to: output the output data.
  3. 3 . The system of claim 1 , wherein the one or more processors, when configured to output the combined data, are configured to: transmit the combined data to a reception system.
  4. 4 . The system of claim 3 , wherein the combined data is conveyed to the reception system via a secured communication channel or an unsecured communication channel.
  5. 5 . The system of claim 1 , wherein the one or more processors, when configured to output the combined data, are configured to: store the combined data in a data structure.
  6. 6 . The system of claim 5 , wherein the combined data is stored via a secure element or an unsecured element associated with the data structure.
  7. 7 . A method of cryptographic communication, comprising: receiving, by a device, a request for cryptographic transmission of payload data; obtaining, by the device, the payload data for encryption; encrypting, by the device, the payload data, to generate encrypted payload data, using a first encryption key, wherein the first encryption key is configured such that the encrypted payload data is decryptable using a second encryption key that corresponds to the first encryption key; generating, by the device, tokenized data; combining, by the device and using a combining algorithm of a set of combining algorithms, the encrypted payload data and the tokenized data to generate combined data, wherein the combined data is not directly decryptable using the second encryption key; and providing, by the device, the combined data and an indicator of the combining algorithm as a response to the request, receiving, by the device, a request to decrypt the combined data; identifying, by the device and based on receiving the request to decrypt the combined data, the combining algorithm based on the indicator of the combining algorithm; removing, by the device and based on identifying the combining algorithm, the tokenized data from the combined data, wherein the encrypted payload data is recovered based on removing the tokenized data from the combined data; and decrypting, by the device, the encrypted payload data, to recover the payload data, using the second encryption key based on recovery of the encrypted payload data from the combined data; performing, by the device, a checksum using the removed tokenized data; and verifying, by the device, the payload data using the checksum.
  8. 8 . The method of claim 7 , further comprising: selecting the combining algorithm from the set of combining algorithms based on a characteristic of the payload data.
  9. 9 . The method of claim 7 , wherein generating the tokenized data comprises: encrypting the payload data using a third encryption key to generate the tokenized data.
  10. 10 . The method of claim 8 , wherein combining the encrypted payload data with the tokenized data comprises: dividing the tokenized data into a set of chunks based on the combining algorithm; and interleaving the set of chunks with the encrypted payload data.
  11. 11 . The method of claim 7 , further comprising: obtaining a random generation algorithm seed; and generating at least one parameter of the combining algorithm using a random generation algorithm with the random generation algorithm seed applied.
  12. 12 . The method of claim 7 , wherein the first encryption key is a public key and the second encryption key is a corresponding private key.
  13. 13 . The method of claim 7 , wherein outputting the combined data and the indicator of the combining algorithm comprises: outputting the combined data via a first channel; and outputting the indicator of the combining algorithm via a second channel that is different from the first channel.
  14. 14 . A non-transitory computer-readable medium storing a set of instructions, the set of instructions comprising: one or more instructions that, when executed by one or more processors of a device, cause the device to: receive payload data for encryption; encrypt the payload data, to generate encrypted payload data, using a first encryption key, wherein the first encryption key is configured such that the encrypted payload data is decryptable using a second encryption key that corresponds to the first encryption key; encrypt the payload data, to generate tokenized data, using a random encryption key, the random encryption key being different from the first encryption key; combine, using a combining algorithm, the encrypted payload data and the tokenized data to generate combined data, wherein the combined data is not directly decryptable using the second encryption key; output the combined data via a first message; output an indicator of the combining algorithm via a second message; receive a request to decrypt the combined data; identify, based on receiving the request to decrypt the combined data, the combining algorithm based on the indicator of the combining algorithm; remove, based on identifying the combining algorithm, the tokenized data from the combined data, wherein the encrypted payload data is recovered based on removing the tokenized data from the combined data; and decrypt the encrypted payload data, to recover the payload data, using the second encryption key based on recovery of the encrypted payload data from the combined data; perform a checksum using the removed tokenized data; and verify the payload data using the checksum.
  15. 15 . The non-transitory computer-readable medium of claim 14 , wherein the first message is associated with a first path of a first one or more hops and the second message is associated with a second path of a second one or more hops, the first one or more hops having at least one hop that does not overlap with the second one or more hops.
  16. 16 . The non-transitory computer-readable medium of claim 14 , wherein the one or more instructions, when executed by the one or more processors, cause the device to: selecting the combining algorithm from a set of combining algorithms based on a hash of the payload data.
  17. 17 . The system of claim 1 , wherein the combining algorithm is selected from a set of combining algorithms based on a characteristic of the payload data.
  18. 18 . The system of claim 1 , wherein the one or more processors, when combining the encrypted payload data with the tokenized data, are configured to: divide the tokenized data into a set of chunks based on the combining algorithm; and interleave the set of chunks with the encrypted payload data.
  19. 19 . The non-transitory computer-readable medium of claim 14 , wherein the combining algorithm is selected from a set of combining algorithms based on a characteristic of the payload data.
  20. 20 . A computer-readable medium of claim 14 , wherein the one or more instructions, to combine the encrypted payload data with the tokenized data, cause the device to: divide the tokenized data into a set of chunks based on the combining algorithm; and interleave the set of chunks with the encrypted payload data.

Description

BACKGROUND A variety of private information (e.g., security credentials, personal information, health information, or financial information) is exchanged over computer networks (e.g., the Internet) by entities, and is susceptible to theft. Thus, various security techniques are utilized to protect the private information that is exchanged over the computer networks. SUMMARY Some implementations described herein relate to a system for cryptographic communication. The system may include one or more memories and one or more processors communicatively coupled to the one or more memories. The one or more processors may be configured to receive payload data for encryption. The one or more processors may be configured to encrypt the payload data, to generate encrypted payload data, using a first encryption key, wherein the first encryption key is configured such that the encrypted payload data is decryptable using a second encryption key that corresponds to the first encryption key. The one or more processors may be configured to generate tokenized data. The one or more processors may be configured to combine, using a combining algorithm, the encrypted payload data and the tokenized data to generate combined data, wherein the combined data is not directly decryptable using the second encryption key. The one or more processors may be configured to output the combined data and an indicator of the combining algorithm. Some implementations described herein relate to a method of cryptographic communication. The method may include receiving, by a device, a request for cryptographic transmission of payload data. The method may include obtaining, by the device, the payload data for encryption. The method may include encrypting, by the device, the payload data, to generate encrypted payload data, using a first encryption key, wherein the first encryption key is configured such that the encrypted payload data is decryptable using a second encryption key that corresponds to the first encryption key. The method may include generating, by the device, tokenized data. The method may include combining, by the device and using a combining algorithm of a set of combining algorithms, the encrypted payload data and the tokenized data to generate combined data, wherein the combined data is not directly decryptable using the second encryption key. The method may include providing, by the device, the combined data and an indicator of the combining algorithm as a response to the request. Some implementations described herein relate to a non-transitory computer-readable medium that stores a set of instructions. The set of instructions, when executed by one or more processors of a device, may cause the device to receive payload data for encryption. The set of instructions, when executed by one or more processors of the device, may cause the device to encrypt the payload data, to generate encrypted payload data, using a first encryption key, wherein the first encryption key is configured such that the encrypted payload data is decryptable using a second encryption key that corresponds to the first encryption key. The set of instructions, when executed by one or more processors of the device, may cause the device to encrypt the payload data, to generate tokenized data, using a random encryption key, the random encryption key being different from the first encryption key. The set of instructions, when executed by one or more processors of the device, may cause the device to combine, using a combining algorithm, the encrypted payload data and the tokenized data to generate combined data, wherein the combined data is not directly decryptable using the second encryption key. The set of instructions, when executed by one or more processors of the device, may cause the device to output the combined data via a first message. The set of instructions, when executed by one or more processors of the device, may cause the device to output an indicator of the combining algorithm via a second message. BRIEF DESCRIPTION OF THE DRAWINGS FIGS. 1A-1C are diagrams of an example implementation associated with secure encryption using tokenized data, in accordance with some embodiments of the present disclosure. FIG. 2 is a diagram of an example environment in which systems and/or methods described herein may be implemented, in accordance with some embodiments of the present disclosure. FIG. 3 is a diagram of example components of a device associated with secure encryption using tokenized data, in accordance with some embodiments of the present disclosure. FIG. 4 is a flowchart of an example process associated with secure encryption using tokenized data, in accordance with some embodiments of the present disclosure. DETAILED DESCRIPTION The following detailed description of example implementations refers to the accompanying drawings. The same reference numbers in different drawings may identify the same or similar elements. A variety of encryption and decryption t