Systems and methods to secure user identification
First Claim
Patent Images
1. A computer-implemented method, comprising:
- receiving, in a computing apparatus, a request from a user device, the request including a user identifier and user information provided by the user device, the user identifier configured to representing a user of the user device;
extracting, by the computing apparatus, a digital signature from the user identifier, the digital signature generated by a partner device separated from the user device and the computing apparatus;
generating, by the computing apparatus, a dataset based at least on the user information received in the request; and
verifying, by the computing apparatus, the dataset against the digital signature extracted from the user identifier, wherein the verifying of the dataset against the digital signature comprisescombining, by the computing apparatus, the dataset with a secret shared between the computing apparatus and the partner device to generate a combined dataset;
applying, by the computing apparatus, a cryptographic one-way hash function on the combined dataset to generate a hash result; and
comparing, by the computing apparatus, the hash result with the digital signature to determine whether the hash result matches with the digital signature; and
rejecting, by the computing apparatus, the request if the dataset fails verification against the digital signature.
1 Assignment
0 Petitions
Accused Products
Abstract
In one aspect, a computing apparatus is configured to verify a digital signature applied on a set of data received from a user device, including an user ID assigned by a partner system to uniquely identify a user of the user device among customers of the partner system, and a user device identifier identifying the user device. The digital signature is generated via applying a cryptographic one-way hash function on a combination of the set of data and a secret, shared between the computing apparatus and the partner system via a secure communication channel separate from a channel used to receive the set of data.
-
Citations
19 Claims
-
1. A computer-implemented method, comprising:
-
receiving, in a computing apparatus, a request from a user device, the request including a user identifier and user information provided by the user device, the user identifier configured to representing a user of the user device; extracting, by the computing apparatus, a digital signature from the user identifier, the digital signature generated by a partner device separated from the user device and the computing apparatus; generating, by the computing apparatus, a dataset based at least on the user information received in the request; and verifying, by the computing apparatus, the dataset against the digital signature extracted from the user identifier, wherein the verifying of the dataset against the digital signature comprises combining, by the computing apparatus, the dataset with a secret shared between the computing apparatus and the partner device to generate a combined dataset; applying, by the computing apparatus, a cryptographic one-way hash function on the combined dataset to generate a hash result; and comparing, by the computing apparatus, the hash result with the digital signature to determine whether the hash result matches with the digital signature; and rejecting, by the computing apparatus, the request if the dataset fails verification against the digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer storage medium storing instructions configured to instruct a user device to at least:
-
communicate with a first computing apparatus to exchange user information; prior to communicate with a second computing apparatus, request a user identifier from the first computing apparatus, wherein the user identifier includes a digital signature generated by the first computing apparatus; transmit a request to the second computing apparatus, the request including the user information and the user identifier, wherein the user identifier configured to representing a user of the user device, and the second computing apparatus is configured to determine whether or not to reject the request based on verifying a dataset generated based on the user information against the digital signature included in the user identifier, wherein the verifying of the dataset against the digital signature comprises combining the dataset with a secret shared between the second computing apparatus and the first computing apparatus to generate a combined dataset; applying a cryptographic one-way hash function on the combined dataset to generate a hash result; and comparing the hash result with the digital signature to determine whether the hash result matches with the digital signature. - View Dependent Claims (13, 14, 15)
-
-
16. A computing device, comprising:
-
a least one processor; a memory storing instructions configured to instruct the at least one processor to; authenticate a user of a user device; communicate with the user device to identify user information; forming a dataset including the user information; generate a digital signature on the dataset by using a secret to represent the computing device; generate a user identifier for the user using the digital signature; and provide the user identifier to the user device to represent the user; wherein the user device is configured to use the user identifier to identify the user in a communication with a separate computing apparatus separate from the user device and the computing device, the communication configured to provide the user information to the separate computing apparatus; and wherein the digital signature provided in the user identifier is usable by the separate computing apparatus to validate the user information provided in the communication by combining the dataset with the secret shared between the separate computing apparatus and the computing device to generate a combined dataset; applying a cryptographic one-way hash function on the combined dataset to generate a hash result; and comparing the hash result with the digital signature to determine whether the hash result matches with the digital signature. - View Dependent Claims (17, 18, 19)
-
Specification