Hardware-based zero-knowledge strong authentication (H0KSA)

US 9,467,292 B2
Filed: 06/19/2015
Issued: 10/11/2016
Est. Priority Date: 05/29/2009
Status: Active Grant

First Claim

Patent Images

1. A user device configured to communicate with a verifying device that is distinct from the user device, the user device comprising:

a hardware security module (HSM) controlling access to a secret material stored within the HSM that-provides a basis for a zero-knowledge proof authentication of the user device over a communication channel that provides a chain of trust between the user device and the verifying device, with a mutual authentication between endpoints of each hop of the chain of trust; and

a tag configured to be readable by the verifying device to convey a tag identifier;

wherein the user device is configured to;

respond to the verifying device in the zero-knowledge proof authentication of the user device;

receive, after the user device completes the zero-knowledge proof authentication, the conveyed tag identifier from the verifying device via the communication channel; and

in response to determining that the received conveyed tag identifier matches a stored tag identifier stored within the HSM, communicate to the verifying device using the chain of trust that the received conveyed tag identifier is trusted as representing the identity of the user device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for a device to engage in a zero-knowledge proof with an entity requiring authentication either of secret material or of the device itself. The device may provide protection of the secret material or its private key for device authentication using a hardware security module (HSM) of the device, which may include, for example, a read-only memory (ROM) accessible or programmable only by the device manufacturer. In the case of authenticating the device itself a zero-knowledge proof of knowledge may be used. The zero-knowledge proof or zero-knowledge proof of knowledge may be conducted via a communication channel on which an end-to-end (e.g., the device at one end and entity requiring authentication at the other end) unbroken chain of trust is established, unbroken chain of trust referring to a communication channel for which endpoints of each link in the communication channel mutually authenticate each other prior to conducting the zero-knowledge proof of knowledge and for which each link of the communication channel is protected by at least one of hardware protection and encryption.

47 Citations

View as Search Results

20 Claims

1. A user device configured to communicate with a verifying device that is distinct from the user device, the user device comprising:
- a hardware security module (HSM) controlling access to a secret material stored within the HSM that-provides a basis for a zero-knowledge proof authentication of the user device over a communication channel that provides a chain of trust between the user device and the verifying device, with a mutual authentication between endpoints of each hop of the chain of trust; and
  
  a tag configured to be readable by the verifying device to convey a tag identifier;
  
  wherein the user device is configured to;
  
  respond to the verifying device in the zero-knowledge proof authentication of the user device;
  
  receive, after the user device completes the zero-knowledge proof authentication, the conveyed tag identifier from the verifying device via the communication channel; and
  
  in response to determining that the received conveyed tag identifier matches a stored tag identifier stored within the HSM, communicate to the verifying device using the chain of trust that the received conveyed tag identifier is trusted as representing the identity of the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The user device of claim 1, wherein:
    - the secret material is a private key material;
      
      the private key material is unique and resistant to forgery and to being guessed such that the private key material serves as an identity of the user device; and
      
      the private key material is a proof material for the zero-knowledge proof to authenticate the user device.
  - 3. The user device of claim 1, wherein:
    - the secret material is a private key material;
      
      the private key material is unique such that the private key material serves as an identity of the user device;
      
      the private key material is a proof material for the zero-knowledge proof to authenticate the user device; and
      
      the private key material remains private after the zero-knowledge proof authentication of the device is completed such that the private key material is not disclosed to the verifying device.
  - 4. The user device of claim 1, wherein:
    - the HSM includes a secure vault;
      
      the secret material is stored in the secure vault; and
      
      the secure vault provides hardware-based protection of the secret material.
  - 5. The user device of claim 1, wherein the HSM comprises at least one of a Trusted Platform Module (TPM), a Mobile Trusted Module (MTM), a secure element (SE), an embedded secure element (eSE), a secure memory card, a Secure Domain (SD) card, or a Trusted Flash memory.
  - 6. The user device of claim 1, wherein the communication channel is protected by encryption.
  - 7. The user device of claim 1, wherein the communication channel is hardware protected.
  - 8. The user device of claim 1, wherein:
    - the communication channel includes one or more communication hops, each hop having two endpoints, whereineach hop of the communication channel is protected; and
      
      the endpoints of each hop mutually authenticate each other such that the communication channel provides an end-to-end chain of trust from the user device to the verifying device.
  - 9. The user device of claim 1, further comprising a biometric device in response to an activation of which by a user, the user device is configured to initiate a request for the zero-knowledge proof authentication.

10. A method comprising:
- establishing a chain of trust over a communication channel between a user device having a tag, configured to be readable by a verifying device to convey a tag identifier, and the verifying device, with a mutual authentication between endpoints of each hop of the chain of trust;
  
  controlling access to a secret material in a hardware security module of the user device to provide a zero-knowledge proof authentication of the user device via the chain of trust;
  
  engaging with the verifying device in the zero-knowledge proof authentication of the user device;
  
  receiving, by the user device after the user device completes the zero-knowledge proof authentication, the conveyed tag identifier from the verifying device via the chain of trust; and
  
  in response to determining that the received tag identifier matches a stored tag identifier stored within the hardware security module, communicating by the user device to the verifying device via the chain of trust that the conveyed tag identifier is trusted as representing the identity of the user device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10, wherein the secret material serves to uniquely identify the user device.
  - 12. The method of claim 10, further comprising:
    - authenticating the user device using the secret material as proof material in a zero-knowledge proof wherein the secret material remains private after authentication of the user device.
  - 13. The method of claim 10, further comprising:
    - protecting the secret material by providing hardware protection including storing the secret material in a secure vault comprising a read-only memory (ROM).
  - 14. The method of claim 10, further comprising:
    - protecting the secret material by using a trusted agent to store the secret material in a secure vault.
  - 15. The method of claim 10, further comprising:
    - protecting the secret material by storing the secret material in at least one of a Trusted Platform Module (TPM), a Mobile Trusted Module (MTM), a secure element (SE), an embedded secure element (eSE), a secure memory card, a Secure Domain (SD) card, or a Trusted Flash memory.
  - 16. The method of claim 10, wherein establishing the chain of trust comprises protecting the communication channel by encryption.
  - 17. The method of claim 10, wherein establishing the chain of trust comprises providing hardware protection for the communication channel.
  - 18. The method of claim 10, wherein:
    - the communication channel includes one or more communication hops, each hop having two endpoints; and
      
      establishing the chain of trust further comprises;
      
      protecting each hop of the communication channel; and
      
      mutually authenticating each other by the endpoints of each hop to establish an end-to-end chain of trust.
  - 19. The method of claim 10, further comprising:
    - establishing an end-to-end chain of trust over the communication channel, wherein;
      
      the communication channel has two endpoints, the hardware security module being at a first endpoint and the verifying device being at a second endpoint; and
      
      an unbroken chain of trust is established between the first endpoint and the second endpoint of the communication channel.

20. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising:
- establishing a chain of trust over a communication channel between a user device having a tag, configured to be readable by a verifying device to convey a tag identifier, and the verifying device, with a mutual authentication between endpoints of each hop of the chain of trust;
  
  controlling access to a secret material in a hardware security module of the user device to provide a zero-knowledge proof authentication of the user device via the chain of trust;
  
  responding to the verifying device in the zero-knowledge proof authentication of the user device;
  
  receiving, by the user device after the user device completes the zero-knowledge proof authentication, the conveyed tag identifier from the verifying device via the chain of trust; and
  
  in response to determining that the received tag identifier matches a stored tag identifier stored within the hardware security module, communicating by the user device to the verifying device that the conveyed tag identifier is trusted as representing the identity of the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Nahari, Hadi
Primary Examiner(s)
Edwards, Linglan
Assistant Examiner(s)
BECHTEL, KEVIN M

Application Number

US14/745,314
Publication Number

US 20150288521A1
Time in Patent Office

480 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0853   using an additional device,...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

Hardware-based zero-knowledge strong authentication (H0KSA)

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware-based zero-knowledge strong authentication (H0KSA)

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links