Hardware-based zero-knowledge strong authentication (H0KSA)
First Claim
1. A user device configured to communicate with a verifying device that is distinct from the user device, the user device comprising:
- a hardware security module (HSM) controlling access to a secret material stored within the HSM that-provides a basis for a zero-knowledge proof authentication of the user device over a communication channel that provides a chain of trust between the user device and the verifying device, with a mutual authentication between endpoints of each hop of the chain of trust; and
a tag configured to be readable by the verifying device to convey a tag identifier;
wherein the user device is configured to;
respond to the verifying device in the zero-knowledge proof authentication of the user device;
receive, after the user device completes the zero-knowledge proof authentication, the conveyed tag identifier from the verifying device via the communication channel; and
in response to determining that the received conveyed tag identifier matches a stored tag identifier stored within the HSM, communicate to the verifying device using the chain of trust that the received conveyed tag identifier is trusted as representing the identity of the user device.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for a device to engage in a zero-knowledge proof with an entity requiring authentication either of secret material or of the device itself. The device may provide protection of the secret material or its private key for device authentication using a hardware security module (HSM) of the device, which may include, for example, a read-only memory (ROM) accessible or programmable only by the device manufacturer. In the case of authenticating the device itself a zero-knowledge proof of knowledge may be used. The zero-knowledge proof or zero-knowledge proof of knowledge may be conducted via a communication channel on which an end-to-end (e.g., the device at one end and entity requiring authentication at the other end) unbroken chain of trust is established, unbroken chain of trust referring to a communication channel for which endpoints of each link in the communication channel mutually authenticate each other prior to conducting the zero-knowledge proof of knowledge and for which each link of the communication channel is protected by at least one of hardware protection and encryption.
47 Citations
20 Claims
-
1. A user device configured to communicate with a verifying device that is distinct from the user device, the user device comprising:
-
a hardware security module (HSM) controlling access to a secret material stored within the HSM that-provides a basis for a zero-knowledge proof authentication of the user device over a communication channel that provides a chain of trust between the user device and the verifying device, with a mutual authentication between endpoints of each hop of the chain of trust; and a tag configured to be readable by the verifying device to convey a tag identifier; wherein the user device is configured to; respond to the verifying device in the zero-knowledge proof authentication of the user device; receive, after the user device completes the zero-knowledge proof authentication, the conveyed tag identifier from the verifying device via the communication channel; and in response to determining that the received conveyed tag identifier matches a stored tag identifier stored within the HSM, communicate to the verifying device using the chain of trust that the received conveyed tag identifier is trusted as representing the identity of the user device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
establishing a chain of trust over a communication channel between a user device having a tag, configured to be readable by a verifying device to convey a tag identifier, and the verifying device, with a mutual authentication between endpoints of each hop of the chain of trust; controlling access to a secret material in a hardware security module of the user device to provide a zero-knowledge proof authentication of the user device via the chain of trust; engaging with the verifying device in the zero-knowledge proof authentication of the user device; receiving, by the user device after the user device completes the zero-knowledge proof authentication, the conveyed tag identifier from the verifying device via the chain of trust; and in response to determining that the received tag identifier matches a stored tag identifier stored within the hardware security module, communicating by the user device to the verifying device via the chain of trust that the conveyed tag identifier is trusted as representing the identity of the user device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising:
-
establishing a chain of trust over a communication channel between a user device having a tag, configured to be readable by a verifying device to convey a tag identifier, and the verifying device, with a mutual authentication between endpoints of each hop of the chain of trust; controlling access to a secret material in a hardware security module of the user device to provide a zero-knowledge proof authentication of the user device via the chain of trust; responding to the verifying device in the zero-knowledge proof authentication of the user device; receiving, by the user device after the user device completes the zero-knowledge proof authentication, the conveyed tag identifier from the verifying device via the chain of trust; and in response to determining that the received tag identifier matches a stored tag identifier stored within the hardware security module, communicating by the user device to the verifying device that the conveyed tag identifier is trusted as representing the identity of the user device.
-
Specification