Systems and methods to secure user identification
First Claim
Patent Images
1. A method, comprising:
- communicating, by a computing device, with a user device to receive information about a user of the user device;
forming, by the computing device, a dataset includingthe information about the user received from the user device, anda first identifier of the user used by the computing device to identify the user from a plurality of users of the computing device;
generating, by the computing device, a digital signature on the dataset;
generating, by the computing device, a second identifier of the user using the digital signature, wherein the second identifier is not part of the dataset; and
providing, by the computing device, an instruction to the user device to redirect the user to a server separate from the computing device, the instruction configured to instruct the user device to use the second identifier to identify the user in submitting the information about the user to the server;
wherein the server is configured to validate the information about the user submitted from the user device with the second identifier viaextracting the first identifier and the digital signature from the second identifier;
combining the first identifier extracted from the second identifier with the information about the user submitted from the user device to the server to form a reconstructed dataset;
validating the reconstructed dataset against the digital signature extracted from the second identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing apparatus configured to verify a digital signature applied on a set of data received from a user device, including a user ID assigned by a partner system to uniquely identify a user of the user device among customers of the partner system, and a user device identifier identifying the user device. The digital signature is generated via applying a cryptographic one-way hash function on a combination of the set of data and a secret, shared between the computing apparatus and the partner system via a secure communication channel separate from a channel used to receive the set of data.
15 Citations
19 Claims
-
1. A method, comprising:
-
communicating, by a computing device, with a user device to receive information about a user of the user device; forming, by the computing device, a dataset including the information about the user received from the user device, and a first identifier of the user used by the computing device to identify the user from a plurality of users of the computing device; generating, by the computing device, a digital signature on the dataset; generating, by the computing device, a second identifier of the user using the digital signature, wherein the second identifier is not part of the dataset; and providing, by the computing device, an instruction to the user device to redirect the user to a server separate from the computing device, the instruction configured to instruct the user device to use the second identifier to identify the user in submitting the information about the user to the server; wherein the server is configured to validate the information about the user submitted from the user device with the second identifier via extracting the first identifier and the digital signature from the second identifier; combining the first identifier extracted from the second identifier with the information about the user submitted from the user device to the server to form a reconstructed dataset; validating the reconstructed dataset against the digital signature extracted from the second identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 19)
-
-
14. A non-transitory computer storage medium storing instructions configured to instruct a computing device to at least:
-
authenticate, by the computing device, a user of a user device; form, by the computing device, a dataset including information about the user received from the user device, and a first identifier of the user used by the computing device to identify the user from a plurality of users of the computing device; generate, by the computing device, a digital signature on the dataset; generate, by the computing device, a second identifier of the user using the digital signature, wherein the second identifier is not part of the dataset; and provide, by the computing device, an instruction to the user device to redirect the user to a server separate from the computing device, the instruction configured to instruct the user device to use the second identifier to identify the user in submitting the information about the user to the server; wherein the server is configured to validate the information about the user submitted from the user device with the second identifier via extracting the first identifier and the digital signature from the second identifier; combining the first identifier extracted from the second identifier with the information about the user submitted from the user device to the server to form a reconstructed dataset; validating the reconstructed dataset against the digital signature extracted from the second identifier. - View Dependent Claims (15)
-
-
16. A computing device, comprising:
-
at least one microprocessor; and a memory storing instructions configured to instruct the at least one microprocessor to; authenticate, by the computing device, a user of a user device; communicate, by the computing device, with the user device to receive information about the user after authentication of the user of the user device; form, by the computing device, a dataset including the information about the user received from the user device, and a first identifier of the user used by the computing device to identify the user from a plurality of users of the computing device; generate, by the computing device, a digital signature on the dataset; generate, by the computing device, a second identifier of the user using the digital signature, wherein the second identifier is not part of the dataset; and provide, by the computing device, an instruction to the user device to redirect the user to a server separate from the computing device, the instruction configured to instruct the user device to use the second identifier to identify the user in submitting the information about the user to the server; wherein the server is configured to validate the information about the user submitted from the user device with the second identifier via extracting the first identifier and the digital signature from the second identifier; combining the first identifier extracted from the second identifier with the information about the user submitted from the user device to the server to form a reconstructed dataset; validating the reconstructed dataset against the digital signature extracted from the second identifier. - View Dependent Claims (17, 18)
-
Specification