Systems and methods to secure user identification

US 9,490,985 B2
Filed: 08/14/2014
Issued: 11/08/2016
Est. Priority Date: 09/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

communicating, by a computing device, with a user device to receive information about a user of the user device;

forming, by the computing device, a dataset includingthe information about the user received from the user device, anda first identifier of the user used by the computing device to identify the user from a plurality of users of the computing device;

generating, by the computing device, a digital signature on the dataset;

generating, by the computing device, a second identifier of the user using the digital signature, wherein the second identifier is not part of the dataset; and

providing, by the computing device, an instruction to the user device to redirect the user to a server separate from the computing device, the instruction configured to instruct the user device to use the second identifier to identify the user in submitting the information about the user to the server;

wherein the server is configured to validate the information about the user submitted from the user device with the second identifier viaextracting the first identifier and the digital signature from the second identifier;

combining the first identifier extracted from the second identifier with the information about the user submitted from the user device to the server to form a reconstructed dataset;

validating the reconstructed dataset against the digital signature extracted from the second identifier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing apparatus configured to verify a digital signature applied on a set of data received from a user device, including a user ID assigned by a partner system to uniquely identify a user of the user device among customers of the partner system, and a user device identifier identifying the user device. The digital signature is generated via applying a cryptographic one-way hash function on a combination of the set of data and a secret, shared between the computing apparatus and the partner system via a secure communication channel separate from a channel used to receive the set of data.

15 Citations

View as Search Results

19 Claims

1. A method, comprising:
- communicating, by a computing device, with a user device to receive information about a user of the user device;
  
  forming, by the computing device, a dataset includingthe information about the user received from the user device, anda first identifier of the user used by the computing device to identify the user from a plurality of users of the computing device;
  
  generating, by the computing device, a digital signature on the dataset;
  
  generating, by the computing device, a second identifier of the user using the digital signature, wherein the second identifier is not part of the dataset; and
  
  providing, by the computing device, an instruction to the user device to redirect the user to a server separate from the computing device, the instruction configured to instruct the user device to use the second identifier to identify the user in submitting the information about the user to the server;
  
  wherein the server is configured to validate the information about the user submitted from the user device with the second identifier viaextracting the first identifier and the digital signature from the second identifier;
  
  combining the first identifier extracted from the second identifier with the information about the user submitted from the user device to the server to form a reconstructed dataset;
  
  validating the reconstructed dataset against the digital signature extracted from the second identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 19)
- - 2. The method of claim 1, wherein the generating of the second identifier of the user includes combining the first user identifier and the digital signature to allow the first user identifier and the digital signature to be extracted from the second identifier.
  - 3. The method of claim 2, further comprising:
    - assigning, by the computing device, the first identifier to uniquely identify the user among the plurality of users of the computing device.
  - 4. The method of claim 2, wherein the dataset includes a secret shared between the computing device and the server separate from the computing device.
  - 5. The method of claim 4, wherein the secret is not communicated between the computing device and the server through the user device.
  - 6. The method of claim 5, wherein the digital signature comprises a hash of the dataset.
  - 7. The method of claim 2, wherein the generating of the second identifier of the user includes generating the second identifier of the user using a secret not communicated through the user device, the secret shared between the computing device and the server.
  - 8. The method of claim 1, wherein the dataset further includes:
    - a secret shared between the computing device and the server.
  - 9. The method of claim 8, wherein the secret represents the computing device in the digital signature provided in the identifier of the user.
  - 10. The method of claim 1, wherein the validating the reconstructed data set against the digital signature extracted from the second identifier of the user includes:
    - generating a reconstructed digital signature on the reconstructed dataset; and
      
      determining whether the reconstructed digital signature agrees with the digital signature extracted from the second identifier of the user received in the server.
  - 11. The method of claim 1, wherein the digital signature is generated via applying a cryptographic one-way hash function on the dataset.
  - 12. The method of claim 11, wherein the cryptographic one-way hash function is based on SHA-256 designed by the National Security Agency (NSA) and published in 2001 by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard.
  - 13. The method of claim 1, wherein the information about the user includes an identification of the user device extracted from a request received from the user device.
  - 19. The method of claim 1, further comprising:
    - authenticating, by the computing device, the user of the user device, wherein the information about the user is received in the computing device after the user of the user device is authenticated by the computing device.

14. A non-transitory computer storage medium storing instructions configured to instruct a computing device to at least:
- authenticate, by the computing device, a user of a user device;
  
  form, by the computing device, a dataset includinginformation about the user received from the user device, anda first identifier of the user used by the computing device to identify the user from a plurality of users of the computing device;
  
  generate, by the computing device, a digital signature on the dataset;
  
  generate, by the computing device, a second identifier of the user using the digital signature, wherein the second identifier is not part of the dataset; and
  
  provide, by the computing device, an instruction to the user device to redirect the user to a server separate from the computing device, the instruction configured to instruct the user device to use the second identifier to identify the user in submitting the information about the user to the server;
  
  wherein the server is configured to validate the information about the user submitted from the user device with the second identifier viaextracting the first identifier and the digital signature from the second identifier;
  
  combining the first identifier extracted from the second identifier with the information about the user submitted from the user device to the server to form a reconstructed dataset;
  
  validating the reconstructed dataset against the digital signature extracted from the second identifier.
- View Dependent Claims (15)
- - 15. The computer storage medium of claim 14, wherein the instruction comprises a query string for the server, the query string including the second identifier of the user and the information about the user.

16. A computing device, comprising:
- at least one microprocessor; and
  
  a memory storing instructions configured to instruct the at least one microprocessor to;
  
  authenticate, by the computing device, a user of a user device;
  
  communicate, by the computing device, with the user device to receive information about the user after authentication of the user of the user device;
  
  form, by the computing device, a dataset includingthe information about the user received from the user device, anda first identifier of the user used by the computing device to identify the user from a plurality of users of the computing device;
  
  generate, by the computing device, a digital signature on the dataset;
  
  generate, by the computing device, a second identifier of the user using the digital signature, wherein the second identifier is not part of the dataset; and
  
  provide, by the computing device, an instruction to the user device to redirect the user to a server separate from the computing device, the instruction configured to instruct the user device to use the second identifier to identify the user in submitting the information about the user to the server;
  
  wherein the server is configured to validate the information about the user submitted from the user device with the second identifier viaextracting the first identifier and the digital signature from the second identifier;
  
  combining the first identifier extracted from the second identifier with the information about the user submitted from the user device to the server to form a reconstructed dataset;
  
  validating the reconstructed dataset against the digital signature extracted from the second identifier.
- View Dependent Claims (17, 18)
- - 17. The computing device of claim 16, wherein the dataset further includes:
    - a secret shared between the computing device and the server to represent the computing device.
  - 18. The computing device of claim 17, wherein the digital signature is generated by applying a cryptographic one-way hash function on the dataset to obtain a hash value;
    - and the first user identifier and the hash value are extractable from the second identifier of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Carlson, Mark, Bankston, Michael Steven, Jogi, Kalpana, Gallagher, Timothy, Panagiotides, Alesia
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Alata, Ayoub

Application Number

US14/459,749
Publication Number

US 20140359298A1
Time in Patent Office

817 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/9535   Search customisation based ...

G06Q 20/325   using wireless networks

G06Q 20/3825   Use of electronic signatures

G06Q 20/387   Payment using discounts or ...

G06Q 20/389   Keeping log of transactions...

G06Q 20/4014   Identity check for transact...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 67/10   in which an application is ...

H04L 9/3215   using a plurality of channe...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

Systems and methods to secure user identification

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods to secure user identification

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links