Methods and systems for securing proofs of knowledge for privacy
First Claim
1. A system comprising:
- a client device, comprising;
one or more first processors; and
first memory containing instructions executable by the one or more first processors whereby the client device is operable to;
receive a first encryption key and user data comprising one or more encrypted tests from a Proof of Knowledge (PoK) server;
receive a second encryption key from a Relying Party (RP) server;
decrypt the one or more encrypted tests by using the first encryption key and the second encryption key;
render one or more decrypted tests;
obtain one or more answers for the one or more decrypted tests;
process the one or more answers obtained by the client device for the one or more encrypted tests;
send a communication to the PoK server, the communication comprising one or more processed answers; and
receive a communication from the RP server that authorizes a user of the client device to access one or more services administered by the RP server; and
the PoK server providing a PoK service, comprising;
one or more second processors; and
second memory containing instructions executable by the one or more second processors whereby the PoK server is operable to;
send a communication to the client device comprising the first encryption key and the user data comprising the one or more encrypted tests, the one or more encrypted tests being indecipherable to the PoK server;
receive the communication from the client device comprising the one or more processed answers, the one or more processed answers being indecipherable to the PoK server;
compare the one or more processed answers to pre-provisioned correct answers for the one or more encrypted tests; and
in response to determining a match between the one or more processed answers and the pre-provisioned correct answers, send a communication to a Relying Party (RP) server indicating that the client device has been authenticated; and
the RP server, comprising;
one or more third processors; and
third memory containing instructions executable by the one or more third processors whereby the RP server is operable to;
send the second encryption key to the client device; and
receive the communication from the PoK server indicating that the client device has been authenticated.
0 Assignments
0 Petitions
Accused Products
Abstract
Embodiments described herein relate to securing the privacy of knowledge used to authenticate a user (i.e., Proof of Knowledge (PoK) test(s)). In some embodiments, a client device is operable to receive a first encryption key and encrypted test(s) from a PoK server. The client device also receives a second encryption key from a Relying Party (RP) server. The client device can decrypt the encrypted test(s) by using the first encryption key and the second encryption key to thereby render decrypted test(s). The client device is further operable to obtain answer(s) for the decrypted test(s), send a communication to the PoK server based on the answer(s), and receive a communication from the RP server that authorizes a user of the client device to access service(s) administered by the RP server.
-
Citations
21 Claims
-
1. A system comprising:
-
a client device, comprising; one or more first processors; and first memory containing instructions executable by the one or more first processors whereby the client device is operable to; receive a first encryption key and user data comprising one or more encrypted tests from a Proof of Knowledge (PoK) server; receive a second encryption key from a Relying Party (RP) server; decrypt the one or more encrypted tests by using the first encryption key and the second encryption key; render one or more decrypted tests; obtain one or more answers for the one or more decrypted tests; process the one or more answers obtained by the client device for the one or more encrypted tests; send a communication to the PoK server, the communication comprising one or more processed answers; and receive a communication from the RP server that authorizes a user of the client device to access one or more services administered by the RP server; and the PoK server providing a PoK service, comprising; one or more second processors; and second memory containing instructions executable by the one or more second processors whereby the PoK server is operable to; send a communication to the client device comprising the first encryption key and the user data comprising the one or more encrypted tests, the one or more encrypted tests being indecipherable to the PoK server; receive the communication from the client device comprising the one or more processed answers, the one or more processed answers being indecipherable to the PoK server; compare the one or more processed answers to pre-provisioned correct answers for the one or more encrypted tests; and in response to determining a match between the one or more processed answers and the pre-provisioned correct answers, send a communication to a Relying Party (RP) server indicating that the client device has been authenticated; and the RP server, comprising; one or more third processors; and third memory containing instructions executable by the one or more third processors whereby the RP server is operable to; send the second encryption key to the client device; and receive the communication from the PoK server indicating that the client device has been authenticated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification