Systems and methods to secure user identification
First Claim
Patent Images
1. A method, comprising:
- receiving, with a server from a user device, a communication including;
a digital signature;
user information of a user of the user device; and
a first user identifier configured to identify the user of the user device among a plurality of first users of the server, wherein the first user identifier is generated by a computing device, separate from the server and the user device, based on a combination of;
the user information of the user that is received in the computing device from the user device before the communication is received in the server; and
a second user identifier of the user configured to identify the user of the user device among a plurality of second users of the computing device;
extracting the second user identifier from the first user identifier; and
validating an integrity of the communication based on the first user identifier, the second user identifier extracted from the first user identifier, and the user information of the user received in the communication, wherein validating the integrity of the communication comprises;
combining, with the server, the second user identifier extracted from the first user identifier and the user information of the user received in the communication with a secret shared between the server and the computing device,generating, with the server, a combined dataset based on combining the second user identifier and the user information of the user with the secret,applying, with the server, a hash function to the combined dataset,generating, with the server, a hash result based on applying the hash function to the combined dataset, andcomparing, with the server, the hash result to the digital signature, anddetermining, with the server, whether the hash result matches the digital signature based on comparing the hash result to the digital signature; and
determining to grant access to a service associated with the server based on validating the integrity of the communication.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing apparatus configured to verify a digital signature applied on a set of data received from a user device, including an user ID assigned by a partner system to uniquely identify a user of the user device among customers of the partner system, and a user device identifier identifying the user device. The digital signature is generated via applying a cryptographic one-way hash function on a combination of the set of data and a secret, shared between the computing apparatus and the partner system via a secure communication channel separate from a channel used to receive the set of data.
-
Citations
17 Claims
-
1. A method, comprising:
-
receiving, with a server from a user device, a communication including; a digital signature; user information of a user of the user device; and a first user identifier configured to identify the user of the user device among a plurality of first users of the server, wherein the first user identifier is generated by a computing device, separate from the server and the user device, based on a combination of; the user information of the user that is received in the computing device from the user device before the communication is received in the server; and a second user identifier of the user configured to identify the user of the user device among a plurality of second users of the computing device; extracting the second user identifier from the first user identifier; and validating an integrity of the communication based on the first user identifier, the second user identifier extracted from the first user identifier, and the user information of the user received in the communication, wherein validating the integrity of the communication comprises; combining, with the server, the second user identifier extracted from the first user identifier and the user information of the user received in the communication with a secret shared between the server and the computing device, generating, with the server, a combined dataset based on combining the second user identifier and the user information of the user with the secret, applying, with the server, a hash function to the combined dataset, generating, with the server, a hash result based on applying the hash function to the combined dataset, and comparing, with the server, the hash result to the digital signature, and determining, with the server, whether the hash result matches the digital signature based on comparing the hash result to the digital signature; and determining to grant access to a service associated with the server based on validating the integrity of the communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer storage medium storing instructions configured to instruct a server to perform a method, the method comprising:
-
receiving, with the server from a user device, a communication including; a digital signature; user information of a user of the user device; and a first user identifier configured to identify the user of the user device among a plurality of first users of the server, wherein the first user identifier is generated by a computing device, separate from the server and the user device, based on a combination of; the user information of the user that is received in the computing device from the user device before the communication is received in the server; and a second user identifier of the user among a plurality of second users of the computing device; extracting the second user identifier from the first user identifier; and validating an integrity of the communication based on the first user identifier, the second user identifier extracted from the first user identifier, and the user information of the user received in the communication, wherein validating the integrity of the communication comprises; combining, with the server, the second user identifier extracted from the first user identifier and the user information of the user received in the communication with a secret shared between the server and the computing device, generating, with the server, a combined dataset based on combining the second user identifier and the user information of the user with the secret, applying, with the server, a hash function to the combined dataset, generating, with the server, a hash result based on applying the hash function to the combined dataset, and comparing, with the server, the hash result to the digital signature, and determining, with the server, whether the hash result matches the digital signature based on comparing the hash result to the digital signature; and determining to grant access to a service associated with the server based on validating the integrity of the communication. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A server, comprising:
-
at least one microprocessor; and a memory storing instructions configured to instruct the at least one microprocessor to; receive, with the server from a user device, a communication including; a digital signature; user information of a user of the user device; and a first user identifier configured to identify the user of the user device among a plurality of first users of the server, wherein the first user identifier is generated by a computing device, separate from the server and the user device, based on a combination of; the user information of the user that is received in the computing device from the user device before the communication is received in the server; and a second user identifier of the user among a plurality of second users of the computing device; extract the second user identifier from the first user identifier; and validate an integrity of the communication based on the first user identifier, the second user identifier extracted from the first user identifier, and the user information of the user received in the communication, wherein the instructions that are configured to instruct the at least one microprocessor to validate the integrity of the communication, are to instruct the at least one microprocessor to; combine the second user identifier extracted from the first user identifier and the user information of the user received in the communication with a secret shared between the server and the computing device, generate a combined dataset based on combining the second user identifier and the user information of the user with the secret, apply a hash function to the combined dataset, generate a hash result based on applying the hash function to the combined dataset, and compare the hash result to the digital signature, and determine whether the hash result matches the digital signature based on comparing the hash result to the digital signature; and determine to grant access to a service associated with the server based on validating the integrity of the communication. - View Dependent Claims (15, 16, 17)
-
Specification