US 11,671,267 B2
System and method for verifying an identity of a user using a cryptographic challenge based on a cryptographic operation
Prakash Sundaresan, Redmond, WA (US); Lionello G. Lunesu, Peng Chau (HK); and Antoine Cote, Sheung Wan (HK)
Assigned to Workday, Inc., Pleasanton, CA (US)
Filed by Workday, Inc., Pleasanton, CA (US)
Filed on Jun. 22, 2021, as Appl. No. 17/354,384.
Application 17/354,384 is a continuation of application No. 16/282,111, filed on Feb. 21, 2019, granted, now 11,088,855.
Application 16/282,111 is a continuation in part of application No. 16/147,842, filed on Sep. 30, 2018, granted, now 10,700,861, issued on Jun. 30, 2020.
Application 16/147,842 is a continuation in part of application No. 15/662,417, filed on Jul. 28, 2017, granted, now 10,637,665, issued on Apr. 28, 2020.
Application 16/147,842 is a continuation in part of application No. 17/354,384.
Application 17/354,384 is a continuation of application No. 16/282,111, filed on Feb. 21, 2019, granted, now 11,088,855.
Application 16/282,111 is a continuation in part of application No. 15/973,479, filed on May 7, 2018, granted, now 10,715,312, issued on Jul. 14, 2020.
Application 15/973,479 is a continuation in part of application No. 15/961,791, filed on Apr. 24, 2018, granted, now 10,735,197, issued on Aug. 4, 2020.
Application 15/961,791 is a continuation in part of application No. 15/662,417, filed on Jul. 28, 2017, granted, now 10,637,665, issued on Apr. 28, 2020.
Application 15/973,479 is a continuation in part of application No. 15/662,417, filed on Jul. 28, 2017, granted, now 10,637,665, issued on Apr. 28, 2020.
Application 15/973,479 is a continuation in part of application No. 17/354,384.
Application 17/354,384 is a continuation of application No. 16/282,111, filed on Feb. 21, 2019, granted, now 11,088,855.
Application 16/282,111 is a continuation in part of application No. 15/973,446, filed on May 7, 2018.
Application 15/973,446 is a continuation in part of application No. 15/961,791, filed on Apr. 24, 2018, granted, now 10,735,197, issued on Aug. 4, 2020.
Application 15/961,791 is a continuation in part of application No. 15/662,417, filed on Jul. 28, 2017, granted, now 10,637,665, issued on Apr. 28, 2020.
Application 15/973,446 is a continuation in part of application No. 15/662,417, filed on Jul. 28, 2017, granted, now 10,637,665, issued on Apr. 28, 2020.
Application 15/973,446 is a continuation in part of application No. 17/354,384.
Application 17/354,384 is a continuation of application No. 16/282,111, filed on Feb. 21, 2019, granted, now 11,088,855.
Application 16/282,111 is a continuation in part of application No. 15/973,468, filed on May 7, 2018, granted, now 10,715,311, issued on Jul. 14, 2020.
Application 15/973,468 is a continuation in part of application No. 15/961,791, filed on Apr. 24, 2018, granted, now 10,735,197, issued on Aug. 4, 2020.
Application 15/961,791 is a continuation in part of application No. 15/662,417, filed on Jul. 28, 2017, granted, now 10,637,665, issued on Apr. 28, 2020.
Application 15/973,468 is a continuation in part of application No. 15/662,417, filed on Jul. 28, 2017, granted, now 10,637,665, issued on Apr. 28, 2020.
Application 15/973,468 is a continuation in part of application No. 17/354,384.
Application 17/354,384 is a continuation of application No. 16/282,111, filed on Feb. 21, 2019, granted, now 11,088,855.
Application 16/282,111 is a continuation in part of application No. 15/961,791, filed on Apr. 24, 2018, granted, now 10,735,197, issued on Aug. 4, 2020.
Application 15/961,791 is a continuation in part of application No. 15/662,417, filed on Jul. 28, 2017, granted, now 10,637,665, issued on Apr. 28, 2020.
Application 15/961,791 is a continuation in part of application No. 17/354,384.
Application 17/354,384 is a continuation of application No. 16/282,111, filed on Feb. 21, 2019, granted, now 11,088,855.
Application 16/282,111 is a continuation in part of application No. 15/662,417, filed on Jul. 28, 2017, granted, now 10,637,665, issued on Apr. 28, 2020.
Claims priority of provisional application 62/557,331, filed on Sep. 12, 2017.
Claims priority of provisional application 62/489,772, filed on Apr. 25, 2017.
Claims priority of provisional application 62/368,875, filed on Jul. 29, 2016.
Claims priority of provisional application 62/503,107, filed on May 8, 2017.
Prior Publication US 2021/0314174 A1, Oct. 7, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/32 (2006.01); H04L 9/06 (2006.01)
CPC H04L 9/3271 (2013.01) [H04L 9/0637 (2013.01); H04L 9/3226 (2013.01); H04L 9/3239 (2013.01); H04L 9/3247 (2013.01)] 23 Claims
OG exemplary drawing
 
1. A system for enabling a relying party device associated with a relying party to verify a response of a user, comprising:
a processor configured to:
provide at least one cryptographic challenge to the user device, wherein the at least one cryptographic challenge includes or is derived from a pseudorandom value, wherein the user device is configured to:
generate, using a cryptographic processor on the user device, a first set of credentials comprising a public-private key pair associated with the user, wherein the public-private key pair comprises a user public key and a user private key, wherein the user private key is restricted to the cryptographic processor on the user device;
compare at least one of the biometric or the PIN code with at least one of a previously registered biometric or a previously registered PIN code associated with the user; and
in the event that the at least one of the biometric or the PIN code matches the at least one of the previously registered biometric or the previously registered PIN code associated with the user:
make a user private key available; and
perform at least one cryptographic operation on the cryptographic challenge using the user private key to form a result of at least one cryptographic operation;
receive the result of the at least one cryptographic operation as a cryptographic challenge response from the user device, wherein the result is derived from or includes the pseudorandom value;
receive a signed response request generated by a sponsoring entity device associated with a sponsoring entity, wherein the signed response request comprises a response request digitally signed with a sponsoring entity private key to generate the signed response request; and
provide the signed response request to a user device, wherein the user device generates an encrypted package encrypted using a sponsoring entity public key, wherein the encrypted package includes the response request populated with at least one response.