CPC H04L 9/3271 (2013.01) [H04L 9/0637 (2013.01); H04L 9/3226 (2013.01); H04L 9/3239 (2013.01); H04L 9/3247 (2013.01)] | 23 Claims |
1. A system for enabling a relying party device associated with a relying party to verify a response of a user, comprising:
a processor configured to:
provide at least one cryptographic challenge to the user device, wherein the at least one cryptographic challenge includes or is derived from a pseudorandom value, wherein the user device is configured to:
generate, using a cryptographic processor on the user device, a first set of credentials comprising a public-private key pair associated with the user, wherein the public-private key pair comprises a user public key and a user private key, wherein the user private key is restricted to the cryptographic processor on the user device;
compare at least one of the biometric or the PIN code with at least one of a previously registered biometric or a previously registered PIN code associated with the user; and
in the event that the at least one of the biometric or the PIN code matches the at least one of the previously registered biometric or the previously registered PIN code associated with the user:
make a user private key available; and
perform at least one cryptographic operation on the cryptographic challenge using the user private key to form a result of at least one cryptographic operation;
receive the result of the at least one cryptographic operation as a cryptographic challenge response from the user device, wherein the result is derived from or includes the pseudorandom value;
receive a signed response request generated by a sponsoring entity device associated with a sponsoring entity, wherein the signed response request comprises a response request digitally signed with a sponsoring entity private key to generate the signed response request; and
provide the signed response request to a user device, wherein the user device generates an encrypted package encrypted using a sponsoring entity public key, wherein the encrypted package includes the response request populated with at least one response.
|