US 11,750,385 B2
System and method for authenticating a user
Cheuk Yiu So, Quarry Bay (HK)
Assigned to Prisec Innovation Limited, Wong Chuk Hang (HK)
Appl. No. 16/764,439
Filed by PRISEC INNOVATION LIMITED, Wong Chuk Hang (HK)
PCT Filed Nov. 16, 2017, PCT No. PCT/CN2017/111349
§ 371(c)(1), (2) Date May 15, 2020,
PCT Pub. No. WO2019/095200, PCT Pub. Date May 23, 2019.
Prior Publication US 2020/0366484 A1, Nov. 19, 2020
Int. Cl. H04L 9/32 (2006.01); G06K 19/06 (2006.01); H04L 9/08 (2006.01); H04L 67/146 (2022.01)
CPC H04L 9/3213 (2013.01) [G06K 19/06009 (2013.01); H04L 9/0825 (2013.01); H04L 9/3265 (2013.01); H04L 67/146 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A system for authenticating a user to establish a service session, the system comprising:
a user device, the user device being a client device, a service provider device configured for accessing by the user via the user device, the service provider device being a cloud server in electronic communication with the user device, the service provider device and user device configured for two way communication with each other via a communication network, the service provider device associated with a service provider and the user device associated with a user,
a user credential issuer device, the user credential issuer device being a server associated with a user credential issuer, configured for two way communication with the service provider device and the user device, the user credential issuer configured to manage identities of users, extract user credential information, and write user credential information to a user credential database,
the service provider device configured to receive an access request from the user device, and authenticate a user based on a unique user credential associated with the user, wherein the unique user credential is issued by the user credential issuer that is authorized by the service provider to issue user credentials,
the service provider device configured to establish a service session between the user device and the service provider device to allow the user to use a service provided by the service provider,
wherein the service provider device is further configured to generate a session token that corresponds to the service session, and encode the session token with an authorization criteria; and wherein the service provider device is configured to:
receive a response data packet comprising at least a user credential identifier from the user device,
determine a user credential that corresponds to the user credential identifier;
wherein the user device is configured to generate the response data packet comprising the user credential identifier, and the user device is configured to sign the response data packet with at least a private key using an asymmetric cryptographic process,
wherein the service provider device is configured to verify the response data by a public key located in the user credential received from the user credential issuer device, and
the service provider device is configured to determine a user credential is a match if the public key corresponds to the private key used to sign the response data packet.