US 12,206,789 B2
Using a zero-knowledge proof to prove knowledge that a website visitor is a legitimate human user
Watson Bernard Ladd, Berkeley, CA (US); Alexander Andrew Davidson, Lisbon (PT); Marwan Fayed, St Andrews (GB); Armando Faz Hernández, San Francisco, CA (US); Sai Krishna Deepak Maram, New York, NY (US); and Nicholas Thomas Sullivan, San Francisco, CA (US)
Assigned to CLOUDFLARE, INC., San Francisco, CA (US)
Filed by CLOUDFLARE, INC., San Francisco, CA (US)
Filed on Mar. 30, 2021, as Appl. No. 17/217,703.
Prior Publication US 2022/0321354 A1, Oct. 6, 2022
Int. Cl. H04L 9/32 (2006.01); G06F 21/32 (2013.01); H04L 9/14 (2006.01)
CPC H04L 9/3247 (2013.01) [G06F 21/32 (2013.01); H04L 9/14 (2013.01)] 26 Claims
OG exemplary drawing
 
1. A method, comprising:
transmitting, from a client network application of a client device, a first request for a first network resource to a server;
receiving, from the server, a second request to challenge that the first request was initiated by a human user through verifying a first physical interaction between the human user and a hardware component, the second request being received prior to the first network resource being received at the client network application;
causing a first prompt to be displayed to perform the first physical interaction with the hardware component;
receiving a first cryptographic attestation that includes a first attestation signature that is generated after confirmation that the first physical interaction was performed with the hardware component;
generating a first zero-knowledge proof of the first attestation signature at the client device;
transmitting, from the client network application to the server, the first zero-knowledge proof of the first attestation signature for verification;
receiving the first network resource responsive to the server verifying the validity of the first zero-knowledge proof of the first attestation signature;
transmitting, from the client network application of the client device, a third request for a second network resource to the server;
receiving, from the server, a fourth request to challenge that the third request was initiated by a human user through verifying a second physical interaction between the human user and the hardware component, the third request being received prior to the second network resource being received at the client network application;
causing a second prompt to be displayed to perform the second physical interaction with the hardware component;
receiving a second cryptographic attestation that includes a second attestation signature that is generated after confirmation that the second physical interaction was performed with the hardware component;
generating a second zero-knowledge proof of the second attestation signature at the client device;
transmitting, from the client network application to the server, the second zero-knowledge proof of the second attestation signature for verification;
receiving a request for the human user to participate in a CAPTCHA challenge responsive to the server determining that the second zero-knowledge proof cannot be verified as valid;
presenting the CAPTCHA challenge;
transmitting, from the client network application to the server, a response to the CAPTCHA challenge; and
receiving the second network resource responsive to the server verifying the response to the CAPTCHA challenge.