US 12,231,555 B2
Authentication and validation procedure for improved security in communications systems
Gennady Medvinsky, Seattle, WA (US); Surya Anil Lingamallu, Seattle, WA (US); Hardik Bipinbhai Doshi, Seattle, WA (US); and Prasanna Kanagasabai, Singapore (SG)
Assigned to GRABTAXI HOLDINGS PTE. LTD., Singapore (SG)
Appl. No. 17/919,485
Filed by GRABTAXI HOLDINGS PTE. LTD., Singapore (SG)
PCT Filed Apr. 20, 2021, PCT No. PCT/SG2021/050225
§ 371(c)(1), (2) Date Oct. 17, 2022,
PCT Pub. No. WO2021/216003, PCT Pub. Date Oct. 28, 2021.
Claims priority of application No. 10202003630V (SG), filed on Apr. 21, 2020.
Prior Publication US 2023/0198751 A1, Jun. 22, 2023
Int. Cl. H04L 9/08 (2006.01); H04L 9/32 (2006.01)
CPC H04L 9/0866 (2013.01) [H04L 9/3242 (2013.01); H04L 9/3247 (2013.01)] 10 Claims
OG exemplary drawing
 
1. A communications device for generating a user message comprising an assertion for verification by a remote device, the communications device comprising a processor and a memory, the communications device being configured, under control of the processor, to execute instructions stored in the memory to:
receive a message payload for the user message, the message payload having been generated by a secure application resident on the communications device;
apply a first level security mechanism of biometric authentication of the user, the biometric authentication comprising receiving input biometric information from the user and validating the input biometric information against biometric information for the user previously stored in the memory;
in response to successful biometric authentication of the user, apply a second level security mechanism to generate a digital signature based on the message payload, wherein the digital signature is generated using a private signature key stored in a secure element of the communications device during an enrolment process, wherein the private key is accessible only when the biometric authentication of the user is successful;
generate the user message for sending to the remote device, the user message comprising the message payload and the digital signature;
apply a third level security encryption mechanism by authenticating the user message using a secure application-specific encryption key; and
encrypt the user message with the encryption key, wherein the encryption key is obfuscated in memory associated with the instructions in the communications device;
wherein the enrolment process includes generating an enrolment message comprising an assertion for verification by the remote device and the communications device is configured to:
receive payload data for the enrolment message, in response to authentication of the user by the remote device;
perform biometric authentication of the user;
in response to successful biometric authentication of the user, generate an asymmetric signature key pair comprising the private signature key for generating the digital signature and a corresponding public signature key;
store the private signature key in the secure element, and
generate the enrolment message for sending to the remote device, the enrolment message comprising the payload data and the public signature key.