CPC H04L 9/0825 (2013.01) [G06F 21/6245 (2013.01); H04L 9/0866 (2013.01); H04L 9/14 (2013.01); H04L 9/3271 (2013.01)] | 26 Claims |
1. A method for enrolling a user in a system comprising a first subsystem and a second subsystem storing a server secret, the method comprising:
selecting, at the first subsystem, an enrollment codeword from a codeword space;
obtaining, at the first subsystem, an enrollment template indicative of enrollment information provided by the user;
computing, at the first subsystem, a trusted user secret based on the enrollment codeword and the enrollment template; and
running, at the first subsystem, an instance of a two-party protocol with the second subsystem using the enrollment codeword and the server secret to generate an enrollment key;
obtaining (522, 722), at the first subsystem, an authentication sample indicative of authentication information provided by an entity;
computing (524, 724), at the first subsystem, an authentication codeword by decoding a decombination of the trusted user secret and the authentication sample; and
running (525, 725), at the first subsystem, an instance (527d, 727d) of the two-party protocol with the second subsystem using the authentication codeword and the server secret to generate an authentication key.
|