US 12,267,428 B2
Blinded token device authentication
Stephen James Dowhy, Washington, DC (US); Christopher William Stokes, Alexandria, VA (US); David Seth Dunn, Washington, DC (US); Nicholas John Espinoza, Accokeek, MD (US); Clifford Marcus Owenby, Heath, TX (US); and John McKinstry Doyle, Washington, DC (US)
Assigned to Private Tech Inc., Washington, DC (US)
Filed by Private Tech Inc., Washington, DC (US)
Filed on Apr. 27, 2023, as Appl. No. 18/308,013.
Prior Publication US 2024/0364520 A1, Oct. 31, 2024
Int. Cl. H04L 29/06 (2006.01); H04L 9/30 (2006.01); H04L 9/32 (2006.01)
CPC H04L 9/3213 (2013.01) [H04L 9/30 (2013.01); H04L 9/3249 (2013.01); H04L 2209/80 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, at a mobile device from an authentication server, a receipt identifier comprising a cryptographically secured value in response to providing authentication information to the authentication server;
generating, by the mobile device, a blinded token representative of the mobile device;
providing, by the mobile device, the blinded token and the receipt identifier to a security server, the security server configured to:
store the receipt identifier in an authentication table in response to querying the authentication server and determining that the receipt identifier has not previously been used;
encrypt the blinded token to produce an encrypted blinded token; and
provide the encrypted blinded token to the mobile device; and
requesting, by the mobile device, a validation of the blinded token by:
unblinding, by the mobile device, the encrypted blinded token to produce an encrypted unblinded token;
providing, by the mobile device, the encrypted unblinded token and a public key to the security server, the security server configured to:
validate that the encrypted unblinded token is not in a token blacklist;
insert the public key in a public key table; and
add the encrypted unblinded token into the token blacklist;
receiving, by the mobile device, a nonce from the security server;
encrypting, by the mobile device, the nonce using a private key stored by the mobile device and associated with the public key to produce an encrypted nonce; and
providing, by the mobile device, the encrypted nonce to the security server, the security server configured to:
verify the encrypted nonce;
generate an authentication token;
insert the authentication token and the public key into an authentication token table; and
provide the authentication token to the mobile device.