CPC H04L 9/3213 (2013.01) [H04L 9/30 (2013.01); H04L 9/3249 (2013.01); H04L 2209/80 (2013.01)] | 20 Claims |
1. A method comprising:
receiving, at a mobile device from an authentication server, a receipt identifier comprising a cryptographically secured value in response to providing authentication information to the authentication server;
generating, by the mobile device, a blinded token representative of the mobile device;
providing, by the mobile device, the blinded token and the receipt identifier to a security server, the security server configured to:
store the receipt identifier in an authentication table in response to querying the authentication server and determining that the receipt identifier has not previously been used;
encrypt the blinded token to produce an encrypted blinded token; and
provide the encrypted blinded token to the mobile device; and
requesting, by the mobile device, a validation of the blinded token by:
unblinding, by the mobile device, the encrypted blinded token to produce an encrypted unblinded token;
providing, by the mobile device, the encrypted unblinded token and a public key to the security server, the security server configured to:
validate that the encrypted unblinded token is not in a token blacklist;
insert the public key in a public key table; and
add the encrypted unblinded token into the token blacklist;
receiving, by the mobile device, a nonce from the security server;
encrypting, by the mobile device, the nonce using a private key stored by the mobile device and associated with the public key to produce an encrypted nonce; and
providing, by the mobile device, the encrypted nonce to the security server, the security server configured to:
verify the encrypted nonce;
generate an authentication token;
insert the authentication token and the public key into an authentication token table; and
provide the authentication token to the mobile device.
|