	US 12,015,714 B2
	System and method for an electronic identity brokerage
Edison U. Ortiz, Orlando, FL (US); Arya Pourtabatabaie, Orlando, FL (US); and Margaret Inez Salter, Orlando, FL (US)
Assigned to ROYAL BANK OF CANADA, Toronto (CA)
Filed by ROYAL BANK OF CANADA, Toronto (CA)
Filed on Oct. 25, 2021, as Appl. No. 17/509,781.
Application 17/509,781 is a continuation of application No. 16/503,154, filed on Jul. 3, 2019, granted, now 11,212,102.
Claims priority of provisional application 62/693,680, filed on Jul. 3, 2018.
Prior Publication US 2022/0045861 A1, Feb. 10, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/32 (2006.01); G07C 9/28 (2020.01); H04L 9/08 (2006.01)

CPC H04L 9/3218 (2013.01) [G07C 9/28 (2020.01); H04L 9/0866 (2013.01); H04L 9/3213 (2013.01)]

18 Claims

1. A computer implemented system for communicating data messages between a verifier computing device and a portable client computing device, the data messages establishing authentication of one or more characteristics of a client associated with the portable client computing device, the system comprising:

the portable client computing device including at least a client computing device processor and data storage, the data storage storing one or more token data objects received from or computed jointly in a multiparty protocol with an issuer computing device, the one or more token data objects generated using at least a issuer computing device private issuance key, the one or more token data objects each including one or more signed data elements representing at least one of the one or more characteristics of the client associated with the portable client computing device; and

the client computing device processor configured to receive a verification request data message from the verifier computing device and, using a combination of the one or more token data objects and the verification request data message, generate one or more proof data messages without sending any data messages or requests to the issuer computing device;

wherein the verification request data message includes at least a nonce c₀; and

the client computing device processor is configured to:

compute t=x⁻¹mod p, where x is an attribute value from the one or more token data objects, and p is an order of the discrete log group; t is a modular inverse of x mod p;

uniformly sample a first random number r₁and a second random number, r₂, such that r₁, r₂∈ custom character

_p;

compute R=C_x^r^₁h^r^₂, where R is a commitment to random values r₁and r₂, C_xis a commitment to attribute x, and h is a group generator;

compute c=H(C_x, R, c₀), where c is a proof challenge, based at least on the Fiat-Shamir Heuristic;

compute z₁=ct+r₁and z₂=−cty+r₂, where z₁and z₂are proof responses based on a Sigma protocol; and

encapsulate and transmit the one or more proof data messages including R, z₁and z₂as data objects to the verifier computing device, such that the verifier computing device is able to compute c=H(C_x, R, c₀) and confirm that g^cR=C_x^z^₁h^z^₂, the verifier computing device controlling provisioning of access to a secured resource responsive to the confirmation that g^cR=C_x^z^₁h^z^₂.