| CPC H04L 9/3218 (2013.01) [H04L 9/0861 (2013.01)] | 19 Claims |
|
1. A zero-knowledge multi-factor authentication framework (zkMFA) method comprising:
an enrollment process; and
at least one round of an authentication process;
wherein the enrollment process comprises:
enrolling, via an enrollment center computer, a prover via credentials and identity provided by the prover by use of a prover computer device;
identifying, at the enrollment center computer, the prover credentials;
generating, at the enrollment center computer, at least one set of public variables, and, for each prover credential, at least one set of private keys and at least one set of public keys according to a zero-knowledge proof (ZKP) key generation protocol;
generating at least one set of masks based on the prover credentials utilizing a masking process; wherein the masking process includes masking the at least one set of private keys utilizing the at least one set of masks to create at least one set of masked device key fragments;
sending the at least one set of public variables and, for each prover credential, at least one set of masked device key fragments to a prover computer device;
storing the at least one set of public and variables and for each prover credential, at least one set of public keys with the prover identity associated with the prover computer device in a database;
subsequent to performing the enrollment process, performing an on demand authentication process comprising:
receiving, at a verifier computer, a prover authentication request which includes the prover identity;
looking up, by the verifier computer, at least one set of the public variables and at least one set of public keys corresponding to the prover credentials in the database via the provided prover identity; and
commencing at least one round of authentication by the prover computer device according to a zero knowledge proof (ZKP) authentication protocol; and
repeating said step of commencing a round of the ZKP authentication protocol until the verifier computer accepts or rejects the prover's identity, wherein the ZKP authentication protocol includes at least one witness, and at least one commitment, wherein the at least one witness is a random private value, wherein the at least one commitment is a public value derived from the witness.
|