Methods and systems for securing proofs of knowledge for privacy

摘要

Embodiments described herein relate to securing the privacy of knowledge used to authenticate a user (i.e., Proof of Knowledge (PoK) test(s)). In some embodiments, a client device is operable to receive a first encryption key and encrypted test(s) from a PoK server. The client device also receives a second encryption key from a Relying Party (RP) server. The client device can decrypt the encrypted test(s) by using the first encryption key and the second encryption key to thereby render decrypted test(s). The client device is further operable to obtain answer(s) for the decrypted test(s), send a communication to the PoK server based on the answer(s), and receive a communication from the RP server that authorizes a user of the client device to access service(s) administered by the RP server.

主权项

1. A client device, comprising:
one or more processors; and memory containing instructions executable by the one or more processors whereby the client device is operable to:
receive a first encryption key and user data comprising one or more encrypted tests from a Proof of Knowledge (PoK) server;receive a second encryption key from a Relying Party (RP) server;decrypt the one or more encrypted tests by using the first encryption key and the second encryption key to thereby render one or more decrypted tests;obtain one or more answers for the one or more decrypted tests;send a communication to the PoK server based on the one or more answers; andreceive a communication from the RP server that authorizes a user of the client device to access one or more services administered by the RP server.