| 发明名称 |
HARDWARE-BASED ZERO-KNOWLEDGE STRONG AUTHENTICATION (H0KSA) |
| 摘要 |
Systems and methods are provided for a device to engage in a zero-knowledge proof with an entity requiring authentication either of secret material or of the device itself. The device may provide protection of the secret material or its private key for device authentication using a hardware security module (HSM) of the device, which may include, for example, a read-only memory (ROM) accessible or programmable only by the device manufacturer. In the case of authenticating the device itself a zero-knowledge proof of knowledge may be used. The zero-knowledge proof or zero-knowledge proof of knowledge may be conducted via a communication channel on which an end-to-end (e.g., the device at one end and entity requiring authentication at the other end) unbroken chain of trust is established, unbroken chain of trust referring to a communication channel for which endpoints of each link in the communication channel mutually authenticate each other prior to conducting the zero-knowledge proof of knowledge and for which each link of the communication channel is protected by at least one of hardware protection and encryption. |
| 申请公布号 |
US2015288521(A1) |
申请公布日期 |
2015.10.08 |
| 申请号 |
US201514745314 |
申请日期 |
2015.06.19 |
| 申请人 |
EBAY INC. |
发明人 |
Nahari Hadi |
| 分类号 |
H04L9/32 |
主分类号 |
H04L9/32 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A user device configured to engage in a zero-knowledge proof with a verifying device that is distinct from the user device, the user device comprising:
a hardware security module (HSM) controlling access to secret material stored within the HSM that uniquely identifies the user device, the HSM controlling access to the secret material via a communication channel that provides a chain of trust between the user device and a verifying device; and a tag configured to be readable by the verifying device to convey a tag identifier; wherein the user device is configured to:
receive the conveyed tag identifier from the verifying device via the communication channel; andin response to determining that the received tag identifier corresponds to the secret material stored within the HSM, communicate that the conveyed tag identifier is trusted as representing the identity of the user device. |
| 地址 |
San Jose CA US |
