Hardware-Based Zero-Knowledge Strong Authentication (H0KSA)

Abstract

Systems and methods are provided for a device to engage in a zero-knowledge proof with an entity requiring authentication either of secret material or of the device itself. The device may provide protection of the secret material or its private key for device authentication using a hardware security module (HSM) of the device, which may include, for example, a read-only memory (ROM) accessible or programmable only by the device manufacturer. In the case of authenticating the device itself a zero-knowledge proof of knowledge may be used. The zero-knowledge proof or zero-knowledge proof of knowledge may be conducted via a communication channel on which an end-to-end (e.g., the device at one end and entity requiring authentication at the other end) unbroken chain of trust is established, unbroken chain of trust referring to a communication channel for which endpoints of each link in the communication channel mutually authenticate each other prior to conducting the zero-knowledge proof of knowledge and for which each link of the communication channel is protected by at least one of hardware protection and encryption.

Description

CROSS REFERENCE TO RELATED APPLICATIONS[0001]This application is a continuation-in-part of U.S. patent application Ser. No. 12 / 643,972, filed Dec. 21, 2009, which claims the benefit of U.S. Provisional Application No. 61 / 182,623, filed May 29, 2009, and both of which are hereby incorporated by reference.BACKGROUND[0002]1. Technical Field[0003]Embodiments of the present invention generally relate to secure financial transactions initiated from an electronic device and, more particularly, to the ability to use the phone function (e.g., of a mobile handset) to feed data back to a Trusted Integrity Manager as part of a Mobile Embedded Payment program in the financial industry to authenticate users (e.g., a consumer).[0004]2. Related Art[0005]In direct (face-to-face) or online financial transactions customers may search for and purchase products and / or services from a merchant. In the case of online shopping, transactions are conducted through electronic communications with online mercha...

AI Technical Summary

Benefits of technology

[0012]In another embodiment, a consumer electronic device—for example but not limited to: a personal computer (PC), a laptop, a mobile phone, an NFC-enabled mobile device, a NetTop or NetTV—determines whether a proper SIM card (or UICC, for example, or other uniquely identifiable available network communication element appropriate to the device) is present, whether a connection to the mobile network operator is present, whether data has been changed in the device's embedded SE, and whether an actual SIM card is present. Based on these conditions, the user is allowed, e.g., by a Trusted Remote Attestation Agent (TRAA), specific use of the device for NFC payments, for example, or other OTA or wirelessly conducted transactions. More specifically, for example, an NFC-enabled mobile device may have TRAA software running on an embedded SE in the device. The embedded SE is in communication with the device SIM card. The TRAA software runs to check whether data in the secure element has been changed. If so, and there has been

Problems solved by technology

When registering a mobile device or conducting a financial transaction via any kind of consumer electronic device (CED), security is generally an issue in that data transferred wirelessly may typically include credit card and financial instrument information such as a user name, account number, a PIN, and a password, for example, that are susceptible to th

Images