US-12621127-B2 - Systems and methods for high-confidence symmetric-key document signing and encryption using a computing device

Abstract

A method, system, and digital recording medium create one-time-use digital signing and encryption keys with a computing device combining multifactor, typically four authentication factors, through use of a remote authentication system (RAS) to providing cryptographic proof with very-high confidence that a document was signed and/or encrypted by the known user and not someone posing as said user. A device-unique identity token cryptographically bound to the user's computing device is the first factor, a password known only to the user is the second, cryptographic signatures generated from the user's biometrics is the third, and a random challenge generated by the RAS is the fourth. The user's computing device captures the user's input and creates a cryptographic string that is sent to the RAS for authentication.

Inventors

• James E. Bennison

Assignees

• James E. Bennison

Dates

Publication Date

20260505

Application Date

20250214

Claims (12)

1. 1 . A method for a known user utilizing a computing device to electronically sign documents or other digital media utilizing a multifactor user authentication challenge-response independently verified by a remote authentication system as a symmetric signing-key performing steps comprising: obtaining from a machine-readable data storage mechanism associated with a known user's computing device a device-unique identity token bound to the computing device, whereby cryptographic verification of the unique identity of the computing device registered by the remote authentication system as a first authentication factor is provided; transmitting the device-unique identity token to the remote authentication system over a network communicatively coupled to the known user's computing device and using it to negotiate a session encryption key over the external interface associated with the known user's computing device, whereby confidentiality of the data transmitted is provided by establishing an encrypted network session between the known user's computing device and the remote authentication system; obtaining from the machine-readable data storage associated with the known user's computing device a unique user identity token bound to the known user when registered with the remote authentication system; generating a request on the computing device for authentication by the remote authentication system which includes at least the device-unique identity token and the unique known user identity token; transmitting the request for authentication from the known user's computing device to the remote authentication system over a network communicatively coupled to the known user's computing device; receiving an authentication-request generated by the remote authentication system containing at least a numeric one-time random challenge of arbitrary length consisting of a random sequence of digits; displaying the numeric one-time random challenge on a trusted display associated with the known user's computing device; obtaining from the machine-readable data storage associated with the known user's computing device the known user's biometric minutiae along with the corresponding biometric digital-signatures associated with the known user's secret password characters; obtaining values detected by trusted sensor mechanism(s) associated with the known user's computing device to acquire biometric minutiae for each of the secret password characters entered by the known user corresponding to the digits in the numeric one-time random challenge displayed on the known user's computing device; comparing the biometric minutiae for each secret password character entered by the known user in response to the one-time challenge to confirm it matches the biometric minutiae for the corresponding password character previously registered by the known user on the known user's computing device, whereby knowledge of the secret-password as a second authentication factor combined with biometric identification of the known user as a third authentication factor is provided; generating a challenge-response to the numeric one-time challenge by concatenating at least the known user's biometric digital-signatures corresponding to the secret password characters entered by the known user in the order of the displayed random numerals in the challenge, whereby protection from network interception, man-in-the-middle, and replay attacks is provided as a fourth authentication factor; performing cryptographic operations on said challenge response to generate a hashed challenge-response; generating a known user's authentication-response to the authentication-request received from the remote authentication system that contains at least the unique known user's identity token, the hashed challenge-response and optionally the numeric one-time random challenge; transmitting the known user's authentication-response to the remote authentication system over a network communicatively coupled to the known user's computing device; accessing the known user registration database associated with the remote authentication system by using the known user's unique identity token to retrieve the known user's biometric digital signatures; comparing a known user's authentication-response independently reproduced by the remote authentication system by replicating these same steps to the known user's authentication-response received from the known user's computing device to verify that they match; transmitting the result of the comparison from the remote authentication system to the known user's computing device over a network communicatively coupled to the known user's computing device; receiving by the known user's computing device the result of said comparison from the remote authentication system over a network communicatively coupled to the known user's computing device; creating a hash-digest of a document on the known user's computing device using a hashing algorithm; generating on the remote authentication system a digital signature for the document or other digital media using the known user's independently reproduced authentication-response as the cryptographic key to perform cryptographic operations on the hash-digest of the document; and delivering electronically to a computing device of a recipient the document and its digital-signature metadata including the device-unique identity token, the known user's unique identity token, the date/time stamp evidencing when the document was signed, the one-time random challenge and the digital signature of the document or other digital media, whereby cryptographic evidence proving with very-high confidence that the document or other digital media was digitally signed by the known user is provided.
2. 2 . The method of claim 1 where a plurality of signatories who are known users using a computing device to electronically sign documents utilizing a four-factor authentication-response as a symmetric signing-key verified by a remote authentication system may sign documents, whereby extended validation document signing is provided.
3. 3 . The method of claim 1 , further comprising providing, by the remote authentication system, verification for the recipient of the authenticity of the signature of the known user who digitally signed the document along with validation of the document's integrity by: receiving by the remote authentication system the document to be verified together with its digital-signature metadata including a device-unique identity token, the known user's unique identity token, the date/time stamp evidencing when the document was signed, the hash-digest of the document, the one-time random challenge and the digital signature from the recipient's computing device over a network communicatively coupled to the recipient's computing device; reproducing independently on the remote authentication system the known user's four-factor authentication-response by using the one-time-use random challenge plus the device-unique identity token and the shared-secret biometric digital-signatures associated with the known user stored in the known user registration database associated with the remote authentication system; reproducing on the remote authentication system the digital signature of the document using the known user's independently reproduced authentication-response as the cryptographic key to perform cryptographic operations on the hash-digest of the document; comparing on the remote authentication system the digital signature received from the recipient's computing device with the digital signature reproduced by the remote authentication system; and transmitting the result of the comparison indicating whether the signatures match back to the recipient's computing device proving the authenticity of the signature was cryptographically confirmed, whereby very-high confidence verification that the document was signed by the known user and not someone posing as the known user, and validation the document was not tampered with is provided.
4. 4 . The method of claim 1 , further comprising providing, using the recipient's computing device, non-repudiation service to the recipient to verify that it was the known user who signed the document by: transmitting by the recipient's computing device the document to be verified together with its digital-signature metadata including the device-unique identity token, the known user's unique identity token, the date/time stamp evidencing when the document was signed, the hash-digest of the document, the one-time random challenge and the digital signature to the remote authentication system over a network communicatively coupled to the recipient's computing device; reproducing independently on the remote authentication system the known user's four-factor authentication-response by using the one-time-use random challenge plus the device-unique identity token and shared-secret biometric digital-signatures associated with the known user stored in the known user registration database associated with the remote authentication system; reproducing on the remote authentication system the digital signature of the document using the known user's independently reproduced authentication-response as the cryptographic key to perform cryptographic operations on the hash-digest of the document; comparing on the remote authentication system the digital signature received from the recipient's computing device with the digital signature reproduced by the remote authentication system; and transmitting the result of the comparison indicating whether the signatures match back to the recipient's computing device to verify the authenticity of the digital signature was confirmed cryptographically to prove that it was the known user who digitally signed the document and validating that the document has not been tampered with after being signed, whereby very high confidence is provided that the known user's repudiation that they signed said document is false.
5. 5 . The method of claim 1 where the remote authentication system performs a key escrow service if the known user changes their password and/or biometric digital signatures comprising: archiving all previous versions of the known user's biometric digital signatures along with the range of date/time-periods they were valid in the known user registration database associated with the remote authentication system, whereby key escrow services to retroactively decrypt digital signatures and other encrypted data from any time in the past that were encrypted using previously archived biometric digital signatures is provided.
6. 6 . The method of claim 1 where a plurality of known users' four-factor authentication-responses are used to generate and exchange symmetric encryption-keys to perform data encryption and decryption for confidential communications using computing devices with steps comprising; obtaining from the machine-readable data storage associated with one or more of the computing devices the unique user identity token(s) bound to the known user and a plurality of other known users; transmitting to a remote authentication system a request for encrypted connection(s) from a registered known user to a plurality of other registered known users from the known user's computing device over a network communicatively coupled to the computing device; communicating between the known users' computing devices and the remote authentication system to generate each of the known users' authentication-responses; generating the known users' session encryption-key segments on the remote authentication system by concatenating their authentication-responses with random nonces of arbitrary length and performing cryptographic operations on the results; encrypting the other known user('s/s') encryption key segments with each known user's authentication response; transmitting said encrypted encryption-key segments along with random nonces of arbitrary length to each known users' computing device(s); decrypting the other known user ('s/s') encryption-key segments with the known-user's authentication-response generated on their own computing device; combining the known user's authentication-response with the random nonce and performing cryptographic operations on the result to create the known user's encryption-key segment; concatenating the known user's encryption-key segment with the other known users' encryption-key segments to construct the session encryption-keys on each of the known users' computing devices and optionally hashing the result; whereby secure exchange of matching symmetrical encryption-keys is provided; and using the matching symmetric encryption-key pairs to encrypt and decrypt data transmitted between the known users, whereby quantum-immune encryption for data confidentiality with perfect forward secrecy using ephemeral keys with strong encryption strength and strong authentication strength verifying that the data was encrypted by the known user and not someone posing as the known user is provided.
7. 7 . A system comprising: at least one processor and computer readable medium storing instructions which, when executed, cause the at least one processor to perform a process including, obtaining from a machine-readable data storage mechanism associated with a known user's computing device a device-unique identity token bound to the known user's computing device, whereby cryptographic verification of the unique identity of the computing device registered by the remote authentication system as a first authentication factor is provided; transmitting the device-unique identity token to the remote authentication system over a network communicatively coupled to the known user's computing device and using it to negotiate a session encryption key over the external interface associated with the known user's computing device, whereby confidentiality of the data transmitted is provided by establishing an encrypted network session between the known user's computing device and the remote authentication system; obtaining from the machine-readable data storage associated with the known user's computing device a unique user identity token bound to the known user when registered with the remote authentication system; generating a request on the computing device for authentication by the remote authentication system which includes at least the device-unique identity token and the unique known user identity token; transmitting the request for authentication from the known user's computing device to the remote authentication system over a network communicatively coupled to the known user's computing device; receiving an authentication-request generated by the remote authentication system containing at least a numeric one-time random challenge of arbitrary length consisting of a random sequence of digits; displaying the numeric one-time random challenge on a trusted display associated with the known user's computing device; obtaining from the machine-readable data storage associated with the computing device the known user's biometric minutiae along with the corresponding biometric digital-signatures associated with the known user's secret password characters; obtaining values detected by trusted sensor mechanism(s) associated with the computing device to acquire biometric minutiae for each of the secret password characters entered by the known user corresponding to the digits in the numeric one-time random challenge displayed on the known user's computing device; comparing the biometric minutiae for each secret password character entered by the known user in response to the one-time challenge to confirm it matches the biometric minutiae for the corresponding password character previously registered by the known user on the known user's computing device, whereby knowledge of the secret-password as a second authentication factor combined with biometric identification of the known user as a third authentication factor is provided; generating a challenge-response to the numeric one-time challenge by concatenating at least the known user's biometric digital-signatures corresponding to the secret password characters entered by the known user in the order of the displayed random numerals in the challenge, whereby protection from network interception, man-in-the-middle, and replay attacks is provided as a fourth authentication factor; performing cryptographic operations on said challenge response to generate a hashed challenge-response; generating a known user's authentication-response to the authentication-request received from the remote authentication system that contains at least the unique known user's identity token, the hashed challenge-response and optionally the numeric one-time random challenge; transmitting the known user's authentication-response to the remote authentication system over a network communicatively coupled to the known user's computing device; accessing the known user registration database associated with the remote authentication system by using the known user's unique identity token to retrieve the known user's biometric digital signatures; comparing a known user's authentication-response independently reproduced by the remote authentication system by replicating these same steps to the known user's authentication-response received from the known user's computing device to verify that they match; transmitting the result of the comparison from the remote authentication system to the known user's computing device over a network communicatively coupled to the known user's computing device; receiving by the known user's computing device the result of said comparison from the remote authentication system over a network communicatively coupled to the known user's computing device, creating a hash-digest of a document on the known user's computing device using a hashing algorithm; generating on the remote authentication system a digital signature for the document or other digital media using the known user's independently reproduced authentication-response as the cryptographic key to perform cryptographic operations on the hash-digest of the document; and delivering electronically to a computing device of a recipient the document and its digital-signature metadata including the device unique identity token, the known user's unique identity token, the date/time stamp evidencing when the document was signed, the one time random challenge and the digital signature of the document or other digital media, whereby cryptographic evidence proving with very high confidence that the document or other digital media was digitally signed by the known user is provided.
8. 8 . The system according to claim 7 , wherein a plurality of signatories who are known users using a computing device to electronically sign documents utilizing a four-factor authentication-response as a symmetric signing-key verified by the remote authentication system may sign documents, whereby extended validation document signing is provided.
9. 9 . The system of claim 7 , wherein the process further comprises providing, by the remote authentication system, verification for the recipient of the authenticity of the signature of the known user who digitally signed the document along with validation of the document's integrity by: receiving by the remote authentication system the document to be verified together with its digital-signature metadata including a device-unique identity token, the known user's unique identity token, the date/time stamp evidencing when the document was signed, the hash-digest of the document, the one-time random challenge and the digital signature from the recipient's computing device over a network communicatively coupled to the recipient's computing device; reproducing independently on the remote authentication system the known user's four-factor authentication-response by using the one-time-use random challenge plus the device-unique identity token and the shared-secret biometric digital-signatures associated with the known user stored in the known user registration database associated with the remote authentication system; reproducing on the remote authentication system the digital signature of the document using the known user's independently reproduced authentication-response as the cryptographic key to perform cryptographic operations on the hash-digest of the document; comparing on the remote authentication system the digital signature received from the recipient's computing device with the digital signature reproduced by the remote authentication system; and transmitting the result of the comparison indicating whether the signatures match back to the recipient's computing device proving the authenticity of the signature was cryptographically confirmed, whereby very-high confidence verification that the document was signed by the known user and not someone posing as the known user, and validation the document was not tampered with is provided.
10. 10 . The system of claim 7 , wherein the process further comprises providing, using the recipient's computing device, non-repudiation service to the recipient to verify that it was the known user who signed the document by: transmitting by the recipient's computing device the document to be verified together with its digital-signature metadata including the device-unique identity token, the known user's unique identity token, the date/time stamp evidencing when the document was signed, the hash-digest of the document, the one-time random challenge and the digital signature to the remote authentication system over a network communicatively coupled to the recipient's computing device; reproducing independently on the remote authentication system the known user's four-factor authentication-response by using the one-time-use random challenge plus the device-unique identity token and shared-secret biometric digital-signatures associated with the known user stored in the known user registration database associated with the remote authentication system; reproducing on the remote authentication system the digital signature of the document using the known user's independently reproduced authentication-response as the cryptographic key to perform cryptographic operations on the hash-digest of the document; comparing on the remote authentication system the digital signature received from the recipient's computing device with the digital signature reproduced by the remote authentication system; and transmitting the result of the comparison indicating whether the signatures match back to the recipient's computing device to verify the authenticity of the digital signature was confirmed cryptographically to prove that it was the known user who digitally signed the document and validating that the document has not been tampered with after being signed, whereby very high confidence is provided that the known user's repudiation that they signed said document is false.
11. 11 . The system according to claim 7 , wherein a remote authentication system performs a key escrow service if the known user changes their password and/or biometric digital signatures comprising: archiving all previous versions of the known user's biometric digital signatures along with the range of date/time-periods they were valid in the known user registration database associated with the remote authentication system, whereby key escrow services to retroactively decrypt digital signatures and other encrypted data from any time in the past that were encrypted using previously archived biometric digital signatures is provided.
12. 12 . The system according to claim 7 , wherein a plurality of known users' four factor authentication responses are used to generate and exchange symmetric encryption keys to perform data encryption and decryption for confidential communications using computing devices with steps comprising: obtaining from the machine-readable data storage associated with one or more of the computing devices the unique user identity token(s) bound to the known user and a plurality of other known users; transmitting to a remote authentication system a request for encrypted connection(s) from a registered known user to a plurality of other registered known users from the known user's computing device over a network communicatively coupled to the computing device; communicating between the known users' computing devices and the remote authentication system to generate each of the known users' authentication responses; generating the known users' session encryption key segments on the remote authentication system by concatenating their authentication responses with random nonces of arbitrary length and performing cryptographic operations on the results; encrypting the other known user('s/s') encryption key segments with each known user's authentication response; transmitting said encrypted encryption-key segments along with random nonces of arbitrary length to each known users' computing device(s); decrypting the other known user('s/s') encryption key segments with the known-user's authentication response generated on their own computing device; combining the known user's authentication response with the random nonce and performing cryptographic operations on the result to create the known user's encryption key segment; concatenating the known user's encryption key segment with the other known users' encryption key segments to construct the session encryption keys on each of the known users' computing devices and optionally hashing the result; whereby secure exchange of matching symmetrical encryption keys is provided; and using the matching symmetric encryption-key pairs to encrypt and decrypt data transmitted between the known users, whereby quantum-immune encryption for data confidentiality with perfect forward secrecy using ephemeral keys with strong encryption strength and strong authentication strength verifying that the data was encrypted by the known user and not someone posing as the known user is provided.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This non-provisional application claims the benefit under 35 U.S.C. § 119(e) to U.S. Provisional Application No. 63/554,357, filed on Feb. 16, 2024, all of which is hereby incorporated by reference into the present application. This application is an improvement on application Ser. No. 17/530,136 filed on Nov. 18, 2021 now U.S. Pat. No. 11,405,189 B1 (hereafter referred to as the -189- patent) granted Aug. 2, 2022 entitled “Systems and Methods for Trustworthy Electronic Authentication Using a Computing Device” which is hereby expressly incorporated by reference into the present application. FIELD OF THE INVENTION The present application is directed to trustworthy systems and methods for generating symmetric cryptographic-keys to provide high confidence digital signing and encryption of electronic data by utilizing a registered known user's ephemeral, typically four-factor, authentication-response to derive signing-keys and encryption-keys, particularly for use in the e-commerce environment. BACKGROUND Digital signatures are used to authenticate the identity of the signatory and to detect unauthorized modifications to data. A digital signature, also known as an electronic signature, is a cryptographic method for verifying the authenticity and integrity of digital messages or documents. A valid digital signature gives a relying party a level of confidence that the message was created by a verified known sender (authenticity), and that the message was not altered in transit (integrity). In addition, the recipient of signed data can use a digital signature as evidence in demonstrating to a third party that the signature was, in fact, generated by the claimed signatory. This attribute is known as ‘non-repudiation’ since the signatory cannot easily refute, at a later time, that the message was signed by them. An example of current digital signature technologies is the Federal Information Processing Standard (FIPS) 186-5 Digital Signature Standard (DSS). This DSS relies on public key cryptography which uses asymmetric signing keys in public-private key pairs to encrypt and decrypt messages and their associated Message Authentication Code (MAC), which is a typical method used to cryptographically create a digital signature. However, the long-term viability of current asymmetric-key cryptosystems is at increased risk of compromise when quantum computing becomes available at some time in the future. Such quantum computing may make it practical to perform factorization of large integers, rendering such asymmetric-key encryption and digital signature systems vulnerable and accordingly potentially obsolete for their typical intended uses. It should be noted that asymmetric cryptosystems for signing and encryption of documents are more at-risk than communications-based encryption systems because the effective lifetime (potentially unlimited) of a digitally signed document is not necessarily limited in time like the typical lifetime of encrypted communications such as e-commerce transactions. In contrast, symmetric-key encryption schemes including systems using long-term shared-secret encryption-keys of sufficient key lengths are not considered to be vulnerable to known quantum computing attacks and are therefore considered by cryptography experts at the US Government's cryptography authorities, the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA), to be the best long-term solution. What is needed is a new method using symmetric-key signing and encryption that improves on the confidence level of verifying the identity of the signatory, is not vulnerable to quantum cryptanalysis attacks, and overcomes the challenges of symmetric-key management such that it can be scaled to support possibly billions of computing devices and users. OBJECTIVES AND BENEFITS The embodiments described herein when used in the light of the teachings of the -189-patent overcome some or all of the disadvantages of asymmetric cryptography signature schemes described above in the BACKGROUND section of the present application. In the context of the present application and the -189- patent, the terms “user”, “known user” and “signatory” all refer to the same entity. The embodiments of the present application exhibit some or all of the following advantages achieved in accordance with the teachings of the present application: An advantage of the embodiments disclosed herein is that they may improve the level of confidence in digital signatures derived from the strength of the signatory's authentication that results from utilizing an increased number of authentication factors over the prior art, identity factors which are combined cryptographically to bind the known user to their device, their password and their biometric identity and furthermore adding a dynamic one-time random challenge factor to create a non-repeating ephemeral key that thwarts replay attacks by electron