Embodiments described herein generally relate to personal communication devices, and more particularly to techniques for authentication of a minor by using a parentally attested security token in a personal communication device at a merchant location.
User identification today relies on the ability of the user to provide a proof of identity. Schemes for identification and authentication rely on characteristics and attributes typically associated with an adult. For example, credit cards, phone numbers, state issued driver's license or the like may be used at merchants and other data points used to confirm the identity of the adult, in online transactions, or the like. However, minors (i.e., children under the age of majority) who may need to authenticate themselves when their parents and guardians are not around may not have the same adult type information to identify themselves. Existing solutions to authenticate the identity of a minor to others can include a note from a parent or a guardian, a school issued identification card (ID card) or a state issued ID card. However, these solutions are not effective. A note may be forged to change its credentials and/or forged to authorize the minor to do what may be outside the scope of authorization by the parent or guardian. Also, state or school ID cards are not standardized and in some cases these ID cards may not be provided at all to a minor. A way of authenticating a minor at physical locations when an adult is not present would be desirable.
In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the invention. It will be apparent, however, to one skilled in the art that the invention may be practiced without these specific details. In other instances, structure and devices are shown in block diagram form in order to avoid obscuring the invention. References to numbers without subscripts or suffixes are understood to reference all instance of subscripts and suffixes corresponding to the referenced number. Moreover, the language used in this disclosure has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter, resort to the claims being necessary to determine such inventive subject matter. Reference in the specification to “one embodiment” or to “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least one embodiment of the invention, and multiple references to “one embodiment” or “an embodiment” should not be understood as necessarily all referring to the same embodiment.
As used herein, the term “a programmable device” can refer to a single programmable device or a plurality of programmable devices working together to perform the function described as being performed on or by a programmable device. Similarly, “a machine-readable medium” can refer to a single physical medium or a plurality of media that together may store the material described as being stored on the machine-readable medium.
As used herein, the term “malware” can refer to any software used to disrupt operation of a programmable device, gather sensitive information or gain access to private systems or networks. Malware includes computer viruses (including worms, Trojan horses, etc.), Bots, ransomware, spyware, adware, scareware and any other type of malicious programs.
As used herein, the term “cloud services” can refer to services made available to users on demand via the Internet from a cloud computing provider's servers that are fully managed by a cloud services provider.
As used herein, the term “Trusted Execution Environment” (TEE) can refer to a secure area that resides in the main processor of a portable device and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE may be made up of software and hardware that provides security against malware attacks and assists in the control of access rights and houses sensitive information.
As used herein, the term “Enhanced privacy ID” (or EPID) can refer to a digital signature scheme that includes one group public key that corresponds to multiple private keys. Each unique private key can be used to sign a message and generate an EPID signature. The EPID signature can be verified using the group public key.
A technique allows a parentally attested electronic security token to serve as authentication for a minor using identifying attributes of the minor child. In embodiments, the security token may include personally identifiable information about the child, a description of authorized activity as well as specifications of intended use of the security token. In embodiments, the security token may include provisions for authentication to be revoked by a parent or guardian and/or expire after a predetermined time. The security token may be stored inside a trusted execution environment of a portable computing device that may be carried by the minor and may be used to authenticate the minor to the portable computing device. A parent's credentials may be used to authenticate the minor to a third-party service or service offering services to minors in when the portable computing device is presented at physical location of the third-party service where authentication is required.
Referring to the figures,
In the example of
Security token may be used by a verifier device associated with a merchant that authenticates minor 108 with respect to one or more transactions or activities minor is authorized to perform with merchant and the duration of the activity that minor 108 is authorized to perform. In an embodiment, TEE 118 of client device 106 may be configured to open a secure attestation session (e.g., via a sigma key exchange protocol) with verifier device of merchant that is signed by an EPID digital signature scheme. TEE 118 attributes are exchanged attesting to the type of trusted execution environment and its security properties.
Parent 104 may be required to register with cloud service 112 in order to request a security token and may be required to provide information related to parent 104's identity and parent 104's relationship to minor 108 in a parent/guardian capacity. In an embodiment, parent 104 may pre-register with cloud service 112 for establishing parent credentials and establishing relationship of parent 104 to minor 108. In embodiments, parent 104 may have more stringent requirements as to information that is required to authenticate the parent 104 and establish parent 104's relationship to minor 108. Information on parent 104 may include parent 104's state issued ID, name, address, birth certificate for minor 108 that confirms relationship to parent 104, social security information for minor 108. Once authenticated, parent 104 may generate information to issue a security token in order to authorize activity of a minor 108 using parent 104's attested credentials.
Security token uses parent attestation credentials for authenticating minor 108 with respect to performing one or more transactions with a merchant associated with verifier device 116. In embodiments, security token is an electronic token that may include information related to attributes of minor 108, duration of the activity that minor is authorized to perform, credentials of parent or guardian associated with minor 108, or the like. In an embodiment, sensors 120 may be configured to authenticate minor 108 to TEE 118 in client device 106. Sensors 120 may include hardware and software sensors including fingerprint scanner, iris scanner, touch integrated keyboard, locally stored biometric templates, password hash of minor 108's password. It is to be appreciated that Internet 114 is not limited to a network of interconnected computer networks that use an internet protocol (IP), and can also include other high-speed data networks and/or telecommunications networks that are configured to pass information back and forth to client devices 102, 106, verifier device 116 and cloud service 112.
Verifier device 116 may be associated with a merchant and may be configured to communicate with client device 106 during authentication of client device 106 associated with minor 108. Verifier device 116 includes a QA Engine 122 (i.e., question and answer engine 122) that may query TEE 118 with questions that may elicit a “yes” or “no” response from TEE 118 during authentication of minor 108. Verifier device 116 may communicate with client device 106 directly including Near-field communications, Wi-Fi®, Bluetooth®, Infrared (IR), etc. protocols or indirectly via Internet 116. (WI-FI is a registered certification mark of Wi-Fi Alliance; BLUETOOTH is a registered certification mark of Bluetooth SIG, Inc.) Verifier device 116 may also be in communication with cloud service 112 in order to receive security token data related to attributes of minor 108 and parent 104's credentials for authenticating client device 106 associated with minor 108 with respect to perform an activity that is authorized by parent 104, duration of activity, description of activity, or the like.
Also shown in
Token ID 215 and minor ID 220 are communicated to cloud service 225. Cloud service 225 processes the information that is received and may issue a security token 230. Security token 230 may be provided to parent 104 of client device 102 for provisioning security token 230 into TEE 118 of client device 106. In another embodiment, parent 104 may use client device 106 to communicate with cloud service 225 and receive the issued security token 230 for provisioning security token 230 directly into TEE 118 of client device 106. Security token 230 includes information that may be used to authenticate the identity of minor 108, authorized activity for minor 108 and dates for the activity that minor 108 is authorized. In another embodiment, security token 230 includes information that may be used by a third-party merchant for validating the identity of minor 108 through a question and answer query that minor 108 is expected to know based on information provided by parent 104 during security token creation, which may also confirm that issuer of security token 230 is trusted to be a parent or guardian of minor 108.
Token ID 310 and/or minor ID 320 are communicated to cloud service 225 for evaluation. Cloud service 325 may be cloud service 112 of
In 410, minor 108 may initiate a transaction with a merchant at a physical merchant location. In an embodiment, minor may be initiating a transaction to perform a particular activity based on parental consent or non-parental consent.
In 415, if client device 106 is carried by minor 108 that contains a physical security token (i.e., step 415=“Y”), then, in 420, a verifier device of a merchant, e.g., verifier device 116, requests a secure attestation session with client device 106. However, if minor 108's device does not have a physical security token or minor does not have a portable device (i.e., step 415=“N”), then, step 415 proceeds to step 465 where verifier device 116 may query cloud service 112 with question and answer questions for which answers were provided by parent 104 during issuance of security token. In step 470, verifier device 116 queries cloud service 112 with question and answer challenge questions (i.e., search query language queries) as a means of looking up minor 108 based on observed biometric data visible (i.e., weight, height, hair color, eye color) or other information provided by minor 108 with respect to minor 108's parents and activity minor 108 wants to participate (e.g., “my name is John Smith. My father Jack Smith said I can ride the water slide”). If attribute look-up matches minor 108's physical attributes (i.e., step 470=“Y”), then, in step 475, minor is granted access to activity. However, if attributes do not match minor 108's attributes (i.e., step 470=“N”), then, in 480 access for minor 108 to perform the activity is denied and parent 104 may be notified that minor 108 was denied access
In 425, TEE 118 of client device 106 may respond and open a secure attestation session with verifier device 116. In an embodiment, TEE 118 of client device 106 opens a secure attestation session (e.g., via a sigma key exchange protocol) where Diffie-Hellman session keys are created and signed by an EPID digital signature scheme. TEE 118 attributes are exchanged attesting to the type of trusted execution environment and its security properties.
In 430, verifier device 116 receives a copy of the security token from cloud service 112. The copy of the security token may be substantially similar to the security token stored in TEE 118 and may include minor 108's attributes, authorized activities for minor 108, or the like.
In 435, verifier device 116 authenticates parent credentials from copy of security token data that is received from cloud service 112 with parent's credentials from the security token in TEE 118 using key protocol (e.g., sigma). In an embodiment, parent 104's credentials is attested using sigma key exchange protocol whereby parent 104's credentials are protected for privacy (whereby EPID signs parent 104's credentials). Parent credentials from TEE 118 are compared against parent credentials from cloud service 112 to determine if they match, which indicates authenticity of parent credentials. In an embodiment, parent credentials from TEE 118 may be used to authenticate client device 106 via security token stored in TEE 118 to verifier device 116.
If parent's credentials are authenticated (i.e., step 435=“Y”), then, step 435 proceeds to step 440 where security token in TEE 118 is evaluated against the copy of the security token to determine if security token is valid and/or security token is not revoked. However, if parent credentials are not authenticated (i.e., step 435=“N”), then step 435 proceeds to step 460 where access for minor to perform the activity is declined and parent 104 is notified that minor 108 was denied access. In an embodiment, verifier device 116 may notify cloud service 112 that minor 108's access was denied and parent 104 may be notified via cloud service 112.
In 440, if security token is valid and/or security token is not revoked (i.e., step 440=“Y”), then, step 440 proceeds to step 445 where security token in TEE 118 is evaluated against the copy of the security token to determine if minor 108 is attempting to perform an activity that minor 108 is authorized in security token. In an embodiment, verifier device 116 queries TEE 118 using QA engine whether minor 108 satisfies certain criteria without revealing minor 108's identifiable attributes. For example, verifier device 116 may query TEE 118 with questions that may elicit a “yes” or “no” response such as, for example, “Minor is authorized to attend PG-13 movie?” TEE 118 may evaluate query and respond with a “yes” or “no” and hash of query as nonce. In response, verifier device 116 may verify that parent credential signature using parent's public credentials (e.g., certificate, Kerberos ticket, OpenID token, or the like). However, if security token is not valid and/or is revoked (i.e., step 440=“N”), then step 440 proceeds to step 460 where access for minor 108 to perform the activity is declined and parent 104 is notified that minor 108 was denied access. In an embodiment, verifier device may notify cloud service 112 that minor 108's access was denied and parent 104 may be notified via cloud service 112.
In 445, if minor is performing activity as intended in the security token (i.e., step 445=“Y”), then, step 445 proceeds to step 450 where security token in TEE 118 is evaluated against the copy of the security token to determine if minor 108's physical attributes matches attributes of security token. In embodiments, verifier device 116 may query TEE 118 of client device with “yes” or “no” questions relating to minor 108's attributes. TEE 118 may respond with a “yes” or “no” answer and hash of the verifier device 116's query that is signed by the public key of the parent credential. However, if minor 108 is not using token for attached description (i.e., step 445=“N”), then step 445 proceeds to step 460 where access for minor to perform the activity is declined and parent 104 is notified that minor 108 was denied access. In an embodiment, verifier device 116 may notify cloud service 112 that minor 108's access was denied and parent 104 may be notified via cloud service 112.
In 450, if minor 108's physical attributes match attributes described in security token (i.e., step 450=“Y”), then in 455, access is approved for minor to perform the activity and during the duration that is specified in token. However, if minor 108's physical attributes do not match attributes described in security token (i.e., step 450=“N”), then step 450 proceeds to step 460 where access for minor to perform the activity is declined and parent 104 is notified that minor 108 was denied access. In an embodiment, verifier device 116 may notify cloud service 112 that minor 108's access was denied and parent 104 may be notified via cloud service 112. Process 400 ends in step 485.
Benefits of the embodiments described above include allowing parentally attested electronic security token to serve as authentication for a minor using identifying attributes of the minor child without using uniquely identifiable information, which protects safety and privacy of minors. The security token is also revocable and may be constrained to particular times and dates as specified by the parent.
Referring now to
Programmable device 500 is illustrated as a point-to-point interconnect system, in which the first processing element 570 and second processing element 580 are coupled via a point-to-point interconnect 550. Any or all of the interconnects illustrated in
As illustrated in
Each processing element 570, 580 may include at least one shared cache 546. The shared cache 546a, 546b may store data (e.g., instructions) that are utilized by one or more components of the processing element, such as the cores 574a, 574b and 584a, 584b, respectively. For example, the shared cache may locally cache data stored in a memory 532, 534 for faster access by components of the processing elements 570, 580. In one or more embodiments, the shared cache 546a, 546b may include one or more mid-level caches, such as level 2 (L2), level 3 (L3), level 4 (L4), or other levels of cache, a last level cache (LLC), or combinations thereof.
While
First processing element 570 may further include memory controller logic (MC) 572 and point-to-point (P-P) interconnects 576 and 578. Similarly, second processing element 580 may include a MC 582 and P-P interconnects 586 and 588. As illustrated in
Processing element 570 and processing element 580 may be coupled to an I/O subsystem 590 via respective P-P interconnects 576 and 586 through links 552 and 554. As illustrated in
In turn, I/O subsystem 590 may be coupled to a first link 516 via an interface 596. In one embodiment, first link 516 may be a Peripheral Component Interconnect (PCI) bus, or a bus such as a PCI Express bus or another I/O interconnect bus, although the scope of the present invention is not so limited.
As illustrated in
Note that other embodiments are contemplated. For example, instead of the point-to-point architecture of
Referring now to
The programmable devices depicted in
Referring now to
The following examples pertain to further embodiments.
Example 1 is a computer system for authentication of a minor, comprising: one or more processors; and a memory coupled to the one or more processors, on which are stored instructions, comprising instructions that when executed cause one or more of the processors to: receive information regarding initiation of a transaction with a client device associated with the minor; query the client device to determine authentication information for the minor, wherein the authentication information is associated with a security token; receive a copy of the security token with a copy of the authentication information; and compare the security token with the copy of the security token; wherein the authentication information includes at least one of physical attributes of the minor, authorized activity for the minor, and duration of the authorized activity for the minor.
In Example 2, the subject matter of Example 1 can optionally include, wherein the instructions further comprise instructions that when executed cause the one or more processors to query the client device to determine parent credentials associated with the client device.
In Example 3, the subject matter of Example 2 can optionally include, wherein the instruction further comprise instructions that when executed cause the one or more processors to determine if the parent credentials are authenticated to the client device.
In Example 4, the subject matter of Examples 1 to 2 can optionally include, wherein the instructions further comprise instructions that when executed cause the one or more processors to determine if the minor is authorized to perform the transaction responsive to the comparing of the security token with the copy of the security token.
In Example 5, the subject matter of Examples 1 to 2 can optionally include, wherein the instructions further comprise instructions that when executed cause the one or more processors to determine if the minor is authorized to perform the transaction further comprise instructions that when executed cause the machine to determine at least one of: whether the physical attributes in the security token matches a copy of the physical attributes in the copy of the security token; and whether the authorized activity in the security token matches a copy of the authorized activity in the copy of the security token.
In Example 6, the subject matter of Example 5 can optionally include, wherein the instructions further comprise instruction that when executed cause the one or more processors to deny access of the minor to the transaction responsive to a determination that the physical attributes does not match the copy of the physical attributes.
In Example 7, the subject matter of Examples 5 can optionally include, wherein the instructions further comprise instruction that when executed cause the one or more processors to deny access of the minor to the transaction responsive to a determination that the authorized activity does not match the copy of the authorized activity.
In Example 8, the subject matter of Examples 1 to 2 can optionally include, wherein the instructions further comprise instructions that when executed cause the one or more processors receive a copy of the security token from a cloud service.
In Example 9, the subject matter of Examples 1 to 2 can optionally include, wherein the instructions further comprise instructions that when executed cause the one or more processors to query the client device to authenticate parent credentials for a parent of the minor.
Example 10 is a method for authenticating a minor, comprising: receiving information regarding initiation of a transaction with a client device associated with the minor; querying the client device to determine authentication information for the minor, wherein the authentication information is associated with a security token; receiving a copy of the security token with a copy of the authentication information; and comparing the security token with the copy of the security token; wherein the authentication information includes at least one of physical attributes of the minor, authorized activity for the minor, and duration of the authorized activity for the minor.
In Example 11, the subject matter of Example 10 can optionally include querying the client device to determine parent credentials associated with the client device.
In Example 12, the subject matter of Example 11 can optionally include determining if the parent credentials are authenticated to the client device.
In Example 13, the subject matter of Examples 10 to 11 can optionally include determining if the minor is authorized to perform the transaction responsive to the comparing of the security token with the copy of the security token.
In Example 14, the subject matter of Examples 10 to 11 can optionally include determining if the minor is authorized to perform the transaction further comprise instructions that when executed cause the machine to determine at least one of: whether the physical attributes in the security token matches a copy of the physical attributes in the copy of the security token; and whether the authorized activity in the security token matches a copy of the authorized activity in the copy of the security token.
In Example 15, the subject matter of Example 14 can optionally include denying access of the minor to the transaction responsive to a determination that the physical attributes does not match the copy of the physical attributes.
In Example 16, the subject matter of Example 14 can optionally include denying access of the minor to the transaction responsive to a determination that the authorized activity does not match the copy of the authorized activity.
In Example 17, the subject matter of Examples 10 to 11 can optionally include receiving a copy of the security token from a cloud service.
In Example 18, the subject matter of Examples 10 to 11 can optionally include querying the client device to authenticate parent credentials for a parent of the minor.
Example 19 is a computer system for authentication of a minor, comprising: one or more processors; and a memory coupled to the one or more processors, on which are stored instructions, comprising instructions that when executed cause one or more of the processors to: provide information regarding a relationship of parent to the minor; provide activity information regarding activity that is authorized for the minor; provide attribute information regarding attributes of the minor; and receive a security token comprising the activity information and the attribute information.
In Example 20, the subject matter of Example 19 can optionally include, wherein the instruction further comprise instruction that when executed cause the one or more processors to receive revocation instructions regarding revoking the security token.
In Example 21, the subject matter of Example 19 can optionally include, wherein the instruction further comprise instruction that when executed cause the one or more processors to receive at least one of updated activity information regarding the activity for the minor or updated attribute information regarding the attributes of the minor.
Example 22 is a method for authentication of a minor, comprising: providing information regarding a relationship of parent to the minor; providing activity information regarding activity that is authorized for the minor; providing attribute information regarding attributes of the minor; and receiving a security token comprising the activity information and the attribute information.
In Example 23, the subject matter of Example 22 can optionally include receiving revocation instructions regarding revoking the security token.
In Example 24, the subject matter of Examples 22 to 23 can optionally include receiving at least one of updated activity information regarding the activity for the minor or updated attribute information regarding the attributes of the minor.
In Example 25, the subject matter of Example 24 can optionally include updating information regarding the security token responsive to receiving at least one of the updated activity information or the updated attribute information.
Example 26 is a machine readable medium, on which are stored instructions, comprising instructions that when executed cause a machine to: receive information regarding initiation of a transaction with a client device associated with a minor; query the client device to determine authentication information for the minor, wherein the authentication information is associated with a security token; receive a copy of the security token with a copy of the authentication information; and compare the security token with the copy of the security token; wherein the authentication information includes at least one of physical attributes of the minor, authorized activity for the minor, and duration of the authorized activity for the minor.
In Example 27, the subject matter of Example 26 can optionally include, wherein the instructions further comprise instructions that when executed cause the machine to determine if the minor is authorized to perform the transaction responsive to the comparing of the security token with the copy of the security token.
In Example 28, the subject matter of Example 26 can optionally include, wherein the instructions further comprise instructions that when executed cause the machine to determine if the minor is authorized to perform the transaction further comprise instructions that when executed cause the machine to determine if the physical attributes in the security token matches a copy of the physical attributes in the copy of the security token.
In Example 29, the subject matter of Example 28 can optionally include, wherein the instructions further comprise instruction that when executed cause the machine to deny access of the minor to the transaction responsive to a determination that the physical attributes does not match the copy of the physical attributes.
In Example 30, the subject matter of Examples 26 to 28 can optionally include, wherein the instructions when executed cause the machine to determine if the minor is authorized to perform the transaction further comprise instructions that when executed cause the machine to determine if the authorized activity in the security token matches a copy of the authorized activity in the copy of the security token.
In Example 31, the subject matter of Example 30 can optionally include, wherein the instructions further comprise instruction that when executed cause the machine to deny access of the minor to the transaction responsive to a determination that the authorized activity does not match the copy of the authorized activity.
In Example 32, the subject matter of Examples 26 to 28 can optionally include, wherein the instructions that when executed cause the machine to receive a copy of the security token further comprise instructions that when executed cause the machine receive a copy of the security token from a cloud service.
In Example 33, the subject matter of Examples 26 to 28 can optionally include, wherein the instructions further comprise instructions that when executed cause the machine to query the client device to authenticate parent credentials for a parent of the minor.
It is to be understood that the above description is intended to be illustrative, and not restrictive. For example, the above-described embodiments may be used in combination with each other. Many other embodiments will be apparent to those of skill in the art upon reviewing the above description. The scope of the invention therefore should be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.