Methods and systems for secure digital credentials
US-10645068-B2 · May 5, 2020 · US
Method, apparatus, and system for processing two-dimensional barcodes
US11336435B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11336435-B2 |
| Application number | US-202117341188-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 7, 2021 |
| Priority date | Dec 14, 2016 |
| Publication date | May 17, 2022 |
| Grant date | May 17, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
This specification describes techniques for processing service requests. An electronic credential request including a user identifier is received from a client. An electronic credential that corresponds to the user identifier and a user public key that corresponds to the user are retrieved. A hash operation is performed on the user public key and the electronic credential by using a hash algorithm to obtain a hash value that is signed within a predetermined time period. Server signature information is generated using the hashed credential, and transmitted with the electronic credential to the client. The server signature information is cryptographically verifiable by the client and enables the client to generate a two-dimensional barcode based on the electronic credential.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computer-implemented method for processing service requests, the computer-implemented method comprising: receiving, by one or more processors, an electronic credential request from a client, wherein the electronic credential request comprises a user identifier; retrieving, by the one or more processors, an electronic credential that corresponds to the user identifier; retrieving, by the one or more processors, at least one user public key that corresponds to the client, the at least one user public key having been temporarily allocated by a server to the electronic credential; performing, by the one or more processors, a hash operation on the at least one user public key and the electronic credential by using a hash algorithm to obtain a hash value; signing, by the one or more processors, within a predetermined time period, the hash value by using a server private key to generate a hashed credential; generating, by the one or more processors, server signature information, using the hashed credential; and transmitting, by the one or more processors, the server signature information and the electronic credential to the client, wherein the server signature information is cryptographically verifiable, by the client, within the predetermined time period and enables the client to generate a two-dimensional barcode based on the electronic credential, wherein the electronic credential included in the two-dimensional barcode is verifiable by a credential verification device that generates the electronic credential based on the user identifier. 2. The computer-implemented method of claim 1 , wherein the at least one user public key comprises a first user public key and the computer-implemented method further comprises: allocating a user signature key to the electronic credential, and signing the electronic credential and the first user public key by using the server private key, wherein the user signature key comprises the first user public key. 3. The computer-implemented method of claim 2 , wherein the at least one user public key comprises a second user public key and the computer-implemented method further comprises: obtaining the second user public key sent by the client, and signing the electronic credential and the second user public key by using the server private key. 4. The computer-implemented method of claim 2 , wherein the user signature key is an asymmetric key. 5. The computer-implemented method of claim 3 , wherein the first user public key is signed by using the server private key, transmitting the server signature information and the electronic credential to the client comprises: transmitting at least one user public key, the server signature information, and the electronic credential to the client. 6. The computer-implemented method of claim 1 , further comprising: determining a service validity time based on the electronic credential request; and verifying whether the service validity time complies with a service specification. 7. The computer-implemented method of claim 6 , wherein the service validity time is based on a type of the electronic credential. 8. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising: receiving an electronic credential request from a client, wherein the electronic credential request comprises a user identifier; retrieving an electronic credential that corresponds to the user identifier; retrieving at least one user public key that corresponds to the client, the at least one user public key having been temporarily allocated by a server to the electronic credential; performing a hash operation on the at least one user public key and the electronic credential by using a hash algorithm to obtain a hash value; signing within a predetermined time period, the hash value by using a server private key to generate a hashed credential; generating server signature information, using the hashed credential; and transmitting the server signature information and the electronic credential to the client, wherein the server signature information is cryptographically verifiable, by the client, within the predetermined time period and enables the client to generate a two-dimensional barcode based on the electronic credential, wherein the electronic credential included in the two-dimensional barcode is verifiable by a credential verification device that generates the electronic credential based on the user identifier. 9. The non-transitory, computer-readable medium of claim 8 , wherein the at least one user public key comprises a first user public key and the operations further comprise: allocating a user signature key to the electronic credential, and signing the electronic credential and the first user public key by using the server private key, wherein the user signature key comprises the first user public key. 10. The non-transitory, computer-readable medium of claim 8 , wherein the at least one user public key comprises a second user public key and the operations further comprise: obtaining the second user public key sent by the client, and signing the electronic credential and the second user public key by using the server private key. 11. The non-transitory, computer-readable medium of claim 9 , wherein the user signature key is an asymmetric key. 12. The non-transitory, computer-readable medium of claim 10 , wherein the first user public key is signed by using the server private key, transmitting the server signature information and the electronic credential to the client comprises: transmitting at least one user public key, the server signature information, and the electronic credential to the client. 13. The non-transitory, computer-readable medium of claim 8 , further comprising: determining a service validity time based on the electronic credential request; and verifying whether the service validity time complies with a service specification. 14. A computer-implemented system, comprising: one or more computers; and one or more computer memory devices interoperably coupled with the one or more computers and a having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, cause the one or more computers to perform one or more operations comprising: receiving an electronic credential request from a client, wherein the electronic credential request comprises a user identifier; retrieving an electronic credential that corresponds to the user identifier; retrieving at least one user public key that corresponds to the client, the user public key having been temporarily allocated by a server to the electronic credential; performing a hash operation on the at least one user public key and the electronic credential by using a hash algorithm to obtain a hash value; signing within a predetermined time period, the hash value by using a server private key to generate a hashed credential; generating server signature information, using the hashed credential; and transmitting the server signature information and the electronic credential to the client, wherein the server signature information is cryptographically verifiable, by the client, within the predetermined time period and enables the client to generate a two-dimensional barcode based on the electronic credential, wherein the electronic credential included in the two-dimensional barcode is verifiable by a credential verification device that generates the electronic credential based on the user identifier. 15. The
Assignees
Inventors
Classifications
multi-dimensional coding · CPC title
the source of the received data · CPC title
- H04L63/123Primary
received data contents, e.g. message integrity · CPC title
- G06F21/36Primary
by graphic or iconic representation · CPC title
when the policy decisions are valid for a limited amount of time · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11336435B2 cover?
- This specification describes techniques for processing service requests. An electronic credential request including a user identifier is received from a client. An electronic credential that corresponds to the user identifier and a user public key that corresponds to the user are retrieved. A hash operation is performed on the user public key and the electronic credential by using a hash algori…
- Who is the assignee on this patent?
- Advanced New Technologies Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/123. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 17 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).