US Patent 11405189 Systems and methods for trustworthy electronic authentication using a computing device

A method, system, and digital recording medium provides for convenient and trustworthy user authentication with a computing device combining four authentication factors through use of a remote authentication system (RAS). An identity token (Device-ID) cryptographically bound to the user's computing device is generated as a first authentication factor. A password known only to the user is a second factor. Cryptographic signatures generated from the user's biometric minutiae is a third factor. A random challenge received from the RAS is a fourth factor. An encryption key-generation key is created cryptographically using the Device-ID and stored locally, which together with the user's cryptographic signatures are encrypted with a one-time-pad encryption key obtained from the RAS on a communication channel different from that used for other communication between the device and the RAS to provide perfect secrecy, then transmitted from the device to the RAS on a connection therebetween to register said shared-secrets.