US Patent 11626980 Authentication using key agreement

A client may transmit an authentication request to a server. The server may initiate a key agreement process using a short-lived private key generated at the server and a public key of the device, generate a shared secret, and derive a symmetric key. The symmetric key may be used to encrypt a random challenge. Further, the server initiates a key agreement process for the client using the partial private key that was generated for the client and the short-lived public key generated at the server. A partial key agreement result and the encrypted random challenge may be transmitted to the client. The client may complete the key agreement process using the partial key agreement result and a respective portion of the private key. The client may derive the encryption key and decrypt the random challenge. An indication of the random challenge may be transmitted to the server, which authenticates the client.