Secure authorization systems and methods
First Claim
1. A method performed by a system for authenticating the right of a user to access a managed resource, the method comprising:
- receiving, from a service provider system associated with a managed resource, authentication credentials provided to the service provider system by the user, the authentication credentials comprising a first secure token generated by a client device associated with the user, wherein the client device includes software executing on a mobile computing platform, wherein the mobile computing platform is personalized by a personalization service, contains a first secure key provisioned to the mobile computing platform by the personalization service used for generating the first secure token, and includes an open processing environment and a protected processing environment, the protected processing environment being configured to store the first secure key in an encrypted format and to generate the first secure token without exposing the first secure key in an unencrypted format in memory of the open processing environment;
retrieving, based on the authentication credentials, a second secure key;
generating, based on the second secure key, a second secure token wherein generating the second secure token comprises performing a computation based on the first secure key and other information common to the system and the client device;
comparing the first secure token with the second secure token;
generating an authentication result based on a result of the comparison; and
transmitting the authentication result to the service provider system.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for secure user authentication are described. In certain embodiments, a client device such as a smartphone may be provisioned with a secure key and/or other secret information. The client device may be used to generate unique secure tokens and/or other credentials used in connection with an authentication processes. A user may provide the generated tokens and/or other credentials to a service provider in connection with a request to access a managed service. The validity of the generated tokens and/or other credentials may be verified by an authentication service in communication with the service provider.
-
Citations
11 Claims
-
1. A method performed by a system for authenticating the right of a user to access a managed resource, the method comprising:
-
receiving, from a service provider system associated with a managed resource, authentication credentials provided to the service provider system by the user, the authentication credentials comprising a first secure token generated by a client device associated with the user, wherein the client device includes software executing on a mobile computing platform, wherein the mobile computing platform is personalized by a personalization service, contains a first secure key provisioned to the mobile computing platform by the personalization service used for generating the first secure token, and includes an open processing environment and a protected processing environment, the protected processing environment being configured to store the first secure key in an encrypted format and to generate the first secure token without exposing the first secure key in an unencrypted format in memory of the open processing environment; retrieving, based on the authentication credentials, a second secure key; generating, based on the second secure key, a second secure token wherein generating the second secure token comprises performing a computation based on the first secure key and other information common to the system and the client device; comparing the first secure token with the second secure token; generating an authentication result based on a result of the comparison; and transmitting the authentication result to the service provider system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification