System and method for an integrity focused authentication service
First Claim
1. A method comprising:
- at an authentication service, the authentication service being implementing by one or more computing servers;
(i) receiving from a remote service provider, via a network, an account identifier and an authentication request for authenticating a service request received at the remote service provider from an initiator, wherein the authentication request comprises an authentication challenge that is cryptographically secured with a public cryptographic key of the remote service provider;
(ii) using the account identifier to identify a predefined synchronization mapping established with the authentication service that identifies a destination of a user device having a private cryptographic key corresponding to the public cryptographic key of the remote service provider or a user application having a private cryptographic key corresponding to the public cryptographic key of the remote service provider, wherein the private cryptographic key of the destination and the public cryptographic key of the remote service provider define an asymmetric cryptographic key pair;
(iii) in response to identifying the destination based on the predefined synchronization mapping, routing by the authentication service the authentication request to the destination;
(iv) receiving from the destination an authentication response to the authentication request, the authentication response comprising a challenge response to the authentication challenge, the authentication response being cryptographically secured using the private cryptographic key of the destination; and
(v) in response to receiving the authentication response from the destination, routing the authentication response to the remote service provider based on the predefined synchronization mapping.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for authentication. At an authentication service, key synchronization information is stored for an enrolled authentication device for a user identifier of a service provider. The key synchronization information indicates that a private key stored by the authentication device is synchronized with a public key stored at the service provider. Responsive to an authentication request provided by the service provider for the user identifier, the authentication service determines an authentication device for the user identifier that stores a synchronized private key by using the key synchronization information, and provides the authentication request to the authentication device. The authentication service provides a signed authentication response to the service provider. The authentication response is responsive to the authentication request and signed by using the private key. The service provider verifies the signed authentication response by using the public key.
-
Citations
14 Claims
-
1. A method comprising:
at an authentication service, the authentication service being implementing by one or more computing servers; (i) receiving from a remote service provider, via a network, an account identifier and an authentication request for authenticating a service request received at the remote service provider from an initiator, wherein the authentication request comprises an authentication challenge that is cryptographically secured with a public cryptographic key of the remote service provider; (ii) using the account identifier to identify a predefined synchronization mapping established with the authentication service that identifies a destination of a user device having a private cryptographic key corresponding to the public cryptographic key of the remote service provider or a user application having a private cryptographic key corresponding to the public cryptographic key of the remote service provider, wherein the private cryptographic key of the destination and the public cryptographic key of the remote service provider define an asymmetric cryptographic key pair; (iii) in response to identifying the destination based on the predefined synchronization mapping, routing by the authentication service the authentication request to the destination; (iv) receiving from the destination an authentication response to the authentication request, the authentication response comprising a challenge response to the authentication challenge, the authentication response being cryptographically secured using the private cryptographic key of the destination; and (v) in response to receiving the authentication response from the destination, routing the authentication response to the remote service provider based on the predefined synchronization mapping. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method comprising:
at an authentication service; configuring an authentication channel via the authentication service between a service provider and a user authentication device for authenticating a service request to the service provider; wherein; a private cryptographic key associated with the user authentication device is synchronized with a public cryptographic key associated with the service provider during an enrollment of the user authentication device at the authentication service; the user authentication device is enrolled responsive to enrollment information provided by at least one of the user authentication device, a primary device, and the service provider, the enrollment information including a user identifier, address information of the user authentication device, and information identifying the service provider; an enrollment record is stored at the authentication service, the enrollment record including the enrollment information; at least one of the authentication service, the user authentication device and the service provider synchronizes the private cryptographic key and the public cryptographic key between the user authentication device and the service provider; and information associated with the synchronization is stored at the authentication service in association with the enrollment record as cryptographic key synchronization information, the cryptographic key synchronization information indicating that an asymmetric cryptographic key pair is synchronized between the user authentication device and the service provider; responsive to an authentication request received from the service provider for the user identifier, the authentication request comprising an authentication challenge that is cryptographically secured with the public cryptographic key of the service provider; using the user identifier to identify the synchronization information established with the authentication service that identifies a destination of the user authentication device having the private cryptographic key corresponding to the public cryptographic key of the service provider; in response to identifying the destination based on the synchronization information, routing by the authentication service the authentication request to the user authentication device; receiving from the user authentication device an authentication response to the authentication request, the authentication response comprising a challenge response to the authentication challenge, the authentication response being cryptographically secured using the private cryptographic key of the destination; and in response to receiving the authentication response from the destination, routing the authentication response to the service provider based on the synchronization information. - View Dependent Claims (10, 11, 12, 13, 14)
Specification