Method for distributed trust authentication
First Claim
1. A method for distributed trust authentication, the method comprising:
- at a service provider;
using a common private cryptographic key of a public/private cryptographic key pair to generate a first private key share and a second private key share;
distributing, via one or more communications networks, each of the first private key share and the second private key share to an identity provider and a remote multi-factor authentication service, respectively; and
distributing a public cryptographic key of the public/private cryptographic key pair to one of the identity provider and the remote multi-factor authentication service, wherein whichever one of the identity provider and the remote multi-factor authentication service that has the public cryptographic key performs a validation of a combined digital signature;
identifying an attempt, by a user operating a computing device, to authenticate to the service provider;
validating the combined digital signature for authenticating the user, wherein;
the combined digital signature is formed by a combination of a first digital signature and a second digital signature,the first digital signature being generated using the first private key share in response to a successful primary authentication of the user;
the second digital signature being generated using the second private key share in response to a successful secondary authentication of the user,the first private key share and the second private key share being generated using the common private cryptographic key of the public/private cryptographic key pair;
wherein validating the combined digital signature includes using the public cryptographic key of the public/private cryptographic key pair to validate the combined digital signature; and
authenticating the user to the service provider based on the validation of the combined digital signature.
5 Assignments
0 Petitions
Accused Products
Abstract
A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.
198 Citations
12 Claims
-
1. A method for distributed trust authentication, the method comprising:
-
at a service provider; using a common private cryptographic key of a public/private cryptographic key pair to generate a first private key share and a second private key share; distributing, via one or more communications networks, each of the first private key share and the second private key share to an identity provider and a remote multi-factor authentication service, respectively; and distributing a public cryptographic key of the public/private cryptographic key pair to one of the identity provider and the remote multi-factor authentication service, wherein whichever one of the identity provider and the remote multi-factor authentication service that has the public cryptographic key performs a validation of a combined digital signature; identifying an attempt, by a user operating a computing device, to authenticate to the service provider; validating the combined digital signature for authenticating the user, wherein; the combined digital signature is formed by a combination of a first digital signature and a second digital signature, the first digital signature being generated using the first private key share in response to a successful primary authentication of the user; the second digital signature being generated using the second private key share in response to a successful secondary authentication of the user, the first private key share and the second private key share being generated using the common private cryptographic key of the public/private cryptographic key pair; wherein validating the combined digital signature includes using the public cryptographic key of the public/private cryptographic key pair to validate the combined digital signature; and authenticating the user to the service provider based on the validation of the combined digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification