Method for distributed trust authentication
First Claim
Patent Images
1. A method for distributed trust authentication, the method comprising:
- at a service provider;
using a common private cryptographic key of a public/private cryptographic key pair to generate a first private key share and a second private key share;
distributing, via one or more communications networks, each of the first private key share and the second private key share to an identity provider and a remote multi-factor authentication service, respectively; and
distributing a public cryptographic key of the public/private cryptographic key pair to one of the identity provider and the remote multi-factor authentication service, wherein whichever one of the identity provider and the remote multi-factor authentication service that has the public cryptographic key performs a validation of a combined digital signature;
identifying an attempt, by a user operating a computing device, to authenticate to the service provider;
validating the combined digital signature for authenticating the user, wherein;
the combined digital signature is formed by a combination of a first digital signature and a second digital signature,the first digital signature being generated using the first private key share in response to a successful primary authentication of the user;
the second digital signature being generated using the second private key share in response to a successful secondary authentication of the user,the first private key share and the second private key share being generated using the common private cryptographic key of the public/private cryptographic key pair;
wherein validating the combined digital signature includes using the public cryptographic key of the public/private cryptographic key pair to validate the combined digital signature; and
authenticating the user to the service provider based on the validation of the combined digital signature.
5 Assignments
0 Petitions
Accused Products
Abstract
A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.
198 Citations
12 Claims
-
1. A method for distributed trust authentication, the method comprising:
-
at a service provider; using a common private cryptographic key of a public/private cryptographic key pair to generate a first private key share and a second private key share; distributing, via one or more communications networks, each of the first private key share and the second private key share to an identity provider and a remote multi-factor authentication service, respectively; and distributing a public cryptographic key of the public/private cryptographic key pair to one of the identity provider and the remote multi-factor authentication service, wherein whichever one of the identity provider and the remote multi-factor authentication service that has the public cryptographic key performs a validation of a combined digital signature; identifying an attempt, by a user operating a computing device, to authenticate to the service provider; validating the combined digital signature for authenticating the user, wherein; the combined digital signature is formed by a combination of a first digital signature and a second digital signature, the first digital signature being generated using the first private key share in response to a successful primary authentication of the user; the second digital signature being generated using the second private key share in response to a successful secondary authentication of the user, the first private key share and the second private key share being generated using the common private cryptographic key of the public/private cryptographic key pair; wherein validating the combined digital signature includes using the public cryptographic key of the public/private cryptographic key pair to validate the combined digital signature; and authenticating the user to the service provider based on the validation of the combined digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeDuo Security Incorporated (Cisco Systems, Inc.)
-
InventorsOberheide, Jon, Song, Dug, Goodman, Adam
-
Primary Examiner(s)Gracia, Gary S
-
Application NumberUS15/906,237Publication NumberTime in Patent Office245 DaysField of SearchNoneUS Class CurrentCPC Class CodesG06F 21/40 by quorum, i.e. whereby two...H04L 2463/082 applying multi-factor authe...H04L 63/0815 providing single-sign-on or...H04L 63/0838 using one-time-passwordsH04L 63/10 for controlling access to d...H04L 63/102 Entity profilesH04L 9/085 Secret sharing or secret sp...H04L 9/0863 involving passwords or one-...H04L 9/14 using a plurality of keys o...H04L 9/30 Public key, i.e. encryption...H04L 9/3226 using a predetermined code,...H04L 9/3247 involving digital signatures
