System and method for implementing a hosted authentication service
First Claim
1. A system comprising:
- one or more hardware platforms implementing a hosted authentication service to provide authentication services for relying parties, the hosted authentication service and the relying parties being separate parties, the hosted authentication service registering a relying party by sharing a key with the relying party, the hosted authentication service comprising an administration portal through which a relying party administrator configures the hosted authentication service to provide authentication services on behalf of the relying party;
a first program code component provided by the hosted authentication service is inserted into an application hosted by the relying party, the first program code component causing a client device accessing the application to be redirected to the hosted authentication service for user-authentication and other authentication-related functions including registering one or more new authenticators and deregistering one or more authenticators of a user'"'"'s client device; and
the hosted authentication service, based on a plurality of different authentication-related events occurring between the client device and the hosted authentication service, transmitting a plurality of assertions directly to the relying party thereby bypassing the client device, each assertion of the plurality of assertions specifying one different authentication-related event occurring between the client device and the hosted authentication service, each assertion of the plurality of assertions including at least one indication, wherein a first assertion indicates that the user has registered a new authenticator, a second assertion indicates that the user has deregistered an authenticator, and a third assertion indicates that the user has authenticated with the authentication service using an authenticator, wherein the relying party validating each one of the plurality of assertions using the key.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, method, and machine readable medium are described for a hosted authentication service. For example, one embodiment of a system comprises: a hosted authentication service to provide authentication services for relying parties, the hosted authentication service registering a relying party by sharing a key with the relying party; a first program code component inserted into an application hosted by the relying party, the first program code component causing a client device accessing the application to be redirected to the hosted authentication service for authentication-related functions; and the hosted authentication service transmitting one or more assertions to the relying party specifying authentication-related events occurring between the client device and the hosted authentication service, the relying party validating the assertions using the key.
333 Citations
20 Claims
-
1. A system comprising:
- one or more hardware platforms implementing a hosted authentication service to provide authentication services for relying parties, the hosted authentication service and the relying parties being separate parties, the hosted authentication service registering a relying party by sharing a key with the relying party, the hosted authentication service comprising an administration portal through which a relying party administrator configures the hosted authentication service to provide authentication services on behalf of the relying party;
a first program code component provided by the hosted authentication service is inserted into an application hosted by the relying party, the first program code component causing a client device accessing the application to be redirected to the hosted authentication service for user-authentication and other authentication-related functions including registering one or more new authenticators and deregistering one or more authenticators of a user'"'"'s client device; and the hosted authentication service, based on a plurality of different authentication-related events occurring between the client device and the hosted authentication service, transmitting a plurality of assertions directly to the relying party thereby bypassing the client device, each assertion of the plurality of assertions specifying one different authentication-related event occurring between the client device and the hosted authentication service, each assertion of the plurality of assertions including at least one indication, wherein a first assertion indicates that the user has registered a new authenticator, a second assertion indicates that the user has deregistered an authenticator, and a third assertion indicates that the user has authenticated with the authentication service using an authenticator, wherein the relying party validating each one of the plurality of assertions using the key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- one or more hardware platforms implementing a hosted authentication service to provide authentication services for relying parties, the hosted authentication service and the relying parties being separate parties, the hosted authentication service registering a relying party by sharing a key with the relying party, the hosted authentication service comprising an administration portal through which a relying party administrator configures the hosted authentication service to provide authentication services on behalf of the relying party;
-
9. A method comprising:
- registering a relying party at a hosted authentication service by sharing a key with the relying party, the hosted authentication service and the relying parties being separate parties, the hosted authentication service comprising an administration portal through which a relying party administrator configures the hosted authentication service to provide authentication services on behalf of the relying party;
inserting a first program code component provided by the hosted authentication device into an application hosted by the relying party, the first program code component causing a client device accessing the application to be redirected to the hosted authentication service for user-authentication and other authentication-related functions including registering one or more new authenticators and deregistering one or more authenticators of a user'"'"'s client device; and transmitting, based on a plurality of authentication-related events occurring between the client device and the hosted authentication service, a plurality of assertions from the hosted authentication service directly to the relying party thereby bypassing the client device, each assertion of the plurality of assertions specifying one different authentication-related event occurring between the client device and the hosted authentication service, each assertion of the plurality of assertions including at least one indication, wherein a first assertion indicates that the user has registered a new authenticator, a second assertion indicates that the user has deregistered an authenticator, and a third assertion indicates that the user has authenticated with the authentication service using an authenticator, wherein the relying party validating each one of the plurality of assertions using the key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- registering a relying party at a hosted authentication service by sharing a key with the relying party, the hosted authentication service and the relying parties being separate parties, the hosted authentication service comprising an administration portal through which a relying party administrator configures the hosted authentication service to provide authentication services on behalf of the relying party;
-
17. A non-transitory machine-readable medium having program code stored thereon which, when executed by a machine, causes the machine to perform operations of:
- registering a relying party at a hosted authentication service by sharing a key with the relying party, the hosted authentication service and the relying parties being separate parties, the hosted authentication service comprising an administration portal through which a relying party administrator configures the hosted authentication service to provide authentication services on behalf of the relying party;
inserting a first program code component provided by the hosted authentication service into an application hosted by the relying party, the first program code component causing a client device accessing the application to be redirected to the hosted authentication service for user-authentication and other authentication-related functions including registering one or more new authenticators and deregistering one or more authenticators of a user'"'"'s client device; and transmitting, based on a plurality of different authentication-related-events occurring between the client device and the hosted authentication service, a plurality of assertions from the hosted authentication service directly to the relying party thereby bypassing the client device, each assertion of the plurality of assertions specifying one different authentication-related event occurring between the client device and the hosted authentication service, each assertion of the plurality of assertions including at least one indication, wherein a first assertion indicates that the user has registered a new authenticator, a second assertion indicates that the user has deregistered an authenticator, and a third assertion indicates that the user has authenticated with the authentication service using an authenticator, wherein the relying party validating each one of the plurality of assertions using the key. - View Dependent Claims (18, 19, 20)
- registering a relying party at a hosted authentication service by sharing a key with the relying party, the hosted authentication service and the relying parties being separate parties, the hosted authentication service comprising an administration portal through which a relying party administrator configures the hosted authentication service to provide authentication services on behalf of the relying party;
Specification