System and method for delegating trust to a new authenticator
First Claim
Patent Images
1. A method for enabling one or more new authenticators being implemented in hardware of a new client device, the method comprising:
- the one or more new authenticators determining a number (N) of keys or key pairs contained in registration data associated with a trusted authenticator on a trusted client device, wherein the number N is equal to a number of keys or key pairs that have been registered with a relying party for the trusted authenticator and that also are on the trusted client device, wherein the relying party is remote from the trusted client device and the new client device, wherein the trusted client device and the new client device are mobile devices, and wherein the determination further comprises;
the one or more new authenticators communicating with the trusted authenticator to obtain the number of keys or key pairs in the registration data;
the one or more new authenticators generating N new keys or key pairs of the one or more new authenticators;
the one or more new authenticators providing the N new keys or one of each of the N new key pairs to the trusted authenticator, wherein the trusted authenticator signs each of the N new keys using a key, which corresponds to registration of the trusted authenticator with the relying party, and wherein the trusted authenticator inserts a timestamp into each signature during the signing; and
the one or more new authenticators receiving N signatures from the trusted authenticator, wherein the N signatures are based on the N new keys or the one of each of the N new key pairs; and
the one or more new authenticators performing one or more verification transactions with the relying party based on the N signatures and using the timestamps.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, method, and machine readable medium are described for delegating trust to a new client device or a new authenticator on a trusted device. For example, one embodiment of a method comprises: implementing a series of trust delegation operations to transfer registration data associated with one or more trusted authenticators on a trusted client device to one or more new authenticators on a new client device or on the trusted client device.
-
Citations
20 Claims
-
1. A method for enabling one or more new authenticators being implemented in hardware of a new client device, the method comprising:
-
the one or more new authenticators determining a number (N) of keys or key pairs contained in registration data associated with a trusted authenticator on a trusted client device, wherein the number N is equal to a number of keys or key pairs that have been registered with a relying party for the trusted authenticator and that also are on the trusted client device, wherein the relying party is remote from the trusted client device and the new client device, wherein the trusted client device and the new client device are mobile devices, and wherein the determination further comprises; the one or more new authenticators communicating with the trusted authenticator to obtain the number of keys or key pairs in the registration data; the one or more new authenticators generating N new keys or key pairs of the one or more new authenticators; the one or more new authenticators providing the N new keys or one of each of the N new key pairs to the trusted authenticator, wherein the trusted authenticator signs each of the N new keys using a key, which corresponds to registration of the trusted authenticator with the relying party, and wherein the trusted authenticator inserts a timestamp into each signature during the signing; and the one or more new authenticators receiving N signatures from the trusted authenticator, wherein the N signatures are based on the N new keys or the one of each of the N new key pairs; and the one or more new authenticators performing one or more verification transactions with the relying party based on the N signatures and using the timestamps. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
a trusted authenticator implemented in hardware of a first device; one or more new authenticators that is implemented in hardware of a second device; and a relying party remote from the first and second devices; wherein the one or more new authenticators to be enabled, wherein the enabling operations comprises; the one or more new authenticators determining a number (N) of keys or key pairs contained in registration data associated with the trusted authenticator on a trusted client device, wherein the number N is equal to a number of keys or key pairs that have been registered with the relying party for the trusted authenticator and that also are on the trusted client device, wherein the trusted client device and the new client device are mobile devices, and wherein the determination further comprises; the one or more new authenticators communicating with the trusted authenticator to obtain the number of keys or key pairs in the registration data; the one or more new authenticators generating N new keys or key pairs of the one or more new authenticators; the one or more new authenticators providing the N new keys or one of each of the N new key pairs to the trusted authenticator, wherein the trusted authenticator signs each of the N new keys using a key, which corresponds to registration of the trusted authenticator with the relying party, and wherein the trusted authenticator inserts a timestamp into each signature during from the signing; the one or more new authenticators receiving N signatures from the trusted authenticator, wherein the N signatures are based on the N new keys or the one of each of the new N key pairs; and the one or more new authenticators performing one or more verification transactions with the relying party based on the N signatures and using the timestamps. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification