Identity authentication migration between different authentication systems
First Claim
1. A method comprising:
- validating a digital program code signature received with an authentication request which includes a security credential for a first identity, wherein the authentication request indicates a first system that uses a first cryptographic technology to authenticate the first identity based on the security credential;
validating a security token also received with the authentication request, wherein the security token represents a trust relationship between an intermediary that received the authentication request and a requestor of the authentication request;
storing the security credential after validation of the authentication request based, at least in part, on the validating of the digital program code signature and the security token;
communicating the authentication request to the first system after storing the security credential;
in response to receipt of a successful authentication response from the first system for the first identity based on the security credential, generating a migrate request to update a credential store of a second system that uses a second cryptographic technology with the security credential and the first identity, wherein the migrate request includes the security credential; and
communicating the migrate request to the second system.
1 Assignment
0 Petitions
Accused Products
Abstract
An intermediary can securely migrate a security credential between systems despite different underlying encoding technologies used for authentication by the system. This intermediary can also securely migrate an identity between different authentication technologies. A secure login interface program code that is digitally signed by the intermediary is provided in advance to devices that will source authentication requests. The interface program code is at least secure because it has been digitally signed by the intermediary. An instance of the secure interface program code directs authentication requests entered into the interface instance to the intermediary, which is at least identified by the digital signature. After a successful authentication by a destination system identified by the authentication request, the intermediary can migrate the authenticated security credential to a migration target.
-
Citations
20 Claims
-
1. A method comprising:
-
validating a digital program code signature received with an authentication request which includes a security credential for a first identity, wherein the authentication request indicates a first system that uses a first cryptographic technology to authenticate the first identity based on the security credential; validating a security token also received with the authentication request, wherein the security token represents a trust relationship between an intermediary that received the authentication request and a requestor of the authentication request; storing the security credential after validation of the authentication request based, at least in part, on the validating of the digital program code signature and the security token; communicating the authentication request to the first system after storing the security credential; in response to receipt of a successful authentication response from the first system for the first identity based on the security credential, generating a migrate request to update a credential store of a second system that uses a second cryptographic technology with the security credential and the first identity, wherein the migrate request includes the security credential; and communicating the migrate request to the second system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more non-transitory machine-readable media comprising program code for authentication migration, the program code to:
-
validate a digital program code signature received with an authentication request which includes a security credential for a first identity, wherein the authentication request corresponds to a first authentication technology; validate a security token also received with the authentication request, wherein the security token represents a trust relationship between a device that received the authentication request and a requestor of the authentication request; communicate the authentication request to a first system that will authenticate the first identity with the security credential after successful validation of the digital program code signature and the security token; and in response to receipt of an authentication response that indicates successful authentication of the first identity and that indicates the first identity is to be migrated to a second authentication technology, obtain security data that will be used by the second authentication technology to authenticate the first identity; and migrate the first identity and the obtained security data to the second authentication technology, wherein the second authentication technology will authenticate the first identity based, at least in part, on the obtained security data. - View Dependent Claims (10, 11)
-
-
12. An apparatus comprising:
-
a processor; and a non-transitory machine-readable medium comprising program code executable by the processor to cause the apparatus to, validate a digital program code signature received with an authentication request which includes a security credential for a first identity; validate a security token also received with the authentication request, wherein the security token represents a trust relationship between the apparatus and a requestor of the authentication request; store the security credential for possible migration after validation of the authentication request based, at least in part, on validation of the digital program code signature and the security token; communicate the authentication request for authentication of the first identity after the security credential has been stored; and in response to receipt of a successful authentication response for the first identity and an indication of migration, migrate at least one of the first identity and the security credential to a different authentication system. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification