Technologies for authentication and single-sign-on using device security assertions
First Claim
1. A computing device for remote device authentication, the computing device comprising:
- a user authentication module to;
receive an authentication request from a client computing device;
transmit an authentication challenge to the client computing device in response to receipt of the authentication request; and
receive an authentication challenge response from an embedded technology access server of the client computing device in response to transmission of the authentication challenge, wherein the authentication challenge response includes a resource access token indicative of a security assertion of the client computing device, wherein the security assertion comprises an indication of trustworthiness assigned to the client computing device, and wherein the embedded technology access server is executed by a manageability engine of the client computing device; and
a device verification module to determine whether the client computing device is trusted based on the security assertion indicated by the resource access token of the authentication challenge response;
wherein the user authentication module is further to transmit a successful authentication response to the client computing device in response to a determination that the client computing device is trusted.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for remote device authentication include a client computing device, an identity provider, and an application server in communication over a network. The identity provider sends an authentication challenge to the client. A capability proxy of the client intercepts an authentication challenge response and retrieves one or more security assertions from a secure environment of the client computing device. The capability proxy may be an embedded web server providing an HTTP interface to platform features of the client. The client sends a resource access token based on the security assertions to the identity provider. The identity provider verifies the resource access token and authenticates the client computing device based on the resource access token in addition to user authentication factors such as username and password. The identity provider sends an authentication response to the client, which forwards the authentication response to the application server. Other embodiments are described and claimed.
19 Citations
20 Claims
-
1. A computing device for remote device authentication, the computing device comprising:
-
a user authentication module to; receive an authentication request from a client computing device; transmit an authentication challenge to the client computing device in response to receipt of the authentication request; and receive an authentication challenge response from an embedded technology access server of the client computing device in response to transmission of the authentication challenge, wherein the authentication challenge response includes a resource access token indicative of a security assertion of the client computing device, wherein the security assertion comprises an indication of trustworthiness assigned to the client computing device, and wherein the embedded technology access server is executed by a manageability engine of the client computing device; and a device verification module to determine whether the client computing device is trusted based on the security assertion indicated by the resource access token of the authentication challenge response; wherein the user authentication module is further to transmit a successful authentication response to the client computing device in response to a determination that the client computing device is trusted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for remote device authentication, the method comprising:
-
receiving, by a computing device, an authentication request from a client computing device; transmitting, by the computing device, an authentication challenge to the client computing device in response to receiving the authentication request; receiving, by the computing device, an authentication challenge response from an embedded technology access server of the client computing device in response to transmitting the authentication challenge, wherein the authentication challenge response includes a resource access token indicative of a security assertion of the client computing device, wherein the security assertion comprises an indication of trustworthiness assigned to the client computing device, and wherein the embedded technology access server is executed by a manageability engine of the client computing device; determining, by the computing device, whether the client computing device is trusted based on the security assertion indicated by the resource access token of the authentication challenge response; and transmitting, by the computing device, a successful authentication response to the client computing device in response to determining that the client computing device is trusted. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. One or more non-transitory, computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:
-
receive an authentication request from a client computing device; transmit an authentication challenge to the client computing device in response to receiving the authentication request; receive an authentication challenge response from an embedded technology access server of the client computing device in response to transmitting the authentication challenge, wherein the authentication challenge response includes a resource access token indicative of a security assertion of the client computing device, wherein the security assertion comprises an indication of trustworthiness assigned to the client computing device, and wherein the embedded technology access server is executed by a manageability engine of the client computing device; determine whether the client computing device is trusted based on the security assertion indicated by the resource access token of the authentication challenge response; and transmit a successful authentication response to the client computing device in response to determining that the client computing device is trusted. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification