Method and system for user and group authentication with pseudo-anonymity over a public network
First Claim
1. A method for a user of a computer to access content anonymously from a third party content provider computer comprising:
- registering a persona having a persona identifier with a persona server to generate an access record;
requesting access to content from the content provider using the persona identifier;
the content provider generating a challenge message including, at least in part, the persona identifier and data uniquely verifiable by the content provider, and submitting the challenge message to the persona server;
the persona server associating the persona identifier with the access record and generating an authentication object including the data uniquely verifiable by the content provider enveloped in a manner extractable only by an authorized user of the persona;
the user computer receiving the authentication object;
the user computer retrieving data from the access record;
the user computer extracting the data uniquely verifiable by the content provider using the data from the access record; and
the user computer submitting the extracted data to the content provider for authentication.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of authorizing anonymous access to content by an individual user or a member of an authorized group of users is provided. The method includes receiving a request for access from a user having a persona identifier. Next, a challenge message is generated that includes, at least in part, the persona identifier and verification data, such as pseudo random data. The challenge message is provided to a persona server, which operates as an authentication agent that generates an authentication object extractable only by an individual user or group member. Upon receiving an authentication object from the persona server. The user retrieves decryption data from the persona server. The authentication object is forwarded to the user. If the persona user is authentic, the authentication object packaging is stripped by secure hardware at the user computer using the data from the persona server and the verification data is extracted. Upon receiving and confirming the verification data from the user, the content provider grants the user access to the selected content.
-
Citations
16 Claims
-
1. A method for a user of a computer to access content anonymously from a third party content provider computer comprising:
-
registering a persona having a persona identifier with a persona server to generate an access record;
requesting access to content from the content provider using the persona identifier;
the content provider generating a challenge message including, at least in part, the persona identifier and data uniquely verifiable by the content provider, and submitting the challenge message to the persona server;
the persona server associating the persona identifier with the access record and generating an authentication object including the data uniquely verifiable by the content provider enveloped in a manner extractable only by an authorized user of the persona;
the user computer receiving the authentication object;
the user computer retrieving data from the access record;
the user computer extracting the data uniquely verifiable by the content provider using the data from the access record; and
the user computer submitting the extracted data to the content provider for authentication. - View Dependent Claims (2, 3, 4)
-
-
5. A method for a content provider to authorize anonymous user access to content on a computer network comprising:
-
receiving a request for access from a user computer having a persona identifier;
generating a challenge message including, at least in part, the persona identifier and verification data;
submitting the challenge message to a persona server;
receiving an authentication object from the persona server and forwarding the authentication object to the user computer, the authentication object including the verification data enveloped such that it is accessible only by an authorized user of the persona identifier;
receiving the verification data from the user computer; and
granting access to the user computer if the verification data is correct. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A method of providing authentication data for a user of a persona to access content anonymously comprising:
-
creating an access record based at least in part on a persona identifier and associating the persona identifier with substantially unique encryption data;
receiving a challenge message from a content provider computer including the persona identifier and verification data;
enveloping at least the verification data in accordance with the encryption data in the access record associated with the persona identifier to generate an authentication object; and
providing the authentication object to at least one of the content provider and the persona user. - View Dependent Claims (11, 12, 14, 15, 16)
-
-
13. A system for authenticating a user of an anonymous persona prior to granting access rights on a public network comprising:
-
a plurality of client computers operatively coupled to the public network, the client computers storing at least one persona identifier;
a persona server operatively coupled to the public network, the persona server maintaining a database of access records associated with a plurality of persona identifiers, the access records associating each persona identifier with corresponding decryption data;
at least one content provider computer operatively coupled to the public network, in response to a request for access from one of the plurality of client computers using a persona identifier, the content provider computer generating a challenge message including the persona identifier and verification data associated with the request for access, the content provider computer submitting the challenge message to the persona server, the persona server receiving the challenge message and generating an authentication object including the verification data encrypted based on the access record associated with the persona identifier, the authentication object is presented to the client computer requesting access which, if authentic, retrieves data from the access record, decrypts the authentication object and returns the verification data to the content provider computer to establish user authentication.
-
Specification