Universal authentication mechanism
First Claim
1. A method for authentication of a user to a service provider, wherein an application device requests a service for the user from the service provider and the service provider requests an authentication of the user by an authentication server before granting access to the requested service, wherein the following steps are performed:
- transmission of a user identity identifying the user to the service provider;
transmission of a request for confirmation of the user identity to an authentication server with the request comprising the user identity and a service identity identifying the requested service to the authentication server;
transmission of a request for service authentication to an authentication device of the user with the request for service authentication indicating the requested service to the authentication device;
generation of a service authentication confirmation confirming the request for service authentication;
transmission of the service authentication confirmation to the authentication server;
analysis of the service authentication confirmation;
confirmation of the user identity to the service provider according to the result of the analysis;
granting of service access to the user by the service provider according to the confirmation of the user identity.
2 Assignments
0 Petitions
Accused Products
Abstract
A universal authentication mechanism for authenticating a user to a service provider (SP) is disclosed. An application device (ApD) requests a service for the user from the service provider (SP) and performs a transmission of a user identity (S10) identifying the user to the service provider (SP). The service provider sends a request for confirmation of the user identity (S20) to an authentication server (AS). The request comprises the user identity and a service identity identifying the requested service. The authentication server (AS) sends a request for service authentication (S50) to the authentication device (AuD) for confirmation. Based on the result of an analysis (S80) of a service authentication confirmation (S60) received from the authentication device (AuD), the authentication server (AS) sends a confirmation of the user identity (S90) confirming the identity of the user to the service provider (SP), which grants service access (S100).
-
Citations
25 Claims
-
1. A method for authentication of a user to a service provider, wherein an application device requests a service for the user from the service provider and the service provider requests an authentication of the user by an authentication server before granting access to the requested service, wherein the following steps are performed:
-
transmission of a user identity identifying the user to the service provider;
transmission of a request for confirmation of the user identity to an authentication server with the request comprising the user identity and a service identity identifying the requested service to the authentication server;
transmission of a request for service authentication to an authentication device of the user with the request for service authentication indicating the requested service to the authentication device;
generation of a service authentication confirmation confirming the request for service authentication;
transmission of the service authentication confirmation to the authentication server;
analysis of the service authentication confirmation;
confirmation of the user identity to the service provider according to the result of the analysis;
granting of service access to the user by the service provider according to the confirmation of the user identity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An authentication server comprising a receiving unit, a transmitting unit, and a processing unit, wherein
the receiving unit is adapted to receive a request for confirmation of a user identity from a service provider with the request comprising the user identity and a service identity identifying a service of the service provider; -
the processing unit is adapted to generate a request for service authentication indicating the service to an authentication device of the user;
the transmitting unit is adapted to send the request for service authentication to the authentication device;
the receiving unit is adapted to receive a service authentication confirmation from the authentication device with the service authentication confirmation confirming the request for service authentication;
the processing unit is adapted to execute an analysis of the received service authentication confirmation and to generate a confirmation of the user identity according to the result of the analysis, the confirmation of the user identity confirming the identity of the user to the service provider;
the transmitting unit is adapted to send the confirmation of the user identity to the service provider. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer program loadable into a processing unit of an authentication server, wherein the computer program is adapted to perform the steps of
processing of a request for confirmation of a user identity from a service provider with the request comprising the user identity identifying a user and a service identity identifying a service of the service provider; -
generating a request for service authentication indicating the service to an authentication device of the user;
initializing of a transmission of the request for service authentication to the authentication device;
executing an analysis of a service authentication confirmation from the authentication device with the service authentication confirmation confirming the request for service authentication;
generating a confirmation of the user identity according to the result of the analysis, the confirmation of the user identity confirming the identity of the user to the service provider;
initializing a transmission of the confirmation of the user identity to the service provider. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification