Consumer internet authentication device

US 20060174104A1
Filed: 12/16/2005
Published: 08/03/2006
Est. Priority Date: 12/20/2004
Status: Active Grant

First Claim

Patent Images

1. A method of isolating information associated with a user from an authentication service provider in an authentication system, comprising:

providing information associated with the user along with information identifying an authentication code source;

providing the information identifying the authentication code source, along with information identifying a subscribing site, to the authentication service provider;

generating a service user identifier; and

, creating an association of the service user identifier and the information associated with the user, and isolating the association within the subscribing site.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of allowing a user to authenticate to an authentication service while isolating information associated with the user from the authentication service includes generating a service user identifier (SUID) associated with an authentication code source, a subscribing site and an authentication service. The method includes creating an association of the SUID with the information associated with the user, and isolating the association within the subscribing site. The method includes providing an authentication code generated by the authentication code-generating device from the user to the subscribing site, and providing the authentication code along with the SUID and information identifying the subscribing site to the authentication service. The method includes identifying the code-generating device, using the SUID and the information identifying the subscribing site, and generating an authentication decision for the authentication code with respect to the code-generating device, and providing the decision to the subscribing site.

Citations

29 Claims

1. A method of isolating information associated with a user from an authentication service provider in an authentication system, comprising:
- providing information associated with the user along with information identifying an authentication code source;
  
  providing the information identifying the authentication code source, along with information identifying a subscribing site, to the authentication service provider;
  
  generating a service user identifier; and
  
  , creating an association of the service user identifier and the information associated with the user, and isolating the association within the subscribing site.

2. A method of isolating information associated with a user from an authentication service provider in an authentication system, comprising:
- providing, from the user to a subscribing site, information associated with the user along with information identifying an authentication code source;
  
  providing, from the subscribing site to the authentication service provider, the information identifying the authentication code source along with information identifying the subscribing site;
  
  generating, by the authentication service provider, a service user identifier that is a predetermined function of at least the information identifying the authentication code source and the information identifying the subscribing site;
  
  providing, from the authentication service provider to the subscribing site, the service user identifier; and
  
  , creating an association of the service user identifier and the information associated with the user, and isolating the association within the subscribing site.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 3. The method of claim 2, further including storing, at the authentication service provider, a record of the service user identifier along with the information identifying the authentication code source and the information identifying the subscribing site.
  - 4. The method of claim 2, further including delivering the authentication code source to the user.
  - 5. The method of claim 2, further including:
    - providing, from the user to at least a second subscribing site, information associated with the user along with information identifying the authentication code source;
      
      providing, from the second subscribing site to the authentication service provider, the information identifying the authentication code source along with information identifying the second subscribing site;
      
      generating, by the authentication service provider, a second service user identifier that is a predetermined function of at least the information identifying the authentication code source and the information identifying the second subscribing site;
      
      providing, from the authentication service provider to the second subscribing site, the second service user identifier; and
      
      , creating an association of the second service user identifier and the information associated with the user, and isolating the association within the second subscribing site.
  - 6. The method of claim 2, further including:
    - providing, from at least a second user to the subscribing site, information associated with the second user along with information identifying an authentication code source;
      
      providing, from the subscribing site to the authentication service provider, the information identifying the authentication code source along with information identifying the subscribing site;
      
      generating, by the authentication service provider, a second service user identifier that is a predetermined function of at least the information identifying the authentication code source and the information identifying the subscribing site;
      
      providing, from the authentication service provider to the subscribing site, the second service user identifier; and
      
      , creating an association of the second service user identifier and the information associated with the second user, and isolating the association within the subscribing site.
  - 7. The method of claim 2, further including (i) providing, from the subscribing site to the authentication service provider, information regarding a first relationship between the user and the subscribing site, in addition to the information identifying the authentication code source and the information identifying the subscribing site;
    - and, (ii) including the information regarding the first relationship between the user and the subscribing site in the generation of the service user identifier.
  - 8. The method of claim 7, further including:
    - providing, from the user to the subscribing site, information associated with the user along with information identifying the authentication code source;
      
      providing, from the subscribing site to the authentication service provider, the information identifying the authentication code source along with information identifying the subscribing site and information and information regarding a second relationship between the user and the subscribing site;
      
      generating, by the authentication service provider, a service user identifier that is a predetermined function of at least the information identifying the authentication code source, the information identifying the subscribing site;
      
      providing, from the authentication service provider to the subscribing site, the service user identifier; and
      
      , creating an association of the service user identifier and the information associated with the user, and isolating the association within the subscribing site.
  - 9. The method of claim 2, further including substituting an alternative service user identifier for the service user identifier originally generated, wherein the alternative service user identifier is generated using information identifying a different authentication code source along with information identifying the subscribing site.
  - 10. The method of claim 9, further including delivering the different authentication code source to the user.
  - 11. The method of claim 9, further including providing the alternative service user identifier to the subscribing site.
  - 12. The method of claim 2, further including providing a temporary authentication code corresponding to the authentication code source, by:
    - generating, by the authentication service provider, a temporary authentication code;
      
      associating the temporary authentication code with one or more service user identifiers stored at the authentication service provider, such that subsequent authentications attempted with respect to the service user identifier are evaluated using the temporary authentication code and not an authentication code from the authentication code source.
  - 13. The method of claim 12, further including limiting validity of the temporary password to a predetermined duration.
  - 14. The method of claim 13, wherein the predetermined duration of validity of the temporary password is specific to each service user identifier, and wherein one or more of the durations is different.
  - 15. The method of claim 2, further including:
    - providing a replacement authentication code source to the user;
      
      updating the service user identifier at the authentication service provider to be associated with information identifying the replacement authentication code source.

16. A method of allowing a user to authenticate to an authentication service provider while isolating information associated with the user from the authentication service provider, comprising:
- generating a service user identifier associated with an authentication code source, a subscribing site and an authentication service provider;
  
  creating an association of the service user identifier with the information associated with the user, and isolating the association within the subscribing site;
  
  providing a authentication code generated by the authentication code source from the user to the subscribing site;
  
  providing the authentication code along with the service user identifier and information identifying the subscribing site to the authentication service provider;
  
  identifying the authentication code source, using the service user identifier and the information identifying the subscribing site, and generating an authentication decision for the authentication code with respect to the authentication code source; and
  
  , providing the authentication decision to the subscribing site.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 17. The method of claim 16, further including allowing the user to log on to the subscribing site if the authentication decision indicates a valid authentication.
  - 18. The method of claim 16, further including allowing the user to utilize a function on the subscribing site if the authentication decision indicates a valid authentication.
  - 19. The method of claim 16, further including providing, from the user to the subscribing site, additional information related to user validity, and using the additional information for generating the authentication decision.
  - 20. The method of claim 19, wherein the additional information related to user validity includes at least one of (i) a personal identification number, (ii) a password, and (iii) biometric data associated with the user.
  - 21. The method of claim 16, further including requesting, from the subscribing site to the user, resubmission of the authentication code generated by the authentication code source if the authentication decision indicates an invalid authentication.
  - 22. The method of claim 16, further including providing, from the subscribing site to the authentication service provider, additional information regarding a relationship between the user and the subscribing site.
  - 23. The method of claim 16, further including storing, at the authentication service provider, information regarding the authentication decision, and providing the stored information to the subscribing site in response to a request from the subscribing site.
  - 24. The method of claim 23, wherein the subscribing site uses the stored information provided by the authentication service provider to verify a transaction executed by the user.
  - 25. The method of claim 16, wherein the information regarding the service user identifier and the authentication decision includes the authentication code used for the authentication decision.

26. A method of regulating activities of a user on a subscribing site, comprising:
- generating a service user identifier associated with an authentication code source, a subscribing site and an authentication service provider;
  
  creating an association of the service user identifier with the information associated with the user, and isolating the association within the subscribing site;
  
  receiving, at the subscribing site, a request from the user for permission to perform an activity, wherein the request includes an authentication code generated by the authentication code source;
  
  providing the authentication code along with the service user identifier and information identifying the subscribing site to the authentication service provider;
  
  identifying the authentication code source, using the service user identifier and the information identifying the subscribing site, and generating an authentication decision for the authentication code with respect to the authentication code source;
  
  providing the authentication decision to the subscribing site; and
  
  , granting permission for the user to perform the activity if the authentication decision indicates successful authentication, and denying permission for the user to perform the activity if the authentication decision indicates unsuccessful authentication.

27. A system for isolating information associated with a user from an authentication service provider in an authentication system, comprising:
- a user having an authentication code source, wherein the user provides to a subscribing site, information associated with the user along with information identifying an authentication code source;
  
  an authentication service provider for receiving, from the subscribing site, the information identifying the authentication code source along with information identifying the subscribing site;
  
  wherein the authentication service provider (i) generates a service user identifier that is a predetermined function of at least the information identifying the authentication code source and the information identifying the subscribing site, (ii) provides the service user identifier to the subscribing site, and (iii) creates an association of the service user identifier and the information associated with the user, and isolates the association within the subscribing site.

28. A system for allowing a user to authenticate to an authentication service provider while isolating information associated with the user from the authentication service, comprising:
- a user having an authentication code source;
  
  a subscribing site for providing a service to the user;
  
  an authentication service provider for generating a service user identifier associated with the authentication code source, the subscribing site and the authentication service;
  
  a network through which the user, the subscribing site and the authentication service provider communicate;
  
  wherein the subscribing site creates an association of the service user identifier with the information associated with the user, and isolates the association within the subscribing site;
  
  wherein the user provides, to the subscribing site, an authentication code generated by the authentication code source;
  
  wherein the subscribing site provides, to the authentication service provider, the authentication code along with the service user identifier and information identifying the subscribing site; and
  
  , wherein the authentication service provider (i) identifies the authentication code source using the service user identifier and the information identifying the subscribing site, (ii) generates an authentication decision for the authentication code with respect to the authentication code source, and (iii) provides the authentication decision to the subscribing site.

29. A system for regulating activities of a user on a subscribing site, comprising:
- a user having an authentication code source;
  
  a subscribing site for providing a service to the user;
  
  an authentication service provider for generating a service user identifier associated with the authentication code source, the subscribing site and the authentication service;
  
  a network through which the user, the subscribing site and the authentication service provider communicate;
  
  wherein the subscribing site creates an association of the service user identifier with the information associated with the user, and isolates the association within the subscribing site;
  
  wherein the user submits a request to the subscribing site for permission to perform a service activity, the request including an authentication code generated by the authentication code source;
  
  wherein the subscribing site provides the authentication code along with the service user identifier and information identifying the subscribing site to the authentication service provider;
  
  wherein the authentication service provider (i) identifies the authentication code source using the service user identifier and the information identifying the subscribing site, (ii) generates an authentication decision for the authentication code with respect to the authentication code source, and (iii) provides the authentication decision to the subscribing site; and
  
  , wherein the subscribing site grants permission for the user to perform the service activity if the authentication decision indicates successful authentication, and denies permission for the user to perform the service activity if the authentication decision indicates unsuccessful authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
RSA Security Incorporated (Symphony Technology Group LLC)
Inventors
Crichton, Mark A., Townsend, James J.

Granted Patent

US 8,060,922 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/33   using certificates

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

Consumer internet authentication device

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Consumer internet authentication device

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links