Token-based system and method for secure authentication to a service provider

US 20080313707A1
Filed: 06/17/2008
Published: 12/18/2008
Est. Priority Date: 06/18/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for authenticating the owner of a device to a service provider, comprising:

capturing an initial set of credentials from the owner of the device;

storing the initial set of credentials in a memory provided in the device;

storing the owner'"'"'s secrets corresponding to a plurality of service providers in the memory;

receiving an authentication request from one of said plurality of service providers;

in response to the authentication request, capturing a set of credentials from the current user of the device; and

revealing the owner'"'"'s secrets which correspond to the service provider requesting the authentication if and only if the current user'"'"'s credentials match the owner'"'"'s credentials.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for authenticating the current user of a device to a service provider. The method comprises (a) capturing an initial set of credentials from the owner of the device; (b) storing the initial set of credentials in a memory provided in the device; (c) storing the owner'"'"'s secrets corresponding to a plurality of service providers in the memory provided in the device; (d) receiving an authentication request from one of said plurality of service providers; (e) in response to the authentication request, capturing a set of credentials from the current user of the device; and (f) revealing the owner'"'"'s secrets which correspond to the service provider requesting the authentication if and only if the current user'"'"'s credentials match the owner'"'"'s credentials.

Citations

29 Claims

1. A method for authenticating the owner of a device to a service provider, comprising:
- capturing an initial set of credentials from the owner of the device;
  
  storing the initial set of credentials in a memory provided in the device;
  
  storing the owner'"'"'s secrets corresponding to a plurality of service providers in the memory;
  
  receiving an authentication request from one of said plurality of service providers;
  
  in response to the authentication request, capturing a set of credentials from the current user of the device; and
  
  revealing the owner'"'"'s secrets which correspond to the service provider requesting the authentication if and only if the current user'"'"'s credentials match the owner'"'"'s credentials.
- View Dependent Claims (2, 3, 5, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the authentication request is encrypted by the requesting service provider with a first device specific key, wherein the device is equipped with a request processing engine, and further comprising:
    - decrypting the authentication request with the request processing engine.
  - 3. The method of claim 2, further comprising:
    - uniquely identifying the requesting service provider to the request processing engine on the device.
  - 5. The method of claim 2, wherein the authentication request is decrypted by the request processing engine using a second device specific key.
  - 7. The method of claim 1, wherein storing the owner'"'"'s secrets corresponding to a plurality of service providers in the memory of the device includes:
    - receiving a request from one of the plurality of service providers to save the owner'"'"'s secrets corresponding to that service provider in the memory;
      
      obtaining a set of credentials from the current user of the device; and
      
      saving the owner'"'"'s secrets corresponding to the service provider in the memory if and only if the current user'"'"'s set of credentials matches the owner'"'"'s set of credentials.
  - 8. The method of claim 7, further comprising:
    - sending an encrypted response to the requesting service provider indicating successful completion of the request.
  - 9. The method of claim 1, wherein revealing from the memory the owner'"'"'s secrets which corresponds to one of the plurality of service providers includes:
    - receiving a request from one of the plurality of service providers to retrieve secrets corresponding to that service provider from the memory on the device;
      
      obtaining a set of credentials from the current user of the device; and
      
      authenticating the user of the device as the owner of the device if and only if the current user'"'"'s set of credentials matches the owner'"'"'s set of credentials.
  - 10. The method of claim 9, further comprising:
    - obtaining from the memory on the device the owner'"'"'s secrets corresponding to the service provider who has initiated the request;
      
      encrypting the secrets using a service provider specific key; and
      
      transmitting the encrypted secrets to the service provider.
  - 11. The method of claim 10, wherein the owner'"'"'s service provider specific secrets are encrypted using a set of keys established during a key exchange algorithm conducted with the service provider.
  - 12. The method of claim 1, wherein all requests from the service provider to the device, and all responses from the device to the service provider, contain session specific data.
  - 13. The method of claim 12, wherein the user is authenticated by the service provider if and only if (a) the session specific data corresponds to the present session between the service provider and the user, and (b) valid secrets for that service provider are returned from the device.
  - 14. The method of claim 1, wherein the owner'"'"'s secrets corresponding to a service provider include one or more credentials selected from the group consisting of a usernames, passwords, secret questions, answers to questions, binary data identifying the user to the service provider, and certificates issued to the user by the service provider or its agent.

4. (canceled)

6. (canceled)

15-18. -18. (canceled)

19. A method for authenticating a first party to a second party, comprising:
- requiring the first party to demonstrate knowledge of a secret shared between the first and second parties;
  
  requiring the first party to establish possession of a token; and
  
  requiring the first party to demonstrate ownership of said token.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The method of claim 19, wherein ownership of the token is demonstrated by:
    - obtaining credentials from the first party; and
      
      comparing the obtained credentials to credentials of the owner of the token which are stored on the token.
  - 21. The method of claim 19, wherein authentication of the first party to the second party comprises bringing the token into communication with the second party.
  - 22. The method of claim 21, wherein authentication of the first party to the second party comprises causing the token to release a secret which is specific to the second party.
  - 23. The method of claim 22, wherein the secret is released in an encrypted form which can be decrypted only by the second party.
  - 24. The method of claim 21, wherein authentication of the first party to the second party comprises sending an encrypted request from the second party which can only be decrypted by the token.
  - 25. The method of claim 20, wherein the credentials of the first party and the owner'"'"'s credentials comprise biometric data.

26. A system, comprising:
- a plurality of service providers;
  
  a user registered with said plurality of service providers; and
  
  a device adapted to allow the user to obtain access to services from any of said service providers by releasing to that service provider a secret which is specific to that service provider and which is stored on the device;
  
  wherein the device is further adapted to obtain a first set of credentials from the user of the device and to compare the first set of credentials with a second set of credentials which are stored on the device and which were obtained from the owner of the device.

27. (canceled)

28. A device, comprising:
- a memory adapted to store the credentials of the device'"'"'s owner therein, and being further adapted to store the owner'"'"'s secrets from a plurality of service providers therein;
  
  an owner authentication engine which is adapted to capture and store credentials from the owner of the device, and which is further adapted to compare those credentials with the credentials of a current user of the device;
  
  an interface adapted to allow the device to communicate with the plurality of service providers over a network; and
  
  a request processing engine on the device, said request processing engine being adapted, upon a request from one of said service providers, to authenticate the owner, and being further adapted, upon successful authentication of the owner, to reveal the owner'"'"'s secrets which correspond to that service provider.

29-40. -40. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Techporch Incorporated
Original Assignee
Techporch Incorporated
Inventors
Dube, Shradha, Jain, Manoj

Application Number

US12/214,100
Publication Number

US 20080313707A1
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

H04L 63/04 for providing a confidentia...

H04L 63/08 for authentication of entit...

Token-based system and method for secure authentication to a service provider

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Token-based system and method for secure authentication to a service provider

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links