Token-based system and method for secure authentication to a service provider
First Claim
1. A method for authenticating the owner of a device to a service provider, comprising:
- capturing an initial set of credentials from the owner of the device;
storing the initial set of credentials in a memory provided in the device;
storing the owner'"'"'s secrets corresponding to a plurality of service providers in the memory;
receiving an authentication request from one of said plurality of service providers;
in response to the authentication request, capturing a set of credentials from the current user of the device; and
revealing the owner'"'"'s secrets which correspond to the service provider requesting the authentication if and only if the current user'"'"'s credentials match the owner'"'"'s credentials.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is provided for authenticating the current user of a device to a service provider. The method comprises (a) capturing an initial set of credentials from the owner of the device; (b) storing the initial set of credentials in a memory provided in the device; (c) storing the owner'"'"'s secrets corresponding to a plurality of service providers in the memory provided in the device; (d) receiving an authentication request from one of said plurality of service providers; (e) in response to the authentication request, capturing a set of credentials from the current user of the device; and (f) revealing the owner'"'"'s secrets which correspond to the service provider requesting the authentication if and only if the current user'"'"'s credentials match the owner'"'"'s credentials.
-
Citations
29 Claims
-
1. A method for authenticating the owner of a device to a service provider, comprising:
-
capturing an initial set of credentials from the owner of the device; storing the initial set of credentials in a memory provided in the device; storing the owner'"'"'s secrets corresponding to a plurality of service providers in the memory; receiving an authentication request from one of said plurality of service providers; in response to the authentication request, capturing a set of credentials from the current user of the device; and revealing the owner'"'"'s secrets which correspond to the service provider requesting the authentication if and only if the current user'"'"'s credentials match the owner'"'"'s credentials. - View Dependent Claims (2, 3, 5, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
4. (canceled)
-
6. (canceled)
-
15-18. -18. (canceled)
-
19. A method for authenticating a first party to a second party, comprising:
-
requiring the first party to demonstrate knowledge of a secret shared between the first and second parties; requiring the first party to establish possession of a token; and requiring the first party to demonstrate ownership of said token. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
-
26. A system, comprising:
-
a plurality of service providers; a user registered with said plurality of service providers; and a device adapted to allow the user to obtain access to services from any of said service providers by releasing to that service provider a secret which is specific to that service provider and which is stored on the device; wherein the device is further adapted to obtain a first set of credentials from the user of the device and to compare the first set of credentials with a second set of credentials which are stored on the device and which were obtained from the owner of the device.
-
-
27. (canceled)
-
28. A device, comprising:
-
a memory adapted to store the credentials of the device'"'"'s owner therein, and being further adapted to store the owner'"'"'s secrets from a plurality of service providers therein; an owner authentication engine which is adapted to capture and store credentials from the owner of the device, and which is further adapted to compare those credentials with the credentials of a current user of the device;
an interface adapted to allow the device to communicate with the plurality of service providers over a network; anda request processing engine on the device, said request processing engine being adapted, upon a request from one of said service providers, to authenticate the owner, and being further adapted, upon successful authentication of the owner, to reveal the owner'"'"'s secrets which correspond to that service provider.
-
-
29-40. -40. (canceled)
Specification