Methods and Apparatus for Delegated Authentication
First Claim
1. A user authentication method comprising the steps of:
- receiving a request from a relying party for delegated authentication information associated with a particular user, the delegated authentication information having the property that the user can be presently authenticated based on such information;
determining a level of trust associated with the relying party; and
providing the delegated authentication information to the relying party if the relying party has a sufficient level of trust, so as to permit the relying party to authenticate the user based on the delegated authentication information.
23 Assignments
0 Petitions
Accused Products
Abstract
An authentication-delegating service implemented in an authentication server or other processing device is configured to receive a request from a relying party for delegated authentication information associated with a particular user, to determine a level of trust associated with the relying party, and to provide the delegated authentication information to the relying party if the relying party has a sufficient level of trust, so as to permit the relying party to authenticate the user based on the delegated authentication information. The delegated authentication information has the property that the user can be presently authenticated based on such information. The delegated authentication information may comprise, for example, at least one value derived from a one-time password or other authentication credential of the particular user. The authentication-delegating service may be graded to provide different types of delegated authentication information based on respective levels of trust that may be associated with relying parties.
144 Citations
23 Claims
-
1. A user authentication method comprising the steps of:
-
receiving a request from a relying party for delegated authentication information associated with a particular user, the delegated authentication information having the property that the user can be presently authenticated based on such information; determining a level of trust associated with the relying party; and providing the delegated authentication information to the relying party if the relying party has a sufficient level of trust, so as to permit the relying party to authenticate the user based on the delegated authentication information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus comprising:
at least one processing device comprising a processor coupled to a memory, said processing device implementing an authentication-delegating service which is configured to receive a request from a relying party for delegated authentication information associated with a particular user, the delegated authentication information having the property that the user can be presently authenticated based on such information;
to determine a level of trust associated with the relying party; and
to provide the delegated authentication information to the relying party if the relying party has a sufficient level of trust, so as to permit the relying party to authenticate the user based on the delegated authentication information.- View Dependent Claims (17, 18)
-
19. A method comprising the steps of:
-
sending a request from a relying party to an authentication-delegating service for delegated authentication information associated with a particular user; receiving the delegated authentication information from the authentication-delegating service if the relying party is determined by that service to have a sufficient level of trust associated therewith; and utilizing the delegated authentication information to establish a key to be shared between the relying party and the user. - View Dependent Claims (20)
-
-
21. A system for authenticating a user, comprising:
-
a plurality of processing devices; a first one of the processing devices implementing a relying party and configured for communication with a second one of the processing devices implementing an authentication-delegating service; wherein the authentication-delegating service is configured to receive a request from a relying party for delegated authentication information associated with a particular user, the delegated authentication information having the property that the user can be presently authenticated based on such information;
to determine a level of trust associated with the relying party; and
to provide the delegated authentication information to the relying party if the relying party has a sufficient level of trust, so as to permit the relying party to authenticate the user based on the delegated authentication information. - View Dependent Claims (22)
-
-
23. An apparatus comprising:
at least one processing device comprising a processor coupled to a memory, said processing device implementing a relying party configured to send a request to an authentication-delegating service for delegated authentication information associated with a particular user, the delegated authentication information having the property that the user can be presently authenticated based on such information;
to receive the delegated authentication information from the authentication-delegating service if the relying party is determined by that service to have a sufficient level of trust associated therewith; and
to authenticate the user based on the delegated authentication information.
Specification