Transparent Client Authentication
First Claim
1. A method for registering an application to a service for later re-authentication comprising:
- sending from the server to the application a service identifier;
receiving at the server an application-service identifier based upon the service identifier and an application identifier;
receiving at the server from the application an application-service key based upon the service identifier and a secret application key; and
storing at the server the application-service identifier and the application-service key.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for authenticating an application (client) to a server or service. During a registration phase, an application that requests access to a service can receive a service identifier, which it can authenticate. The application can generate and send to the server or service an application-service key that is based upon the authenticated service identifier and a secret application key; a service-application identifier that can be based upon the authenticated service identifier and an application identifier; and a registration nonce, all of which can be stored at the server. During the authentication phase, the client can send to the server the application-service identifier, which the server can use to lookup the stored registration data. The server can send the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of this key and compare it to the received key. If they correspond, then the client is authenticated.
-
Citations
33 Claims
-
1. A method for registering an application to a service for later re-authentication comprising:
-
sending from the server to the application a service identifier; receiving at the server an application-service identifier based upon the service identifier and an application identifier; receiving at the server from the application an application-service key based upon the service identifier and a secret application key; and storing at the server the application-service identifier and the application-service key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for re-authenticating a previously-registered application for later re-authentication, comprising:
-
sending from the server to the application a service identifier; receiving at the server an application-service identifier based upon the service identifier and an application identifier; receiving from the application proof of possession of the secret application key based upon the application-service identifier and the application-service key; computing an expected value of the proof of possession of the secret application key and comparing it with the received proof of possession of the secret application key; and if the expected proof of possession of the secret application key corresponds to the received proof of possession of the secret application key, then determining that the application is authentic. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for re-authenticating a previously-registered application for later re-authentication, comprising:
-
a communications module in communication with an application for sending to the application an service identifier, receiving from the application an application-service identifier that is based upon the service identifier and an application identifier and receiving from the application a proof of possession of the secret application key based upon the application-service identifier and an application-service key; a lookup module; a memory in communication with the lookup module, the memory storing an application-service identifier and an application-service key; and an authentication module in communication with the communications module and the lookup module, the authentication module computing an expected value of the proof of possession of the secret application key based upon the application-service identifier and the application-service key received from the lookup module and comparing it with the received proof of possession of the secret application key to determine if the application is authentic. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification