PSEUDONYMOUS PUBLIC KEYS BASED AUTHENTICATION
First Claim
1. A method of authentication, comprising:
- registering a first account at an identity provider;
providing authentication data including user'"'"'s hashed permanent identifier and user'"'"'s hashed secret code to a plurality of service providers from the identity provider, wherein user'"'"'s permanent identifier and user'"'"'s secret code are hashed using a different hash function, wherein each of the service providers receives a different user'"'"'s hashed permanent identifier;
locally authenticating user'"'"'s authentication request at the respective service provider that receives the user'"'"'s authentication request;
securing the authentication data at the respective service provider such that the authentication data at the respective server can be used to verify the user'"'"'s authentication request, but cannot be used to generate the user'"'"'s authentication request; and
replicating the secured authentication data on replica servers associated with the respective service provider to improve online service scalability without compromising user'"'"'s identity at the other service providers.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for pseudonymous public keys based authentication are described that enable an authentication to achieve pseudonymity and non-repudiation, for example, at the same time. Pseudonymity may provide, for example, that a user can show to different parties different digital identifiers for authentication instead of, for example, always using a single digital identifier everywhere, which may lead to a breach of privacy. Non-repudiation may provide, for example, that the authentication data at the server side can be used, for example, to verify a user'"'"'s authentication request, but not to generate an authentication request, which might lead to user impersonation. A user may use a physical token to generate the authentication request corresponding to the user'"'"'s identity to pass the authentication.
153 Citations
20 Claims
-
1. A method of authentication, comprising:
-
registering a first account at an identity provider; providing authentication data including user'"'"'s hashed permanent identifier and user'"'"'s hashed secret code to a plurality of service providers from the identity provider, wherein user'"'"'s permanent identifier and user'"'"'s secret code are hashed using a different hash function, wherein each of the service providers receives a different user'"'"'s hashed permanent identifier; locally authenticating user'"'"'s authentication request at the respective service provider that receives the user'"'"'s authentication request; securing the authentication data at the respective service provider such that the authentication data at the respective server can be used to verify the user'"'"'s authentication request, but cannot be used to generate the user'"'"'s authentication request; and replicating the secured authentication data on replica servers associated with the respective service provider to improve online service scalability without compromising user'"'"'s identity at the other service providers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A user authentication system, comprising:
-
an identity provider; a plurality of service providers; and a physical token that generates a user'"'"'s authentication request, wherein a first account is registered at an identity provider, wherein the identity provider provides authentication data including user'"'"'s hashed permanent identifier and user'"'"'s hashed secret code to the plurality of service providers, wherein user'"'"'s permanent identifier and user'"'"'s secret code are hashed using a different hash function, wherein each of the service providers receives a different user'"'"'s hashed permanent identifier, wherein the respective service provider, that receives the user'"'"'s authentication request from the physical token, locally authenticates the user'"'"'s authentication request at the respective service provider, wherein the authentication data is secured at the respective service provider such that the authentication data at the respective server can be used to verify the user'"'"'s authentication request, but cannot be used to generate the user'"'"'s authentication request, and wherein the secured authentication data is replicated on replica servers associated with the respective service provider to improve online service scalability without compromising user'"'"'s identity at the other service providers. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification