PSEUDONYMOUS PUBLIC KEYS BASED AUTHENTICATION

US 20110302412A1
Filed: 06/06/2011
Published: 12/08/2011
Est. Priority Date: 10/08/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method of authentication, comprising:

registering a first account at an identity provider;

providing authentication data including user'"'"'s hashed permanent identifier and user'"'"'s hashed secret code to a plurality of service providers from the identity provider, wherein user'"'"'s permanent identifier and user'"'"'s secret code are hashed using a different hash function, wherein each of the service providers receives a different user'"'"'s hashed permanent identifier;

locally authenticating user'"'"'s authentication request at the respective service provider that receives the user'"'"'s authentication request;

securing the authentication data at the respective service provider such that the authentication data at the respective server can be used to verify the user'"'"'s authentication request, but cannot be used to generate the user'"'"'s authentication request; and

replicating the secured authentication data on replica servers associated with the respective service provider to improve online service scalability without compromising user'"'"'s identity at the other service providers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for pseudonymous public keys based authentication are described that enable an authentication to achieve pseudonymity and non-repudiation, for example, at the same time. Pseudonymity may provide, for example, that a user can show to different parties different digital identifiers for authentication instead of, for example, always using a single digital identifier everywhere, which may lead to a breach of privacy. Non-repudiation may provide, for example, that the authentication data at the server side can be used, for example, to verify a user'"'"'s authentication request, but not to generate an authentication request, which might lead to user impersonation. A user may use a physical token to generate the authentication request corresponding to the user'"'"'s identity to pass the authentication.

153 Citations

20 Claims

1. A method of authentication, comprising:
- registering a first account at an identity provider;
  
  providing authentication data including user'"'"'s hashed permanent identifier and user'"'"'s hashed secret code to a plurality of service providers from the identity provider, wherein user'"'"'s permanent identifier and user'"'"'s secret code are hashed using a different hash function, wherein each of the service providers receives a different user'"'"'s hashed permanent identifier;
  
  locally authenticating user'"'"'s authentication request at the respective service provider that receives the user'"'"'s authentication request;
  
  securing the authentication data at the respective service provider such that the authentication data at the respective server can be used to verify the user'"'"'s authentication request, but cannot be used to generate the user'"'"'s authentication request; and
  
  replicating the secured authentication data on replica servers associated with the respective service provider to improve online service scalability without compromising user'"'"'s identity at the other service providers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, comprising creating a second account at the respective service provider.
  - 3. The method of claim 1, comprising forming a trusted zone including the identity provider and the plurality of service providers, wherein a single registering of the first account with the identity provider allows access to services provided by the respective service providers.
  - 4. The method of claim 1, wherein a user device comprises a memory and a processor, wherein the memory stores user'"'"'s permanent identifier and user'"'"'s secret code, and wherein the processor is configured to perform hash functions on the user'"'"'s permanent identifier and the user'"'"'s secret code.
  - 5. The method of claim 4, wherein the user device is portable and USB-compliant.
  - 6. The method of claim 4, wherein the user device includes a smart card and a smart card reader.
  - 7. The method of claim 4, wherein the user device includes a biometric reader.
  - 8. The method of claim 4, wherein the user device is configured to generate the user'"'"'s authentication request.
  - 9. The method of claim 1, wherein authentication data has been secured using pseudonymous public keys based authentication that enables authentication to achieve pseudonymity and non-repudiation at the same time.
  - 10. The method of claim 1, wherein the first account that is registered at the identity provider becomes a master key with which to access the service providers.

11. A user authentication system, comprising:
- an identity provider;
  
  a plurality of service providers; and
  
  a physical token that generates a user'"'"'s authentication request,wherein a first account is registered at an identity provider,wherein the identity provider provides authentication data including user'"'"'s hashed permanent identifier and user'"'"'s hashed secret code to the plurality of service providers,wherein user'"'"'s permanent identifier and user'"'"'s secret code are hashed using a different hash function, wherein each of the service providers receives a different user'"'"'s hashed permanent identifier,wherein the respective service provider, that receives the user'"'"'s authentication request from the physical token, locally authenticates the user'"'"'s authentication request at the respective service provider,wherein the authentication data is secured at the respective service provider such that the authentication data at the respective server can be used to verify the user'"'"'s authentication request, but cannot be used to generate the user'"'"'s authentication request, andwherein the secured authentication data is replicated on replica servers associated with the respective service provider to improve online service scalability without compromising user'"'"'s identity at the other service providers.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the respective service provider creates a second account at the respective service provider.
  - 13. The system of claim 11, wherein a trusted zone is formed including the identity provider and the plurality of service providers, wherein a single registering of the first account with the identity provider allows access to services provided by the respective service providers.
  - 14. The system of claim 11, wherein the physical token comprises a memory and a processor, wherein the memory stores user'"'"'s permanent identifier and user'"'"'s secret code, and wherein the processor is configured to perform hash functions on the user'"'"'s permanent identifier and the user'"'"'s secret code.
  - 15. The system of claim 14, wherein the physical token is portable and comprises a USB interface.
  - 16. The system of claim 14, wherein the physical token includes a smart card and a smart card reader.
  - 17. The system of claim 14, wherein the physical token includes a biometric reader.
  - 18. The system of claim 14, wherein each service provider has full control of every respective authentication transaction without the intervention of any third party while still using a network-wide single sign-on solution.
  - 19. The system of claim 11, wherein authentication data has been secured using pseudonymous public keys based authentication that enables authentication to achieve pseudonymity and non-repudiation at the same time.
  - 20. The system of claim 11, wherein the first account that is registered at the identity provider becomes a master key with which to access the service providers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Northwestern University
Original Assignee
Northwestern University
Inventors
Kuzmanovic, Aleksandar, Deng, Leiwen

Application Number

US13/154,125
Publication Number

US 20110302412A1
Time in Patent Office

Days
Field of Search
US Class Current

713/159
CPC Class Codes

H04L 63/0407   wherein the identity of one...

H04L 63/0421   Anonymous communication, i....

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

PSEUDONYMOUS PUBLIC KEYS BASED AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

153 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PSEUDONYMOUS PUBLIC KEYS BASED AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

153 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links