CRYPTOGRAPHIC DEVICE THAT BINDS AN ADDITIONAL AUTHENTICATION FACTOR TO MULTIPLE IDENTITIES
First Claim
1. In a computing environment, a method of binding a security artifact to a user'"'"'s account at a service provider, the method comprising:
- determining a user'"'"'s identity;
generating a pseudonym for a security artifact, wherein the pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers and in that it uniquely identifies the particular security artifact to the service provider even when the user has available a plurality of different security artifacts to authenticate to the same service provider to access a user account for the user; and
providing the pseudonym for the security artifact to the service provider, wherein the pseudonym for the security artifact is bound with a user account at the service provider for the user associated with the security artifact.
2 Assignments
0 Petitions
Accused Products
Abstract
Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact.
43 Citations
20 Claims
-
1. In a computing environment, a method of binding a security artifact to a user'"'"'s account at a service provider, the method comprising:
-
determining a user'"'"'s identity; generating a pseudonym for a security artifact, wherein the pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers and in that it uniquely identifies the particular security artifact to the service provider even when the user has available a plurality of different security artifacts to authenticate to the same service provider to access a user account for the user; and providing the pseudonym for the security artifact to the service provider, wherein the pseudonym for the security artifact is bound with a user account at the service provider for the user associated with the security artifact. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. In a computing environment, a method of using a security artifact bound to a user account at a service provider, the method comprising:
-
receiving a security artifact challenge from a service provider; accessing a unique identifier for the service provider; using the unique identifier from the service provider and a unique secret for a security artifact, generating an asymmetric private key; accessing a nonce; signing the nonce with the asymmetric private key; sending the signature on the nonce to the service provider, whereafter the service provider validates the signature on the nonce to authenticate the security artifact; and accessing the service provider as a result of the service provider authenticating the security artifact - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. In a computing environment, a method of validating a user using a security artifact at a service provider, the method comprising
receiving a request from a security artifact for a site key; -
in response to the request from the security artifact for a site key, returning a service provider unique identifier to the security artifact; receiving from the security artifact a pseudonym from the security artifact, wherein the pseudonym is generated using the service provider unique identifier and a security artifact secret unique to the security artifact, wherein the pseudonym comprises a public key of an asymmetric key pair; registering the pseudonym with a user account at a service provider; receiving a request for access of to the user account from an application; sending a message to the application indicating that authentication is required to service the request; receiving a request from the application for authentication; in response to receiving a request from the application for authentication, sending a security artifact challenge to the application, wherein the device challenge comprises the service provider unique identifier and a nonce; receiving a security artifact response comprising the signature on a nonce generated using a private key generated using the service provider unique identifier and the security artifact secret unique to the security artifact; and validating the security artifact response using the pseudonym.
-
Specification