ADVANCED AUTHENTICATION TECHNIQUES AND APPLICATIONS
First Claim
Patent Images
1. An apparatus comprising:
- an authenticator for authenticating a user of the apparatus with a relying party, the authenticator comprising a plurality of authentication components; and
component authentication logic to attest to the model and/or integrity of at least one authentication component to one or more of the other authentication components prior to allowing the authentication components to form the authenticator.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, method, and machine readable medium are described for performing advanced authentication techniques and associated applications. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.
-
Citations
12 Claims
-
1. An apparatus comprising:
-
an authenticator for authenticating a user of the apparatus with a relying party, the authenticator comprising a plurality of authentication components; and component authentication logic to attest to the model and/or integrity of at least one authentication component to one or more of the other authentication components prior to allowing the authentication components to form the authenticator.
-
-
2. A method comprising:
-
entering into a legitimate user state on a client device for a time period following an explicit authentication by an end user; recording reference data related to user behavior while in the legitimate user state; measuring user behavior when outside of the legitimate user state and arriving at an authentication assurance level based on a distance between the measured user behavior and the recorded reference data; in response to an authentication request within the legitimate user state, providing an authentication assurance level at or above a defined threshold, the authentication assurance level being sufficient to authenticate the user to a relying party; and in response to an authentication request while outside of the legitimate user state, providing the authentication assurance level based on a distance between the measured user behavior and the recorded reference data.
-
-
3. A method comprising:
-
receiving a client request to perform a transaction which requires authentication; analyzing first data related to a client to determine a risk value associated with the client; determining an assurance level required for allowing the client to complete the transaction; determining an assurance level gain required to arrive at the assurance level based on the risk value; selecting one or more authentication techniques based at least in part on the indication of the assurance level gain.
-
-
4. A location-aware method for user authentication comprising:
-
determining a current location of a mobile device; identifying a location class corresponding to the current location; receiving an authentication policy associated with a particular relying party, the authentication policy defining a set of one or more authentication techniques to provide a sufficient level of user authentication for a current transaction based on the identified location class; and selecting from the set of one or more authentication techniques to authenticate the user for the current transaction based on the identified location class.
-
-
5. A method for user authentication comprising:
-
collecting environmental sensor data from one or more sensors of a client device; using a geographical location reported by the device to collect supplemental data for the location; comparing the environmental sensor data with the supplemental data to arrive at a correlation score; and responsively selecting one or more authentication techniques for authenticating a user of the client device based on the correlation score based on an authentication policy associated with a relying party.
-
-
6. A method comprising:
-
receiving a request to authenticate a user; presenting one or more screen layouts to the user; capturing a sequence of images which include the user'"'"'s eyes as the one or more screen layouts are displayed; and (a) performing eye movement detection across the sequence of images to identify a correlation between motion of the user'"'"'s eyes as the one or more screen layouts are presented and an expected motion of the user'"'"'s eyes as the one or more screen layouts are presented and/or (b) measuring the eye'"'"'s pupil size to identify a correlation between the effective light intensity of the screen and its effect on the user'"'"'s eye pupil size.
-
-
7. A method comprising:
-
performing an assessment of client configuration data to determine a risk level associated with a client device; and performing authentication for a particular transaction in accordance with the risk level.
-
-
8. A method comprising:
-
receiving a request from a client device to perform a transaction at a local transaction device; and performing one or more authentication transactions including receiving biometric input from the user on the client device to generate an authentication result; transmitting the authentication result to a remote secure transaction service; and the remote secure transaction service transmitting a signal to the local transaction device to perform one or more operations if the authentication result is sufficient to complete the transaction.
-
-
9. A method for user authentication comprising:
-
detecting a user of a client attempting to perform a current interaction with a relying party; and responsively identifying a first interaction class for the current interaction based on variables associated with the current interaction and implementing a set of one or more authentication rules associated with the first interaction class.
-
-
10. A method for user authentication comprising:
-
detecting at a relying party a transaction triggered by a first user over a network and performing one or more authentication techniques to authenticate the first user to the relying party over the network; identifying one or more other users who are required to confirm the transaction before allowing the transaction to be performed, the one or more other users being registered with the relying party; transmitting notifications to the one or more other users or a subset thereof indicating that a transaction has been triggered by the first user; and the one or more other users or subset thereof confirming the transaction by performing remote authentication with the relying party over the network.
-
-
11. A method for delegating trust comprising:
implementing a series of trust delegation operations to transfer registration data associated with one or more trusted authenticators on a trusted client device to one or more new authenticators on a new client device or on the trusted client device.
-
12. A method for establishing trust between two or more devices comprising:
-
transmitting first data from a first device to a second device over a secure communication channel, the first data including at least one key and an identification code identifying a trust circle which includes the first device; the second device generating second data using at least a portion of the first data including the identification code and transmitting the second data over a network to a service; the first device connecting to the service using the identification code to identify the second data, validating the integrity of the second data, and responsively generating third data; and the service storing at least a portion of the second data and the third data to establish a trust relationship between the first device and the second device.
-
Specification