SYSTEM AND METHOD FOR AN INTEGRITY FOCUSED AUTHENTICATION SERVICE
First Claim
1. A method comprising:
- at an authentication service;
responsive to synchronization of keys between a service provider and at least one authentication device enrolled for a user identifier of the service provider, storing key synchronization information in association with address information of the at least one authentication device, the user identifier, and authentication service account information for the service provider, the key synchronization information indicating that a private key associated with the user identifier and stored by the at least one authentication device is synchronized with a public key stored at the service provider in association with the user identifier;
receiving an authentication request provided by the service provider for a request received at the service provider from a primary device associated with the user identifier, the authentication request specifying the user identifier;
mapping the authentication request to at least one authentication device identified by the key synchronization information as storing the synchronized private key;
providing the authentication request to the mapped at least one authentication device;
receiving a signed authentication response from the at least one authentication device, the signed authentication response being signed with the private key by the at least one authentication device; and
providing the signed authentication response to the service provider, the service provider verifying the signed authentication response by using the public key.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for authentication. At an authentication service, key synchronization information is stored for an enrolled authentication device for a user identifier of a service provider. The key synchronization information indicates that a private key stored by the authentication device is synchronized with a public key stored at the service provider. Responsive to an authentication request provided by the service provider for the user identifier, the authentication service determines an authentication device for the user identifier that stores a synchronized private key by using the key synchronization information, and provides the authentication request to the authentication device. The authentication service provides a signed authentication response to the service provider. The authentication response is responsive to the authentication request and signed by using the private key. The service provider verifies the signed authentication response by using the public key.
-
Citations
20 Claims
-
1. A method comprising:
at an authentication service; responsive to synchronization of keys between a service provider and at least one authentication device enrolled for a user identifier of the service provider, storing key synchronization information in association with address information of the at least one authentication device, the user identifier, and authentication service account information for the service provider, the key synchronization information indicating that a private key associated with the user identifier and stored by the at least one authentication device is synchronized with a public key stored at the service provider in association with the user identifier; receiving an authentication request provided by the service provider for a request received at the service provider from a primary device associated with the user identifier, the authentication request specifying the user identifier; mapping the authentication request to at least one authentication device identified by the key synchronization information as storing the synchronized private key; providing the authentication request to the mapped at least one authentication device; receiving a signed authentication response from the at least one authentication device, the signed authentication response being signed with the private key by the at least one authentication device; and providing the signed authentication response to the service provider, the service provider verifying the signed authentication response by using the public key. - View Dependent Claims (2)
-
3. A method comprising:
at an authentication service; managing service provider key synchronization information for at least one authentication device that is enrolled at the authentication service for a user identifier of a service provider, wherein for each authentication device the key synchronization information indicates that a private key associated with the user identifier and stored by the authentication device is synchronized with a public key stored at the service provider in association with the user identifier; responsive to an authentication request provided by the service provider for the user identifier, determining at least one authentication device for the user identifier that stores a private key that is synchronized with the service provider by using the key synchronization information, and providing the authentication request to at least one determined authentication device; providing an authentication response signed by the at least one determined authentication device to the service provider, the authentication response being responsive to the authentication request and being signed by using the private key, wherein the authentication request is for a request received at the service provider from a primary device associated with the user identifier, and wherein the service provider verifies the signed authentication response by using the public key. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
19. A system comprising:
-
an authentication service constructed to; manage service provider key synchronization information for at least one authentication device that is enrolled at the authentication service for a user identifier of a service provider, wherein for each authentication device the key synchronization information indicates that a private key associated with the user identifier and stored by the authentication device is synchronized with a public key stored at the service provider in association with the user identifier; responsive to an authentication request provided by the service provider for the user identifier, determine at least one authentication device for the user identifier that stores a private key that is synchronized with the service provider by using the key synchronization information, and provide the authentication request to at least one determined authentication device; provide an authentication response signed by the at least one determined authentication device to the service provider, the authentication response being responsive to the authentication request and being signed by using the private key, wherein the service provider provides the authentication request responsive to a request received at the service provider from a primary device of the user identifier of the service provider, and wherein the service provider verifies the signed authentication response by using the public key; and the at least one determined authentication device, the at least one determined authentication device being constructed to;
store the private key; and
responsive to the authentication request;generate an authentication response; sign the authentication response by using the private key; and provide the signed authentication response to the authentication service. - View Dependent Claims (20)
-
Specification