Service Channel Authentication Token
First Claim
1. An apparatus comprising:
- at least one memory device;
at least one processor coupled to the at least one memory device and configured to perform, based on instructions stored in the at least one memory device;
receiving a service request for a protected resource from a first user device, wherein the service request includes a plurality of device attributes and an authentication token;
determining a derived device identification from a first attribute set contained in the plurality of device attributes;
when a signed device identification of the authentication token and the derived device identification are equal, continue processing the service request; and
when the signed device identification is not equal to the derived device identification, rejecting the service request.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer system receives an authentication request from a user device and determines a determined device identification from a set of received device attributes. When the device is properly authenticated, the computer system generates an authentication token that is signed by the determined device identification and returns the authentication token to the user device. When the computer system subsequently receives a service request with an authentication token and a plurality of device attributes for a protected resource from a user device, the computer system determines a derived device identification from some or all of the received device attributes. When a signed device identification of the authentication token and the derived device identification are equal, the apparatus continues processing the service request. Otherwise, the service request is rejected.
-
Citations
20 Claims
-
1. An apparatus comprising:
-
at least one memory device; at least one processor coupled to the at least one memory device and configured to perform, based on instructions stored in the at least one memory device; receiving a service request for a protected resource from a first user device, wherein the service request includes a plurality of device attributes and an authentication token; determining a derived device identification from a first attribute set contained in the plurality of device attributes; when a signed device identification of the authentication token and the derived device identification are equal, continue processing the service request; and when the signed device identification is not equal to the derived device identification, rejecting the service request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-assisted method for authenticating a first user device the method comprising:
-
receiving an authentication request and at least one device attribute from the first user device; determining a first determined device identification from a first set of device attributes; when a desired level of authentication for the first user device is achieved, generating a generated authentication token, wherein the generated authentication token is signed by the first determined device identification; and returning the generated authentication token to the first user device. - View Dependent Claims (13)
-
-
14. A computer-assisted method for authenticating a user device, the method comprising:
-
receiving a service request for a protected resource from a user device, wherein the service request includes a plurality of device attributes and a received authentication token; determining a derived device identification from an attribute set contained in the plurality of device attributes; when a signed device identification of the received authentication token and the derived device identification are equal, continue processing the service request; and when the signed device identification is not equal to the derived device identification, rejecting the service request. - View Dependent Claims (15, 16, 17)
-
-
18. A non-transitory computer-readable storage medium storing computer-executable instructions that, when executed, cause a processor at least to perform operations comprising:
-
receiving a service request for a protected resource from a user device, wherein the service request includes a plurality of device attributes and an authentication token; determining a derived device identification from a first attribute set contained in the plurality of device attributes; when a signed device identification of the authentication token and the derived device identification are equal, continue processing the service request; and when the signed device identification is not equal to the derived device identification, rejecting the service request. - View Dependent Claims (19, 20)
-
Specification