UNIVERSAL ANONYMOUS CROSS-SITE AUTHENTICATION

US 20160105290A1
Filed: 10/10/2014
Published: 04/14/2016
Est. Priority Date: 10/10/2014
Status: Active Grant

First Claim

Patent Images

1. A device, comprising:

one or more processors to;

receive user information associated with a user;

generate a user profile for the user that stores the user information and authentication confirmation information associated with confirming that a received response to a challenge code generated using a particular cryptographic key matches an expected response generated using the particular cryptographic key;

provide the particular cryptographic key and information identifying the user profile;

receive a request to authenticate a secure session for a user device from an application server,the request including authentication information that includes a particular response to a particular challenge code and a user identifier;

obtain, based on the user identifier, the authentication confirmation information associated with the user from a data structure storing one or more user profiles;

validate the particular response to the particular challenge code based on the authentication confirmation information; and

provide information to the application server indicating that the secure session is authenticated for the user device to permit the application server to establish the secure session with the user device based on validating the authentication information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The device may receive user information associated with a user. The device may generate a user profile for the user that stores user information and authentication confirmation information. The device may provide a particular cryptographic key and information identifying the user profile. The device may receive a request to authenticate a secure session for a user device from an application server. The device may obtain, based on the user identifier, the authentication confirmation information associated with the user from a data structure storing one or more user profiles. The device may validate the particular response to the particular challenge code based on the authentication confirmation information. The device may provide information to the application server indicating that the secure session is validated for the user device based on validating the authentication information.

51 Citations

View as Search Results

20 Claims

1. A device, comprising:
- one or more processors to;
  
  receive user information associated with a user;
  
  generate a user profile for the user that stores the user information and authentication confirmation information associated with confirming that a received response to a challenge code generated using a particular cryptographic key matches an expected response generated using the particular cryptographic key;
  
  provide the particular cryptographic key and information identifying the user profile;
  
  receive a request to authenticate a secure session for a user device from an application server,the request including authentication information that includes a particular response to a particular challenge code and a user identifier;
  
  obtain, based on the user identifier, the authentication confirmation information associated with the user from a data structure storing one or more user profiles;
  
  validate the particular response to the particular challenge code based on the authentication confirmation information; and
  
  provide information to the application server indicating that the secure session is authenticated for the user device to permit the application server to establish the secure session with the user device based on validating the authentication information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The device of claim 1, where the one or more processors are further to:
    - generate a visual site identifier image; and
      
      cause the visual site identifier image to be displayed via a user interface being provided by the user device to the user.
  - 3. The device of claim 1, where the one or more processors, when providing the particular cryptographic key, are further to:
    - generate a private key associated with a public key,the public key being included in the authentication confirmation information;
      
      provide the private key to the user device associated with the user; and
      
      where the one or more processors, when validating the particular response to the particular challenge code, are further to;
      
      verify a signature associated with the particular response to the particular challenge code utilizing the public key,the signature having been generated using the private key; and
      
      validate the particular response to the particular challenge code based on verifying the signature utilizing the public key.
  - 4. The device of claim 1, where the one or more processors, when providing the particular cryptographic key, are further to:
    - generate a symmetric key,the symmetric key being included in the authentication confirmation information;
      
      provide the symmetric key to the user device associated with the user; and
      
      where the one or more processors, when validating the particular response to the particular challenge code, are further to;
      
      obtain the symmetric key based on obtaining the authentication information;
      
      encrypt the particular challenge code using the symmetric key to generate an expected response to the particular challenge code;
      
      determine that the particular response to the particular challenge code matches the expected response to the particular challenge code to validate the particular response to the particular challenge code.
  - 5. The device of claim 1, where the one or more processors, when providing the information to the application server indicating that the secure session is validated for the user device, are further to:
    - generate an anonymous identifier that does not uniquely identify the user; and
      
      provide the information to the application server without providing the user information identifying the user,the information including an anonymous identifier.
  - 6. The device of claim 1, where the one or more processors, when obtaining the authentication confirmation information, are further to:
    - identify a public key fingerprint being stored via the user profile; and
      
      determine a public key associated with validating the particular cryptographic key based on the public key fingerprint.
  - 7. The device of claim 1, where the one or more processors, when providing information to the application server indicating that the secure session is validated for the user device, are further to:
    - provide information instructing the application server to establish the secure session for the user device; and
      
      provide information identifying the user associated with the user device.

8. A computer-readable medium storing instructions, the instructions comprising:
- one or more instructions that, when executed by one or more processors, cause the one or more processors to;
  
  receive a request from a user device to initiate a secure session associated with a particular provider,the user device having received authentication credentials from a server;
  
  provide, to the user device, a challenge code associated with the secure session and a session key identifying the secure session;
  
  receive authentication information responding to the challenge code from the user device;
  
  provide, to the server, the authentication information from the user device and the challenge code;
  
  receive, from the server, a success code indicating that the authentication information is valid,the success code identifying the secure session,the success code indicating that the server confirmed that the authentication information includes a response to the challenge code that matches an expected response to the challenge code for the user device; and
  
  provide, to the user device, an indication that the secure session associated with the session key is authenticated based on receiving the success code.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable medium of claim 8, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - provide information, to the server, indicating user information that is to be confirmed when validating users for secure sessions; and
      
      where the one or more instructions, that cause the one or more processors to receive the success code, further cause the one or more processors to;
      
      determine that the secure session is valid for the user device based on receiving the success code,the success code indicating that the user information that is to be confirmed when validating users for secure sessions has been confirmed for the user and the secure session.
  - 10. The computer-readable medium of claim 8, where the one or more instructions, that cause the one or more processors to provide the challenge code, further cause the one or more processors to:
    - generate a string of characters to be processed by a function associated with a private key;
      
      provide the string of characters to the user device for processing using the private key; and
      
      where the one or more instructions, that cause the one or more processors to receive the success code indicating that the authentication information is valid, further cause the one or more processors to;
      
      receive the success code indicating that the string of characters has been processed by the private key and matches an expected response determined based on a public key associated with the private key.
  - 11. The computer-readable medium of claim 8, where the one or more instructions, that cause the one or more processors to provide the challenge code, further cause the one or more processors to:
    - generate a string of characters to be processed by a function associated with a symmetric key;
      
      provide the string of characters to the user device for processing using the symmetric key; and
      
      where the one or more instructions, that cause the one or more processors to receive the success code indicating that the authentication information is valid, further cause the one or more processors to;
      
      receive the success code indicating that the string of characters has been processed by the symmetric key and matches a response generated by the server by processing the string of characters using the symmetric key.
  - 12. The computer-readable medium of claim 8, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - determine, based on an anonymous identifier provided by the server, that a user associated with the user device has not previously accessed another secure session associated with the particular provider;
      
      generate a user profile for the user based on the anonymous identifier,the user profile including access information regarding accesses of a website of the particular provider by the user; and
      
      store information regarding the secure session via the user profile.
  - 13. The computer-readable medium of claim 12, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - establish another secure session for the user device based on receiving another success code from the server,the other success code including the anonymous identifier;
      
      determine, based on the anonymous identifier, that the user has previously accessed another secure session associated with the particular provider;
      
      identify the user profile associated with the user;
      
      adjust the other secure session based on the access information; and
      
      store information regarding the other secure session via the user profile.
  - 14. The computer-readable medium of claim 8, where the one or more instructions, that cause the one or more processors to provide the indication that the secure session is authenticated, further cause the one or more processors to:
    - generate an identification token associated with identifying a user interface associated with the secure session and the particular provider as genuine; and
      
      provide the identification token for display via the user interface to indicate that the secure session is genuine.

15. A method, comprising:
- receiving, by a device from a user device, a request to initiate a secure session that is associated with a particular provider of multiple providers associated with providing secure sessions,the user device having received cryptographic information associated with generating responses to challenge codes;
  
  providing, by the device, a challenge code and a session key associated with the secure session;
  
  receiving, by the device, authentication information including a response to the challenge code,the authentication information being determined to be associated with the secure session based on the session key;
  
  determining, by the device, that the authentication information is valid without the particular provider being provided with access to user information identifying a user of the user device,the response to the challenge code having been determined to match an expected response to the challenge code determined based on other cryptographic information matching the cryptographic information; and
  
  providing, by the device, an indication that the secure session is authenticated based on determining that the authentication information is valid.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, where determining that the authentication information is valid further comprises:
    - providing the authentication information to a third party verification service associated with the multiple providers; and
      
      receiving, from the third party verification service, an indication that that the authentication information is valid.
  - 17. The method of claim 15, where determining that the authentication information is valid further comprises:
    - identifying the user based on an anonymous identifier and stored user information;
      
      comparing the response to the challenge code with the expected response to the challenge code,the expected response to the challenge code having been determined based on the other cryptographic information,the other cryptographic information having been determined based on identifying the user; and
      
      where providing the indication that the secure session is authenticated further comprises;
      
      providing the indication to the particular provider that the response to the challenge code matches the expected response to the challenge code without revealing the stored user information to the particular provider.
  - 18. The method of claim 15, further comprising:
    - receiving a request from the user device to establish a universal profile for the multiple providers;
      
      generating the cryptographic information, including a cryptographic key for the user to utilize in responding to challenge codes generated by the multiple providers;
      
      providing the cryptographic information to the user device;
      
      storing the other cryptographic information associated with identifying responses, performed using the cryptographic key, to challenge codes generated by the multiple providers as proper; and
      
      where determining that the authentication information is valid, further comprises;
      
      identifying the user;
      
      accessing, based on identifying the user, the stored other cryptographic information associated with identifying responses to challenge codes generated by the multiple providers as proper;
      
      determining the proper response to the challenge code based on the stored other cryptographic information; and
      
      determining that the authentication information is valid based on matching the proper response to the challenge code with the response to the challenge code.
  - 19. The method of claim 15, further comprising:
    - associating a site identification key with a user profile for the user;
      
      receiving, from the user device, information identifying the user; and
      
      providing information indicating that the device is genuine based on receiving the information identifying the user,the information indicating that the device is genuine including the site identification key.
  - 20. The method of claim 15, further comprising:
    - receiving, from the user device, incorrect information identifying the user,the incorrect information identifying the user not corresponding to a user profile;
      
      determining a site key associated with the incorrect information identifying the user;
      
      overlaying an indication of the incorrect information identifying the user on the site key; and
      
      providing the site key after overlaying the indication of the incorrect information identifying the user on the site key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
KHALIL, Manah M., Pandey, Siddharth, Kumar, Ashok, Limbasia, Sunil D., Challa, Vijaya R., Lamison, Michael R.

Granted Patent

US 9,628,282 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0407   wherein the identity of one...

H04L 63/0421   Anonymous communication, i....

H04L 63/0435   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/12   Applying verification of th...

H04L 63/168   above the transport layer

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

UNIVERSAL ANONYMOUS CROSS-SITE AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

51 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

UNIVERSAL ANONYMOUS CROSS-SITE AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others