SYSTEM AND METHOD FOR AN INTEGRITY FOCUSED AUTHENTICATION SERVICE
First Claim
1. A method comprising:
- at an authentication service, the authentication service being implementing by one or more computing servers;
(i) receiving from a remote service provider, via a network, an account identifier and an authentication request for a service request received at the service provider from an initiating device;
(ii) using the account identifier to identify a predefined mapping stored with the authentication service for routing the authentication request from the remote service provider to a remote authentication device and for routing an authentication response to the authentication request from the remote authentication device to the remote service provider;
(iii) using the predefined mapping to transmit the authentication request to the remote authentication device;
(iv) receiving from the authentication device, a cryptographically signed authentication response to the authentication request; and
(v) using the predefined mapping to transmit, via the network, the cryptographically signed authentication response to the service provider.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for authentication. At an authentication service, key synchronization information is stored for an enrolled authentication device for a user identifier of a service provider. The key synchronization information indicates that a private key stored by the authentication device is synchronized with a public key stored at the service provider. Responsive to an authentication request provided by the service provider for the user identifier, the authentication service determines an authentication device for the user identifier that stores a synchronized private key by using the key synchronization information, and provides the authentication request to the authentication device. The authentication service provides a signed authentication response to the service provider. The authentication response is responsive to the authentication request and signed by using the private key. The service provider verifies the signed authentication response by using the public key.
-
Citations
19 Claims
-
1. A method comprising:
at an authentication service, the authentication service being implementing by one or more computing servers; (i) receiving from a remote service provider, via a network, an account identifier and an authentication request for a service request received at the service provider from an initiating device; (ii) using the account identifier to identify a predefined mapping stored with the authentication service for routing the authentication request from the remote service provider to a remote authentication device and for routing an authentication response to the authentication request from the remote authentication device to the remote service provider; (iii) using the predefined mapping to transmit the authentication request to the remote authentication device; (iv) receiving from the authentication device, a cryptographically signed authentication response to the authentication request; and (v) using the predefined mapping to transmit, via the network, the cryptographically signed authentication response to the service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 19)
-
8. A method comprising:
at an authentication service; configuring a communication channel via the authentication service between a service provider and an authentication device for authenticating a service request to the service provider; wherein for the authentication device; cryptography keys are synchronized with the service provider during an enrollment of the authentication device at the authentication service; the authentication device is enrolled responsive to enrollment information provided by at least one of the authentication device, a primary device, and the service provider, the enrollment information including a user identifier, address information of the authentication device, and information identifying the service provider; an enrollment record is stored at the authentication service, the enrollment record including the address information, and the authentication service account information for the service provider identified by the enrollment information; at least one of the authentication service, the authentication device and the service provider synchronizes the keys between the authentication device and the service provider; and the synchronization information is stored at the authentication service in association with the enrollment record, the synchronization information indicating that the keys are synchronized between the authentication device and the service provider. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
17. A method comprising:
-
establishing synchronization information that defines; (a) a first communication channel for routing, via a network, an authentication request from a remote service provider to a remote authentication device and (b) a second communication channel for routing, via the network, an authentication response from the remote authentication device to the remote service provider; using the synchronization information to configure a routing function of an independent authentication service thereby configuring communication channels between the service provider and the authentication device via the independent authentication service, wherein the authentication service comprises an independent and remote service from both the service provider and the authentication device; in response to receiving the authentication request from the service provider, triggering the routing function of the independent authentication service. - View Dependent Claims (18)
-
Specification