Method for the unique authentication of a user by service providers
First Claim
1. A computer-based method for unique authentication of a user by at least one service provider, said method including a preliminary identity federation stage of federating an identity of said user for said service provider and an identity of said user for an identity provider, wherein said preliminary identity federation stage comprises the steps of:
- a computing device of the user generating a non-masked user alias for that service provider and sending said identity provider a masked user alias deduced from said user alias;
a computing device of the identity provider associating, using a processor, said masked user alias for that service provider with the identity of the user and sending elements to the user that are based on a message containing the masked user alias;
the computing device of the user unmasking the masked user alias to get the non-masked user alias;
the computing device of the user calculating a signature of a message containing the non-masked user alias and sending the service provider said message with said signature; and
a computing device of the service provider verifying said signature, authenticating the user, and associating said non-masked user alias with the user'"'"'s identity for the service provider;
wherein said elements provided by the identity provider represent a partially blind signature of the message containing said masked user alias and the partially blind signature is masked.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for unique authentication of a user including federating an identity of said user for said service provider and an identity of the user for an identity provider, the federating including the steps of generating a user alias for that service provider and sending said identity provider a masked alias deduced from said alias, the identity provider associating said masked alias for that service provider with the identity of the user for the identity provider and sending the user elements for calculation by the user of a signature of a message containing the non-masked alias calculating said signature and sending the service provider said message with said signature, and the service provider verifying said signature, authenticating the user, and associating said alias with the user'"'"'s identity.
12 Citations
5 Claims
-
1. A computer-based method for unique authentication of a user by at least one service provider, said method including a preliminary identity federation stage of federating an identity of said user for said service provider and an identity of said user for an identity provider, wherein said preliminary identity federation stage comprises the steps of:
-
a computing device of the user generating a non-masked user alias for that service provider and sending said identity provider a masked user alias deduced from said user alias; a computing device of the identity provider associating, using a processor, said masked user alias for that service provider with the identity of the user and sending elements to the user that are based on a message containing the masked user alias; the computing device of the user unmasking the masked user alias to get the non-masked user alias; the computing device of the user calculating a signature of a message containing the non-masked user alias and sending the service provider said message with said signature; and a computing device of the service provider verifying said signature, authenticating the user, and associating said non-masked user alias with the user'"'"'s identity for the service provider; wherein said elements provided by the identity provider represent a partially blind signature of the message containing said masked user alias and the partially blind signature is masked. - View Dependent Claims (2, 3, 4, 5)
-
Specification