Verifying requests for access to a service provider using an authentication component

US 9,264,237 B2
Filed: 06/15/2011
Issued: 02/16/2016
Est. Priority Date: 06/15/2011
Status: Active Grant

First Claim

Patent Images

1. In a computing environment, a method for processing at least one verification request for accessing a service provider, the method performed at least in part on at least one processor, the method comprising:

examining at least one security token received from a user, wherein the at least one security token and a public key are configured using at least one user identifier associated with the user;

accessing an authentication component that is generated using at least one revoked security token or at least one valid security token, the authentication component including at least one of a blacklist including the at least one revoked security token or a whitelist including the at least one valid security token;

applying the authentication component to the public key to verify the security token, wherein the authentication component is configured to prove validity of the at least one security token; and

revoking the at least one security token based on the validity of the at least one security token by one of adding the at least one security token to the blacklist or removing the at least one security token from the whitelist.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject disclosure is directed towards processing requests for accessing a service provider. After examining at least one security token, a public key and a portion of attribute information are identified. An authentication component is accessed and applied to the public key. A unique user identifier is employed in generating the public key. The authentication component is generated using information from at least one revoked security token or at least one valid security token. The authentication component is configured to prove validity of the at least one security token.

Citations

20 Claims

1. In a computing environment, a method for processing at least one verification request for accessing a service provider, the method performed at least in part on at least one processor, the method comprising:
- examining at least one security token received from a user, wherein the at least one security token and a public key are configured using at least one user identifier associated with the user;
  
  accessing an authentication component that is generated using at least one revoked security token or at least one valid security token, the authentication component including at least one of a blacklist including the at least one revoked security token or a whitelist including the at least one valid security token;
  
  applying the authentication component to the public key to verify the security token, wherein the authentication component is configured to prove validity of the at least one security token; and
  
  revoking the at least one security token based on the validity of the at least one security token by one of adding the at least one security token to the blacklist or removing the at least one security token from the whitelist.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein applying the authentication component comprises using a membership proof to determine whether the at least one security token is valid, wherein, upon revocation of the at least one security token, the at least one security token and the public key are invalidated such that the at least one security token and the public key are not valid in a subsequent verification request.
  - 3. The method of claim 2 further comprising computing an accumulator using at least one private key and at least one user identifier associated with the at least one revoked security token or the at least one valid security token.
  - 4. The method of claim 3 wherein accessing the authentication component further comprises generating at least one witness value using a private key corresponding with the at least one security token, wherein the at least one witness value complements the accumulator.
  - 5. The method of claim 3, wherein accessing the authentication component further comprises updating at least one witness value using the accumulator and a new accumulator.
  - 6. The method of claim 5, wherein accessing the authentication component further comprises generating the authentication component using the at least one witness value and the attribute information.
  - 7. The method of claim 1, wherein accessing the authentication component further comprises determining membership or non-membership within the at least one revoked security token or the at least one valid security token.
  - 8. The method of claim 1, wherein the at least one security token comprises at least a portion of attribute information.
  - 9. The method of claim 1, wherein examining the at least one security token further comprises computing the at least one user identifier.

10. In a computing environment, a system, comprising:
- a memory, wherein the memory comprises computer useable program code;
  
  one or more processing units coupled to the memory; and
  
  a verification mechanism implemented on the one or more processing units and coupled to an authentication service for issuing at least one security token to a user and computing an authentication component, wherein the authentication component is utilized to determine membership of the user to a blacklist or a whitelist using a private key associated with at least one user identifier and at least one private key associated with at least one revoked security token included on the blacklist or at least one valid security token included on the whitelist, wherein the at least one security token is configured to use at least one user identifier, and wherein the verification mechanism is configured to apply the authentication component to a public key associated with the at least one user identifier to provide validity of the at least one security token, and revoke the at least one security token by one of adding the at least one security token to the blacklist or removing the at least one security token from the whitelist.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The system of claim 10, wherein the verification mechanism selects at least one portion of attribute information.
  - 12. The system of claim 10, wherein the verification mechanism applies the authentication component to a public key stored in a security token of the at least one security token, wherein the security token of the at least one security token comprises an encoding of the at least one portion of the attribute information.
  - 13. The system of claim 10, wherein authentication service compares at least one witness value with an accumulator representing the at least one revoked security token or the at least one valid security token.
  - 14. The system of claim 10, wherein the authentication service updates at least one witness value using the accumulator and a new accumulator, wherein the at least one witness value is used to generate the authentication component.
  - 15. The system of claim 10, wherein the verification mechanism determines membership or non-membership of the user within the blacklist or the whitelist.
  - 16. The system of claim 10, wherein the authentication service computes the at least one user identifier.

17. One or more computer storage devices having computer-executable instructions, which upon execution perform operations, comprising:
- processing a security token from at least one user, wherein the security token is either a revoked security token included on a blacklist or a valid security token included on a whitelist; and
  
  accessing an authentication component associated with the security token for proving validity of the at least one security token to the service provider, wherein the authentication component is generated using at least one user identifier associated with at least one revoked security token included on the blacklist or at least one valid security token included on the whitelist and at least a portion of the attribute information, and revoking the at least one security token based on the validity of the at least one security token by one of adding the at least one security token to the blacklist or removing the at least one security token from the whitelist.
- View Dependent Claims (18, 19, 20)
- - 18. The one or more computer storage devices of claim 17 having further computer-executable instructions comprising:
    - applying the authentication component to the public key.
  - 19. The one or more computer storage devices of claim 17 having further computer-executable instructions comprising:
    - determining membership or non-membership within the blacklist or the whitelist.
  - 20. The one or more computer storage devices of claim 17 having further computer-executable instructions comprising:
    - selecting the at least a portion of the attribute information to be encoded on a security of the at least one security token that is communicated to the service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Nguyen, Duy Lan, Acar, Tolga
Primary Examiner(s)
NGUYEN, THU HA T

Application Number

US13/160,831
Publication Number

US 20120324233A1
Time in Patent Office

1,707 Days
Field of Search

713/179, 713/176, 713/180, 726/5, 726/7, 726/10, 726/20
US Class Current

1/1
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

H04L 2209/84   Vehicles

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 9/0866   involving user or device id...

H04L 9/3073   involving pairings, e.g. id...

H04L 9/3234   involving additional secure...

H04L 9/3268   using certificate validatio...

Verifying requests for access to a service provider using an authentication component

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Verifying requests for access to a service provider using an authentication component

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links