System and method for authorizing a new authenticator
First Claim
1. A method for authorizing a new authenticator comprising:
- identifying a plurality of relying parties with which an old authenticator is registered;
generating at least one key for each of the plurality of relying parties;
authenticating with each of the relying parties using a client having the old authenticator configured thereon, the client authorizing the new authenticator by providing an authorization object to each relying party comprising the at least one key, data identifying the new authenticator, and cryptographic data to be used by the relying party to verify the authorization object;
wherein, in response to verifying the authorization object, each relying party registers the new authenticator;
wherein an operation of generating at least one key is performed by the new authenticator;
wherein identifying the plurality of relying parties comprises the new authenticator receiving a list of usernames and unique identification codes to identify each relying party from the old authenticator; and
establishing a secure communication channel between the old authenticator and the new authenticator, wherein the new authenticator receives the list of usernames and unique identification codes to identify each relying party from the old authenticator over the secure communication channel.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, method, and machine readable medium are described for authorizing a new authenticator with a relying party. For example, one embodiment of a method comprises: identifying a plurality of relying parties with which an old authenticator is registered; generating at least one key for each of the plurality of relying parties; authenticating with each of the relying parties using a client having the old authenticator configured thereon, the client authorizing the new authenticator by providing an authorization object to each relying party comprising the at least one key, data identifying the new authenticator, and cryptographic data to be used by the relying party to verify the authorization object; and wherein, in response to verifying the authorization object, each relying party registers the new authenticator.
-
Citations
24 Claims
-
1. A method for authorizing a new authenticator comprising:
-
identifying a plurality of relying parties with which an old authenticator is registered; generating at least one key for each of the plurality of relying parties; authenticating with each of the relying parties using a client having the old authenticator configured thereon, the client authorizing the new authenticator by providing an authorization object to each relying party comprising the at least one key, data identifying the new authenticator, and cryptographic data to be used by the relying party to verify the authorization object; wherein, in response to verifying the authorization object, each relying party registers the new authenticator; wherein an operation of generating at least one key is performed by the new authenticator; wherein identifying the plurality of relying parties comprises the new authenticator receiving a list of usernames and unique identification codes to identify each relying party from the old authenticator; and establishing a secure communication channel between the old authenticator and the new authenticator, wherein the new authenticator receives the list of usernames and unique identification codes to identify each relying party from the old authenticator over the secure communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory machine-readable medium having program code stored thereon which, when executed by one or more computing devices, causes the one or more computing devices to perform the operations of:
-
identifying a plurality of relying parties with which an old authenticator is registered; generating at least one key for each of the plurality of relying parties; authenticating with each of the relying parties using a client having the old authenticator configured thereon, the client authorizing the new authenticator by providing an authorization object to each relying party comprising the at least one key, data identifying the new authenticator, and cryptographic data to be used by the relying party to verify the authorization object; and wherein, in response to verifying the authorization object, each relying party registers the new authenticator; wherein an operation of generating at least one key is performed by the new authenticator; wherein identifying the plurality of relying parties comprises the new authenticator receiving a list of usernames and unique identification codes identifying each relying party from the old authenticator; and establishing a secure communication channel between the old authenticator and the new authenticator, wherein the new authenticator receives the list of usernames and unique identification codes identifying each relying party from the old authenticator over the secure communication channel. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for authorizing a new authenticator comprising:
-
identifying a plurality of relying parties with which an old authenticator is registered; generating at least one key for each of the plurality of relying parties; authenticating with each of the relying parties using a client having the old authenticator configured thereon, the client authorizing the new authenticator by providing an authorization object to each relying party comprising the at least one key, data identifying the new authenticator, and cryptographic data to be used by the relying party to verify the authorization object; wherein, in response to verifying the authorization object, each relying party registers the new authenticator; wherein the operation of generating at least one key is performed by the new authenticator; wherein identifying the plurality of relying parties comprises the new authenticator receiving a list of usernames and unique identification codes to identify each relying party from the old authenticator; and wherein generating at least one key comprises the new authenticator generating a public/private key pair for each pair of the username and unique identification codes to identify each relying party.
-
-
24. A non-transitory machine-readable medium having program code stored thereon which, when executed by one or more computing devices, causes the one or more computing devices to perform the operations of:
-
identifying a plurality of relying parties with which an old authenticator is registered; generating at least one key for each of the plurality of relying parties; authenticating with each of the relying parties using a client having the old authenticator configured thereon, the client authorizing the new authenticator by providing an authorization object to each relying party comprising the at least one key, data identifying the new authenticator, and cryptographic data to be used by the relying party to verify the authorization object; and wherein, in response to verifying the authorization object, each relying party registers the new authenticator; wherein the operation of generating at least one key is performed by the new authenticator; wherein identifying the plurality of relying parties comprises the new authenticator receiving a list of usernames and unique identification codes to identify each relying party from the old authenticator; and wherein generating at least one key comprises the new authenticator generating a public/private key pair for each pair of the username and unique identification code to identify each relying party.
-
Specification