System and method for establishing trust using secure transmission protocols

US 9,455,979 B2
Filed: 07/31/2014
Issued: 09/27/2016
Est. Priority Date: 07/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating a first authentication-related communication at an authentication server on behalf of a relying party the first authentication-related communication being directed to a client device having one or more authenticators;

signing the first authentication-related communication using a first key of a self-signed certificate from a decentralized public key infrastructure (PKI);

establishing a first secure communication channel with a relying party app on the client device using a trusted secure communication infrastructure;

transmitting the first authentication-related communication with the signature to the relying party app over the first secure communication channel;

establishing a second secure communication channel with an authentication client on the client device using a trusted secure communication infrastructure;

transmitting a second key of the self-signed certificate from the decentralized PKI to the authentication client over the second communication channel;

providing the first authentication-related communication from the relying party app to the authentication client; and

the authentication client using the second key to validate the signature generated over the first authentication-related communication with the first key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, apparatus, method, and machine readable medium are described for establishing trust using secure communication protocols. For example, one embodiment of a method comprises: generating a first authentication-related communication at an authentication server on behalf of a relying party the first authentication-related communication being directed to a client device having one or more authenticators; signing the first authentication-related communication using a first key of a self-signed certificate from a decentralized public key infrastructure (PKI); establishing a first secure communication channel with a relying party app on the client device using a trusted secure communication infrastructure; transmitting the first authentication-related communication with the signature to the relying party app over the first secure communication channel; establishing a second secure communication channel with an authentication client on the client device using a trusted secure communication infrastructure; transmitting a second key of the self-signed certificate from the decentralized PKI to the authentication client over the second communication channel; providing the first authentication-related communication from the relying party app to the authentication client; and the authentication client using the second key to validate the signature generated over the first authentication-related communication with the first key.

Citations

24 Claims

1. A method comprising:
- generating a first authentication-related communication at an authentication server on behalf of a relying party the first authentication-related communication being directed to a client device having one or more authenticators;
  
  signing the first authentication-related communication using a first key of a self-signed certificate from a decentralized public key infrastructure (PKI);
  
  establishing a first secure communication channel with a relying party app on the client device using a trusted secure communication infrastructure;
  
  transmitting the first authentication-related communication with the signature to the relying party app over the first secure communication channel;
  
  establishing a second secure communication channel with an authentication client on the client device using a trusted secure communication infrastructure;
  
  transmitting a second key of the self-signed certificate from the decentralized PKI to the authentication client over the second communication channel;
  
  providing the first authentication-related communication from the relying party app to the authentication client; and
  
  the authentication client using the second key to validate the signature generated over the first authentication-related communication with the first key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as in claim 1 wherein the first key comprises a private key of the decentralized PKI and the second key comprises a corresponding public key.
  - 3. The method as in claim 1 wherein the trusted secure communication infrastructure includes a trusted certificate usable to establish a secure transport layer security (TLS) connection for the first and/or second secure communication channels.
  - 4. The method as in claim 3 wherein the trusted certificate comprises an X.509 certificate.
  - 5. The method as in claim 1 further comprising:
    - the authentication client generating a second authentication-related communication responsive to the first authentication-related communication.
  - 6. The method as in claim 5 wherein the first authentication-related communication comprises an authentication request generated at an authentication server operated on behalf of the relying party, and the second authentication-related communication comprises an authentication response generated by the authentication client.
  - 7. The method as in claim 6 wherein the authentication request comprises a random challenge and a signature generated over the random challenge using a public key associated with an authenticator on the client device.
  - 8. The method as in claim 7 wherein the authentication client uses a private key associated with the authenticator to validate the signature.
  - 9. The method as in claim 8 wherein the authentication client generates the authentication response in response to a successful user authentication using one or more of the authenticators on the client device.
  - 10. The method as in claim 9 wherein the authenticators on the client device include a fingerprint authenticator.
  - 11. The method as in claim 1 wherein providing the first authentication-related communication from the relying party app to the authentication client further comprises implementing inter-process communication (IPC) between the relying party app and the authentication client.
  - 12. The method as in claim 1 wherein the second key of the self-signed certificate is transmitted over the second communication channel in a public key file.

13. A system for performing authentication comprising:
- a client device having one or more authenticators, an authentication client and a relying party app;
  
  an authentication server operated on behalf of a relying party generating a first authentication-related communication directed to the client device;
  
  the authentication server signing the first authentication-related communication using a first key of a self-signed certificate from a decentralized public key infrastructure (PKI);
  
  the authentication server establishing a first secure communication channel with a relying party app on the client device using a trusted secure communication infrastructure;
  
  the authentication server transmitting the first authentication-related communication with the signature to the relying party app over the first secure communication channel;
  
  the authentication server establishing a second secure communication channel with an authentication client on the client device using a trusted secure communication infrastructure;
  
  the authentication server transmitting a second key of the self-signed certificate from the decentralized PKI to the authentication client over the second communication channel;
  
  the relying party app providing the first authentication-related communication to the authentication client; and
  
  the authentication client using the second key to validate the signature generated over the first authentication-related communication with the first key.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system as in claim 13 wherein the first key comprises a private key of the decentralized PKI and the second key comprises a corresponding public key.
  - 15. The system as in claim 13 wherein the trusted secure communication infrastructure includes a trusted certificate usable to establish a secure transport layer security (TLS) connection for the first and/or second secure communication channels.
  - 16. The system as in claim 15 wherein the trusted certificate comprises an X.509 certificate.
  - 17. The system as in claim 13 further comprising:
    - the authentication client generating a second authentication-related communication responsive to the first authentication-related communication.
  - 18. The system as in claim 17 wherein the first authentication-related communication comprises an authentication request generated at an authentication server operated on behalf of the relying party, and the second authentication-related communication comprises an authentication response generated by the authentication client.
  - 19. The system as in claim 18 wherein the authentication request comprises a random challenge and a signature generated over the random challenge using a public key associated with an authenticator on the client device.
  - 20. The system as in claim 19 wherein the authentication client uses a private key associated with the authenticator to validate the signature.
  - 21. The system as in claim 20 wherein the authentication client generates the authentication response in response to a successful user authentication using one or more of the authenticators on the client device.
  - 22. The system as in claim 21 wherein the authenticators on the client device include a fingerprint authenticator.
  - 23. The system as in claim 13 wherein providing the first authentication-related communication from the relying party app to the authentication client further comprises implementing inter-process communication (IPC) between the relying party app and the authentication client.
  - 24. The system as in claim 13 wherein the second key of the self-signed certificate is transmitted over the second communication channel in a public key file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nok Nok Labs Incorporated
Original Assignee
Nok Nok Labs Incorporated
Inventors
Blanke, William J.
Primary Examiner(s)
ZAIDI, SYED A

Application Number

US14/448,697
Publication Number

US 20160219043A1
Time in Patent Office

789 Days
Field of Search

713/171, 713/170, 713/175
US Class Current

1/1
CPC Class Codes

G06F 21/33   using certificates

G06F 21/42   using separate channels for...

G06F 21/44   Program or device authentic...

H04L 63/0823   using certificates cryptogr...

H04L 63/0861   using biometrical features,...

H04L 63/166   at the transport layer

H04L 9/006   involving public key infras...

H04L 9/3263   involving certificates, e.g...

H04W 12/0433   Key management protocols

H04W 12/069   using certificates or pre-s...

System and method for establishing trust using secure transmission protocols

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for establishing trust using secure transmission protocols

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links