Universal anonymous cross-site authentication
First Claim
1. A device, comprising:
- a memory to store instructions; and
one or more processors to execute the instructions to;
receive user information associated with a user;
generate, based on receiving the user information, a user profile for the user that stores the user information and authentication confirmation information,the authentication confirmation information including a public key associated with a private key, andthe authentication confirmation information being associated with confirming that a received response to a challenge code generated using the public key matches an expected response generated using the private key;
provide, based on generating the user profile, the private key to a user device of the user;
receive, from an application server and based on providing the private key to the user device, a request to authenticate a secure session between the user device and the application server,the request including authentication information that includes a user identifier and a particular response to a particular challenge code;
obtain, based on the user identifier and based on receiving the request to authenticate the secure session, the authentication confirmation information associated with the user from a data structure storing one or more user profiles;
verify, based on obtaining the authentication confirmation information, a signature associated with the particular response to the particular challenge code utilizing the public key,the signature having been generated using the private key;
validate, based on verifying the signature, the particular response to the particular challenge code using the public key; and
provide, based on validating the particular response to the particular challenge code, information to the application server indicating that the secure session is authenticated for the user device to permit the application server to establish the secure session with the user device.
1 Assignment
0 Petitions
Accused Products
Abstract
The device may receive user information associated with a user. The device may generate a user profile for the user that stores user information and authentication confirmation information. The device may provide a particular cryptographic key and information identifying the user profile. The device may receive a request to authenticate a secure session for a user device from an application server. The device may obtain, based on the user identifier, the authentication confirmation information associated with the user from a data structure storing one or more user profiles. The device may validate the particular response to the particular challenge code based on the authentication confirmation information. The device may provide information to the application server indicating that the secure session is validated for the user device based on validating the authentication information.
-
Citations
20 Claims
-
1. A device, comprising:
-
a memory to store instructions; and one or more processors to execute the instructions to; receive user information associated with a user; generate, based on receiving the user information, a user profile for the user that stores the user information and authentication confirmation information, the authentication confirmation information including a public key associated with a private key, and the authentication confirmation information being associated with confirming that a received response to a challenge code generated using the public key matches an expected response generated using the private key; provide, based on generating the user profile, the private key to a user device of the user; receive, from an application server and based on providing the private key to the user device, a request to authenticate a secure session between the user device and the application server, the request including authentication information that includes a user identifier and a particular response to a particular challenge code; obtain, based on the user identifier and based on receiving the request to authenticate the secure session, the authentication confirmation information associated with the user from a data structure storing one or more user profiles; verify, based on obtaining the authentication confirmation information, a signature associated with the particular response to the particular challenge code utilizing the public key, the signature having been generated using the private key; validate, based on verifying the signature, the particular response to the particular challenge code using the public key; and provide, based on validating the particular response to the particular challenge code, information to the application server indicating that the secure session is authenticated for the user device to permit the application server to establish the secure session with the user device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by one or more processors, cause the one or more processors to; receive a request from a user device to initiate a secure session associated with a particular provider, the user device having received authentication credentials from a server, the authentication credentials including a symmetric key; provide, to the user device and based on receiving the request, a challenge code associated with the secure session and a session key identifying the secure session, the challenge code comprising a string of characters, and the user device processing the challenge code using the symmetric key; receive, from the user device and based on providing the challenge code, authentication information responding to the challenge code; provide, to the server and based on receiving the authentication information, the authentication information from the user device and the challenge code; receive, from the server and based on providing the authentication information, a success code indicating that the authentication information is valid, the success code identifying the secure session, and the success code indicating that the string of characters has been processed by the symmetric key and matches an expected response generated by the server by processing the string of characters using the symmetric key; and provide, to the user device and based on the receiving the success code, an indication that the secure session associated with the session key is authenticated based on receiving the success code. - View Dependent Claims (9, 10, 11, 12, 14, 18)
-
13. A method, comprising:
-
receiving, by a device from a user device, a request to initiate a secure session that is associated with a particular provider of multiple providers associated with providing secure sessions, the user device having received cryptographic information associated with generating responses to challenge codes, the cryptographic information including a cryptographic key; identifying, by the device and based on receiving the request, a user of the user device based on an anonymous identifier and stored user information; providing, by the device to the user device and based on identifying the user, a challenge code and a session key associated with the secure session, the challenge code comprising a string of characters, and the user device processing the challenge code using the cryptographic key; receiving, by the device from the user device and based on providing the challenge code, authentication information including a response to the challenge code, the authentication information being determined to be associated with the secure session based on the session key; determining, by the device and based on receiving the authentication information, that the authentication information is valid without the particular provider being provided with access to the stored user information identifying the user, the response to the challenge code having been determined to match an expected response to the challenge code determined based on other cryptographic information matching the cryptographic information, the other cryptographic information including a function associated with the cryptographic key, and the other cryptographic information having been determined based on identifying the user; and providing, by the device and to the particular provider, an indication that the secure session is authenticated based on determining that the authentication information is valid without revealing the stored user information to the particular provider. - View Dependent Claims (15, 16, 17, 19, 20)
-
Specification