×

Secure authentication in a multi-party system

  • US 9,641,520 B2
  • Filed: 03/28/2013
  • Issued: 05/02/2017
  • Est. Priority Date: 04/01/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method of authenticating a network user to another network entity, comprising:

  • executing, on a first user operated device, a first program to;

    receive user inputted validation information;

    store a user credential on the first user operated device;

    executing, on a second user operated device, a second program to;

    receive information from another network entity via the network;

    further executing the first program to;

    receive an input transferring, to the first program, the information received by the second program from the other network entity;

    direct transmission, to an authentication server via the network, of the transferred information;

    receive, from the authentication server via the network, an identifier of the other network entity, other information, and authentication policy requirements of the other network entity;

    direct transmission, to the authentication server via the network, of the input validation information corresponding to the received other network entity authentication policy requirements;

    receive, from the authentication server via the network after directing transmission of the validation information, a request for a user credential;

    sign a message, including the transferred information and the received other information, with the stored user credential;

    direct transmission, to the authentication server via the network, of the signed message to authenticate the user; and

    generate user secret data;

    divide the generated secret data into multiple portions including a first portion and a second portion;

    encrypt the user credential with the generated secret data, wherein the stored credential is the encrypted credential;

    direct transmission, to the authentication server via the network, of the second portion of secret data;

    receive, from the authentication server via the network after directing transmission of the validation information, the second portion of secret data;

    combine the stored first portion of secret data with the received second portion of secret data; and

    decrypt the stored encrypted credential with the combined portions of secret data;

    wherein the message is signed with the decrypted user credential; and

    further executing the second program to;

    receive, from at least one of the authentication server and the other network entity via the network, an indication that the user has been successfully authenticated.

View all claims
  • 9 Assignments
Timeline View
Assignment View
    ×
    ×