Technologies for authentication and single-sign-on using device security assertions
First Claim
1. A computing device for remote device authentication, the computing device comprising:
- a user authentication module to;
receive an authentication challenge from an identity provider; and
generate an authentication challenge response to authenticate a user of the computing device in response to receipt of the authentication challenge; and
a device capability module to;
intercept the authentication challenge response in response to generation of the authentication challenge response;
retrieve a security assertion from a secure environment of the computing device in response to interception of the authentication challenge response;
generate a resource access token as a function of the security assertion; and
transmit the authentication challenge response including the resource access token to the identity provider;
wherein the device capability module comprises an embedded technology access server of the computing device;
wherein to retrieve the security assertion comprises to (i) issue an HTTP request to the embedded technology access server and (ii) retrieve, by the embedded technology access server, the security assertion in response to issuance of the HTTP request; and
wherein the computing device further comprises a manageability engine to execute the embedded technology access server.
2 Assignments
0 Petitions
Accused Products
Abstract
Technologies for remote device authentication include a client computing device, an identity provider, and an application server in communication over a network. The identity provider sends an authentication challenge to the client. A capability proxy of the client intercepts an authentication challenge response and retrieves one or more security assertions from a secure environment of the client computing device. The capability proxy may be an embedded web server providing an HTTP interface to platform features of the client. The client sends a resource access token based on the security assertions to the identity provider. The identity provider verifies the resource access token and authenticates the client computing device based on the resource access token in addition to user authentication factors such as username and password. The identity provider sends an authentication response to the client, which forwards the authentication response to the application server. Other embodiments are described and claimed.
16 Citations
16 Claims
-
1. A computing device for remote device authentication, the computing device comprising:
-
a user authentication module to; receive an authentication challenge from an identity provider; and generate an authentication challenge response to authenticate a user of the computing device in response to receipt of the authentication challenge; and a device capability module to; intercept the authentication challenge response in response to generation of the authentication challenge response; retrieve a security assertion from a secure environment of the computing device in response to interception of the authentication challenge response; generate a resource access token as a function of the security assertion; and transmit the authentication challenge response including the resource access token to the identity provider; wherein the device capability module comprises an embedded technology access server of the computing device; wherein to retrieve the security assertion comprises to (i) issue an HTTP request to the embedded technology access server and (ii) retrieve, by the embedded technology access server, the security assertion in response to issuance of the HTTP request; and wherein the computing device further comprises a manageability engine to execute the embedded technology access server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:
-
receive an authentication challenge from an identity provider; generate an authentication challenge response to authenticate a user of the computing device in response to receiving the authentication challenge; intercept, by a device capability module of the computing device, the authentication challenge response in response to generating the authentication challenge response; retrieve, by the device capability module, a security assertion from a secure environment of the computing device in response to intercepting the authentication challenge response, wherein to retrieve the security assertion comprises to (i) issue an HTTP request to an embedded technology access server of the computing device and (ii) retrieve, by the embedded technology access server, the security assertion in response to issuing the HTTP request; generate, by the device capability module, a resource access token as a function of the security assertion; transmit, by the device capability module, the authentication challenge response including the resource access token to the identity provider; and execute, by a manageability engine of the computing device, the embedded technology access server. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method for remote device authentication, the method comprising:
-
receiving, by a computing device, an authentication challenge from an identity provider; generating, by the computing device, an authentication challenge response to authenticate a user of the computing device in response to receiving the authentication challenge; intercepting, by a device capability module of the computing device, the authentication challenge response in response to generating the authentication challenge response; retrieving, by the device capability module, a security assertion from a secure environment of the computing device in response to intercepting the authentication challenge response, wherein retrieving the security assertion comprises (i) issuing an HTTP request to an embedded technology access server of the computing device and (ii) retrieving, by the embedded technology access server, the security assertion in response to issuing the HTTP request; generating, by the device capability module, a resource access token as a function of the security assertion; transmitting, by the device capability module, the authentication challenge response including the resource access token to the identity provider; and executing, by a manageability engine of the computing device, the embedded technology access server. - View Dependent Claims (13, 14, 15, 16)
-
Specification