Method for distributed trust authentication
First Claim
1. A method for distributed trust authentication, the method comprising:
- attempting, by a user operating a computing device, to authenticate to a service provider;
in response to the attempt to authenticate, redirecting the authentication to an identity provider and a remote multi-factor authentication service;
performing a primary authentication with the identity provider by receiving, via one or more communication networks, a primary authentication response from the user;
in response to a successful primary authentication, using a first private key share to generate a first digital signature;
performing a secondary authentication with the remote multi-factor authentication service by receiving, via the one or more communication networks, a secondary authentication response from the user;
in response to a successful secondary authentication, using a second private key share to generate a second digital signature, wherein the first private key share and the second private key share are generated using a common private cryptographic key of a public/private cryptographic key pair;
using the first digital signature and the second digital signature to form a combined digital signature;
using a public cryptographic key of the public/private cryptographic key pair to validate the combined digital signature; and
authenticating the user to the service provider based on a validation of the combined digital signature.
6 Assignments
0 Petitions
Accused Products
Abstract
A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.
-
Citations
19 Claims
-
1. A method for distributed trust authentication, the method comprising:
-
attempting, by a user operating a computing device, to authenticate to a service provider; in response to the attempt to authenticate, redirecting the authentication to an identity provider and a remote multi-factor authentication service; performing a primary authentication with the identity provider by receiving, via one or more communication networks, a primary authentication response from the user; in response to a successful primary authentication, using a first private key share to generate a first digital signature; performing a secondary authentication with the remote multi-factor authentication service by receiving, via the one or more communication networks, a secondary authentication response from the user; in response to a successful secondary authentication, using a second private key share to generate a second digital signature, wherein the first private key share and the second private key share are generated using a common private cryptographic key of a public/private cryptographic key pair; using the first digital signature and the second digital signature to form a combined digital signature; using a public cryptographic key of the public/private cryptographic key pair to validate the combined digital signature; and authenticating the user to the service provider based on a validation of the combined digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for distributed authentication, the method comprising:
-
severing a private cryptographic key of a public/private cryptographic key pair into a first private key share and a second private key share; providing, via one or more networks, access to the first private key share to a first authenticator; providing, via one or more networks, access to the second private key share to a remote second authenticator, wherein the remote second authenticator operates independently and remotely of the first authenticator; using, by the first authenticator, the first private key share to generate a first derivation of the first private key share based on a successful authentication of a user operating a computing device with the first authenticator; using, by the remote second authenticator, the second private key share to generate a second derivation of the second private key share based on a successful authentication of the user operating the computing device or a different computing device with the remote second authenticator; forming, by one of the first authenticator or the second authenticator, a derivations composition using the first derivation and the second derivation; and enabling the user operating a computing device to authenticate to one or more services of an entity based on a successful validation of the derivations composition using a public cryptographic key of the public/private cryptographic key pair. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method for distributed authentication of a user attempting to access, via a network, a service provider, the method comprising:
-
using a private cryptographic key of a private/public cryptographic key pair to generate, at least, a first private key share and a second private key share; separately storing the first private key share and the second private key share at disparate authenticators, wherein the disparate authenticators include a first authenticator and a second authenticator; in response to receiving, via one or more networks, a primary authentication request, accessing by the first authenticator the first private key share and using the first private key share to generate a first digital signature; in response to receiving, via the one or more networks, a second authentication request, accessing by the second authenticator the second private key share and using the second private key share to generate a second digital signature; generating a composite digital signature; and validating the composite digital signature using a public cryptographic key of the private/public cryptographic key pair to enable authentication of a user operating a computing device to access a service provider. - View Dependent Claims (18, 19)
-
Specification