Using end-user federated login to detect a breach in a key exchange encrypted channel
First Claim
1. A method of authenticating a key exchange between a first peer device and a second peer device, comprising:
- sending, by the first peer device, federated login credentials of a user of the first peer device and a first identifier to a first federated login provider, wherein the second peer device sends the federated login credentials of the user and a second identifier to a second federated login provider;
receiving, by the first peer device, a first authentication response from the first federated login provider, wherein the second peer device receives a second authentication response from the second federated login provider;
receiving, by the first peer device, the second authentication response from the second peer device;
authenticating, by the first peer device, the second authentication response with the second federated login provider;
sending, by the first peer device, the first authentication response to the second peer device, wherein the second peer device authenticates the first authentication response with the first federated login provider;
receiving, by the first peer device, an acknowledgment from the second peer device indicating that the second peer device has authenticated the first authentication response;
sending, by the first peer device, an acknowledgment to the second peer device indicating that the first peer device has authenticated the second authentication response; and
authenticating, by the first peer device, the key exchange based on the acknowledgment from the second peer device, wherein the second peer device authenticates the key exchange based on the acknowledgment from the first peer device.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are methods and systems for authenticating a key exchange between a first peer device and a second peer device. In an aspect, the first peer device sends federated login credentials of a user and a first identifier to a first federated login provider, receives a first authentication response from the first federated login provider, receives a second authentication response from the second peer device, authenticates the second authentication response with a second federated login provider, sends the first authentication response to the second peer device, receives an acknowledgment from the second peer device indicating that the second peer device has authenticated the first authentication response with the federated login provider, sends an acknowledgment to the second peer device indicating that the first peer device has authenticated the second authentication response, and authenticates the key exchange based on the acknowledgment from the second peer device.
-
Citations
30 Claims
-
1. A method of authenticating a key exchange between a first peer device and a second peer device, comprising:
-
sending, by the first peer device, federated login credentials of a user of the first peer device and a first identifier to a first federated login provider, wherein the second peer device sends the federated login credentials of the user and a second identifier to a second federated login provider; receiving, by the first peer device, a first authentication response from the first federated login provider, wherein the second peer device receives a second authentication response from the second federated login provider; receiving, by the first peer device, the second authentication response from the second peer device; authenticating, by the first peer device, the second authentication response with the second federated login provider; sending, by the first peer device, the first authentication response to the second peer device, wherein the second peer device authenticates the first authentication response with the first federated login provider; receiving, by the first peer device, an acknowledgment from the second peer device indicating that the second peer device has authenticated the first authentication response; sending, by the first peer device, an acknowledgment to the second peer device indicating that the first peer device has authenticated the second authentication response; and authenticating, by the first peer device, the key exchange based on the acknowledgment from the second peer device, wherein the second peer device authenticates the key exchange based on the acknowledgment from the first peer device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus for authenticating a key exchange between a first peer device and a second peer device, comprising:
-
a transceiver of the first peer device configured to; send federated login credentials of a user of the first peer device and a first identifier to a first federated login provider, wherein the second peer device sends the federated login credentials of the user and a second identifier to a second federated login provider; receive a first authentication response from the first federated login provider, wherein the second peer device receives a second authentication response from the second federated login provider; and receive the second authentication response from the second peer device; and at least one processor of the first peer device configured to authenticate the second authentication response with the second federated login provider, wherein the transceiver is further configured to; send the first authentication response to the second peer device, wherein the second peer device authenticates the first authentication response with the first federated login provider; receive an acknowledgment from the second peer device indicating that the second peer device has authenticated the first authentication response; and send an acknowledgment to the second peer device indicating that the first peer device has authenticated the second authentication response, and wherein the at least one processor is further configured to authenticate the key exchange based on the acknowledgment from the second peer device, wherein the second peer device authenticates the key exchange based on the acknowledgment from the first peer device. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. An apparatus for authenticating a key exchange between a first peer device and a second peer device, comprising:
-
means for sending, by the first peer device, federated login credentials of a user of the first peer device and a first identifier to a first federated login provider, wherein the second peer device sends the federated login credentials of the user and a second identifier to a second federated login provider; means for receiving, by the first peer device, a first authentication response from the first federated login provider, wherein the second peer device receives a second authentication response from the second federated login provider; means for receiving, by the first peer device, the second authentication response from the second peer device; means for authenticating, by the first peer device, the second authentication response with the second federated login provider; means for sending, by the first peer device, the first authentication response to the second peer device, wherein the second peer device authenticates the first authentication response with the first federated login provider; means for receiving, by the first peer device, an acknowledgment from the second peer device indicating that the second peer device has authenticated the first authentication response; means for sending, by the first peer device, an acknowledgment to the second peer device indicating that the first peer device has authenticated the second authentication response; and means for authenticating, by the first peer device, the key exchange based on the acknowledgment from the second peer device, wherein the second peer device authenticates the key exchange based on the acknowledgment from the first peer device. - View Dependent Claims (28)
-
-
29. A non-transitory computer-readable medium for authenticating a key exchange between a first peer device and a second peer device, comprising:
-
at least one instruction to send, by the first peer device, federated login credentials of a user of the first peer device and a first identifier to a first federated login provider, wherein the second peer device sends the federated login credentials of the user and a second identifier to a second federated login provider; at least one instruction to receive, by the first peer device, a first authentication response from the first federated login provider, wherein the second peer device receives a second authentication response from the second federated login provider; at least one instruction to receive, by the first peer device, the second authentication response from the second peer device; at least one instruction to authenticate, by the first peer device, the second authentication response with the second federated login provider; at least one instruction to send, by the first peer device, the first authentication response to the second peer device, wherein the second peer device authenticates the first authentication response with the first federated login provider; at least one instruction to receive, by the first peer device, an acknowledgment from the second peer device indicating that the second peer device has authenticated the first authentication response; at least one instruction to send, by the first peer device, an acknowledgment to the second peer device indicating that the first peer device has authenticated the second authentication response; and at least one instruction to authenticate, by the first peer device, the key exchange based on the acknowledgment from the second peer device, wherein the second peer device authenticates the key exchange based on the acknowledgment from the first peer device. - View Dependent Claims (30)
-
Specification