Verifying requests for access to a service provider using an authentication component

US 10,623,398 B2
Filed: 01/12/2016
Issued: 04/14/2020
Est. Priority Date: 06/15/2011
Status: Active Grant

First Claim

Patent Images

1. In a computing environment, a method for processing at least one verification request for accessing a service provider, performed at least in part on at least one processor, the method comprising:

examining at least one security token comprising a public key, wherein each of the at least one security token and the public key is configured using an identifier that uniquely identifies a particular user,accessing an authentication component comprising a proof, andapplying, by a verification mechanism, the authentication component to the public key to identify the proof as a non-membership proof, wherein the particular user is denied access to the service provider upon identifying the at least one security token as a member of a blacklist or the particular user is granted access to the service provider upon identifying the at least one security token is not a member of the blacklist.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject disclosure is directed towards processing requests for accessing a service provider. After examining at least one security token, a public key and a portion of attribute information are identified. An authentication component is accessed and applied to the public key. A unique user identifier is employed in generating the public key. The authentication component is generated using information from at least one revoked security token or at least one valid security token. The authentication component is configured to prove validity of the at least one security token.

71 Citations

View as Search Results

20 Claims

1. In a computing environment, a method for processing at least one verification request for accessing a service provider, performed at least in part on at least one processor, the method comprising:
- examining at least one security token comprising a public key, wherein each of the at least one security token and the public key is configured using an identifier that uniquely identifies a particular user,accessing an authentication component comprising a proof, andapplying, by a verification mechanism, the authentication component to the public key to identify the proof as a non-membership proof, wherein the particular user is denied access to the service provider upon identifying the at least one security token as a member of a blacklist or the particular user is granted access to the service provider upon identifying the at least one security token is not a member of the blacklist.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein accessing the authentication component further comprises accessing an accumulator the user being denied access or the user is granted access.
  - 3. The method of claim 2 further comprising computing the accumulator using at least one private key and at least one user identifier associated with the user being denied access or the user is granted access.
  - 4. The method of claim 3 wherein accessing the authentication component further comprises generating at least one witness value using a private key corresponding with the at least one security token, wherein the at least one witness value complements the accumulator.
  - 5. The method of claim 3, wherein accessing the authentication component further comprises updating at least one witness value using the accumulator and a new accumulator.
  - 6. The method of claim 5, wherein accessing the authentication component further comprises generating the authentication component using the at least one witness value and the attribute information.
  - 7. The method of claim 1, wherein accessing the authentication component further comprises determining membership or non-membership based on the user being denied access or the user is granted access.
  - 8. The method of claim 1, wherein the each of the at least one security token comprises at least a portion of attribute information.
  - 9. The method of claim 1, wherein examining the at least one security token further comprises computing the at least one user identifier.

10. In a computing environment, a system for processing at least one verification request for accessing a service provider, the system comprising:
- a memory; and
  
  a processor programmed to;
  
  examine at least one security token comprising a public key, wherein each of the at least one security token and the public key is configured using an identifier that uniquely identifies a particular user,access an authentication component comprising a proof, andapply the authentication component to the public key to identify the proof as a non-membership proof, wherein the particular user is denied access to the service provider upon identifying the least one security token is not a member of a blacklist or the particular user is granted access to the service provider upon identifying the at least one security token is a member of the blacklist.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The system of claim 10, further comprising a verification mechanism coupled to an authentication service for issuing the at least one security token, and wherein the verification mechanism selects at least one portion of attribute information.
  - 12. The system of claim 11, wherein the authentication service compares at least one witness value with an accumulator representing the user being denied access or the user is granted access.
  - 13. The system of claim 12, wherein the authentication service updates at least one witness value, wherein the at least one witness value is used to generate the authentication component.
  - 14. The system of claim 11, wherein the authentication service computes the at least one user identifier.
  - 15. The system of claim 10, wherein the at least one security token comprises an encoding of the at least one portion of the attribute information.
  - 16. The system of claim 10, wherein the processor is further programmed to determine membership or non-membership based on the user being denied access or the user is granted access.

17. One or more computer-readable storage devices having computer-executable instructions for processing at least one verification request for accessing a service provider, the computer-executable instructions which when executed perform operations comprising:
- examining at least one security token comprising a public key, wherein each of the at least one security token and the public key is configured using an identifier that uniquely identifies a particular user,accessing an authentication component comprising a proof, andapplying, by a verification mechanism, the authentication component to the public key to identify the proof as a non-membership proof, wherein the particular user is denied access to the service provider upon identifying the at least one security token as a member of a blacklist or the particular user is granted access to the service provider upon identifying the at least one security token is not a member of the blacklist.
- View Dependent Claims (18, 19, 20)
- - 18. The one or more computer-readable storage devices of claim 17 wherein accessing the authentication component further comprises accessing an accumulator representing the user being denied access or the user is granted access.
  - 19. The one or more computer-readable storage devices of claim 17 having further computer-executable instructions comprising:
    - determining membership or non-membership based on the user being denied access or the user is granted access.
  - 20. The one or more computer-readable storage devices of claim 17 having further computer-executable instructions comprising:
    - selecting the at least a portion of the attribute information to be encoded on a security of the at least one security token that is communicated to the service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Nguyen, Duy Lan, Acar, Tolga
Primary Examiner(s)
Nguyen, Thu Ha T

Application Number

US14/994,095
Publication Number

US 20160241547A1
Time in Patent Office

1,554 Days
Field of Search

713158, 713180, 726 20
US Class Current
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

H04L 2209/84   Vehicles

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 9/0866   involving user or device id...

H04L 9/3073   involving pairings, e.g. id...

H04L 9/3234   involving additional secure...

H04L 9/3268   using certificate validatio...

Verifying requests for access to a service provider using an authentication component

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Verifying requests for access to a service provider using an authentication component

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links