METHOD FOR THE UNIQUE AUTHENTICATION OF A USER BY SERVICE PROVIDERS
First Claim
1. A method for unique authentication of a user by at least one service provider, said method including a preliminary identity federation stage of federating an identity of said user for said service provider and an identity of said user for an identity provider, wherein said preliminary identity federation stage comprises the steps of:
- the user generating a non-masked user alias for that service provider and sending said identity provider a masked alias deduced from said alias;
the identity provider associating said masked alias for that service provider with the identity of the user for the identity provider and sending the user elements for calculation by the user of a signature of a message containing the non-masked alias;
the user calculating said signature and sending the service provider said message with said signature; and
the service provider verifying said signature, authenticating the user, and associating said alias with the user'"'"'s identity for the service provider.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a method for unique authentication of a user (U) by at least one service provider (SP), said method including a preliminary identity federation stage of federating an identity (user@sp) of said user for said service provider and an identity (user@idp) of the user (U) for an identity provider (IdP). According to the invention, said preliminary identity federation stage includes the steps of: the user (U) generating a user alias ([alias]) for that service provider (SP) and sending said identity provider (IdP) a masked alias ([alias]masked) deduced from said alias, the identity provider (IdP) associating said masked alias ([alias]masked) for that service provider (SP) with the identity (user@idp) of the user for the identity provider (IdP) and sending the user (U) elements for calculation by the user of a signature (σ) of a message (msg) containing the non-masked alias ([alias]), the user (U) calculating said signature (σ) and sending the service provider (SP) said message (msg) with said signature (σ), and the service provider (SP) verifying said signature (σ), authenticating the user (U), and associating said alias ([alias]) with the user'"'"'s identity (user@sp) for the service provider (SP).
37 Citations
9 Claims
-
1. A method for unique authentication of a user by at least one service provider, said method including a preliminary identity federation stage of federating an identity of said user for said service provider and an identity of said user for an identity provider, wherein said preliminary identity federation stage comprises the steps of:
-
the user generating a non-masked user alias for that service provider and sending said identity provider a masked alias deduced from said alias; the identity provider associating said masked alias for that service provider with the identity of the user for the identity provider and sending the user elements for calculation by the user of a signature of a message containing the non-masked alias; the user calculating said signature and sending the service provider said message with said signature; and the service provider verifying said signature, authenticating the user, and associating said alias with the user'"'"'s identity for the service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A federation table accessible to an identity provider and associated with the identity of a user registered with said identity provider, wherein it matches with at least one service provider a respective masked alias obtained by masking an alias associating said identity provider with the identity of said user for said service provider.
Specification