Authentication service

US 8,713,661 B2
Filed: 07/18/2011
Issued: 04/29/2014
Est. Priority Date: 02/05/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

authenticating an authentication service and a user based on presentation of a token by the user by;

receiving, at the authentication service, a token identifier from the token;

based on the received token identifier, accessing, by the authentication service, a user identifier known only by the authentication service and by the token;

completing a mutual authentication of the authentication service and the user based on the user identifier;

receiving, at the authentication service and from the token, in response to completion of mutual authentication, the user identifier, the user identifier being different from the token identifier and absent from any memory or storage associated with the authentication service prior to the receipt of the user identifier from the token;

authenticating, by the authentication service, a service provider; and

subsequent to authenticating the authentication service, the user and the service provider, providing the service provider with access to data comprising;

generating an access code by generating a one way permutation using the user identifier and a service provider identifier, the access code providing information for locating multiple data storage locations;

using the access code to access at least some of the multiple data storage locations; and

retrieving and assembling the data from the accessed data storage locations.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes authenticating a party based on presentation of a token by the party.

235 Citations

20 Claims

1. A computer-implemented method comprising:
- authenticating an authentication service and a user based on presentation of a token by the user by;
  
  receiving, at the authentication service, a token identifier from the token;
  
  based on the received token identifier, accessing, by the authentication service, a user identifier known only by the authentication service and by the token;
  
  completing a mutual authentication of the authentication service and the user based on the user identifier;
  
  receiving, at the authentication service and from the token, in response to completion of mutual authentication, the user identifier, the user identifier being different from the token identifier and absent from any memory or storage associated with the authentication service prior to the receipt of the user identifier from the token;
  
  authenticating, by the authentication service, a service provider; and
  
  subsequent to authenticating the authentication service, the user and the service provider, providing the service provider with access to data comprising;
  
  generating an access code by generating a one way permutation using the user identifier and a service provider identifier, the access code providing information for locating multiple data storage locations;
  
  using the access code to access at least some of the multiple data storage locations; and
  
  retrieving and assembling the data from the accessed data storage locations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein generating the access code comprises:
    - receiving, by the authentication service, the user identifier and the service provider identifier; and
      
      deriving the access code using a one-way function based on the user identifier and the service provider identifier.
  - 3. The method of claim 2, wherein deriving the access code comprises performing a one way function on the user identifier, the service provider identifier, and one or more additional inputs.
  - 4. The method of claim 1, wherein the multiple data storage locations comprise multiple dispersed data storage locations.
  - 5. The method of claim 1, further comprising storing data at the multiple data storage locations where multiple data storage locations comprise multiple dispersed data storage locations.
  - 6. The method of claim 1, wherein the service provider identifier comprises a service provider ID.
  - 7. The method of claim 1, wherein the token identifier comprises a token ID and the user identifier comprises a user ID.
  - 8. The method of claim 1, wherein:
    - accessing a user identifier comprises accessing stored information associating the token identifier with the user identifier, the user identifier being stored on the token; and
      
      completing a mutual authentication of the authentication service and the user based on the accessed user identifier comprises providing a representation of the accessed user identifier to the token for validation of the authentication service by the token.
  - 9. The method of claim 1, wherein the token comprises an electronic device configured to connect to the Internet via a contactless interface.
  - 10. The method of claim 1, wherein the token comprises an electronic device configured to connect to the Internet via a contact-based interface.
  - 11. The method of claim 1, wherein the token comprises an electronic device configured to connect to the Internet via a contactless interface to an intermediary device.
  - 12. The method of claim 1, wherein the token comprises an electronic device configured to connect to the Internet via a contact-based interface to an intermediary device.
  - 13. The method of claim 1, wherein authenticating the service provider comprises:
    - receiving, at the authentication service, a service provider token identifier provided by a service provider token;
      
      based on the received service provider token identifier, accessing, by the authentication service, a datum known only by the authentication service and by the service provider token;
      
      completing a mutual authentication based on the accessed datum; and
      
      receiving, at the authentication service and from the service provider token, in response to the successful completion of mutual authentication, a service provider identifier, the service provider identifier being different from the service provider token identifier and absent from any memory or storage associated with the authentication service prior to the receipt of the service provider identifier from the service provider token.
  - 14. The method of claim 1, wherein authenticating the user further comprises authenticating the user based on presentation of the token and the method further comprises terminating access to the data upon removal of the token.
  - 15. The method of claim 1, wherein the user comprises a human.
  - 16. The method of claim 1, wherein the user comprises a non-human entity.
  - 17. The method of claim 1, further comprising prior to completing a mutual authentication of the authentication service and the user based on the user identifier, determining a status of the token.
  - 18. The method of claim 17, wherein determining a status of the token comprises accessing a data storage location based on the token identifier;
    - and comparing a token status stored at the storage location to a status requirement.
  - 19. The method of claim 1, further comprising prior to authenticating the user based on presentation of the token, requesting the user to present the token based on an authentication request from a service provider.
  - 20. The method of claim 1, wherein receiving the user identifier comprises receiving an encrypted version of the user identifier via a secure channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WwPass Corp.
Original Assignee
WwPass Corp.
Inventors
Vysogorets, Mikhail, Shablygin, Eugene
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US13/184,886
Publication Number

US 20120066756A1
Time in Patent Office

1,016 Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/34 involving the use of extern...

Authentication service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

235 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

235 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links