Universal anonymous cross-site authentication

US 9,628,282 B2
Filed: 10/10/2014
Issued: 04/18/2017
Est. Priority Date: 10/10/2014
Status: Active Grant

First Claim

Patent Images

1. A device, comprising:

a memory to store instructions; and

one or more processors to execute the instructions to;

receive user information associated with a user;

generate, based on receiving the user information, a user profile for the user that stores the user information and authentication confirmation information,the authentication confirmation information including a public key associated with a private key, andthe authentication confirmation information being associated with confirming that a received response to a challenge code generated using the public key matches an expected response generated using the private key;

provide, based on generating the user profile, the private key to a user device of the user;

receive, from an application server and based on providing the private key to the user device, a request to authenticate a secure session between the user device and the application server,the request including authentication information that includes a user identifier and a particular response to a particular challenge code;

obtain, based on the user identifier and based on receiving the request to authenticate the secure session, the authentication confirmation information associated with the user from a data structure storing one or more user profiles;

verify, based on obtaining the authentication confirmation information, a signature associated with the particular response to the particular challenge code utilizing the public key,the signature having been generated using the private key;

validate, based on verifying the signature, the particular response to the particular challenge code using the public key; and

provide, based on validating the particular response to the particular challenge code, information to the application server indicating that the secure session is authenticated for the user device to permit the application server to establish the secure session with the user device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The device may receive user information associated with a user. The device may generate a user profile for the user that stores user information and authentication confirmation information. The device may provide a particular cryptographic key and information identifying the user profile. The device may receive a request to authenticate a secure session for a user device from an application server. The device may obtain, based on the user identifier, the authentication confirmation information associated with the user from a data structure storing one or more user profiles. The device may validate the particular response to the particular challenge code based on the authentication confirmation information. The device may provide information to the application server indicating that the secure session is validated for the user device based on validating the authentication information.

29 Citations

View as Search Results

20 Claims

1. A device, comprising:
- a memory to store instructions; and
  
  one or more processors to execute the instructions to;
  
  receive user information associated with a user;
  
  generate, based on receiving the user information, a user profile for the user that stores the user information and authentication confirmation information,the authentication confirmation information including a public key associated with a private key, andthe authentication confirmation information being associated with confirming that a received response to a challenge code generated using the public key matches an expected response generated using the private key;
  
  provide, based on generating the user profile, the private key to a user device of the user;
  
  receive, from an application server and based on providing the private key to the user device, a request to authenticate a secure session between the user device and the application server,the request including authentication information that includes a user identifier and a particular response to a particular challenge code;
  
  obtain, based on the user identifier and based on receiving the request to authenticate the secure session, the authentication confirmation information associated with the user from a data structure storing one or more user profiles;
  
  verify, based on obtaining the authentication confirmation information, a signature associated with the particular response to the particular challenge code utilizing the public key,the signature having been generated using the private key;
  
  validate, based on verifying the signature, the particular response to the particular challenge code using the public key; and
  
  provide, based on validating the particular response to the particular challenge code, information to the application server indicating that the secure session is authenticated for the user device to permit the application server to establish the secure session with the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The device of claim 1, where the one or more processors are further to:
    - generate a visual site identifier image; and
      
      cause the visual site identifier image to be displayed via a user interface being provided by the user device to the user.
  - 3. The device of claim 1,where the one or more processors are further to:
    - generate an anonymous identifier that does not uniquely identify the user; and
      
      where the one or more processors, when providing the information to the application server indicating that the secure session is authenticated for the user device, are to;
      
      provide the information to the application server without providing the user information identifying the user,the information including the anonymous identifier.
  - 4. The device of claim 1,where the one or more processors are further to:
    - identify a public key fingerprint being stored via the user profile; and
      
      determine the public key associated with validating the private key based on the public key fingerprint.
  - 5. The device of claim 1, where the one or more processors, when providing information to the application server indicating that the secure session is validated for the user device, are to:
    - provide information instructing the application server to establish the secure session for the user device; and
      
      provide information identifying the user associated with the user device.
  - 6. The device of claim 1, where the particular challenge code comprises a string of characters.
  - 7. The device of claim 1, where the one or more processors, when providing the information to the application server indicating that the secure session is authenticated for the user device, are to:
    - provide a success code to the application server.

8. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions that, when executed by one or more processors, cause the one or more processors to;
  
  receive a request from a user device to initiate a secure session associated with a particular provider,the user device having received authentication credentials from a server,the authentication credentials including a symmetric key;
  
  provide, to the user device and based on receiving the request, a challenge code associated with the secure session and a session key identifying the secure session,the challenge code comprising a string of characters, andthe user device processing the challenge code using the symmetric key;
  
  receive, from the user device and based on providing the challenge code, authentication information responding to the challenge code;
  
  provide, to the server and based on receiving the authentication information, the authentication information from the user device and the challenge code;
  
  receive, from the server and based on providing the authentication information, a success code indicating that the authentication information is valid,the success code identifying the secure session, andthe success code indicating that the string of characters has been processed by the symmetric key and matches an expected response generated by the server by processing the string of characters using the symmetric key; and
  
  provide, to the user device and based on the receiving the success code, an indication that the secure session associated with the session key is authenticated based on receiving the success code.
- View Dependent Claims (9, 10, 11, 12, 14, 18)
- - 9. The non-transitory computer-readable medium of claim 8,where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - provide information, to the server, indicating user information that is to be confirmed when validating the user device for the secure session; and
      
      where the one or more instructions, that cause the one or more processors to receive the success code, cause the one or more processors to;
      
      determine that the secure session is valid for the user device based on receiving the success code,the success code indicating that the user information that is to be confirmed when validating users for secure sessions has been confirmed for the user and the secure session.
  - 10. The non-transitory computer-readable medium of claim 8, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - determine, based on an anonymous identifier provided by the server, that a user associated with the user device has not previously accessed another secure session associated with the particular provider;
      
      generate a user profile for the user based on the anonymous identifier,the user profile including access information regarding accesses of a website of the particular provider by the user; and
      
      store information regarding the secure session via the user profile.
  - 11. The non-transitory computer-readable medium of claim 10, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - establish another secure session for the user device based on receiving another success code from the server,the other success code including the anonymous identifier;
      
      determine, based on the anonymous identifier, that the user has previously accessed another secure session associated with the particular provider;
      
      identify the user profile associated with the user;
      
      adjust the other secure session based on the access information; and
      
      store information regarding the other secure session via the user profile.
  - 12. The non-transitory computer-readable medium of claim 8, where the one or more instructions, that cause the one or more processors to provide the indication that the secure session is authenticated, cause the one or more processors to:
    - generate an identification token associated with identifying a user interface associated with the secure session and the particular provider as genuine; and
      
      provide the identification token for display via the user interface to indicate that the secure session is genuine.
  - 14. The method of claim 12, where determining that the authentication information is valid further comprises:
    - providing the authentication information to a third party verification service associated with the multiple providers; and
      
      receiving, from the third party verification service and based on providing the authentication information, an indication that the authentication information is valid.
  - 18. The non-transitory computer-readable medium of claim 8, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - provide the secure session to another user device.

13. A method, comprising:
- receiving, by a device from a user device, a request to initiate a secure session that is associated with a particular provider of multiple providers associated with providing secure sessions,the user device having received cryptographic information associated with generating responses to challenge codes,the cryptographic information including a cryptographic key;
  
  identifying, by the device and based on receiving the request, a user of the user device based on an anonymous identifier and stored user information;
  
  providing, by the device to the user device and based on identifying the user, a challenge code and a session key associated with the secure session,the challenge code comprising a string of characters, andthe user device processing the challenge code using the cryptographic key;
  
  receiving, by the device from the user device and based on providing the challenge code, authentication information including a response to the challenge code,the authentication information being determined to be associated with the secure session based on the session key;
  
  determining, by the device and based on receiving the authentication information, that the authentication information is valid without the particular provider being provided with access to the stored user information identifying the user,the response to the challenge code having been determined to match an expected response to the challenge code determined based on other cryptographic information matching the cryptographic information,the other cryptographic information including a function associated with the cryptographic key, andthe other cryptographic information having been determined based on identifying the user; and
  
  providing, by the device and to the particular provider, an indication that the secure session is authenticated based on determining that the authentication information is valid without revealing the stored user information to the particular provider.
- View Dependent Claims (15, 16, 17, 19, 20)
- - 15. The method of claim 13, further comprising:
    - receiving another request from the user device,the other request to establish a universal profile for the multiple providers;
      
      generating the cryptographic information, including the cryptographic key for the user to utilize in responding to challenge codes generated by the multiple providers;
      
      providing the cryptographic information to the user device;
      
      storing the other cryptographic information associated with identifying responses, performed using the cryptographic key, to challenge codes generated by the multiple providers as proper; and
      
      where determining that the authentication information is valid comprises;
      
      identifying the user;
      
      accessing, based on identifying the user, the stored other cryptographic information associated with identifying responses to challenge codes generated by the multiple providers as proper;
      
      determining a proper response to the challenge code based on the stored other cryptographic information; and
      
      determining that the authentication information is valid based on matching the proper response to the challenge code with the response to the challenge code.
  - 16. The method of claim 13, further comprising:
    - obtaining a site identification key associated with a user profile for the user;
      
      receiving, from the user device, information identifying the user; and
      
      providing information indicating that the device is genuine based on receiving the information identifying the user,the information indicating that the device is genuine including the site identification key.
  - 17. The method of claim 13, further comprising:
    - receiving, from the user device, incorrect information identifying the user,the incorrect information identifying the user not corresponding to a user profile;
      
      obtaining a site key associated with the incorrect information identifying the user,the site key overlaid with an indication of the incorrect information identifying the user on the site key; and
      
      providing the site key after overlaying the indication of the incorrect information identifying the user on the site key.
  - 19. The method of claim 13, further comprising:
    - providing the secure session to another user device.
  - 20. The method of claim 13, further comprising:
    - generating a visual site identifier image; and
      
      causing the visual site identifier image to be displayed via a user interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Khalil, Manah M., Pandey, Siddharth, Lamison, Michael R., Kumar, Ashok, Limbasia, Sunil D., Challa, Vijaya R.
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US14/511,874
Publication Number

US 20160105290A1
Time in Patent Office

921 Days
Field of Search

713183, 713155, 726 5, 726 3, 726 6, 726 7, 726 8, 709228
US Class Current
CPC Class Codes

H04L 63/0407   wherein the identity of one...

H04L 63/0421   Anonymous communication, i....

H04L 63/0435   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/12   Applying verification of th...

H04L 63/168   above the transport layer

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Universal anonymous cross-site authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Universal anonymous cross-site authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links