×

Secure authentication in a multi-party system

  • US 9,742,763 B2
  • Filed: 06/15/2016
  • Issued: 08/22/2017
  • Est. Priority Date: 04/01/2012
  • Status: Active Grant
First Claim
Patent Images

1. A networked system capable of authenticating multiple different users to multiple different service providers, comprising:

  • an authentication server configured to store (i) a provider identifier for each of the multiple different service providers in association with provider authentication policy requirements for the applicable service provider and (ii) a user identifier for each of the multiple different users in association with validation information for the application user;

    a first software application configured to be downloaded to a first device operable by a first user of the multiple different users, and configured to transmit a login request to the first user of the multiple different service providers via the network;

    the authentication server configured to receive from a first network server associated with a first service provider via the network, (i) a request for a random number and (ii) other information, wherein the authentication server is configured to transmit the random number to the first network server via the network after receiving the request for the random number, wherein the first software application is configured to receive from the first network server the transmitted random number; and

    a second software application configured to be downloaded to a second device operable by the first user, and configured (i) to receive an input transferring the further transmitted random number to it from the first device, and (ii) to further transmit the input random number and a request of the first user to be authenticated to the authentication server via the network;

    wherein the authentication server is further configured to transmit, after transmission by the second device of the random number and authentication request, the stored first provider identifier and the stored associated first provider authentication policy requirements, and to further transmit the transmitted other information, to the second device via the network;

    wherein the second software application downloaded to the second device is further configured to transmit, in response to the transmitted first provider authentication policy requirements, a first user identifier and user input validation information to the authentication server via the network;

    wherein the authentication server is further configured to match the transmitted first user identifier to the stored first user identifier, to determine that the transmitted validation information corresponds to the stored first service provider authentication policy requirements, and to compare the transmitted validation information with the validation information stored in association with the first user identifier to authenticate the first user;

    wherein the second software application downloadable to the second device is further configured to transmit a message through the second device, including the transferred random number and the further transmitted other information, signed with a credential of the first user, to the authentication server via the network; and

    wherein the authentication server is further configured to transmit notice of authentication of the first user and to further transmit the received signed message to the network server via the network.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×