Apparatus and method for implementing composite authenticators
First Claim
Patent Images
1. A client device comprising:
- one or more authenticators for authenticating a user of the client device with a relying party, each authenticator comprising a plurality of authentication components, each of the authentication components within the client device performing a different function within the context of the authenticator within which it is used; and
component authentication logic on the client device to attest to a model or integrity of at least one of the plurality of authentication components to one or more of the other authentication components prior to allowing the authentication components to be combined on the client device to form the authenticator,wherein authenticating the user with the relying party comprises;
reading biometric authentication data from a user and determining whether to successfully authenticate the user based on a comparison with biometric reference data;
establishing communication with a remote relying party;
performing an attestation transaction with the relying party to attest to the model and/or integrity of a biometric device to the relying party by receiving a challenge from the relying party, signing the challenge using an attestation key to generate a signature, and sending the signature to the relying party, wherein the relying party verifies that the signature is valid using a key of the relying party.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, method, and machine readable medium are described for implementing a composite authenticator. For example, an apparatus in accordance with one embodiment comprises: an authenticator for authenticating a user of the apparatus with a relying party, the authenticator comprising a plurality of authentication components; and component authentication logic to attest to the model and/or integrity of at least one authentication component to one or more of the other authentication components prior to allowing the authentication components to form the authenticator.
316 Citations
19 Claims
-
1. A client device comprising:
-
one or more authenticators for authenticating a user of the client device with a relying party, each authenticator comprising a plurality of authentication components, each of the authentication components within the client device performing a different function within the context of the authenticator within which it is used; and component authentication logic on the client device to attest to a model or integrity of at least one of the plurality of authentication components to one or more of the other authentication components prior to allowing the authentication components to be combined on the client device to form the authenticator, wherein authenticating the user with the relying party comprises; reading biometric authentication data from a user and determining whether to successfully authenticate the user based on a comparison with biometric reference data; establishing communication with a remote relying party; performing an attestation transaction with the relying party to attest to the model and/or integrity of a biometric device to the relying party by receiving a challenge from the relying party, signing the challenge using an attestation key to generate a signature, and sending the signature to the relying party, wherein the relying party verifies that the signature is valid using a key of the relying party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification