System and method for authorizing a new authenticator

摘要

A system, apparatus, method, and machine readable medium are described for authorizing a new authenticator with a relying party. For example, one embodiment of a method comprises: identifying a plurality of relying parties with which an old authenticator is registered; generating at least one key for each of the plurality of relying parties; authenticating with each of the relying parties using a client having the old authenticator configured thereon, the client authorizing the new authenticator by providing an authorization object to each relying party comprising the at least one key, data identifying the new authenticator, and cryptographic data to be used by the relying party to verify the authorization object; and wherein, in response to verifying the authorization object, each relying party registers the new authenticator.

主权项

1. A method for authorizing a new authenticator comprising:
identifying a plurality of relying parties with which an old authenticator is registered; generating at least one key for each of the plurality of relying parties; authenticating with each of the relying parties using a client having the old authenticator configured thereon, the client authorizing the new authenticator by providing an authorization object to each relying party comprising the at least one key, data identifying the new authenticator, and cryptographic data to be used by the relying party to verify the authorization object; wherein, in response to verifying the authorization object, each relying party registers the new authenticator; wherein an operation of generating at least one key is performed by the new authenticator; wherein identifying the plurality of relying parties comprises the new authenticator receiving a list of usernames and unique identification codes to identify each relying party from the old authenticator; and establishing a secure communication channel between the old authenticator and the new authenticator, wherein the new authenticator receives the list of usernames and unique identification codes to identify each relying party from the old authenticator over the secure communication channel.