发明名称 |
Method and apparatus for trusted authentication and logon |
摘要 |
A method and apparatus for trusted authentication and logon is disclosed. A trusted platform module (TPM) based logon method is presented for authentication and access. A user registers an identity with an identity provider that is tightly bound to the user's specific platform, e.g., the TPM. If the user decides to login, for example to a service provider using this identity, the identity provider challenges the user to provide the correct credentials. The credentials consist of a TPM generated ticket, that is, a credential chain. This allows the user to login without the need for a password at the identity provider. |
申请公布号 |
US9490984(B2) |
申请公布日期 |
2016.11.08 |
申请号 |
US200912558907 |
申请日期 |
2009.09.14 |
申请人 |
InterDigital Patent Holdings, Inc. |
发明人 |
Leicher Andreas;Schmidt Andreas U. |
分类号 |
H04L29/06;H04L9/32;G06F21/57;G06F21/00 |
主分类号 |
H04L29/06 |
代理机构 |
Baker & Hostetler LLP |
代理人 |
Baker & Hostetler LLP |
主权项 |
1. A method for trusted authentication and access from a user platform associated with a user, the user platform comprising a trusted module, the method comprising:
logging onto a service provider using a predetermined identity associated with the user, wherein the user platform is directed to an identity provider that is associated with the predetermined identity; the user platform receiving an authentication challenge from the identity provider; in response to the authentication challenge, performing an authentication of the user; when the authentication is successful, the user platform obtaining a certificate that indicates a certification of the trusted module by a certification authority; generating, at the trusted module; an authentication response to the authentication challenge wherein the authentication response comprises the certificate, and the certificate indicates the certification of the trusted module by the certification authority; if a verification of the authentication response is successful, the user platform accessing the service provider upon receiving a status message indicating that the verification was successful, thereby ensuring that the user of the user platform is legitimate; and if the verification fails, receiving a message associated with a cause of the failed verification. |
地址 |
Wilmington DE US |