| 摘要 |
A network user is authenticated to another network entity by using a first program to receive user input validation information, and store a user credential. A second program receives information, such as a random number, from the other entity. The first program receives an input transferring the information to it, transmits the information to the authentication server, and receives an identifier of the other entity, other information, and authentication policy requirements from the authentication server. It then transmits the input validation information corresponding to the received authentication policy requirements to the authentication server, and in response receives a request for a user credential. It signs a message, including the transferred information and the received other information, with the stored user credential, and transmits the signed message to the authentication server to authenticate the user. |
| 主权项 |
1. A method of authenticating a network user to another network entity, comprising:
executing, on a first user operated device, a first program to:
receive user inputted validation information;store a user credential on the first user operated device; executing, on a second user operated device, a second program to:
receive information from another network entity via the network; further executing the first program to:
receive an input transferring, to the first program, the information received by the second program from the other network entity;direct transmission, to an authentication server via the network, of the transferred information;receive, from the authentication server via the network, an identifier of the other network entity, other information, and authentication policy requirements of the other network entity;direct transmission, to the authentication server via the network, of the input validation information corresponding to the received other network entity authentication policy requirements;receive, from the authentication server via the network after directing transmission of the validation information, a request for a user credential;sign a message, including the transferred information and the received other information, with the stored user credential;direct transmission, to the authentication server via the network, of the signed message to authenticate the user; and generate user secret data; divide the generated secret data into multiple portions including a first portion and a second portion; encrypt the user credential with the generated secret data, wherein the stored credential is the encrypted credential; direct transmission, to the authentication server via the network, of the second portion of secret data; receive, from the authentication server via the network after directing transmission of the validation information, the second portion of secret data; combine the stored first portion of secret data with the received second portion of secret data; and decrypt the stored encrypted credential with the combined portions of secret data; wherein the message is signed with the decrypted user credential; and further executing the second program to:
receive, from at least one of the authentication server and the other network entity via the network, an indication that the user has been successfully authenticated. |
