| 摘要 |
A method for performing a one-time user setup for authenticating a user and a specific computer using a service provider server and an authentication server including: receiving an identity profile from the service provider server, generating a Pre-Authorization Anchor (PAA) in response to receiving the identity profile, communicating the PAA to the user browser, generating a Server Fingerprint (SFP) for the user browser, generating an activation code, after generating the PAA and SPF, transmitting the activation code to the user browser via an out-of-band communication channel, using the activation code to establish a secure communication channel between the service consumer browser and the service provider server, receiving via the secure communication channel a client fingerprint (CFP), wherein the CFP is encoded using a key that is based on the SPF, and sending a rolling key challenge (RKC) to the user browser via the secure communication channel.
|
