	US 11,930,006 B2
	System and method for hosting FIDO authenticators
Bahram Piri, Vancouver (CA); and Hassan Seifi, Vancouver (CA)
Assigned to IDMELON TECHNOLOGIES INC., Vancouver (CA)
Filed by IDMELON TECHNOLOGIES INC., Vancouver (CA)
Filed on May 5, 2023, as Appl. No. 18/143,909.
Claims priority of provisional application 63/346,302, filed on May 26, 2022.
Prior Publication US 2023/0388298 A1, Nov. 30, 2023
Int. Cl. H04L 9/40 (2022.01); H04W 12/47 (2021.01)

CPC H04L 63/0853 (2013.01) [H04W 12/47 (2021.01)]

17 Claims

1. A system for hosting FIDO authenticators on a local network or a cloud server using dedicated hardware or software security key modules or Hardware Security Modules), comprising:

a computing device having a Web Authentication (WebAuthn) client software, an application service, and a transport protocol interface, wherein the WebAuthn client software represents a relying party application on the computing device, wherein the WebAuthn client software has a WebAuthn Application Program Interface (API) that communicates with a one or more hosted authenticators through an interface on the computing device to send an authentication request associated with a user, receive an authentication response from the one or more hosted authenticators, and return the authentication response to verify the user to the WebAuthn client software representing the relying party,

a machine readable unique identifier to uniquely identify the one or more hosted authenticators, and to provide an authorization gesture implying the user's interaction with the one or more hosted authenticators while processing the authentication request;

wherein the application service reads the unique identifier from a connected device, and transmits the unique identifier to an authenticator hosting service through a network, wherein the connected device has a reader and application programming interface that provides the unique identifier to the application service using a communication link on the computing device, the connected device configured to detect the unique identifier via short-range wireless communication;

wherein the transport protocol interface is a driver installed on the computing device to receive authentication requests from the WebAuthn API, to exchange authentication requests with the authenticator hosting service through the network, and to write the authentication response which is taken back from the authenticator hosting service on the interface of the computing device that is used for authentication;

the authenticator hosting service that virtually hosts the one or more hosted authenticators within computing applications, and routes authentication requests to a target authenticator of the one or more hosted authenticators;

wherein the one or more hosted authenticators are accessed using the unique identifier for authentication purposes, wherein the one or more hosted authenticators register the user with the relying party application by creating a credential key pair, and later asserting possession of a registered key credential using the unique identifier.