| CPC H04L 9/3213 (2013.01) [H04L 9/14 (2013.01); H04L 9/3073 (2013.01); H04L 9/3218 (2013.01)] | 14 Claims |
|
1. A method for user authentication on a first device, comprising:
generating a proof-of-possession keypair at a secure module of the first device, wherein the proof-of-possession keypair comprises a public key and a private key, and wherein the private key is stored at the secure module;
performing a sequence of operations to authenticate the first device and a user of the first device with an identity management platform;
generating a header at an authentication client of the first device based at least in part on the authenticating, wherein the header is generated in accordance with an application-layer protocol for demonstrating proof-of-possession;
receiving a nonce via a web client based at least in part on validating the header with the identity management platform using the public key;
obtaining one or more device signals at the authentication client of the first device in response to receiving the nonce and based at least in part on the web client invoking the authentication client via a loopback interface;
signing the header with the private key, the nonce, and the one or more device signals based at least in part on a web client of the first device invoking the authentication client via a loopback interface and the authentication client accessing the secure module via a system interface; and
transmitting the signed header to a server associated with the identity management platform via the web client.
|