Abstract: A system and method are described for integrating an authentication service within an existing network infrastructure.

Abstract: A system, apparatus, method, and machine readable medium are described for performing authentication using data analytics such as machine learning.

Abstract: A system, apparatus, method, and machine readable medium are described for authentication with asymmetric cryptography. For example, a method in accordance with one embodiment comprises: generating a challenge at a server; encrypting the challenge at the server using a public encryption key; transmitting the encrypted challenge to a connected device having a first connection over a network with the server; providing the encrypted challenge from the connected device to a user device; decrypting the encrypted challenge using a private encryption key corresponding to the public encryption key to determine the challenge; converting the challenge to a converted challenge, the converted challenge having a different format than the original challenge; receiving the converted challenge at the connected device and providing the converted challenge from the connected device to the server; and validating the converted challenge at the server to authenticate the user.

Abstract: A system and method are described for integrating an authentication service within an existing network infrastructure.

Abstract: A system, apparatus, method, and machine readable medium are described for a hosted authentication service. For example, one embodiment of a system comprises: a hosted authentication service to provide authentication services for relying parties, the hosted authentication service registering a relying party by sharing a key with the relying party; a first program code component inserted into an application hosted by the relying party, the first program code component causing a client device accessing the application to be redirected to the hosted authentication service for authentication-related functions; and the hosted authentication service transmitting one or more assertions to the relying party specifying authentication-related events occurring between the client device and the hosted authentication service, the relying party validating the assertions using the key.

Abstract: A system, apparatus, method, and machine readable medium are described for performing transaction signing within an authentication framework.

Abstract: A system, apparatus, method, and machine readable medium are described for determining the authentication capabilities. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A system, apparatus, method, and machine readable medium are described for transparently requesting a new random challenge from a server within an authentication framework. For example, one embodiment of a method comprises: transmitting a random challenge and an indication of a timeout period associated with the random challenge from a server to a client within the context of a network registration or authentication process using authentication devices communicatively coupled to the client; automatically detecting that the random challenge is no longer valid based on the timeout period; and responsively transmitting a request for a new random challenge from the client to a server, wherein transmitting is performed transparently to a user of the client.

Abstract: A system, apparatus, method, and machine readable medium are described for determining the authentication capabilities. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A system, apparatus, method, and machine readable medium are described for implementing privacy classes within an authentication framework. For example, one embodiment of a method comprises: transmitting a query for client information from a server to a client, the client information including information related to authentication devices coupled to the client; analyzing the query to determine an appropriate privacy class to be used for providing client information to the server; providing a subset of client information selected based on the determined privacy class, the subset of client information including the information related to the authentication devices coupled to the client; and using the subset of client information within an authentication framework to provide user authentication services over a network.

Abstract: A system, apparatus, method, and machine readable medium are described for implementing a composite authenticator. For example, an apparatus in accordance with one embodiment comprises: an authenticator for authenticating a user of the apparatus with a relying party, the authenticator comprising a plurality of authentication components; and component authentication logic to attest to the model and/or integrity of at least one authentication component to one or more of the other authentication components prior to allowing the authentication components to form the authenticator.

Abstract: A system, apparatus, method, and machine readable medium are described for multi-device operations within an authentication framework. For example, one embodiment of a method comprises: detecting N authentication devices on a client, wherein N>1; generating a N cryptographic entities, one for each of the N authentication devices; transmitting a command to the client to register each of the N cryptographic entities into each of the N authentication devices; executing the command on the client and responsively registering each of the N cryptographic entities into each of the respective N authentication devices; and subsequently using at least one of the authentication devices and its associated cryptographic entity for authenticating a user of the client over a network.

Abstract: A user transaction request is received at a client device. A web browser plug-in communicates the user transaction request to a server that determines whether the user transaction request is a secure transaction. Transaction data is received from the server via the web browser plug-in. If the received transaction data indicates a secure transaction, the user is prompted to provide biometric data, which is received from the user. The web browser plug-in then communicates a transaction confirmation to the server.

Abstract: A system, apparatus, method, and machine readable medium are described for confirming a user transaction. For example, one embodiment of a method comprises: detecting at a relying party a transaction triggered by a first user over a network and performing one or more authentication techniques to authenticate the first user to the relying party over the network; identifying one or more other users who are required to confirm the transaction before allowing the transaction to be performed, the one or more other users being registered with the relying party; transmitting notifications to the one or more other users or a subset thereof indicating that a transaction has been triggered by the first user; and the one or more other users or subset thereof confirming the transaction by performing remote authentication with the relying party over the network.

Abstract: A system, apparatus, method, and machine readable medium are described for adaptive authentication. For example, one embodiment of an apparatus comprises: an adaptive authentication module to receive a client request to perform a transaction which requires authentication; a risk engine to analyze first data related to a client to determine a risk value associated with the client; an assurance level gain analysis module to determine an assurance level required for allowing the client to complete the transaction and to determine an assurance level gain required to arrive at the assurance level based on the risk value; the adaptive authentication module to select one or more authentication techniques based at least in part on the indication of the assurance level gain.

Abstract: A system, apparatus, method, and machine readable medium are described for delegating trust to a new client device or a new authenticator on a trusted device. For example, one embodiment of a method comprises: implementing a series of trust delegation operations to transfer registration data associated with one or more trusted authenticators on a trusted client device to one or more new authenticators on a new client device or on the trusted client device.

Abstract: A system, apparatus, method, and machine readable medium are described for establishing a trust circle between multiple devices. For example, one embodiment of a method comprises: transmitting first data from a first device to a second device over a secure communication channel, the first data including at least one key and an identification code identifying a trust circle which includes the first device; the second device generating second data using at least a portion of the first data including the identification code and transmitting the second data over a network to a service; the first device connecting to the service using the identification code to identify the second data, validating the integrity of the second data, and responsively generating third data; and the service storing at least a portion of the second data and the third data to establish a trust relationship between the first device and the second device.

Abstract: A system, apparatus, method, and machine readable medium are described for performing advanced authentication techniques and associated applications. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: An apparatus includes a biometric sensor capable of identifying biometric information associated with a user. A storage device coupled to the biometric sensor stores user information. A biometric service is coupled to the biometric sensor and capable of communicating with the biometric sensor. A web browser application having a biometric extension communicates with the biometric sensor via the biometric service. The web browser's biometric extension is capable of communicating with multiple web servers.

Abstract: A system, apparatus, method, and machine readable medium are described for implementing privacy classes within an authentication framework. For example, one embodiment of a method comprises: transmitting a query for client information from a server to a client, the client information including information related to authentication devices coupled to the client; analyzing the query to determine an appropriate privacy class to be used for providing client information to the server; providing a subset of client information selected based on the determined privacy class, the subset of client information including the information related to the authentication devices coupled to the client; and using the subset of client information within an authentication framework to provide user authentication services over a network.