Abstract: A system, apparatus, method, and machine-readable medium are described for defending against malicious code injection. For example, one embodiment of an apparatus comprises: a processor to execute an application to access a web page on the Internet in response to user input, the web page having one or more resource descriptors and/or code descriptors associated therewith; an authenticator engine to validate the web page based, at least in part, on the resource descriptors and/or code descriptors, by connecting to a trusted entity; and wherein the trusted entity is configured to generate a signature on a cryptographic assertion that includes one or more resource descriptor objects associated with the one or more resource descriptors and/or one or more code descriptor objects associated with the one or more code descriptors.

Abstract: A system, apparatus, method, and machine-readable medium are described for personalizing and pre-registering an authenticator.

Abstract: A system, apparatus, method, and machine-readable medium are described for endorsing authenticators. For example, one embodiment of an apparatus comprises: a first instance of an authenticator associated with a first app to allow a user of the first app to authenticate with a first relying party; a secure key store accessible by the first instance of the authenticator to securely store authentication data related to the first app; and a synchronization processor to share at least a portion of the authentication data with a second instance of the authenticator associated with a second app to be executed on the apparatus.

Abstract: A system, apparatus, method, and machine readable medium are described for performing advanced authentication techniques and associated applications. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A system, apparatus, method, and machine readable medium are described for secure authentication. For example, one embodiment of a system comprises: an authenticator on a client device to securely store one or more private keys, at least one of the private keys usable to authenticate a block of a blockchain; and an attestation module of the authenticator or coupled to the authenticator, the attestation module to generate a signature using the block and the private key, the signature usable to attest to the authenticity of the block by a device having a public key corresponding to the private key.

Abstract: A system, apparatus, method, and machine readable medium are described for binding verifiable claims. For example, one embodiment of a system comprises: a client device; an authenticator of the client device to securely store authentication data including one or more verifiable claims received from one or more claim providers, each verifiable claim having attributes associated therewith; and claim/attribute processing logic to generate a first verifiable claim binding for a first verifiable claim issued by the claim provider; wherein the authenticator is to transmit a first signature assertion to a first relying party to authenticate with the first relying party, the first signature assertion including an attribute extension containing data associated with the first verifiable claim binding.

Abstract: A system, apparatus, method, and machine-readable medium are described for fast authentication. For example, one embodiment of a system comprises: a local challenge generator of a client apparatus to generate a challenge on a client device using a derivation function; an authentication engine of the client apparatus to generate a challenge response as defined by a specified challenge-response protocol; the authentication engine to transmit the challenge response to a server, and the server to validate the challenge response, at least in part, by determining whether the challenge was generated within a specified time window.

Abstract: A system, apparatus, method, and machine readable medium are described for implementing a composite authenticator. For example, an apparatus in accordance with one embodiment comprises: an authenticator for authenticating a user of the apparatus with a relying party, the authenticator comprising a plurality of authentication components; and component authentication logic to attest to the model and/or integrity of at least one authentication component to one or more of the other authentication components prior to allowing the authentication components to form the authenticator.

Abstract: A system, apparatus, method, and machine readable medium are described for adaptively implementing an authentication policy. For example, one embodiment of a method comprises: detecting a user of a client attempting to perform a current interaction with a relying party; and responsively identifying a first interaction class for the current interaction based on variables associated with the current interaction and implementing a set of one or more authentication rules associated with the first interaction class.

Abstract: A system, apparatus, method, and machine readable medium are described for performing eye tracking during authentication. For example, one embodiment of a method comprises: receiving a request to authenticate a user; presenting one or more screen layouts to the user; capturing a sequence of images which include the user's eyes as the one or more screen layouts are displayed; and (a) performing eye movement detection across the sequence of images to identify a correlation between motion of the user's eyes as the one or more screen layouts are presented and an expected motion of the user's eyes as the one or more screen layouts are presented and/or (b) measuring the eye's pupil size to identify a correlation between the effective light intensity of the screen and its effect on the user's eye pupil size; capturing audio of the user's voice; and performing voice recognition techniques to determine a correlation between the captured audio of the user's voice and one or more voice prints.

Abstract: A system, apparatus, method, and machine readable medium are described for confirming a user transaction. For example, one embodiment of a method comprises: detecting at a relying party a transaction triggered by a first user over a network and performing one or more authentication techniques to authenticate the first user to the relying party over the network; identifying one or more other users who are required to confirm the transaction before allowing the transaction to be performed, the one or more other users being registered with the relying party; transmitting notifications to the one or more other users or a subset thereof indicating that a transaction has been triggered by the first user; and the one or more other users or subset thereof confirming the transaction by performing remote authentication with the relying party over the network.

Abstract: A system, apparatus, method, and machine readable medium are described for adaptive authentication. For example, one embodiment of an apparatus comprises: an adaptive authentication module to receive a client request to perform a transaction which requires authentication; a risk engine to analyze first data related to a client to determine a risk value associated with the client; an assurance level gain analysis module to determine an assurance level required for allowing the client to complete the transaction and to determine an assurance level gain required to arrive at the assurance level based on the risk value; the adaptive authentication module to select one or more authentication techniques based at least in part on the indication of the assurance level gain.

Abstract: A system, apparatus, method, and machine readable medium are described for attesting an authenticator. For example, one embodiment of an apparatus comprises: a processor to execute an app; and an authenticator to generate a first authentication key and to securely store the first authentication key, the authenticator to generate an attestation object usable by a relying party to confirm authenticity of the authenticator, the attestation object including a first component provided by the authenticator, a second component provided by the app, and a signature generated by the first authentication key over a combination of the first and second components.

Abstract: A system, apparatus, method, and machine-readable medium are described for determining the authentication capabilities. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A system, apparatus, method, and machine readable medium are described for performing client risk assessment for authentication. For example, one embodiment of an apparatus comprises: a client risk assessment agent to perform an assessment of client configuration data to determine a risk level associated with a client device; and an authentication engine to performing authentication for a particular transaction in accordance with the risk level.

Abstract: A system, apparatus, method, and machine readable medium are described for performing user authentication.

Abstract: A system, apparatus, method, and machine readable medium are described for performing eye tracking during authentication. For example, one embodiment of a method comprises: receiving a request to authenticate a user; presenting one or more screen layouts to the user; capturing a sequence of images which include the user's eyes as the one or more screen layouts are displayed; and (a) performing eye movement detection across the sequence of images to identify a correlation between motion of the user's eyes as the one or more screen layouts are presented and an expected motion of the user's eyes as the one or more screen layouts are presented and/or (b) measuring the eye's pupil size to identify a correlation between the effective light intensity of the screen and its effect on the user's eye pupil size.

Abstract: A system, apparatus, method, and machine readable medium are described for performing advanced authentication techniques and associated applications. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A system, apparatus, method, and machine readable medium are described for delegating trust to a new client device or a new authenticator on a trusted device. For example, one embodiment of a method comprises: implementing a series of trust delegation operations to transfer registration data associated with one or more trusted authenticators on a trusted client device to one or more new authenticators on a new client device or on the trusted client device.

Abstract: A system, apparatus, method, and machine readable medium are described for sharing authentication data.