Abstract: A system, apparatus, method, and machine readable medium are described for implementing a composite authenticator. For example, an apparatus in accordance with one embodiment comprises: an authenticator for authenticating a user of the apparatus with a relying party, the authenticator comprising a plurality of authentication components; and component authentication logic to attest to the model and/or integrity of at least one authentication component to one or more of the other authentication components prior to allowing the authentication components to form the authenticator.

Abstract: A system, apparatus, method, and machine readable medium are described for adaptively implementing an authentication policy. For example, one embodiment of a method comprises: detecting a user of a client attempting to perform a current interaction with a relying party; and responsively identifying a first interaction class for the current interaction based on variables associated with the current interaction and implementing a set of one or more authentication rules associated with the first interaction class.

Abstract: A system, apparatus, method, and machine readable medium are described for performing eye tracking during authentication. For example, one embodiment of a method comprises: receiving a request to authenticate a user; presenting one or more screen layouts to the user; capturing a sequence of images which include the user's eyes as the one or more screen layouts are displayed; and (a) performing eye movement detection across the sequence of images to identify a correlation between motion of the user's eyes as the one or more screen layouts are presented and an expected motion of the user's eyes as the one or more screen layouts are presented and/or (b) measuring the eye's pupil size to identify a correlation between the effective light intensity of the screen and its effect on the user's eye pupil size; capturing audio of the user's voice; and performing voice recognition techniques to determine a correlation between the captured audio of the user's voice and one or more voice prints.

Abstract: A system, apparatus, method, and machine readable medium are described for confirming a user transaction. For example, one embodiment of a method comprises: detecting at a relying party a transaction triggered by a first user over a network and performing one or more authentication techniques to authenticate the first user to the relying party over the network; identifying one or more other users who are required to confirm the transaction before allowing the transaction to be performed, the one or more other users being registered with the relying party; transmitting notifications to the one or more other users or a subset thereof indicating that a transaction has been triggered by the first user; and the one or more other users or subset thereof confirming the transaction by performing remote authentication with the relying party over the network.

Abstract: A system, apparatus, method, and machine readable medium are described for adaptive authentication. For example, one embodiment of an apparatus comprises: an adaptive authentication module to receive a client request to perform a transaction which requires authentication; a risk engine to analyze first data related to a client to determine a risk value associated with the client; an assurance level gain analysis module to determine an assurance level required for allowing the client to complete the transaction and to determine an assurance level gain required to arrive at the assurance level based on the risk value; the adaptive authentication module to select one or more authentication techniques based at least in part on the indication of the assurance level gain.

Abstract: A system, apparatus, method, and machine readable medium are described for attesting an authenticator. For example, one embodiment of an apparatus comprises: a processor to execute an app; and an authenticator to generate a first authentication key and to securely store the first authentication key, the authenticator to generate an attestation object usable by a relying party to confirm authenticity of the authenticator, the attestation object including a first component provided by the authenticator, a second component provided by the app, and a signature generated by the first authentication key over a combination of the first and second components.

Abstract: A system, apparatus, method, and machine-readable medium are described for determining the authentication capabilities. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A system, apparatus, method, and machine readable medium are described for performing client risk assessment for authentication. For example, one embodiment of an apparatus comprises: a client risk assessment agent to perform an assessment of client configuration data to determine a risk level associated with a client device; and an authentication engine to performing authentication for a particular transaction in accordance with the risk level.

Abstract: A system, apparatus, method, and machine readable medium are described for performing user authentication.

Abstract: A system, apparatus, method, and machine readable medium are described for performing eye tracking during authentication. For example, one embodiment of a method comprises: receiving a request to authenticate a user; presenting one or more screen layouts to the user; capturing a sequence of images which include the user's eyes as the one or more screen layouts are displayed; and (a) performing eye movement detection across the sequence of images to identify a correlation between motion of the user's eyes as the one or more screen layouts are presented and an expected motion of the user's eyes as the one or more screen layouts are presented and/or (b) measuring the eye's pupil size to identify a correlation between the effective light intensity of the screen and its effect on the user's eye pupil size.

Abstract: A system, apparatus, method, and machine readable medium are described for delegating trust to a new client device or a new authenticator on a trusted device. For example, one embodiment of a method comprises: implementing a series of trust delegation operations to transfer registration data associated with one or more trusted authenticators on a trusted client device to one or more new authenticators on a new client device or on the trusted client device.

Abstract: A system, apparatus, method, and machine readable medium are described for performing advanced authentication techniques and associated applications. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A system, apparatus, method, and machine readable medium are described for sharing authentication data.

Abstract: A system, apparatus, method, and machine readable medium are described for establishing a trust circle between multiple devices. For example, one embodiment of a method comprises: transmitting first data from a first device to a second device over a secure communication channel, the first data including at least one key and an identification code identifying a trust circle which includes the first device; the second device generating second data using at least a portion of the first data including the identification code and transmitting the second data over a network to a service; the first device connecting to the service using the identification code to identify the second data, validating the integrity of the second data, and responsively generating third data; and the service storing at least a portion of the second data and the third data to establish a trust relationship between the first device and the second device.

Abstract: A system, apparatus, method, and machine readable medium are described for a hosted authentication service. For example, one embodiment of a system comprises: a hosted authentication service to provide authentication services for relying parties, the hosted authentication service registering a relying party by sharing a key with the relying party; a first program code component inserted into an application hosted by the relying party, the first program code component causing a client device accessing the application to be redirected to the hosted authentication service for authentication-related functions; and the hosted authentication service transmitting one or more assertions to the relying party specifying authentication-related events occurring between the client device and the hosted authentication service, the relying party validating the assertions using the key.

Abstract: A system, apparatus, method, and machine readable medium are described for bootstrapping an authenticator.

Abstract: A system, apparatus, method, and machine readable medium are described for determining the authentication capabilities. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A system, apparatus, method, and machine readable medium are described for biometric device attestation. For example, one embodiment of an apparatus includes: a biometric device to read biometric authentication data from a user and determine whether to successfully authenticate the user based on a comparison with biometric reference data; and a cryptographic engine to establish communication with a relying party and to attest to the model and/or integrity of the biometric device to the relying party.

Abstract: A system, apparatus, method, and machine readable medium are described for performing eye tracking during authentication. For example, one embodiment of a method comprises: receiving a request to authenticate a user; presenting one or more screen layouts to the user; capturing a sequence of images which include the user's eyes as the one or more screen layouts are displayed; and (a) performing eye movement detection across the sequence of images to identify a correlation between motion of the user's eyes as the one or more screen layouts are presented and an expected motion of the user's eyes as the one or more screen layouts are presented and/or (b) measuring the eye's pupil size to identify a correlation between the effective light intensity of the screen and its effect on the user's eye pupil size.

Abstract: A system, apparatus, method, and machine readable medium are described for implementing a composite authenticator. For example, an apparatus in accordance with one embodiment comprises: an authenticator for authenticating a user of the apparatus with a relying party, the authenticator comprising a plurality of authentication components; and component authentication logic to attest to the model and/or integrity of at least one authentication component to one or more of the other authentication components prior to allowing the authentication components to form the authenticator.