Abstract: A system, apparatus, method, and machine readable medium are described for bootstrapping an authenticator.

Abstract: A system, apparatus, method, and machine readable medium are described for performing eye tracking during authentication. For example, one embodiment of a method comprises: receiving a request to authenticate a user; presenting one or more screen layouts to the user; capturing a sequence of images which include the user's eyes as the one or more screen layouts are displayed; and (a) performing eye movement detection across the sequence of images to identify a correlation between motion of the user's eyes as the one or more screen layouts are presented and an expected motion of the user's eyes as the one or more screen layouts are presented and/or (b) measuring the eye's pupil size to identify a correlation between the effective light intensity of the screen and its effect on the user's eye pupil size.

Abstract: A system, apparatus, method, and machine-readable medium are described for determining the authentication capabilities. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A system, apparatus, method, and machine readable medium are described for implementing a composite authenticator. For example, an apparatus in accordance with one embodiment comprises: an authenticator for authenticating a user of the apparatus with a relying party, the authenticator comprising a plurality of authentication components; and component authentication logic to attest to the model and/or integrity of at least one authentication component to one or more of the other authentication components prior to allowing the authentication components to form the authenticator.

Abstract: A system, apparatus, method, and machine readable medium are described for sharing authentication data.

Abstract: A system, apparatus, method, and machine readable medium are described for bootstrapping an authenticator.

Abstract: A system, apparatus, method, and machine readable medium are described for determining the authentication capabilities. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A system, apparatus, method, and machine readable medium are described for biometric device attestation. For example, one embodiment of an apparatus includes: a biometric device to read biometric authentication data from a user and determine whether to successfully authenticate the user based on a comparison with biometric reference data; and a cryptographic engine to establish communication with a relying party and to attest to the model and/or integrity of the biometric device to the relying party.

Abstract: A system, apparatus, method, and machine readable medium are described for performing eye tracking during authentication. For example, one embodiment of a method comprises: receiving a request to authenticate a user; presenting one or more screen layouts to the user; capturing a sequence of images which include the user's eyes as the one or more screen layouts are displayed; and (a) performing eye movement detection across the sequence of images to identify a correlation between motion of the user's eyes as the one or more screen layouts are presented and an expected motion of the user's eyes as the one or more screen layouts are presented and/or (b) measuring the eye's pupil size to identify a correlation between the effective light intensity of the screen and its effect on the user's eye pupil size.

Abstract: A system, apparatus, method, and machine readable medium are described for attesting an authenticator. For example, one embodiment of an apparatus comprises: a processor to execute an app; and an authenticator to generate a first authentication key and to securely store the first authentication key, the authenticator to generate an attestation object usable by a relying party to confirm authenticity of the authenticator, the attestation object including a first component provided by the authenticator, a second component provided by the app, and a signature generated by the first authentication key over a combination of the first and second components.

Abstract: A system, apparatus, method, and machine readable medium are described for performing eye tracking during authentication. For example, one embodiment of a method comprises: receiving a request to authenticate a user; presenting one or more screen layouts to the user; capturing a sequence of images which include the user's eyes as the one or more screen layouts are displayed; and (a) performing eye movement detection across the sequence of images to identify a correlation between motion of the user's eyes as the one or more screen layouts are presented and an expected motion of the user's eyes as the one or more screen layouts are presented and/or (b) measuring the eye's pupil size to identify a correlation between the effective light intensity of the screen and its effect on the user's eye pupil size; capturing audio of the user's voice; and performing voice recognition techniques to determine a correlation between the captured audio of the user's voice and one or more voice prints.

Abstract: A system, apparatus, method, and machine readable medium are described for implementing a composite authenticator. For example, an apparatus in accordance with one embodiment comprises: an authenticator for authenticating a user of the apparatus with a relying party, the authenticator comprising a plurality of authentication components; and component authentication logic to attest to the model and/or integrity of at least one authentication component to one or more of the other authentication components prior to allowing the authentication components to form the authenticator.

Abstract: A system, apparatus, method, and machine readable medium are described for performing authentication over multiple channels. For example, one embodiment of a method comprises: performing authentication over a network with an authentication service to authenticate a client; responsively generating a token at the authentication service, the token including identification information for the client, a service, and a type of authenticator used for the authentication, the token further including verification data; transmitting the token to the client; transmitting the token from the client to the service, the service using the verification data to verify the token and allowing one or more transactions with the client in accordance with a policy based, at least in part, on the type of authenticator used for the authentication.

Abstract: A system, apparatus, method, and machine readable medium are described for enhanced security during registration. For example, one embodiment of a method comprises: receiving a request at a relying party to register an authenticator; sending a code from the user to the relying party through an authenticated out-of-band communication channel; and verifying the identity of the user using the code and responsively registering the authenticator in response to a positive verification.

Abstract: A system, apparatus, method, and machine readable medium are described for enhanced security during registration. For example, one embodiment of a method comprises: receiving a request at a relying party to register an authenticator; sending a code from the user to the relying party through an authenticated out-of-band communication channel; and verifying the identity of the user using the code and responsively registering the authenticator in response to a positive verification.

Abstract: A system, apparatus, method, and machine readable medium are described for authenticating a client to a device.

Abstract: A system, apparatus, method, and machine readable medium are described for biometric device attestation. For example, one embodiment of an apparatus includes: a biometric device to read biometric authentication data from a user and determine whether to successfully authenticate the user based on a comparison with biometric reference data; and a cryptographic engine to establish communication with a relying party and to attest to the model and/or integrity of the biometric device to the relying party.

Abstract: A system, apparatus, method, and machine readable medium are described for authenticating a client to a device.

Abstract: A system, apparatus, method, and machine readable medium are described for authorizing a new authenticator with a relying party. For example, one embodiment of a method comprises: identifying a plurality of relying parties with which an old authenticator is registered; generating at least one key for each of the plurality of relying parties; authenticating with each of the relying parties using a client having the old authenticator configured thereon, the client authorizing the new authenticator by providing an authorization object to each relying party comprising the at least one key, data identifying the new authenticator, and cryptographic data to be used by the relying party to verify the authorization object; and wherein, in response to verifying the authorization object, each relying party registers the new authenticator.

Abstract: A system, apparatus, method, and machine readable medium are described for non-intrusive privacy-preserving authentication.