US Patent 11665161 Identity services for passwordless authentication

An identity server authenticates a first user identity for a user device through a first authentication exchange as part of a passwordless authentication system. The identity server registers with a relying party as an authenticator for a second user identity. The identity server initiates a second authentication exchange by obtaining from the relying party, a credential request associated with the second user identity. Responsive to a determination that the first user identity authenticated in the first authentication exchange is authorized to act as the second user identity, the identity server obtains a credential request response authenticated by the authenticator in the identity server. The identity server completes the second authentication exchange by providing the credential response to the relying party. The second authentication exchange authenticates the user device to the relying party without involving the user device.