US Patent 9191381 Strong authentication via a federated identity protocol

A computing system of an authentication service provider receives a federated identity protocol request triggered by a relying party to validate a user. The federated identity protocol request includes a user identifier of an authenticated identity. The computing system searches mapping data stored in a data store that is coupled to the computing system to identify a type of virtual token associated with the user identifier and authenticates the user by requesting the identified type of virtual token from a user device and verifying a virtual token received from the user device using the mapping data. The computing system sends second-factor authentication results to the relying party via the federated identity protocol.