Method And Apparatus For Trusted Federated Identity
First Claim
20-1. The method of claim 29, wherein the trusted computing environment is one of a universal integrated circuit card (UICC), a subscriber identity module (SIM), a machine to machine (M2M) device, a smart card, or a java card, a global platform smartcard, or secure integrated chip card (ICC).
1 Assignment
0 Petitions
Accused Products
Abstract
A trusted computing environment, such as a smartcard, UICC, Java card, global platform, or the like may be used as a local host trust center and a proxy for a single-sign on (SSO) provider. This may be referred to as a local SSO provider (OP). This may be done, for example, to keep authentication traffic local and to prevent over the air communications, which may burden an operator network. To establish the OP proxy in the trusted environment, the trusted environment may bind to the SSO provider in a number of ways. For example, the SSO provider may interoperate with UICC-based UE authentication or GBA. In this way, user equipment may leverage the trusted environment in order to provide increased security and reduce over the air communications and authentication burden on the OP or operator network.
272 Citations
47 Claims
-
20-1. The method of claim 29, wherein the trusted computing environment is one of a universal integrated circuit card (UICC), a subscriber identity module (SIM), a machine to machine (M2M) device, a smart card, or a java card, a global platform smartcard, or secure integrated chip card (ICC).
-
25. A method for protecting a user environment and/or the local assertion entity (LAE) to authenticate a user for a relying party (RP) in an open management security protocol, the method comprising:
-
receiving an indication from the RP via a user interface that the RP wishes to authenticate the user, the RP being capable of communicating with a trusted provider of single sign-on (SSO) credentials; receiving user credentials from the user through the user interface; authenticating the user with the received user credentials for the RP to perform at least some functions of the trusted provider of SSO credentials locally to limit communications outside the user environment during the authentication process; and transmitting an authentication response via the user interface to the RP. - View Dependent Claims (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
Specification