SSO FRAMEWORK FOR MULTIPLE SSO TECHNOLOGIES

US 20130125226A1
Filed: 04/27/2012
Published: 05/16/2013
Est. Priority Date: 04/28/2011
Status: Abandoned Application

First Claim

Patent Images

1. A user equipment (UE) comprising:

a user application configured to communicate with a service provider to access a service;

a plurality of network-assisted authentication modules, each network-assisted authentication module corresponding to a different network-assisted authentication protocol, and wherein one or more of the plurality of network-assisted authentication modules are configured to perform network-assisted authentication with the service provider to access the service; and

a single sign-on (SSO) subsystem configured to authenticate a user of the UE based on user-assisted authentication information and to select a network-assisted authentication module of the plurality of network-assisted authentication modules for performing the network-assisted authentication with the service provider, and wherein the SSO subsystem is further configured to perform the user-assisted authentication and select the network-assisted authentication module based on one or more policies.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Users desire useable security or a seamless means for accessing internet services whereby user interaction in the provisioning of credentials may be kept to a minimum or even eliminated entirely. The Single Sign-On (SSO) identity management (IdM) concept may be a means by which a user may be provided with such ease of use, while enabling user-assisted and network-assisted authentication for access to desired services. To enable seamless authentication services to users, a unified framework and a protocol layer interface for managing multiple authentication methods may be used.

176 Citations

18 Claims

1. A user equipment (UE) comprising:
- a user application configured to communicate with a service provider to access a service;
  
  a plurality of network-assisted authentication modules, each network-assisted authentication module corresponding to a different network-assisted authentication protocol, and wherein one or more of the plurality of network-assisted authentication modules are configured to perform network-assisted authentication with the service provider to access the service; and
  
  a single sign-on (SSO) subsystem configured to authenticate a user of the UE based on user-assisted authentication information and to select a network-assisted authentication module of the plurality of network-assisted authentication modules for performing the network-assisted authentication with the service provider, and wherein the SSO subsystem is further configured to perform the user-assisted authentication and select the network-assisted authentication module based on one or more policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The UE of claim 1, wherein the user-assisted authentication information comprises at least one of a user identity or a user credential, and wherein the SSO subsystem is configured to perform the user-assisted authentication using the user identity, and wherein the UE is configured to perform the network-assisted authentication using a UE identity.
  - 3. The UE of claim 1, wherein the network-assisted authentication policies indicate at least one of a user-assisted authentication strength associated with the user-assisted authentication or a network-assisted authentication strength associated with the network-assisted authentication.
  - 4. The UE of claim 1, wherein the network-assisted authentication is performed by sending an assertion message to the service provider that indicates that the user is authenticated.
  - 5. The UE of claim 1, wherein the SSO subsystem is further configured to perform the network-assisted authentication using at least one parameter resulting from the user-assisted authentication.
  - 6. The UE of claim 5, wherein the at least one parameter resulting from the user-assisted authentication comprises a user-assisted authentication status, a user-assisted authentication time, or a user-assisted authentication strength.
  - 7. The UE of claim 1, wherein the SSO subsystem is further configured to receive a selection of an identity provider to be used for the network-assisted authentication, wherein the identity provider is associated with an authentication module of the plurality of network-assisted authentication modules.
  - 8. The UE of claim 1, wherein the UE is configured to support services provided by a plurality of service providers, each service provider being associated with a different set of policies.
  - 9. The UE of claim 1, further comprising a supplicant that enables the communication from the application to the plurality of network-assisted authentication modules.
  - 10. The UE of claim 9, wherein the supplicant is included in the SSO subsystem.
  - 11. The UE of claim 9, wherein the supplicant is downloaded from at least one of the service provider or an identity provider.
  - 12. The UE of claim 9, wherein the supplicant is configured to allow the user application to use one or more features of the SSO subsystem.
  - 13. The UE of claim 9, wherein the supplicant corresponds to the user application such that the supplicant can communicate with the user application and the SSO subsystem.

14. In a user equipment (UE) comprising a plurality of network-assisted authentication modules, each network-assisted authentication module corresponding to a different network-assisted authentication protocol, and wherein one or more of the plurality of network-assisted authentication modules are configured to perform network-assisted authentication with a service provider to access a service, a method comprising:
- authenticating a user of the UE based on user-assisted authentication information;
  
  selecting a network-assisted authentication module of the plurality of network-assisted authentication modules for performing the network-assisted authentication with the service provider; and
  
  performing the user-assisted authentication and selecting the network-assisted authentication module based on one or more policies.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, further comprising:
    - detecting, by the UE, one or more data fields of the service provider; and
      
      in response to the detection, populating the one or more data fields with corresponding authentication data.
  - 16. The method of claim 14, further comprising:
    - performing the network-assisted authentication based on at least one parameter from the user-assisted authentication.
  - 17. The method of claim 16, wherein the at least one parameter resulting from the user-assisted authentication comprises a user-assisted authentication status, a user-assisted authentication time, or a user-assisted authentication strength.
  - 18. The method of claim 14, further comprising,in response to the user-assisted authentication, downloading a supplicant for authenticating the user with the service provider, wherein the supplicant matches a user application of the UE.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Inventors
Shah, Yogendra C., Schmidt, Andreas, Cha, Inhyok, Guccione, Louis J., Leicher, Andreas

Application Number

US13/458,422
Publication Number

US 20130125226A1
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0815   providing single-sign-on or...

H04L 63/205   involving negotiation or de...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

SSO FRAMEWORK FOR MULTIPLE SSO TECHNOLOGIES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

176 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SSO FRAMEWORK FOR MULTIPLE SSO TECHNOLOGIES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

176 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links