IDENTITY MANAGEMENT WITH LOCAL FUNCTIONALITY
First Claim
1. In a system comprising a user equipment (UE), an identity provider (IdP), and a service provider (SP) which communicate via a network, a method comprising:
- receiving a request for a token, wherein the request for the token is responsive to a request for access to a service provided by the service provider;
in response to the request for the token, at the UE, creating an identity (ID) token in accordance with the request for the token; and
issuing, via the UE, the ID token, wherein the ID token is verified to provide the UE access to the service.
1 Assignment
0 Petitions
Accused Products
Abstract
A user equipment (UE) may perform functions locally, such as on a trusted module that resides within the UE. For example, a UE may perform functions associated with a single sign-on protocol, such as OpenID Connect for example, via a local identity provider function. For example, a UE may generate identity tokens and access tokens that can be used by a service provider to retrieve user information, such as identity information and/or user attributes. User attributes may be retrieved via a user information endpoint that may reside locally on the UE or on a network entity. A service provider may grant a user access to a service based on the information that it retrieves using the tokens.
-
Citations
30 Claims
-
1. In a system comprising a user equipment (UE), an identity provider (IdP), and a service provider (SP) which communicate via a network, a method comprising:
-
receiving a request for a token, wherein the request for the token is responsive to a request for access to a service provided by the service provider; in response to the request for the token, at the UE, creating an identity (ID) token in accordance with the request for the token; and issuing, via the UE, the ID token, wherein the ID token is verified to provide the UE access to the service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. In a system comprising a user equipment (UE), an identity provider (IdP) and a service provider (SP) which communicate via a network, a method comprising, at the UE:
-
receiving a request for user data; receiving a user consent to release a consented portion of the user data; in response to the user consent, generating an access token associated with the SP; and issuing the access token to the SP, wherein the consented portion of the user data is released to the SP upon a verification of the access token. - View Dependent Claims (16, 17, 18, 19)
-
-
20. In a system comprising a user equipment (UE) and a service provider (SP) which communicate via a network, a method comprising:
-
receiving, at the SP, a request for access to a service that is provided by the SP, the request comprising at least one of an identifier of a user of the UE or an identifier of the UE; in response to the request for access, at the SP, receiving an identity (ID) token and a first access token; and in response to a verification of the access token, at the SP, retrieving a first user attribute from a first user information endpoint, wherein the first user information endpoint resides on the UE. - View Dependent Claims (21, 22, 23)
-
-
24. A wireless/transmit receive unit (WTRU) comprising:
-
a memory comprising executable instructions; and a processor in communications with the memory, the instructions, when executed by the processor, cause the processor to effectuate operations comprising; receiving a request for a token, wherein the request for the token is responsive to a request for access to a service provided by a service provider (SP); in response to the request for the token, creating an identity (ID) token in accordance with the request for the token; and issuing the ID token, wherein the ID token is verified to provide the WTRU access to the service. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification