SYSTEM AND METHOD FOR SCOPING A USER IDENTITY ASSERTION TO COLLABORATIVE DEVICES

US 20140189827A1
Filed: 12/27/2012
Published: 07/03/2014
Est. Priority Date: 12/27/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method for sharing a user identity assertion between a primary communication device and a secondary communication device, wherein the user identity assertion enables the primary and secondary communication devices to access an application system, comprising:

pairing the primary and secondary communication devices;

communicating a request for a user identity assertion scoped to the primary and secondary communication devices from the primary communication device to an identity provider system;

receiving the user identity assertion scoped to the primary and secondary communication devices from the identity provider system by the primary communication device; and

communicating the user identity assertion scoped to the primary and secondary communication devices from the primary communication device to the secondary communication device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for enabling a primary and a secondary communication device to share a user identity assertion is presented. The user identity assertion enables the devices to access an application system. The primary and secondary devices are paired to place them in collaboration with each other. The primary device requests an identity provider system to issue a user identity assertion scoped to the primary and secondary communication device. The identity provider system authenticates the primary device and generates the user identity assertion scoped to the primary device and the secondary device identified in the request. The primary communication device receives the user identity assertion and communicates the user identity assertion to the secondary device. The primary device may request the user identity assertion by communicating a user identity assertion scoped to the primary device and a single sign on session cookie or a request for an extension assertion.

Citations

20 Claims

1. A method for sharing a user identity assertion between a primary communication device and a secondary communication device, wherein the user identity assertion enables the primary and secondary communication devices to access an application system, comprising:
- pairing the primary and secondary communication devices;
  
  communicating a request for a user identity assertion scoped to the primary and secondary communication devices from the primary communication device to an identity provider system;
  
  receiving the user identity assertion scoped to the primary and secondary communication devices from the identity provider system by the primary communication device; and
  
  communicating the user identity assertion scoped to the primary and secondary communication devices from the primary communication device to the secondary communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising communicating a request for a user identity assertion scoped to the primary communication device to the identity provider system from the primary communication device.
  - 3. The method of claim 2, wherein the step of communicating the request for the user identity assertion scoped to the primary and secondary communication devices to the identity provider system includes communicating the identity assertion scoped to the primary communication device and a single sign on session cookie from the primary communication device to the identity provider system.
  - 4. The method of claim 2, wherein the step of communicating the request for the user identity assertion scoped to the primary and secondary communication devices to the identity provider system includes communicating the identity assertion scoped to the primary communication device and a request for an extension assertion from the primary communication device to the identity provider system.
  - 5. The method of claim 4, wherein the user identity assertion scoped to the primary and secondary communication devices includes the identity assertion scoped to the primary communication device and the extension assertion.
  - 6. The method of claim 2, wherein the step of establishing the collaboration between the primary and secondary communication devices is performed after the step of communicating the request for the user identity assertion scoped to the primary communication device from the primary communication device to the identity provider system.
  - 7. The method of claim 1, wherein the step of pairing the primary and secondary communication devices is performed before the step of communicating the request for the user identity assertion scoped to the primary and secondary communication devices to the identity provider system from the primary communication device.
  - 8. The method of claim 1, wherein the step of communicating the request for the user identity assertion to the identity provider system from the primary communication device includes communicating a primary communication device identifier and/or communicating a secondary communication device identifier to the identity provider system.
  - 9. The method of claim 1, wherein the user identity assertion is implemented in an identity token.

10. A method for issuing a user identity assertion scoped to one or more communication devices, wherein the user identity assertion enables the one or more communication devices to access an application system, comprising:
- receiving a request for the user identity assertion scoped to one or more communication devices from a first of the one or more communication devices, wherein the one or more communication devices are in collaboration with each other;
  
  authenticating the first communication device;
  
  generating the user identity assertion scoped to the one or more communication devices; and
  
  communicating the user identity assertion scoped to the one or more communication devices to the first of the one or more communication devices, wherein the first of the one or more communication devices is configured to communicate the user identity assertion to the one or more communication devices to the one or more communication devices.

11. A system for sharing a user identity assertion between a primary communication device and a secondary communication device, wherein the user identity assertion enables the primary and secondary devices to access an application system, comprising:
- a collaboration module configured to pair the primary and secondary communication devices;
  
  a request module configured to generate a request for the user identity assertion scoped to the primary and secondary communication devices;
  
  a first interface configured to communicate the request for the user identity assertion scoped to the primary and secondary communication devices to an identity provider system and is further configured to receive the user identity assertion scoped to the primary and secondary communication devices from the identity provider system; and
  
  a second interface configured to communicate the user identity assertion scoped to the primary and secondary communication devices to the secondary communication device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the request module is further configured to generate a request for a user identity assertion scoped to the primary communication device.
  - 13. The system of claim 12, wherein the request for the user identity assertion scoped to the primary and secondary communication devices includes the identity assertion scoped to the primary device and a single sign on session cookie.
  - 14. The system of claim 12, wherein the request for the user identity assertion scoped to the primary and secondary communication devices includes the identity assertion scoped to the primary communication device and a request for an extension assertion.
  - 15. The system of claim 14, wherein the user identity assertion scoped to the primary and secondary communication devices includes the identity assertion scoped to the primary communication device and the extension assertion.
  - 16. The system of claim 12, wherein the collaboration module is further configured to pair the primary and secondary communication devices after the first interface communicates the request for the user identity assertion scoped to the primary communication device to the identity provider system.
  - 17. The system of claim 11, wherein the collaboration module is further configured to pair the primary and secondary communication devices before the first interface communicates the request for the user identity assertion scoped to the primary and secondary communication devices to the identity provider system.
  - 18. The system of claim 11, wherein the first interface is further configured to communicate a primary communication device identifier and/or communicate a secondary communication device identifier to the identity provider system.
  - 19. The system of claim 11, wherein the user identity assertion is implemented in an identity token.

20. A system for issuing a user identity assertion scoped to one or more communication devices, wherein the user identity assertion enables the one or more communication devices to access an application system, comprising:
- an interface configured to receive a request for the user identity assertion scoped to one or more communication devices from a first of the one or more communication device, wherein the one or more communication devices are in collaboration with each other;
  
  an authentication module configured to authenticate the first one of the communication devices; and
  
  an assertion module configured to generate the user identity assertion scoped to the one or more communication devices, wherein the interface is further configured to communicate the user identity assertion scoped to the one or more communication devices to the first one of the communication devices and wherein the first of the one or more communication devices is configured to communicate the user identity assertion scoped to the one or more communication devices to the one or more communication devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola Solutions, Inc.
Inventors
Lewis, Adam C., Metke, Anthony R., Upp, Steven D., Popovich, George

Application Number

US13/728,752
Publication Number

US 20140189827A1
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04W 12/069   using certificates or pre-s...

SYSTEM AND METHOD FOR SCOPING A USER IDENTITY ASSERTION TO COLLABORATIVE DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR SCOPING A USER IDENTITY ASSERTION TO COLLABORATIVE DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links