MEDIA BASED AUTHENTICATION AND AUTHORIZATION FOR SECURE SERVICES

US 20150026772A1
Filed: 07/16/2013
Published: 01/22/2015
Est. Priority Date: 07/16/2013
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

requesting authentication of an electronic device by a service provider in response to a request for service by the electronic device;

providing an authentication element to the service provider via a secure media of the electronic device;

in response to the request for service, an authorization server providing proxy authorization for the service provider by receiving an authorization element from the service provider and installing the authorization element on the secure media; and

upon authenticating and authorizing the electronic device using the secure media, accessing the requested service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method requests authentication of an electronic device by a service provider in response to a request for service by the electronic device. An authentication element is provided to the service provider via a secure media of the electronic device. In response to the request for service, an authorization server provides proxy authorization for the service provider by receiving an authorization element from the service provider and installing the authorization element on the secure media. Upon authenticating and authorizing the electronic device using the secure media, accessing the requested service.

28 Citations

View as Search Results

43 Claims

1. A method comprising:
- requesting authentication of an electronic device by a service provider in response to a request for service by the electronic device;
  
  providing an authentication element to the service provider via a secure media of the electronic device;
  
  in response to the request for service, an authorization server providing proxy authorization for the service provider by receiving an authorization element from the service provider and installing the authorization element on the secure media; and
  
  upon authenticating and authorizing the electronic device using the secure media, accessing the requested service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - performing initial authentication of the electronic device with an identity provider;
      
      upon initial authentication of the electronic device, issuing the authentication element from the identity provider to the authorization server and installing the authentication element on the secure media of the electronic device.
  - 3. The method of claim 2, wherein the secure media is one of embedded in the electronic device or removable from the electronic device.
  - 4. The method of claim 3, wherein storage of the authentication element and the authorization element on the secure media provide credentials required for accessing cloud based services offered by different eco-systems.
  - 5. The method of claim 1, wherein the authentication element comprises a security assertion markup language (SAML) assertion.
  - 6. The method of claim 5, wherein the initial authentication further comprises:
    - providing the SAML assertion to the authorization server for installation in the secure media via a secure channel;
      
      checking a credential assignment table and selecting an unassigned protected area data (PAD) block for installing the SAML assertion in the credential assignment table of the secure media; and
      
      storing the SAML assertion in the selected PAD block in the credential assignment table of the secure media.
  - 7. The method of claim 6, wherein the authorization server comprises read and write privileges to the credential assignment table of the secure media, and the electronic device only comprises read privileges to the credential assignment table of the secure media.
  - 8. The method of claim 7, wherein receiving the authorization element to the service provider further comprises:
    - transferring the authorization element to the authorization server using an application signaling protocol;
      
      initializing a secure channel by the authorization server for communicating with the secure media;
      
      checking the credential assignment table and selecting an unassigned PAD block for installing the authorization element in the credential assignment table of the secure media; and
      
      storing the authorization element issued by the service provider in the selected PAD block in the credential assignment table of the secure media.
  - 9. The method of claim 8, wherein the authorization server manages the credential assignment table of the secure media.
  - 10. The method of claim 9, wherein the electronic device comprises one of a mobile phone device, a camera device, a tablet computing device, a laptop computing device and a personal computer (PC) device.

11. A system comprising:
- an electronic device;
  
  a secure media device coupled to the electronic device;
  
  an authorization server coupled to a plurality of cloud based service providers, the authorization server providing proxy authorization for a requested service from one of the service providers by receiving an authorization token from the service provider and installing the authorization token on the secure media, wherein upon the selected service provider authenticating and authorizing the electronic device, the electronic device accesses the requested service.
- View Dependent Claims (12, 13, 14, 15, 16, 31, 32)
- - 12. The system of claim 11, further comprising an identity provider that performs initial authentication of the electronic device and issues an authentication token to the authorization server that installs the authentication token on the secure media.
  - 13. The system of claim 12, wherein the secure media is one of a device embedded in the electronic device or a device that is removably coupled to the electronic device.
  - 14. The system of claim 13, wherein storage of the authentication token and the authorization token on the secure media provide credentials required for accessing cloud based services offered by different eco-systems.
  - 15. The system of claim 12, wherein the authentication token comprises a security assertion markup language (SAML) assertion.
  - 16. The system of claim 15, wherein the identity provider provides the SAML assertion to the authorization server, the authorization server initializes a secure authenticated channel (SAC) for communicating with the secure media, checks a credential assignment table in the secure media, selects an unassigned protected area data (PAD) block for installing the SAML assertion in the credential assignment table and stores the SAML assertion in the selected PAD block in the credential assignment table.
  - 31. The system of claim 16, wherein the one service provider transfers the authorization token to the authorization server using an application signaling protocol, and the authorization server initializes an SAC with the secure media, checks the credential assignment table, selects an unassigned PAD block for installing the authorization token in the credential assignment table, and stores the authorization token issued by the one service provider in the selected PAD block in the credential assignment table.
  - 32. The system of claim 31, wherein the electronic device comprises one of a mobile phone device, a camera device, a tablet computing device, a laptop computing device and a personal computer (PC) device.

18-30. -30. (canceled)

33. A non-transitory computer-readable medium having instructions which when executed on a computer perform a method comprising:
- requesting authentication of the electronic device by a service provider in response to a request for service by the electronic device;
  
  providing an authentication token to the service provider via a secure media of the electronic device;
  
  in response to the request for service, an authorization server providing proxy authorization for the service provider by receiving an authorization token from the service provider and installing the authorization token on the secure media; and
  
  upon authenticating and authorizing the electronic device using the secure media, accessing the requested service.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
- - 34. The medium of claim 33, further comprising:
    - performing initial authentication of the electronic device with an identity provider;
      
      upon initial authentication of the electronic device, issuing the authentication token from the identity provider to the authorization server and installing the authentication token on the secure media of the electronic device.
  - 35. The medium of claim 34, wherein the secure media is one of embedded in the electronic device or removable from the electronic device, and storage of the authentication token and the authorization token on the secure media provide credentials required for accessing cloud based services offered by different eco-systems.
  - 36. The medium of claim 33, wherein the authentication token comprises a security assertion markup language (SAML) assertion, and the initial authentication further comprises:
    - providing the SAML assertion to the authorization server for installation in the secure media via a secure channel;
      
      checking a credential assignment table and selecting an unassigned protected area data (PAD) block for installing the SAML assertion in the credential assignment table of the secure media; and
      
      storing the SAML assertion in the selected PAD block in the credential assignment table of the secure media.
  - 37. The medium of claim 36, wherein the authorization server comprises read and write privileges to the credential assignment table of the secure media, and the electronic device only comprises read privileges to the credential assignment table of the secure media.
  - 38. The medium of claim 37, wherein receiving the authorization token from the service provider further comprises:
    - transferring the authorization token from the service provider to the authorization server using an application signaling protocol;
      
      initializing a secure channel by the authorization server for communicating with the secure media;
      
      checking the credential assignment table and selecting an unassigned PAD block for installing the authorization token in the credential assignment table of the secure media; and
      
      storing the authorization token issued by the service provider in the selected PAD block in the credential assignment table of the secure media.
  - 39. The medium of claim 38, wherein the authorization server manages the credential assignment table of the secure media.
  - 40. The medium of claim 38, wherein the electronic device comprises one of a mobile phone device, a camera device, a tablet computing device, a laptop computing device and a personal computer (PC) device.

41. A method comprising:
- providing an authentication token to a service provider from a secure media of an electronic device;
  
  providing proxy authorization for the service provider by an authorization server that receives an authorization token from the service provider and installs the authorization token on the secure media; and
  
  using the authentication token and the authorization token from the secure media for accessing a requested service.
- View Dependent Claims (42, 43)
- - 42. The method of claim 41, further comprising:
    - performing initial authentication of the electronic device with an identity provider;
      
      upon initial authentication of the electronic device, issuing the authentication token from the identity provider to the authorization server and installing the authentication token on the secure media of the electronic device, wherein the authentication token comprises a security assertion markup language (SAML) assertion, and the initial authentication further comprises;
      
      providing the SAML assertion to the authorization server for installation in the secure media via a secure channel;
      
      checking a credential assignment table and selecting an unassigned protected area data (PAD) block for installing the SAML assertion in the credential assignment table of the secure media; and
      
      storing the SAML assertion in the selected PAD block in the credential assignment table of the secure media.
  - 43. The method of claim 42, wherein receiving the authorization token from the service provider further comprises:
    - transferring the authorization token to the authorization server using an application signaling protocol;
      
      initializing a secure channel by the authorization server for communicating with the secure media;
      
      checking the credential assignment table and selecting an unassigned PAD block for installing the authorization token in the credential assignment table of the secure media; and
      
      storing the authorization token issued by the service provider in the selected PAD block in the credential assignment table of the secure media,wherein the secure media is one of embedded in the electronic device or removable from the electronic device, and storage of the authentication token and the authorization token on the secure media provide credentials required for accessing cloud based services offered by different eco-systems.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Verma, Sanjeev

Application Number

US13/943,712
Publication Number

US 20150026772A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 63/0884   by delegation of authentica...

MEDIA BASED AUTHENTICATION AND AUTHORIZATION FOR SECURE SERVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

MEDIA BASED AUTHENTICATION AND AUTHORIZATION FOR SECURE SERVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links