Method and Apparatus for Trusted Federated Identity Management and Data Access Authorization

US 20150067813A1
Filed: 11/03/2014
Published: 03/05/2015
Est. Priority Date: 01/22/2010
Status: Abandoned Application

First Claim

Patent Images

1. A wireless device comprising a processor, a trusted ticket server, a memory, and communication circuitry, the wireless device being connected to a communications network via its communication circuitry, the wireless device including computer-executable instructions stored in the memory of the wireless device which, when executed by the processor of the wireless device, perform operations comprising:

receiving an authentication request from a network application function, the authentication request comprising an identity that corresponds to a user of the wireless device;

based on the authentication request, retrieving, by the trusted ticket server, authentication data and platform validation data using a storage root key, wherein the platform validation data includes a measure of trustworthiness of the wireless device and a measure of trustworthiness of the trusted ticket server, and the authentication data is associated with the identity that corresponds to the user;

sending the platform validation data and the authentication data associated with the identity that corresponds to the user to the network application function; and

receiving verification data indicating that the network application function has verified the platform validation data and the identity that corresponds to the user.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value.

Citations

16 Claims

1. A wireless device comprising a processor, a trusted ticket server, a memory, and communication circuitry, the wireless device being connected to a communications network via its communication circuitry, the wireless device including computer-executable instructions stored in the memory of the wireless device which, when executed by the processor of the wireless device, perform operations comprising:
- receiving an authentication request from a network application function, the authentication request comprising an identity that corresponds to a user of the wireless device;
  
  based on the authentication request, retrieving, by the trusted ticket server, authentication data and platform validation data using a storage root key, wherein the platform validation data includes a measure of trustworthiness of the wireless device and a measure of trustworthiness of the trusted ticket server, and the authentication data is associated with the identity that corresponds to the user;
  
  sending the platform validation data and the authentication data associated with the identity that corresponds to the user to the network application function; and
  
  receiving verification data indicating that the network application function has verified the platform validation data and the identity that corresponds to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The wireless device of claim 1, wherein the verification data indicates that a system state indicated by the platform validation data matches a previously generated reference value.
  - 3. The wireless device of claim 1, wherein the platform validation data is signed.
  - 4. The wireless device of claim 1, wherein the platform validation data includes a user identification parameter.
  - 5. The wireless device of claim 1, wherein the platform validation data includes attestation data.
  - 6. The wireless device of claim 5, wherein the attestation data a platform configuration register quote signed with an attestation identity key.
  - 7. The wireless device of claim 1, the operations further comprising receiving a ticket comprising the verification data, wherein the ticket is capable of being reused to perform a subsequent authorization without revalidation of the wireless device.
  - 8. The wireless device of claim 7, wherein the ticket includes a timestamp.
  - 9. The wireless device of claim 7, wherein the ticket includes an origination timestamp.
  - 10. The wireless device of claim 7, wherein the ticket includes a lifetime limit.
  - 11. The wireless device of claim 7, wherein the ticket includes an end date.
  - 12. The wireless device of claim 7, wherein the ticket includes a usage parameter limit.
  - 13. The wireless device of claim 7, the operations further comprising receiving a ticket reference from a network entity.
  - 14. The wireless device of claim 13, wherein the ticket reference is capable of being used to obtain the ticket from the network application function, and wherein the verification data is capable of being reused to perform a subsequent authorization without revalidation of the wireless device.
  - 15. The wireless device of claim 1, the operations further comprising:
    - establishing a connection to a relying party;
      
      receiving a browser redirection to the network application function; and
      
      sending an authentication request to the network application function.
  - 16. The wireless device of claim 1, wherein the verification data indicates access granted to a relying party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Inventors
Cha, Inhyok, Shah, Yogendra C., Schmidt, Andreas, Leicher, Andreas

Application Number

US14/531,621
Publication Number

US 20150067813A1
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2115   Third party

H04L 2463/121   Timestamp

H04L 63/0807   using tickets, e.g. Kerbero...

H04W 12/069   using certificates or pre-s...

Method and Apparatus for Trusted Federated Identity Management and Data Access Authorization

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Apparatus for Trusted Federated Identity Management and Data Access Authorization

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links