Method and Apparatus for Trusted Federated Identity Management and Data Access Authorization
First Claim
1. A wireless device comprising a processor, a trusted ticket server, a memory, and communication circuitry, the wireless device being connected to a communications network via its communication circuitry, the wireless device including computer-executable instructions stored in the memory of the wireless device which, when executed by the processor of the wireless device, perform operations comprising:
- receiving an authentication request from a network application function, the authentication request comprising an identity that corresponds to a user of the wireless device;
based on the authentication request, retrieving, by the trusted ticket server, authentication data and platform validation data using a storage root key, wherein the platform validation data includes a measure of trustworthiness of the wireless device and a measure of trustworthiness of the trusted ticket server, and the authentication data is associated with the identity that corresponds to the user;
sending the platform validation data and the authentication data associated with the identity that corresponds to the user to the network application function; and
receiving verification data indicating that the network application function has verified the platform validation data and the identity that corresponds to the user.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value.
-
Citations
16 Claims
-
1. A wireless device comprising a processor, a trusted ticket server, a memory, and communication circuitry, the wireless device being connected to a communications network via its communication circuitry, the wireless device including computer-executable instructions stored in the memory of the wireless device which, when executed by the processor of the wireless device, perform operations comprising:
-
receiving an authentication request from a network application function, the authentication request comprising an identity that corresponds to a user of the wireless device; based on the authentication request, retrieving, by the trusted ticket server, authentication data and platform validation data using a storage root key, wherein the platform validation data includes a measure of trustworthiness of the wireless device and a measure of trustworthiness of the trusted ticket server, and the authentication data is associated with the identity that corresponds to the user; sending the platform validation data and the authentication data associated with the identity that corresponds to the user to the network application function; and receiving verification data indicating that the network application function has verified the platform validation data and the identity that corresponds to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification