Identification and access control of users in a disconnected mode environment
First Claim
1. A method to enable a mobile device user to perform a mobile device-aided operation, comprising:
- with the mobile device in a connected mode in which it is connected to an identity provider, receiving and storing at the mobile device a token that is useable by the mobile device to obtain an authentication when the mobile device is operating in an identity provider-disconnected mode in which it is disconnected from the identity provider, wherein the token includes a time dependency that defines when the token is valid for use and is one of;
a defined time period, and a timeframe that is defined relative to a given future date and time;
while the mobile device is operating in the identity provider-disconnected mode, causing the mobile device to present the token to enable the mobile device to obtain the authentication, wherein presenting the token also verifies that the mobile device is operating in the identity-provider disconnected mode; and
upon receipt of the authentication, performing the mobile device-aided operation.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides identification and access control for an end user mobile device in a disconnected mode environment, which refers generally to the situation where, in a mobile environment, a mobile device is disconnected from or otherwise unable to connect to a wireless network. The inventive method provides the mobile device with a “long term” token, which is obtained from an identity provider coupled to the network. The token may be valid for a given time period. During that time period, the mobile device can enter a disconnected mode but still obtain a mobile device-aided function (e.g., access to a resource) by presenting for authentication the long term token. Upon a given occurrence (e.g., loss of or theft of the mobile device) the long term token is canceled to restrict unauthorized further use of the mobile device in disconnected mode.
-
Citations
17 Claims
-
1. A method to enable a mobile device user to perform a mobile device-aided operation, comprising:
-
with the mobile device in a connected mode in which it is connected to an identity provider, receiving and storing at the mobile device a token that is useable by the mobile device to obtain an authentication when the mobile device is operating in an identity provider-disconnected mode in which it is disconnected from the identity provider, wherein the token includes a time dependency that defines when the token is valid for use and is one of;
a defined time period, and a timeframe that is defined relative to a given future date and time;while the mobile device is operating in the identity provider-disconnected mode, causing the mobile device to present the token to enable the mobile device to obtain the authentication, wherein presenting the token also verifies that the mobile device is operating in the identity-provider disconnected mode; and upon receipt of the authentication, performing the mobile device-aided operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, using a mobile device, to enable a mobile device user to perform a mobile device-aided operation, comprising:
-
with the mobile device in a connected mode of operation, receiving and storing at the mobile device a data string, the data string useable to obtain an authentication of the mobile device user, wherein the data string is a security token that includes a time dependency that defines when the token is valid for use and is one of;
a defined time period, and a timeframe that is defined relative to a given future date and time; andwith the mobile device in an identity provider-disconnected mode of operation distinct from the connected mode of operation, having the mobile device present the data string to an application to enable the mobile device to attempt to obtain the authentication; upon obtaining the authentication, and upon verifying the mobile device is operating in the identity provider-disconnected mode of operation, performing the mobile device-aided operation using the application. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method, using a mobile device, to enable a mobile device user to perform a mobile device-aided operation, comprising:
-
with the mobile device in a connected mode of operation, receiving and storing at the mobile device a token, the token useable to assert an identity or privilege associated with the mobile device user, wherein the token includes a time dependency that defines when the token is valid for use and is one of;
a defined time period, and a timeframe that is defined relative to a given future date and time; andwith the mobile device in an identity provider-disconnected mode of operation, causing the mobile device to present the token to an application to enable the mobile device user to perform the mobile device-aided operation using the application, wherein presenting the token also verifies that the mobile device is operating in the identity-provider disconnected mode. - View Dependent Claims (15)
-
-
16. A mobile device, comprising:
-
a radio; a man-machine interface;
a network interface;a processor; a computer-readable medium having processor-executable instructions for performing the following method steps; with the mobile device in a connected mode, receiving and storing a token that is useable to assert an identity or privilege associated with a user of the mobile device; and with the mobile device verified as operating in an identity provider-disconnected mode of operation, and provided the token is valid, causing the mobile device to present the token to enable the mobile device user to perform a mobile device-aided operation, wherein validity of the token is determined by evaluating a time dependency associated with the token that defines when the token is valid for use and is one of;
a defined time period, and a timeframe that is defined relative to a given future date and time.
-
-
17. An access control system having an associated token issuing device, the system comprising:
-
an application; and software executable in a mobile device at a first time when the mobile device is operating in a first mode of operation to receive and store in the mobile device a token, wherein the token is generated by the token issuing device and is useable, at a second time distinct from the first time, to obtain an authentication of a mobile device user, wherein the token includes a time dependency that defines when the token is valid for use and is one of;
a defined time period, and a timeframe that is defined relative to a given future date and time;the software being further executable at the second time when the mobile device is verified as operating in an identity provider-disconnected mode of operation to cause the mobile device to present the token to attempt to obtain the authentication; the software being further executable upon obtaining the authentication, and with the mobile device in the identity provider-disconnected mode of operation, to enable the mobile device user to perform a mobile device-aided operation.
-
Specification