Identity management on a wireless device
First Claim
1. A method for performing local authentication at a wireless device, the method comprising:
- receiving an association handle from a service provider, wherein the association handle indicates that the service provider has performed an association with a network entity;
receiving authentication information associated with a user of the wireless device;
locally verifying the authentication information at the wireless device;
generating a signature key based on the association handle and a session key associated with the service provider, wherein the session key is derived from a network authentication between the network entity and the wireless device, and wherein the session key is configured for use in performing a local authentication at the wireless device; and
signing an identity assertion, using the signature key, to indicate that the wireless device has locally verified the authentication information.
0 Assignments
0 Petitions
Accused Products
Abstract
A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.
11 Citations
15 Claims
-
1. A method for performing local authentication at a wireless device, the method comprising:
-
receiving an association handle from a service provider, wherein the association handle indicates that the service provider has performed an association with a network entity; receiving authentication information associated with a user of the wireless device; locally verifying the authentication information at the wireless device; generating a signature key based on the association handle and a session key associated with the service provider, wherein the session key is derived from a network authentication between the network entity and the wireless device, and wherein the session key is configured for use in performing a local authentication at the wireless device; and signing an identity assertion, using the signature key, to indicate that the wireless device has locally verified the authentication information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification
-
- Resources
-
Current AssigneeInterDigital Patent Holdings, Inc. (InterDigital, Inc.)
-
Original AssigneeInterDigital Patent Holdings, Inc. (InterDigital, Inc.)
-
InventorsSchmidt, Andreas U., Leicher, Andreas, Shah, Yogendra C., Guccione, Louis J., Cha, Inhyok, Meyerstein, Michael V.
-
Primary Examiner(s)Dinh, Minh
-
Application NumberUS13/964,751Publication NumberTime in Patent Office456 DaysField of SearchNoneUS Class Current713/176CPC Class CodesH04L 2463/061 applying further key deriva...H04L 2463/081 applying self-generating cr...H04L 63/061 for key exchange, e.g. in p...H04L 63/068 using time-dependent keys, ...H04L 63/08 for authentication of entit...H04L 63/0815 providing single-sign-on or...H04L 63/0853 using an additional device,...H04L 67/02 based on web technology, e....H04W 12/041 Key generation or derivationH04W 12/062 Pre-authenticationH04W 12/069 using certificates or pre-s...H04W 88/02 Terminal devices
