Authentication server and methods for granting tokens comprising location data

US 9,060,273 B2
Filed: 03/22/2012
Issued: 06/16/2015
Est. Priority Date: 03/22/2012
Status: Active Grant

First Claim

Patent Images

1. A method of generating a token for use by a mobile device to establish authorization for the mobile device to access a service provided by a service server, the method comprising:

receiving, at an authentication server, a request for the token from the mobile device; and

responsive to receiving the request;

receiving, at the authentication server, policy data governing operation of the mobile device from a policy server;

receiving, at the authentication server, received location data from a network-side entity;

generating the token at the authentication server, the token comprising location data identifying a location for the mobile device and authentication data indicating a level of access that the mobile device is permitted to have to the service provided by the service server, the location data and the authentication data being provided in the same token, the location data of the token based on the received location data, the authentication data generated based on the policy data; and

transmitting the token to the mobile device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication server and methods of generating a token for use by a mobile device to establish authorization for the mobile device to access a service provided by a service server, the method comprising receiving a request for the token from the mobile device, generating the token comprising location data identifying a location for the mobile device and authentication data indicating a level of access that the mobile device is permitted to have to the service provided by the service server, and transmitting the token to the mobile device.

40 Citations

View as Search Results

33 Claims

1. A method of generating a token for use by a mobile device to establish authorization for the mobile device to access a service provided by a service server, the method comprising:
- receiving, at an authentication server, a request for the token from the mobile device; and
  
  responsive to receiving the request;
  
  receiving, at the authentication server, policy data governing operation of the mobile device from a policy server;
  
  receiving, at the authentication server, received location data from a network-side entity;
  
  generating the token at the authentication server, the token comprising location data identifying a location for the mobile device and authentication data indicating a level of access that the mobile device is permitted to have to the service provided by the service server, the location data and the authentication data being provided in the same token, the location data of the token based on the received location data, the authentication data generated based on the policy data; and
  
  transmitting the token to the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the network-side entity comprises a location services server or a network provider.
  - 3. The method of claim 1, wherein the location data of the token identifies a geographical location of the mobile device.
  - 4. The method of claim 1, wherein the location data of the token identifies a geographical location in which the mobile device is registered.
  - 5. The method of claim 1, wherein the location data of the token identifies a geographical location in which the mobile device operates at a time the request is transmitted from the mobile device to the authentication server.
  - 6. The method of claim 1, wherein the authentication data of the token generated at the authentication server indicates that the service server is to control access by the mobile device to the service based on the location data of the token generated at the authentication server.
  - 7. The method of claim 1, wherein the authentication data of the token generated at the authentication server indicates that the service server is to control access by the mobile device to the service based on the location data of the token generated at the authentication server and on a location of the mobile device at a time that the mobile device requests access to the service from the service server.
  - 8. The method of claim 1, further comprising encrypting at least one of the location data of the token or the authentication data of the token generated at the authentication server using a secret shared between the authentication server and the service server, prior to transmitting the token to the mobile device.
  - 9. The method of claim 1, wherein the request for the token from the mobile device is received by the authentication server via a relay, and wherein the token is generated in response to the relay successfully authenticating the mobile device.
  - 10. The method of claim 1, wherein the request comprises a device identifier, and wherein the method further comprises, prior to generating the token, verifying that the device identifier corresponds to a source address of a message containing the request for the token.
  - 11. The method of claim 1, wherein the service server comprises a browsing proxy server.

12. An authentication server comprising:
- a receiver configured to receive a request for a token from a mobile device, and configured, responsive to receiving the request, to receive from a policy server policy data governing operation of the mobile device and to receive received location data from a network-side entity, the token for use by the mobile device to establish authorization for the mobile device to access a service provided by a service server;
  
  a transmitter configured to transmit the token to the mobile device;
  
  a memory; and
  
  a processor configured to generate the token, the token comprising location data identifying a location for the mobile device and authentication data indicating a level of access that the mobile device is permitted to have to the service provided by the service server, the location data and the authentication data being provided in the same token, the location data of the token based on the received location data, the authentication data generated based on the policy data, and the processor configured to cause the token to be transmitted to the mobile device,wherein the policy data and the received location data are received responsive to receiving the request.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The authentication server of claim 12, wherein the network-side entity comprises a location services server or a network provider.
  - 14. The authentication server of claim 12, wherein the location data of the token identifies a geographical location of the mobile device.
  - 15. The authentication server of claim 12, wherein the location data of the token identifies a geographical location in which the mobile device is registered.
  - 16. The authentication server of claim 12, wherein the location data of the token identifies a geographical location in which the mobile device operates at a time the request is transmitted from the mobile device to the authentication server.
  - 17. The authentication server of claim 12, wherein the authentication data of the token generated at the authentication server indicates that the service server is to control access by the mobile device to the service based on the location data of the token generated at the authentication server.
  - 18. The authentication server of claim 12, wherein the authentication data of the token generated at the authentication server indicates that the service server is to control access by the mobile device to the service based on the location data of the token generated at the authentication server and on a location of the mobile device at a time that the mobile device requests access to the service from the service server.
  - 19. The authentication server of claim 12, wherein the processor is configured to encrypt at least one of the location data of the token or the authentication data of the token generated at the authentication server using a secret shared between the authentication server and the service server, prior to causing the token to be transmitted to the mobile device.
  - 20. The authentication server of claim 12, wherein the receiver receives the request for the token via a relay, and wherein the processor is configured to generate the token in response to the relay successfully authenticating the mobile device.
  - 21. The authentication server of claim 12, wherein the request comprises a device identifier, and the processor is configured to verify, prior to generating the token, that the device identifier corresponds to a source address of a message containing the request for the token.
  - 22. The authentication server of claim 12, wherein the service server comprises a browsing proxy server.

23. A non-transitory computer-readable medium storing instructions which, when executed by a processor of an authentication server, result in:
- receiving, at the authentication server, a request for a token from a mobile device, the token for use by the mobile device to establish authorization for the mobile device to access a service provided by a service server; and
  
  responsive to receiving the request;
  
  receiving, at the authentication server, policy data governing operation of the mobile device from a policy server;
  
  receiving, at the authentication server, received location data from a network-side entity;
  
  generating the token, the token comprising location data identifying a location for the mobile device and authentication data indicating a level of access that the mobile device is permitted to have to the service provided by the service server, the location data and the authentication data being provided in the same token, the location data of the token based on the received location data, the authentication data generated based on the policy data; and
  
  transmitting the token to the mobile device.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The non-transitory computer-readable medium of claim 23, wherein the network-side entity comprises a location services sewer or a network provider.
  - 25. The non-transitory computer-readable medium of claim 23, wherein the location data of the token identifies a geographical location of the mobile device.
  - 26. The non-transitory computer-readable medium of claim 23, wherein the location data of the token identifies a geographical location in which the mobile device is registered.
  - 27. The non-transitory computer-readable medium of claim 23, wherein the location data of the token identifies a geographical location in which the mobile device operates at a time the request is transmitted from the mobile device to the authentication server.
  - 28. The non-transitory computer-readable medium of claim 23, wherein the authentication data of the token generated at the authentication sewer indicates that the service sewer is to control access by the mobile device to the service based on the location data of the token generated at the authentication server.
  - 29. The non-transitory computer-readable medium of claim 23, wherein the authentication data of the token generated at the authentication sewer indicates that the service sever is to control access by the mobile device to the service based on the location data of the token generated at the authentication server and on a location of the mobile device at a time that the mobile device requests access to the service from the service server.
  - 30. The non-transitory computer-readable medium of claim 23, wherein the instructions, when executed by the processor, further result in encrypting at least one of the location data of the token or the authentication data of the token generated at the authentication server using a secret shared between the authentication server and the service server, prior to transmitting the token to the mobile device.
  - 31. The non-transitory computer-readable medium of claim 23, wherein the request for the token from the mobile device is received by the authentication server via a relay, and wherein the token is generated in response to the relay successfully authenticating the mobile device.
  - 32. The non-transitory computer-readable medium of claim 23, wherein the request comprises a device identifier, and wherein the instructions, when executed by the processor, further result in verifying that the device identifier corresponds to a source address of a message containing the request for the token, prior to generating the token.
  - 33. The non-transitory computer-readable medium of claim 23, wherein the service server comprises a browsing proxy server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Andrew James Guy, Fogel, Christopher M., Parry, Thomas Owen
Primary Examiner(s)
Hua, Quan M

Application Number

US13/427,333
Publication Number

US 20130252583A1
Time in Patent Office

1,181 Days
Field of Search

455/466, 455410-411, 4554561-457, 370328-338
US Class Current

1/1
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

Authentication server and methods for granting tokens comprising location data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication server and methods for granting tokens comprising location data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links