System and method for identity management for mobile devices
First Claim
1. A method performed by a mobile device for secure communication of data to a client service in communication with an untrusted client application on the mobile device for enabling a user to utilize the client service, the method comprising:
- generating a request for user profile data stored externally at an identity provider;
sending the request to the identity provider;
obtaining, in response to the request, a token secret and an encrypted token provided to the untrusted client application and the client service, the encrypted token comprising the user profile data specified in the request and the token secret, the encrypted token being decryptable by the client service;
the untrusted client application, unable to decrypt the encrypted token to obtain the user profile data, communicating the encrypted token to the client service for authentication; and
the untrusted client application providing the token secret to the client service as proof of ownership of the encrypted token; and
wherein the client service verifies that the token secret from the untrusted client application matches the token secret of the encrypted token as proof that the token secret includes the requested user profile data.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile device. The user agent is configured to communicate with the identity provider and retrieve the user identity for the client application, and the client application is configured to transmit the user identity to the client service.
9 Citations
19 Claims
-
1. A method performed by a mobile device for secure communication of data to a client service in communication with an untrusted client application on the mobile device for enabling a user to utilize the client service, the method comprising:
-
generating a request for user profile data stored externally at an identity provider; sending the request to the identity provider; obtaining, in response to the request, a token secret and an encrypted token provided to the untrusted client application and the client service, the encrypted token comprising the user profile data specified in the request and the token secret, the encrypted token being decryptable by the client service; the untrusted client application, unable to decrypt the encrypted token to obtain the user profile data, communicating the encrypted token to the client service for authentication; and the untrusted client application providing the token secret to the client service as proof of ownership of the encrypted token; and wherein the client service verifies that the token secret from the untrusted client application matches the token secret of the encrypted token as proof that the token secret includes the requested user profile data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A mobile device configured for secure communication of user profile data to a client service in communication with an untrusted client application on the mobile device, for enabling a user to utilize the client service, the mobile device comprising:
-
a processor, memory, a communication device, a user agent managing storage and retrieval of user identity information, wherein the user agent is able to communicate with an identity provider for establishing user credentials for the client application, and the client application, and the mobile device configured to at least; generate a request for the user profile data stored externally at an identity provider; provide the request to the identity provider; obtain, in response to the request, a token secret and an encrypted token provided to the untrusted client application and the client service, the encrypted token comprising the user profile data specified in the request and the token secret, the token being decryptable by the client service; communicate the encrypted token to the client service via the untrusted client application for authentication, and providing the token secret as proof of ownership of the encrypted token; and wherein the client service is operable to verify that the token secret from the untrusted client application matches the token secret of the encrypted token as proof that the token secret includes the requested user profile data. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification