Secure and anonymized authentication
First Claim
1. A method comprising:
- receiving, by a computing system, a message from a wireless service provider system, wherein the message contains a service-provider-based identity of a client device, an indication that the service-provider-based identity has been authenticated by the wireless service provider, and a single code that the client device obtained from a portal device proximate to the client device, wherein the portal device is in a locked state, and wherein the code includes a first sub-code that identifies the portal device and a second sub-code that identifies a task of unlocking the portal device;
generating, by the computing system, an anonymized identity of the client device based on the service-provider-based identity, wherein the anonymized identity is generated by applying a one-way function to the service-provider-based identity and the code, wherein the computing system is configured to generate different anonymized identities for the client device based on respective codes that the client device receives from respective remote machines, and wherein the portal device is one of the remote machines;
based on the code and the anonymized identity, verifying, by the computing system, that unlocking the portal device is within the authorized capabilities of the anonymized identity; and
transmitting, by the computing system, an instruction to the portal device, wherein the instruction causes the portal device to change from the locked state to an unlocked state.
1 Assignment
0 Petitions
Accused Products
Abstract
An embodiment may involve receiving, by a computing system, a message from a wireless service provider system. The computing system may include one or more computing devices located, e.g., in the trusted cloud. The message may contain a service-provider-based identity of a client device, an indication that the service-provider-based identity has been authenticated by the wireless service provider, and a code that the client device obtained from a remote machine proximate to the client device. The computing system may generate an anonymized identity of the client device based on the service-provider-based identity. The computing system may verify that a task associated with the code is within the authorized capabilities of the anonymized identity. Possibly based on the code (and perhaps other information as well), the computing system may transmit an instruction to the remote machine. The instruction may direct the remote machine to perform the task.
97 Citations
18 Claims
-
1. A method comprising:
-
receiving, by a computing system, a message from a wireless service provider system, wherein the message contains a service-provider-based identity of a client device, an indication that the service-provider-based identity has been authenticated by the wireless service provider, and a single code that the client device obtained from a portal device proximate to the client device, wherein the portal device is in a locked state, and wherein the code includes a first sub-code that identifies the portal device and a second sub-code that identifies a task of unlocking the portal device; generating, by the computing system, an anonymized identity of the client device based on the service-provider-based identity, wherein the anonymized identity is generated by applying a one-way function to the service-provider-based identity and the code, wherein the computing system is configured to generate different anonymized identities for the client device based on respective codes that the client device receives from respective remote machines, and wherein the portal device is one of the remote machines; based on the code and the anonymized identity, verifying, by the computing system, that unlocking the portal device is within the authorized capabilities of the anonymized identity; and transmitting, by the computing system, an instruction to the portal device, wherein the instruction causes the portal device to change from the locked state to an unlocked state. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An article of manufacture including a non-transitory computer-readable medium, having stored thereon program instructions that, upon execution by a computing system, cause the computing system to perform operations comprising:
-
receiving a message from a wireless service provider system, wherein the message contains a service-provider-based identity of a client device, an indication that the service-provider-based identity has been authenticated by the wireless service provider, and a single code that the client device obtained from a portal device proximate to the client device, wherein the portal device is in a locked state, and wherein the code includes a first sub-code that identifies the portal device and a second sub-code that identifies a task of unlocking the portal device; generating an anonymized identity of the client device based on the service-provider-based identity, wherein the anonymized identity is generated by applying a one-way function to the service-provider-based identity and the code, wherein the computing system is configured to generate different anonymized identities for the client device based on respective codes that the client device receives from respective remote machines, and wherein the portal device is one of the remote machines; based on the code and the anonymized identity, verifying that unlocking the portal device is within the authorized capabilities of the anonymized identity; and transmitting an instruction to the portal device, wherein the instruction directs the portal device to change from the locked state to an unlocked state. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computing system comprising:
-
at least one processor; memory; and program instructions, stored in the memory, that upon execution by the at least one processor cause the computing system to perform operations comprising; receiving a message from a wireless service provider system, wherein the message contains a service-provider-based identity of a client device, an indication that the service-provider-based identity has been authenticated by the wireless service provider, and a single code that the client device obtained from a portal device proximate to the client device, wherein the portal device is in a locked state, and wherein the code includes a first sub-code that identifies the portal device and a second sub-code that identifies a task of unlocking the portal device; generating an anonymized identity of the client device based on the service-provider-based identity, wherein the anonymized identity is generated by applying a one-way function to the service-provider-based identity and the code, wherein the computing system is configured to generate different anonymized identities for the client device based on respective codes that the client device receives from respective remote machines, and wherein the portal device is one of the remote machines; based on the code and the anonymized identity, verifying that unlocking the portal device is within the authorized capabilities of the anonymized identity; and transmitting an instruction to the portal device, wherein the instruction directs the portal device to change from the locked state to an unlocked state. - View Dependent Claims (15, 16, 17, 18)
-
Specification