System and method for identity management for mobile devices
First Claim
1. A non-transitory computer readable media for storing computer executable instructions for enabling a processor to perform cryptographic operations for secure communication of data to a client service in communication with an untrusted client application on a mobile device for enabling a user to utilize the client service, the computer executable instructions for:
- generating a request for user profile data stored externally at an identity provider;
sending the request to the identity provider;
obtaining, in response to the request, a token secret and an encrypted token provided to the untrusted client application and the client service, the encrypted token comprising the user profile data specified in the request and the token secret, the encrypted token being decryptable by the client service;
wherein the untrusted client application is unable to decrypt the encrypted token to obtain the user profile data, communicating the encrypted token to the client service for authentication; and
providing the token secret from the untrusted client application to the client service as proof of ownership of the encrypted token; and
wherein the client service verifies that the token secret from the untrusted client application matches the token secret of the encrypted token as proof that the token secret includes the requested user profile data.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile device. The user agent is configured to communicate with the identity provider and retrieve the user identity for the client application, and the client application is configured to transmit the user identity to the client service.
-
Citations
18 Claims
-
1. A non-transitory computer readable media for storing computer executable instructions for enabling a processor to perform cryptographic operations for secure communication of data to a client service in communication with an untrusted client application on a mobile device for enabling a user to utilize the client service, the computer executable instructions for:
-
generating a request for user profile data stored externally at an identity provider; sending the request to the identity provider; obtaining, in response to the request, a token secret and an encrypted token provided to the untrusted client application and the client service, the encrypted token comprising the user profile data specified in the request and the token secret, the encrypted token being decryptable by the client service; wherein the untrusted client application is unable to decrypt the encrypted token to obtain the user profile data, communicating the encrypted token to the client service for authentication; and providing the token secret from the untrusted client application to the client service as proof of ownership of the encrypted token; and wherein the client service verifies that the token secret from the untrusted client application matches the token secret of the encrypted token as proof that the token secret includes the requested user profile data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable media for storing computer executable instructions for managing user identity information, the computer executable instructions for:
-
sending user credentials from a user agent on a mobile device to an identity provider for verification, the mobile device in communication with the identity provider; if the user credentials are verified, receiving, by the user agent, a token from the identity provider; receiving a request for the user identity information from a client service; sending the request and the token to the identity provider; retrieving the user identity information from the identity provider; and sending the user identity information from the user agent to the client service, via a client application on the mobile device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification