Identity management with local functionality
First Claim
1. A method for implementing identity management within a system comprising a user equipment (UE), an identity provider (IdP), and a service provider (SP) which communicate via a network, wherein the UE comprises a processor, the method comprising:
- receiving, by the UE comprising the processor, a request for at least one token, wherein the request for the at least one token is responsive to a request for access to a service provided by the service provider;
receiving, by the UE comprising the processor, an authorization request to create an access token for the SP, wherein the authorization request is approved by a user of the UE;
in response to the authorization request, at the UE, creating the access token, wherein the access token is associated with the user approval of the authorization request;
issuing, by the UE, an identity (ID) token in accordance with the request for at least one token, such that the ID token is verified to provide the UE access to the service;
issuing, by the UE, the access token; and
releasing, by a user information endpoint that resides on the UE, a user attribute if the access token is verified.
1 Assignment
0 Petitions
Accused Products
Abstract
A user equipment (UE) may perform functions locally, such as on a trusted module that resides within the UE. For example, a UE may perform functions associated with a single sign-on protocol, such as OpenID Connect for example, via a local identity provider function. For example, a UE may generate identity tokens and access tokens that can be used by a service provider to retrieve user information, such as identity information and/or user attributes. User attributes may be retrieved via a user information endpoint that may reside locally on the UE or on a network entity. A service provider may grant a user access to a service based on the information that it retrieves using the tokens.
-
Citations
19 Claims
-
1. A method for implementing identity management within a system comprising a user equipment (UE), an identity provider (IdP), and a service provider (SP) which communicate via a network, wherein the UE comprises a processor, the method comprising:
-
receiving, by the UE comprising the processor, a request for at least one token, wherein the request for the at least one token is responsive to a request for access to a service provided by the service provider; receiving, by the UE comprising the processor, an authorization request to create an access token for the SP, wherein the authorization request is approved by a user of the UE; in response to the authorization request, at the UE, creating the access token, wherein the access token is associated with the user approval of the authorization request; issuing, by the UE, an identity (ID) token in accordance with the request for at least one token, such that the ID token is verified to provide the UE access to the service; issuing, by the UE, the access token; and releasing, by a user information endpoint that resides on the UE, a user attribute if the access token is verified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 18)
-
-
13. A wireless/transmit receive unit (WTRU) comprising:
-
a memory comprising executable instructions; and a hardware processor in communications with the memory to execute the instructions, such that the processor is configured to; receive a request for at least one token, wherein the request for the at least one token is responsive to a request for access to a service provided by a service provider (SP); receive an authorization request to create an access token for the SP, wherein the authorization request is approved by a user of the WTRU; in response to the authorization request, create the access token, wherein the access token is associated with the user approval of the authorization request; issue the identity (ID) token in accordance with the request for the at least one token, wherein the ID token is verified to provide the WTRU access to the service; issue the access token; and release, by a user information endpoint that resides on the WTRU, a user attribute if the access token is verified. - View Dependent Claims (14, 15, 16, 17, 19)
-
Specification