IDENTIFICATION AND ACCESS CONTROL OF USERS IN A DISCONNECTED MODE ENVIRONMENT
First Claim
1. A method to enable a mobile device user to perform a mobile device-aided operation, comprising:
- receiving at the mobile device a token that is usable to obtain an authentication when the mobile device is operating in a disconnected mode;
while the mobile device is operating in the disconnected mode, presenting the token to obtain the authentication; and
upon receipt of the authentication, performing the mobile device-aided operation.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides identification and access control for an end user mobile device in a disconnected mode environment, which refers generally to the situation where, in a mobile environment, a mobile device is disconnected from or otherwise unable to connect to a wireless network. The inventive method provides the mobile device with a “long term” token, which is obtained from an identity provider coupled to the network. The token may be valid for a given time period. During that time period, the mobile device can enter a disconnected mode but still obtain a mobile device-aided function (e.g., access to a resource) by presenting for authentication the long term token. Upon a given occurrence (e.g., loss of or theft of the mobile device) the long term token is canceled to restrict unauthorized further use of the mobile device in disconnected mode.
77 Citations
20 Claims
-
1. A method to enable a mobile device user to perform a mobile device-aided operation, comprising:
-
receiving at the mobile device a token that is usable to obtain an authentication when the mobile device is operating in a disconnected mode; while the mobile device is operating in the disconnected mode, presenting the token to obtain the authentication; and upon receipt of the authentication, performing the mobile device-aided operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, using a mobile device, to enable a mobile device user to perform a mobile device-aided operation, comprising:
-
with the mobile device in a first mode of operation, receiving and storing at the mobile device a data string, the data string usable to obtain an authentication of the mobile device user; and with the mobile device in a second mode of operation distinct from the first mode of operation, having the mobile device present the data string to an application to attempt to obtain the authentication; upon obtaining the authentication, and with the mobile device in the second mode of operation, performing the mobile device-aided operation using the application. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method, using a mobile device, to enable a mobile device user to perform a mobile device-aided operation, comprising:
-
receiving and storing at the mobile device a token, the token usable to assert an identity or privilege associated with the mobile device user; and with the mobile device in an identity provider-disconnected mode of operation, presenting the token to an application to enable the mobile device user to perform the mobile device-aided operation using the application. - View Dependent Claims (18)
-
-
19. A mobile device, comprising:
-
a radio; a man-machine interface;
a network interface;a processor; a computer-readable medium having processor-executable instructions for performing the following method steps; receiving and storing a token that is usable to assert an identity or privilege associated with a user of the mobile device; and with the mobile device in an identity provider-disconnected mode of operation, presenting the token to enable the mobile device user to perform a mobile device-aided operation.
-
-
20. An access control system having an associated token issuing device, the system comprising:
-
an application; and software executable in a mobile device when the mobile device is operating in a first mode of operation to receive and store in the mobile device a token, wherein the token is generated by the token issuing device and is usable to obtain an authentication of a mobile device user; the software being further executable when the mobile device is operating in a disconnected mode of operation to present the token to attempt to obtain the authentication; the software being further executable upon obtaining the authentication, and with the mobile device in the disconnected mode of operation, to enable the mobile device user to perform a mobile device-aided operation.
-
Specification