IDENTIFICATION AND ACCESS CONTROL OF USERS IN A DISCONNECTED MODE ENVIRONMENT

US 20090205032A1
Filed: 02/11/2008
Published: 08/13/2009
Est. Priority Date: 02/11/2008
Status: Active Grant

First Claim

Patent Images

1. A method to enable a mobile device user to perform a mobile device-aided operation, comprising:

receiving at the mobile device a token that is usable to obtain an authentication when the mobile device is operating in a disconnected mode;

while the mobile device is operating in the disconnected mode, presenting the token to obtain the authentication; and

upon receipt of the authentication, performing the mobile device-aided operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides identification and access control for an end user mobile device in a disconnected mode environment, which refers generally to the situation where, in a mobile environment, a mobile device is disconnected from or otherwise unable to connect to a wireless network. The inventive method provides the mobile device with a “long term” token, which is obtained from an identity provider coupled to the network. The token may be valid for a given time period. During that time period, the mobile device can enter a disconnected mode but still obtain a mobile device-aided function (e.g., access to a resource) by presenting for authentication the long term token. Upon a given occurrence (e.g., loss of or theft of the mobile device) the long term token is canceled to restrict unauthorized further use of the mobile device in disconnected mode.

77 Citations

View as Search Results

20 Claims

1. A method to enable a mobile device user to perform a mobile device-aided operation, comprising:
- receiving at the mobile device a token that is usable to obtain an authentication when the mobile device is operating in a disconnected mode;
  
  while the mobile device is operating in the disconnected mode, presenting the token to obtain the authentication; and
  
  upon receipt of the authentication, performing the mobile device-aided operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as described in claim 1 wherein the mobile device operates in the disconnected mode when the mobile device cannot access an identity provider.
  - 3. The method as described in claim 2 wherein the mobile device can access a network provider.
  - 4. The method as described in claim 1 wherein the token is a single sign-on (SSO) token.
  - 5. The method as described in claim 2 wherein the SSO token is associated with a federated computing environment single sign-on (F-SSO).
  - 6. The method as described in claim 1 further including canceling the token upon a given occurrence.
  - 7. The method as described in claim 1 wherein the token is presented by the mobile device to a given application.
  - 8. The method as described in claim 1 wherein the step of presenting the token to obtain the authentication also validates a digital signature associated with the token.
  - 9. The method as described in claim 1 wherein the step of presenting the token to obtain the authentication also verifies that the mobile device is operating in the disconnected mode.
  - 10. The method as described in claim 1 wherein the token is generated by an issuing device.

11. A method, using a mobile device, to enable a mobile device user to perform a mobile device-aided operation, comprising:
- with the mobile device in a first mode of operation, receiving and storing at the mobile device a data string, the data string usable to obtain an authentication of the mobile device user; and
  
  with the mobile device in a second mode of operation distinct from the first mode of operation, having the mobile device present the data string to an application to attempt to obtain the authentication;
  
  upon obtaining the authentication, and with the mobile device in the second mode of operation, performing the mobile device-aided operation using the application.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method as described in claim 11 wherein the second mode of operation is a mode in which the mobile device cannot access an identity provider.
  - 13. The method as described in claim 12 wherein the mobile device can access a network provider when the mobile device is operating in the second mode of operation.
  - 14. The method as described in claim 11 wherein the data string is a security token.
  - 15. The method as described in claim 14 wherein the security token enables a single sign-on operation.
  - 16. The method as described in claim 11 wherein the authentication includes validating the data string.

17. A method, using a mobile device, to enable a mobile device user to perform a mobile device-aided operation, comprising:
- receiving and storing at the mobile device a token, the token usable to assert an identity or privilege associated with the mobile device user; and
  
  with the mobile device in an identity provider-disconnected mode of operation, presenting the token to an application to enable the mobile device user to perform the mobile device-aided operation using the application.
- View Dependent Claims (18)
- - 18. The method as described in claim 17 further including:
    - upon a given occurrence, canceling the token.

19. A mobile device, comprising:
- a radio;
  
  a man-machine interface;
  
  a network interface;
  
  a processor;
  
  a computer-readable medium having processor-executable instructions for performing the following method steps;
  
  receiving and storing a token that is usable to assert an identity or privilege associated with a user of the mobile device; and
  
  with the mobile device in an identity provider-disconnected mode of operation, presenting the token to enable the mobile device user to perform a mobile device-aided operation.

20. An access control system having an associated token issuing device, the system comprising:
- an application; and
  
  software executable in a mobile device when the mobile device is operating in a first mode of operation to receive and store in the mobile device a token, wherein the token is generated by the token issuing device and is usable to obtain an authentication of a mobile device user;
  
  the software being further executable when the mobile device is operating in a disconnected mode of operation to present the token to attempt to obtain the authentication;
  
  the software being further executable upon obtaining the authentication, and with the mobile device in the disconnected mode of operation, to enable the mobile device user to perform a mobile device-aided operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nadalin, Anthony Joseph, Hinton, Heather Maria

Granted Patent

US 8,782,759 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04W 12/06   Authentication

H04W 12/082   using revocation of authori...

H04W 12/126   Anti-theft arrangements, e....

IDENTIFICATION AND ACCESS CONTROL OF USERS IN A DISCONNECTED MODE ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

77 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IDENTIFICATION AND ACCESS CONTROL OF USERS IN A DISCONNECTED MODE ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links