System and Method for Identity Management for Mobile Devices

US 20120214444A1
Filed: 02/15/2012
Published: 08/23/2012
Est. Priority Date: 02/15/2011
Status: Active Grant

First Claim

Patent Images

1. A system for managing user identity information on a mobile device, the system comprising:

the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other;

an identity provider in communication with the mobile device, the user identity information stored on the identity provider; and

a client service in communication with the mobile device;

wherein the user agent is configured to communicate with the identity provider and retrieve the user identity information for the client application, and the client application is configured to transmit the user identity information to the client service.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile device. The user agent is configured to communicate with the identity provider and retrieve the user identity for the client application, and the client application is configured to transmit the user identity to the client service.

153 Citations

26 Claims

1. A system for managing user identity information on a mobile device, the system comprising:
- the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other;
  
  an identity provider in communication with the mobile device, the user identity information stored on the identity provider; and
  
  a client service in communication with the mobile device;
  
  wherein the user agent is configured to communicate with the identity provider and retrieve the user identity information for the client application, and the client application is configured to transmit the user identity information to the client service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1 wherein the identity provider comprises a server, and the client service comprises another server.
  - 3. The system of claim 1 further comprising an application program interface (API) in association with the client application, the API configured to allow the client application to communicate with the client application.
  - 4. The system of claim 1 wherein the mobile device comprises an operating system, the operating system configured to invoke the user agent when turning on the mobile device.
  - 5. The system of claim 1 wherein the mobile device comprises multiple client applications, and the mobile device is configured to, upon signing into the user agent, sign into the multiple client applications.
  - 6. The system of claim 1 wherein the mobile device further comprises a credential store configured to store at least user credentials, the credential store in communication with the user agent.
  - 7. The system of claim 6 wherein the user credentials comprises a username and a password.
  - 8. The system of claim 6 wherein the user agent is further configured to:
    - display a graphical user interface, and receive through the GUI the user credentials;
      
      send the user credentials to the identity provider for verification;
      
      if the user credentials are verified, receiving a token from the identity provider; and
      
      storing the token and the user credentials in the credential store.
  - 9. The system of claim 8 wherein the client application is configured to:
    - receive a request from the client service for the user identity information;
      
      forward the request and the token to the identity provider; and
      
      receive the user identity information from the identity provider.
  - 10. The system of claim 9 wherein the identity provider is configured to authenticate the token, and if authenticated, the identity provider is further configured to send the user identity information to the identity provider.
  - 11. The system of claim 6 wherein the credential store is further configured to store credentials for the client application.
  - 12. The system of claim 11 wherein, to sign into the client application, the user agent is further configured to retrieve from the credential store the credentials for the client application and send the credentials for the client application to the client application;
    - and the client application is further configured to use the credentials for the client application to log into the client application.

13. A method for managing user identity information on a mobile device, the method comprising:
- a user agent on the mobile device retrieving the user identity information from an identity provider, the identity provider in communication with the mobile device;
  
  the user agent sending the user identity information to a client application on the mobile device; and
  
  ,the client application sending the user identity information to a client service, the client service in communication with the mobile device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The method of claim 13 wherein the identity provider comprises a server, and the client service comprises another server.
  - 15. The method of claim 13 wherein the mobile device comprises an operating system, and the method further comprises the operating system invoking the user agent when turning on the mobile device.
  - 16. The method of claim 13 wherein the mobile device comprises multiple client applications, and the method further comprises the mobile device, upon signing into the user agent, signing into the multiple client applications.
  - 17. The method of claim 13 further comprising storing at least user credentials on a credential store, the credential store on the mobile device and in communication with the user agent.
  - 18. The method of claim 17 wherein the user credentials comprises a username and a password.
  - 19. The method of claim 17 further comprising:
    - display a graphical user interface on the mobile device, and receive through the GUI the user credentials;
      
      the user agent sending the user credentials to the identity provider for verification;
      
      if the user credentials are verified, the user agent receiving a token from the identity provider; and
      
      the user agent storing the token and the user credentials in the credential store.
  - 20. The method of claim 19 wherein the client application is configured to:
    - receive a request from the client service for the user identity information;
      
      forward the request and the token to the identity provider; and
      
      receive the user identity information from the identity provider.
  - 21. The method of claim 20 further comprising the identity provider authenticating the token, and if authenticated, the identity provider sends the user identity information to the identity provider.
  - 22. The method of claim 17 wherein the credential store stores credentials for the client application.
  - 23. The method of claim 22 wherein, to sign into the client application, the method further comprises the user agent retrieving from the credential store the credentials for the client application and sending the credentials for the client application to the client application;
    - and the client application using the credentials for the client application to log into the client application.

24. A method of secure communication of data to a client service in communication with a client application, the method comprising:
- generating an encrypted token, the token comprising user profile data and a token secret, the token being decryptable by the client service;
  
  communicating the token to the client service for decryption; and
  
  communicating the token secret to the client application;
  
  wherein the client service is operable to verify that the token secret communicated to the client application is equal to the token secret of the token.
- View Dependent Claims (25, 26)
- - 25. The method of claim 24 wherein the identity provider generates the token secret, the identity provider in communication with a mobile device, and the mobile device comprising the client application.
  - 26. The method of claim 24 wherein if the token secret communicated to the client application is equal to the token secret of the token, the client service records that the token comprises the user profile data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
McBride, Brian Everett, Lambert, Kenneth Jason William, Cornet, Jérôme Bertrand Nicolas

Granted Patent

US 8,644,800 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/102   Entity profiles

H04L 63/12   Applying verification of th...

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

H04W 12/082   using revocation of authori...

System and Method for Identity Management for Mobile Devices

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

153 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Identity Management for Mobile Devices

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

153 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links