SYSTEM AND METHOD FOR SECURE IDENTITY SERVICE
First Claim
1. A method for managing user identities on a network comprising:
- receiving a request to register an identity for a first user, the request including a token uniquely identifying a mobile device of the first user on the network, one or more identification (ID) codes uniquely identifying the first user;
storing an entry for the first user within a registration database, the entry associating the token with the user ID codes;
receiving a query from a second user to communicate with the first user, the query including at least one of the ID codes identifying the first user, the query including at least one ID code of the second user and a token uniquely identifying a mobile device of the second user on the network;
generating a first query signature over one or more of the ID codes and tokens of the first and second users, and a timestamp, the query signature usable by network services to authenticate communication between the first and second users on the network; and
transmitting the first query signature and the first user'"'"'s token to the mobile device of second user.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for securely processing identity information. For example, in one embodiment of the invention, a first user is registered on an identity service with one or more identification (ID) codes and a token. In response to a query from a second user to connect with the first user, a query signature is generated using the one or more ID codes and token of the first and second users, and a timestamp. The query signature is usable by network services to authenticate communication between the first and second users on the network over a specified period of time. In another embodiment, user ID codes and tokens are cached on mobile devices and/or a system cache to improve performance. The validity of the cached data is determined by calculating a fingerprint which, in one embodiment, is a hash of the ID code, token and a timestamp.
-
Citations
31 Claims
-
1. A method for managing user identities on a network comprising:
-
receiving a request to register an identity for a first user, the request including a token uniquely identifying a mobile device of the first user on the network, one or more identification (ID) codes uniquely identifying the first user; storing an entry for the first user within a registration database, the entry associating the token with the user ID codes; receiving a query from a second user to communicate with the first user, the query including at least one of the ID codes identifying the first user, the query including at least one ID code of the second user and a token uniquely identifying a mobile device of the second user on the network; generating a first query signature over one or more of the ID codes and tokens of the first and second users, and a timestamp, the query signature usable by network services to authenticate communication between the first and second users on the network; and transmitting the first query signature and the first user'"'"'s token to the mobile device of second user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving a first query from a mobile device of a first user to communicate with a mobile device of a second user; responsively providing the mobile device of the first user with one or more identities of the second user, a token containing network information for a mobile device of the second user, and a fingerprint generated with the one or more identities of the first user, the token, and a timestamp; subsequently checking the fingerprint on the mobile device of the first user to determine if the fingerprint is still valid in response to a second query generated from the first user to communicate with the second user, wherein if the fingerprint is still valid then re-using the one or more identities of the second user and the token of the second user provided in response to the first query. - View Dependent Claims (12, 13, 14, 15, 16, 20, 21, 22, 23, 24, 25)
-
-
17. A machine-readable medium having program code stored thereon which, when executed by one or more machines, causes the machines to perform the operations of:
-
receiving a request from the second user at a first application-specific network service to establish a communication channel with the first user; generating a second query signature at the first application-specific network service using the ID codes and tokens of the first and second users, and a current timestamp; if the first query signature and the second query signatures match, then allowing communication between the first user and the second user using the application-specific network service. - View Dependent Claims (18, 19)
-
-
26. A machine-readable medium having program code stored thereon which, when executed by one or more machines, causes the machines to perform the operations of:
-
receiving a first query from a mobile device of a first user to communicate with a mobile device of a second user; responsively providing the mobile device of the first user with one or more identities of the second user, a token containing network information for a mobile device of the second user, and a fingerprint generated with the one or more identities of the first user, the token, and a timestamp; subsequently checking the fingerprint on the mobile device of the first user to determine if the fingerprint is still valid in response to a second query generated from the first user to communicate with the second user, wherein if the fingerprint is still valid then re-using the one or more identities of the second user and the token of the second user provided in response to the first query. - View Dependent Claims (27, 28, 29, 30, 31)
-
Specification