Method and apparatus for establishing a federated identity using a personal wireless device

US 8,522,039 B2
Filed: 06/09/2004
Issued: 08/27/2013
Est. Priority Date: 06/09/2004
Status: Active Grant

First Claim

Patent Images

1. A method for performing transactions between a user and a merchant at a same location, the method comprising:

a personal wireless device authenticating the user of the personal wireless device;

in response to successful authentication of the user of the personal wireless device, the personal wireless device providing credentials to a federated identity provider to authenticate the personal wireless device with the federated identity provider;

in response to successful authentication of the personal wireless device after providing the credentials, the personal wireless device receiving a token for the user from the federated identity provider, wherein the token is a temporary token having an expiry;

the personal wireless establishing a communication session with a merchant located at a first location, wherein the personal wireless device is also located at the first location during the communication session, and wherein the communication session is established using a short range wireless communication protocol; and

the personal wireless device providing the token to the merchant using the short range wireless communication protocol to purchase goods or services from the merchant.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A federated identity, established through possession of a single sign-on token, will allow a personal wireless device (PWD) to be used in a commercial environment to purchase goods or services, access a building, access a telephone, wireless, or computer network, or in numerous other instances. The token may be obtained by the user authenticating with the PWD and the PWD authenticating with the network. When the PWD comes within range of a service provider, a session is established using a short range wireless protocol, such as Bluetooth or infrared. The session is secured using a security protocol such as SSL, and the service provider authenticates its identity to the PWD. Policy may be implemented regarding transmission of the token to the service provider. Upon receipt of the token, the service provider will validate the token with the federated identity provider, obtain identifying information, and complete the transaction.

262 Citations

30 Claims

1. A method for performing transactions between a user and a merchant at a same location, the method comprising:
- a personal wireless device authenticating the user of the personal wireless device;
  
  in response to successful authentication of the user of the personal wireless device, the personal wireless device providing credentials to a federated identity provider to authenticate the personal wireless device with the federated identity provider;
  
  in response to successful authentication of the personal wireless device after providing the credentials, the personal wireless device receiving a token for the user from the federated identity provider, wherein the token is a temporary token having an expiry;
  
  the personal wireless establishing a communication session with a merchant located at a first location, wherein the personal wireless device is also located at the first location during the communication session, and wherein the communication session is established using a short range wireless communication protocol; and
  
  the personal wireless device providing the token to the merchant using the short range wireless communication protocol to purchase goods or services from the merchant.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the personal wireless device is a cellular telephone.
  - 3. The method of claim 1, wherein said requesting the token and said receiving the token is performed over a first wireless network.
  - 4. The method of claim 3, wherein the first wireless network does not use the short range wireless communication protocol.
  - 5. The method of claim 3, wherein the first wireless network comprises a cellular telephone network.
  - 6. The method of claim 1, wherein the short range wireless communication protocol is Bluetooth.
  - 7. The method of claim 1, wherein the short range wireless communication protocol comprises an 802.11 wireless communication protocol.
  - 8. The method of claim 1, wherein the short range wireless communication protocol comprises an infrared wireless communication protocol.
  - 9. The method of claim 1, wherein said providing the token to the merchant is based on a policy for providing the token.
  - 10. The method of claim 9, wherein the policy comprises a set of rules relating to whether particular service providers or classes of service providers should receive the token automatically, never, or upon direction by the user.
  - 11. The method of claim 1, further comprising:
    - the personal wireless device verifying the identity of the merchant.
  - 12. The method of claim 11, wherein said verifying the identity of the merchant comprises obtaining identification information identifying a merchant device associated with the merchant.
  - 13. The method of claim 1, further comprising:
    - automatically terminating the communication session with the merchant.
  - 14. The method of claim 13, wherein said automatically terminating the communication session is based on a change in wireless signal characteristics between the personal wireless device and the merchant.
  - 15. The method of claim 1, wherein authenticating the personal wireless device with the federated identity provider is based on authenticating the personal wireless device with a wireless network.
  - 16. The method of claim 1, further comprising:
    - the personal wireless device determining whether the merchant is a recognized merchant;
      
      wherein said providing the token to the merchant is performed based on the personal wireless device determining that the merchant is a recognized merchant.

17. A non-transitory, computer accessible memory medium of a personal wireless device, wherein the memory medium stores program instructions for performing transactions between a user and a merchant at a same location, wherein the program instructions are executable to:
- authenticate the user of the personal wireless device;
  
  in response to successful authentication of the user of the personal wireless device, provide credentials to a federated identity provider to authenticate the personal wireless device with the federated identity provider;
  
  in response to successful authentication of the personal wireless device after providing the credentials, receive a token for the user from the federated identity provider, wherein the token is a temporary token having an expiry;
  
  establish a communication session with a merchant located at a first location, wherein the personal wireless device is also located at the first location during the communication session, and wherein the communication session is established using a short range wireless communication protocol; and
  
  provide the token to the merchant using the short range wireless communication protocol to purchase goods or services from the merchant.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The non-transitory, computer accessible memory medium of claim 17, wherein said requesting the token and said receiving the token is performed over a first wireless network.
  - 19. The non-transitory, computer accessible memory medium of claim 18, wherein the first wireless network comprises a cellular telephone network.
  - 20. The non-transitory, computer accessible memory medium of claim 17, wherein the short range wireless communication protocol is Bluetooth.
  - 21. The non-transitory, computer accessible memory medium of claim 17, wherein the short range wireless communication protocol comprises an 802.11 wireless communication protocol.
  - 22. The non-transitory, computer accessible memory medium of claim 17, wherein the short range wireless communication protocol comprises an infrared wireless communication protocol.
  - 23. The non-transitory, computer accessible memory medium of claim 17, wherein the program instructions are further executable to:
    - determine whether the merchant is a recognized merchant;
      
      wherein providing the token to the merchant is performed based on the personal wireless device determining that the merchant is a recognized merchant.

24. A personal wireless device, comprising:
- wireless communication circuitry for performing wireless communication over one or more wireless networks;
  
  logic coupled to the wireless circuitry, wherein the logic is configured to;
  
  authenticate a user of the personal wireless device;
  
  in response to successful authentication of the user of the personal wireless device, provide credentials to a federated identity provider to authenticate the personal wireless device with the federated identity provider;
  
  in response to successful authentication of the personal wireless device after providing the credentials, receive a token for the user from the federated identity provider, wherein the token is a temporary token having an expiry;
  
  establish a communication session with a merchant located at a first location using the wireless communication circuitry, wherein the personal wireless device is also located at the first location during the communication session, and wherein the communication session is established using a short range wireless communication protocol; and
  
  provide the token to the merchant using the short range wireless communication protocol to purchase goods or services from the merchant.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The personal wireless device of claim 24, wherein the wireless communication circuitry comprises:
    - first wireless communication circuitry for performing communication over a first wireless network, wherein said requesting the token and said receiving the token is performed over the first wireless network; and
      
      short range wireless communication circuitry for performing communication using the short range wireless communication protocol.
  - 26. The personal wireless device of claim 25, wherein the first wireless communication circuitry is configured to perform cellular communication, wherein the first wireless network comprises a cellular telephone network.
  - 27. The personal wireless device of claim 24, wherein the wireless communication circuitry comprises Bluetooth wireless communication circuitry, and wherein the short range wireless communication protocol is Bluetooth.
  - 28. The personal wireless device of claim 24, wherein the wireless communication circuitry comprises 802.11 wireless communication circuitry, wherein the short range wireless communication protocol comprises an 802.11 wireless communication protocol.
  - 29. The personal wireless device of claim 24, wherein the wireless communication circuitry comprises infrared wireless communication circuitry wherein the short range wireless communication protocol comprises an infrared wireless communication protocol.
  - 30. The personal wireless device of claim 24, wherein the logic is configured to:
    - determine whether the merchant is a recognized merchant;
      
      wherein providing the token to the merchant is performed based on the personal wireless device determining that the merchant is a recognized merchant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Hyndman, Arn, Sauriol, Nicholas
Primary Examiner(s)
ZECHER, CORDELIA P K

Application Number

US10/863,946
Publication Number

US 20050278547A1
Time in Patent Office

3,366 Days
Field of Search

713/185
US Class Current

713/185
CPC Class Codes

G06F 21/35   communicating wirelessly

G06Q 20/3823   combining multiple encrypti...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G07C 9/20   involving the use of a pass

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/20   for managing network securi...

Method and apparatus for establishing a federated identity using a personal wireless device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

262 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for establishing a federated identity using a personal wireless device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

262 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links