Method and apparatus for single sign-on collaboraton among mobile devices

US 8,955,081 B2
Filed: 12/27/2012
Issued: 02/10/2015
Est. Priority Date: 12/27/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus for enabling a user of a first mobile device to extend user authentication credentials to a second mobile device, the apparatus comprising:

a server having a processor that is configured to;

issue and send a first identity token to the first mobile device, wherein the first identity token can be utilized to authenticate the user of the first mobile device to a service provider;

establish a collaboration key with the first mobile device, wherein generation of the collaboration key is based on one or more of user authentication and receipt of a request, associated with the first identity token, for a collaboration key;

receive a collaboration credential from the second mobile device, wherein the collaboration credential is based on, the collaboration key;

verify the collaboration credential received from the second mobile device; and

in response to verifying the collaboration credential received from the second mobile device, issue and send a second identity token to the second mobile device, wherein the second identity token can be utilized to authenticate the user at second mobile device to the service provider;

the processor further is configured to receive, from the first mobile device a collaboration notification that identifies the first mobile device as a source of the collaboration credential and identifies the second mobile device as a recipient of the collaboration credential.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration key to the first device based on the first identity token or user authentication. The first device generates and sends a collaboration credential based on the collaboration key to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

157 Citations

View as Search Results

27 Claims

1. An apparatus for enabling a user of a first mobile device to extend user authentication credentials to a second mobile device, the apparatus comprising:
- a server having a processor that is configured to;
  
  issue and send a first identity token to the first mobile device, wherein the first identity token can be utilized to authenticate the user of the first mobile device to a service provider;
  
  establish a collaboration key with the first mobile device, wherein generation of the collaboration key is based on one or more of user authentication and receipt of a request, associated with the first identity token, for a collaboration key;
  
  receive a collaboration credential from the second mobile device, wherein the collaboration credential is based on, the collaboration key;
  
  verify the collaboration credential received from the second mobile device; and
  
  in response to verifying the collaboration credential received from the second mobile device, issue and send a second identity token to the second mobile device, wherein the second identity token can be utilized to authenticate the user at second mobile device to the service provider;
  
  the processor further is configured to receive, from the first mobile device a collaboration notification that identifies the first mobile device as a source of the collaboration credential and identifies the second mobile device as a recipient of the collaboration credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein the processor is configured to establish a collaboration key by one or more of:
    - receiving at least one of a public key and a digital certificate from the first mobile device;
      
      generating at least one of a symmetric key and a public key pair as the collaboration credential and sending the collaboration credential to the first mobile device; and
      
      mutually generating the collaboration key with the first mobile device.
  - 3. The apparatus of claim 1, wherein the collaboration key is configured as one of a symmetric key and a key pair.
  - 4. The apparatus of claim 1, wherein the processor is configured to receive the request for a collaboration key from the first mobile device and wherein the processor is configured to generate the collaboration key in response to receiving the request.
  - 5. The apparatus of claim 1, further comprising the first mobile device, wherein the first mobile device is configured to:
    - receive the first identity token and the collaboration key from the server;
      
      generate the collaboration credential based on the collaboration key; and
      
      send the collaboration credential to the second mobile device.
  - 6. The apparatus of claim 5, wherein the first mobile device further is configured to configure the collaboration credential as a data structure comprising at least one of an identification of the user, an identification of the first mobile device, an identification of which of a plurality of mobile devices are permitted to collaborate with the first mobile device, and an identification of the conditions under which the collaboration is permitted to be conducted.
  - 7. The apparatus of claim 5, further comprising the second mobile device, wherein the second mobile device is configured to:
    - receive the collaboration credential from the first mobile device;
      
      send the collaboration credential to the server; and
      
      in response to sending the collaboration credential, receive the second identity token.
  - 8. The apparatus of claim 1, wherein the processor further is configured to receive the collaboration credential from a third mobile device and, in response to receiving the collaboration credential from the third mobile device, issue and send a third identity token to the third mobile device, wherein the third identity token can be utilized to authenticate the user of the third mobile device to the service provider.
  - 9. The apparatus of claim 1, wherein the processor further is configured to configure each identity token as a data structure comprising at least one of an identification of the user and an identification of the mobile device to which the respective identity token is sent.
  - 10. The apparatus of claim 1, wherein the server comprises an identity management server that is configured to issue each identity token, generate the collaboration key, and verify the collaboration credential.
  - 11. The apparatus of claim 1, wherein the server comprises:
    - an identity management server that is configured to issue each identity token; and
      
      a collaboration manager server that is configured to generate the collaboration key and verify the collaboration credential.

12. A method for enabling a user of a first mobile device to extend user authentication credentials to a second mobile device, the method comprising:
- issuing and sending a first identity token to the first mobile device, wherein the first identity token can be utilized to authenticate the user of the first mobile device to a service provider;
  
  establishing a collaboration key with the first mobile device, wherein generation of the collaboration key is based on one or more of user authentication and receipt of a request, associated with the first identity token, for a collaboration key and wherein the collaboration credential is sharable among a plurality of mobile devices;
  
  receiving a collaboration credential from the second mobile device wherein the collaboration credential is different from, and is based on, the collaboration key;
  
  verifying the collaboration credential received from the second mobile device; and
  
  in response to verifying the collaboration credential received from the second mobile device, issuing and sending a second identity token to the second mobile device, wherein the second identity token can be utilized to authenticate the second mobile device to the service provider;
  
  receiving a collaboration notification that identifies the first mobile device as a source of the collaboration credential and identifies the second mobile device as a recipient of the collaboration credential.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, wherein establishing a collaboration key comprises one or more of:
    - receiving at least one of a public key and a digital certificate from the first mobile device;
      
      generating at least one of a symmetric key and a public key pair as the collaboration credential and sending the collaboration credential to the first mobile device; and
      
      mutually generating the collaboration key with the first mobile device.
  - 14. The method of claim 12, wherein the collaboration key is configured as one of a symmetric key and a key pair.
  - 15. The method of claim 12, wherein the method further comprises receiving a request for a collaboration key from the first mobile device and wherein generating the collaboration credential comprises generating the collaboration key in response to receiving the request.
  - 16. The method of claim 12, further comprising:
    - receiving, by the first mobile device, the first identity token and the collaboration key from the server;
      
      generating, by the first mobile device, the collaboration credential based on the collaboration key; and
      
      sending, by the first mobile device, the collaboration credential to the second mobile device.
  - 17. The method of claim 16, further comprising:
    - receiving, by the second mobile device, the collaboration credential from the first mobile device;
      
      sending, by the second mobile device to the server, the collaboration credential; and
      
      in response to sending the collaboration credential, receiving, by the second mobile device, the second identity token.
  - 18. The method of claim 12, further comprising:
    - receiving the collaboration credential from a third mobile device; and
      
      in response to receiving the collaboration credential from the third mobile device, issuing and sending a third identity token to the third mobile device, wherein the third identity token can be utilized to authenticate the user of the third mobile device to the service provider.
  - 19. The method of claim 12, further comprising configuring the collaboration credential as a data structure comprising at least one of an identification of the user, an identification of the first mobile device, an identification of which of a plurality of mobile devices are permitted to collaborate with the first mobile device, and an identification of the conditions under which the collaboration is permitted to be conducted.
  - 20. The method of claim 12, further comprising configuring each identity token as a data structure comprising at least one of an identification of the user and an identification of the mobile device to which the respective identity token is sent.

21. An apparatus for enabling single sign-on collaboration among a plurality of mobile devices, the apparatus comprising:
- a mobile device comprising a processor that is configured to;
  
  receive each of a first identity token and a collaboration key from a server, wherein the first identity token can be utilized to authenticate a user of the mobile device to a service provider;
  
  generate a collaboration credential based on the collaboration key, wherein the collaboration credential is different from the collaboration key, is sharable among the plurality of mobile devices, and is configured to enable each mobile device of the plurality of mobile devices to obtain an identity token; and
  
  send the collaboration credential to another mobile device;
  
  wherein the processor further is configured to send a collaboration notification to the server, wherein the collaboration notification identifies the mobile device as a source of the collaboration credential and identifies the another mobile device as a recipient of the collaboration credential.
- View Dependent Claims (22, 23, 24)
- - 22. The apparatus of claim 21, wherein the collaboration key is configured as one of a symmetric key and a key pair.
  - 23. The apparatus of claim 21, wherein the processor is configured to receive the collaboration key by sending a request for a collaboration key to the server, wherein the request is associated with the first identity token, and, in response to sending the request, receive the collaboration key.
  - 24. The apparatus of claim 21, wherein the mobile device is a first mobile device and wherein the apparatus further comprises a second mobile device that is configured to:
    - receive the collaboration credential from the first mobile device;
      
      send the collaboration credential to the server; and
      
      in response to sending the collaboration credential, receive a second identity token from the server, wherein the second identity token can be utilized to authenticate the user of the second mobile device to the service provider.

25. A method for enabling single sign-on collaboration among a plurality of mobile devices, the method comprising:
- receiving, by a mobile device of the plurality of mobile devices, each of a first identity token and a collaboration key from a server, wherein the first identity token can be utilized to authenticate a user of a mobile device to a service provider;
  
  generating a collaboration credential based on the collaboration key, wherein the collaboration credential is different from the collaboration key, is sharable among the plurality of mobile devices, and is configured to enable each mobile device of the plurality of mobile devices to obtain an identity token; and
  
  send the collaboration credential to another mobile device of the plurality of mobile devices;
  
  sending a collaboration notification to the server, wherein the collaboration notification-identifies the mobile device as a source of the collaboration credential and identifies the another mobile device as a recipient of the collaboration credential.
- View Dependent Claims (26, 27)
- - 26. The method of claim 25, wherein the collaboration key is configured as one of a symmetric key and a key pair.
  - 27. The method of claim 25, wherein receiving the collaboration key comprises:
    - sending a request for a collaboration key to the server, wherein the request is associated with the first identity token; and
      
      in response to sending the request, receiving the collaboration key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola Solutions, Inc.
Inventors
Metke, Anthony R., Reitsma, Katrin, Lewis, Adam C., Popovich, George, Upp, Steven D.
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US13/728,521
Publication Number

US 20140189834A1
Time in Patent Office

775 Days
Field of Search

726/7, 726/8, 726/9
US Class Current

726/8
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 88/04   adapted for relaying to or ...

Method and apparatus for single sign-on collaboraton among mobile devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

157 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for single sign-on collaboraton among mobile devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links