Method and apparatus for providing bootstrapping procedures in a communication network
US-9300641-B2 · Mar 29, 2016 · US
OpenID/local openID security
US10044713B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10044713-B2 |
| Application number | US-201213589991-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 20, 2012 |
| Priority date | Aug 19, 2011 |
| Publication date | Aug 7, 2018 |
| Grant date | Aug 7, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Identity management, user authentication, and/or user access to services on a network may be provided in a secure and/or trustworthy manner, as described herein. For example, trustworthy claims may be used to indicate security and/or trustworthiness of a user or user device on a network. Security and/or trustworthiness of a user or a user device on a network may also be established using OpenID and/or local OpenID, a secure channel between a service and the user device, and/or by including a network layer authentication challenge in an application layer authentication challenge on the user device for example.
First claim
Opening claim text (preview).
What is claimed: 1. A method performed by a user device comprising a processor and a memory, the method comprising: receiving a plurality of claims that each define a key and a value associated with the key, from a network identity provider, such that the plurality of claims is enrolled in the user device, wherein each claim is representative of a verifiable attribute associated with a user of the user device, and each claim is verified by the network identity provider before the claim is enrolled in the user device, such that each claim is associated with a trust that a service has in the network identity provider; after each claim is verified by the network identity provider, storing the plurality of claims on a secure local entity on the user device such that the plurality of claims cannot be changed by the user; creating a first digital identity associated with the user and corresponding to the service, wherein the first digital identity is based on a first portion of the plurality of claims; in response to a user selection of the first digital identity, authenticating with the service using the first digital identity such that the first digital identity conveys, to the service, respective verifiable attributes represented by the first portion of the claims, and the trust associated with the claims; removing the first portion of claims from the secure local entity on the user device when the first portion of claims expires, wherein each claim in the first portion of claims comprises expiration information corresponding to when the respective claim expires. 2. The method of claim 1 , wherein the first digital identity is associated with the trust that the service has in the network identity provider. 3. The method of claim 1 , the method further comprising: creating a second digital identity associated with the user and corresponding to the service, wherein the second digital identity is based on a second portion of the plurality of claims; and authenticating with the service using the second digital identity such that the second digital identity conveys, to the service, respective verifiable attributes represented by the second portion of the claims. 4. The method of claim 3 , wherein at least one of the first and second digital identities is based on one claim. 5. The method of claim 3 , wherein at least one of the first and second digital identities is based on more than one claim. 6. The method of claim 1 , the method further comprising: sending the first digital identity to the service so that the service can authenticate the user and verify at least one required attribute of the user. 7. The method of claim 1 , wherein the first portion of the plurality of claims represents an age of the user. 8. A user device comprising a processor and a memory, the memory comprising computer-executable instructions that when executed by the processor, cause the processor to perform operations comprising: receiving a plurality of claims that each define a key and a value associated with the key, from a network identity provider, such that the plurality of claims is enrolled in the user device, wherein each claim is representative of a verifiable attribute associated with a user of the user device, and each claim is verified by the network identity provider before the claim is enrolled in the user device, such that each claim is associated with a trust that a service has in the network identity provider; after each claim is verified by the network identity provider, storing the plurality of claims on a secure local entity on the user device such that the plurality of claims cannot be changed by the user; creating a first digital identity associated with the user and corresponding to the service, wherein the first digital identity is based on a first portion of the plurality of claims; in response to a user selection of the first digital identity, authenticating with the service using the first digital identity such that the first digital identity conveys, to the service, respective verifiable attributes represented by the first portion of the claims, and the trust associated with the claims; and removing the first portion of claims from the secure local entity on the user device when the first portion of claims expires, wherein each claim in the first portion of claims comprises expiration information corresponding to when the respective claim expires. 9. The user device of claim 8 , wherein the first digital identity is associated with the trust that the service has in the network identity provider. 10. The user device of claim 8 , the memory further comprising computer-executable instructions that when executed by the processor, cause the processor to perform operations further comprising: creating a second digital identity associated with the user and corresponding to the service, wherein the second digital identity is based on a second portion of the plurality of claims; and authenticating with the service using the second digital identity such that the second digital identity conveys, to the service, respective verifiable attributes represented by the second portion of the claims. 11. The user device of claim 10 , wherein at least one of the first and second digital identities is based on one claim. 12. The user device of claim 10 , wherein at least one of the first and second digital identities is based on more than one claim. 13. The user device of claim 8 , the memory further comprising computer-executable instructions that when executed by the processor, cause the processor to perform operations further comprising: sending the first digital identity to the service so that the service can authenticate the user and verify at least one required attribute of the user. 14. The user device of claim 8 , wherein the first portion of the plurality of claims represents an age of the user.
Assignees
Inventors
Classifications
- H04L63/0876Primary
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10044713B2 cover?
- Identity management, user authentication, and/or user access to services on a network may be provided in a secure and/or trustworthy manner, as described herein. For example, trustworthy claims may be used to indicate security and/or trustworthiness of a user or user device on a network. Security and/or trustworthiness of a user or a user device on a network may also be established using OpenID…
- Who is the assignee on this patent?
- Leicher Andreas, Schmidt Andreas, Shah Yogendra, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0876. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 07 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).