What technology area does this patent fall under?

Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Sep 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

System and Method for Identity Management for Mobile Devices

US2016285849A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016285849-A1
Application number	US-201615174831-A
Country	US
Kind code	A1
Filing date	Jun 6, 2016
Priority date	Feb 15, 2011
Publication date	Sep 29, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile device. The user agent is configured to communicate with the identity provider and retrieve the user identity for the client application, and the client application is configured to transmit the user identity to the client service.

First claim

Opening claim text (preview).

1 - 21 . (canceled) 22 . A non-transitory computer readable media for storing computer executable instructions for enabling a processor to perform cryptographic operations for secure communication of data to a client service in communication with an untrusted client application on the mobile device for enabling a user to utilize the client service, the computer executable instructions for: generating a request for user profile data stored externally at an identity provider; sending the request to the identity provider; obtaining, in response to the request, a token secret and an encrypted token provided to the untrusted client application and the client service, the encrypted token comprising the user profile data specified in the request and the token secret, the encrypted token being decryptable by the client service; the untrusted client application, unable to decrypt the encrypted token to obtain the user profile data, communicating the encrypted token to the client service for authentication; and the untrusted client application providing the token secret to the client service as proof of ownership of the encrypted token; and wherein the client service verifies that the token secret from the untrusted client application matches the token secret of the encrypted token as proof that the token secret includes the requested user profile data. 23 . The non-transitory computer readable media of claim 22 wherein the encrypted token is only decryptable by the client service. 24 . The non-transitory computer readable media of claim 22 wherein providing the request to the identity provider comprises: the client application generating the request; and providing the request to a user agent on the mobile device for communicating the request to the identity provider. 25 . The non-transitory computer readable media of claim 22 wherein a user agent on the mobile device obtains and stores the token secret and the encrypted token. 26 . The non-transitory computer readable media of claim 25 wherein the user agent sends the token secret and the encrypted token to the client application, and the client application communicates the token secret and the encrypted token to the client service. 27 . The non-transitory computer readable media of claim 25 wherein the user agent stores the token secret and the encrypted token for a threshold amount of time before the encrypted token is revoked. 28 . The non-transitory computer readable media of claim 25 wherein multiple users are authenticated to the mobile device, and the user agent identifies which one of the multiple of users is presently authenticated to the mobile device. 29 . The non-transitory computer readable media of claim 25 wherein the user agent issues a prompt to the user via a user interface of the mobile device requesting consent to provide the encrypted token and the token secret to the client application, and if the user agent does not receive consent, then the user agent does not provide at least the encrypted token to the client application. 30 . The non-transitory computer readable media of claim 22 wherein the user profile data includes an ecolD for identifying the user, wherein the ecolD is a property of a token that does not change over time.

Assignees

Blackberry Ltd

Inventors

Classifications

H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
H04L63/12
Applying verification of the received information (cryptographic mechanisms or cryptographic arrangements for data integrity or data verification H04L9/32) · CPC title
H04L63/102
Entity profiles · CPC title
H04L63/062
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title

Patent family

Related publications grouped by family.

View patent family 46653145

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016285849A1 cover?: Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile devic…
Who is the assignee on this patent?: Blackberry Ltd
What technology area does this patent fall under?: Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Sep 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).