Systems and Methods for Authenticating an Online User Using a Secure Authorization Server
US-2017142108-A1 · May 18, 2017 · US
Device attestation server and method for attesting to the integrity of a mobile device
US2019199530A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2019199530-A1 |
| Application number | US-201715853650-A |
| Country | US |
| Kind code | A1 |
| Filing date | Dec 22, 2017 |
| Priority date | Dec 22, 2017 |
| Publication date | Jun 27, 2019 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A device attestation server and method for attesting to the integrity of a mobile device is provided. An attestation request is sent from a mobile device to a device attestation server. The device attestation server runs an attestation method that is supported by the mobile device. The device attestation server creates an attestation token that includes a validation result and a plurality of attributes. The device attestation server sends the attestation token to the mobile device, which performs a validation method using the attestation token.
First claim
Opening claim text (preview).
We claim: 1 . A method for attesting to the integrity of a mobile device, the method comprising: sending an attestation request from the mobile device to a device attestation server; running at the device attestation server an attestation method supported by the mobile device; creating an attestation token at the device attestation server, the attestation token including a validation result and a plurality of attributes; sending the attestation token to the mobile device; and performing a validation method using the attestation token. 2 . The method of claim 1 , wherein the attestation request comprises a list of attestation methods supported on the mobile device. 3 . The method of claim 1 , wherein the step of running at the device attestation server an attestation method supported by the mobile device comprises determining, at the device attestation server, which attestation methods are supported by the mobile device. 4 . The method of claim 1 , wherein the validation result is calculated using the result of the attestation method, a confidence level of the result of the attestation method, and the attestation method. 5 . The method of claim 1 , wherein the step of performing the validation method further comprises sending the attestation token together with an access request to an application server interface. 6 . The method of claim 1 , wherein the step of sending an attestation request from the mobile device to a device attestation server is triggered by an OAuth Authorization request to an IdM server. 7 . The method of claim 1 , wherein the step of sending an attestation request from the mobile device to a device attestation server is sent by a user agent on the mobile device. 8 . The method of claim 1 , wherein the plurality of attributes comprises one or more of a timestamp, an expiration date, an indication of the attestation method used, a confidence level, an identity of the mobile device, and token binding information. 9 . The method of claim 1 , wherein the step of creating the attestation token further comprises signing the attestation token. 10 . The method of claim 9 , wherein the signed token is of the JSON Web Signature (JWS) format. 11 . The method of claim 1 , wherein the attestation token includes a signature, and wherein the step of validating the attestation token at the application server comprises validating the signature. 12 . The method of claim 1 , wherein the step of running an attestation method comprises checking memory to determine a status of the mobile device. 13 . A device attestation server for attesting to the integrity of a mobile device, the device attestation server comprising: a processor configured to: receive an attestation request from a mobile device; run an attestation method supported by the mobile device; and create an attestation token, the attestation token including a validation result and a plurality of attributes; and a transmitter configured to send the attestation token to the mobile device. 14 . The device attestation server of claim 13 , wherein the plurality of attributes comprises one or more of a timestamp, an expiration date, an indication of the attestation method used, an identity of the mobile device, and token binding information. 15 . The device attestation server of claim 13 , wherein the processor is further configured to sign the attestation token. 16 . The device attestation server of claim 13 , wherein the attestation request comprises a list of attestation methods supported on the mobile device and respective parameters. 17 . A mobile device comprising: a transmitter configured to: send an attestation request to a device attestation server; and receive an attestation token including a validation result and a plurality of attributes; and a processor configured to: perform a validation method using the attestation token. 18 . The mobile device of claim 17 , wherein the plurality of attributes comprises one or more of a timestamp, an expiration date, an indication of the attestation method used, identity of the mobile device, and token binding information. 19 . The mobile device of claim 17 , wherein the transmitter is further configured to send the attestation token to the application server interface together with an access request. 20 . The mobile device of claim 17 , wherein the transmitter is further configured to send a list of attestation methods supported on the mobile device and respective parameters.
Assignees
Inventors
Classifications
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
involving digital signatures · CPC title
Authentication · CPC title
using tickets or tokens, e.g. Kerberos (network architectures or network communication protocols for entities authentication using tickets in a packet data network H04L63/0807) · CPC title
- H04L9/3234Primary
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2019199530A1 cover?
- A device attestation server and method for attesting to the integrity of a mobile device is provided. An attestation request is sent from a mobile device to a device attestation server. The device attestation server runs an attestation method that is supported by the mobile device. The device attestation server creates an attestation token that includes a validation result and a plurality of at…
- Who is the assignee on this patent?
- Motorola Solutions Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3234. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jun 27 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).