US2016205067A1PendingUtilityA1

Client and server group sso with local openid

45
Assignee: INTERDIGITIAL PATENT HOLDINGS INCPriority: Jan 7, 2011Filed: Jan 11, 2016Published: Jul 14, 2016
Est. expiryJan 7, 2031(~4.5 yrs left)· nominal 20-yr term from priority
H04L 63/08H04L 63/0815H04L 63/0853H04L 63/102H04L 63/10H04L 61/302H04L 61/1511H04L 61/4511
45
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A user of a mobile communications device may access services in a target domain using a source domain identity that is used to access services in a source domain. To enable such a use of the source domain identity in the target domain, the source domain identity may first be enrolled in the target domain. The enrollment may be facilitated by an enrollment entity at the target domain, such as a gateway or an OpenID server for example. The enrollment entity may establish a secure channel with the user's device for enabling enrollment of the source domain identity. Once enrolled, the source domain identity may be used for authentication of the user in the target domain. Enrollment of the source domain identity and/or authentication of the user based on the enrolled source domain identity may be implemented using a local OpenID provider (OP) residing on the user's device.

Claims

exact text as granted — not AI-modified
What is claimed: 
     
         1 . The method for enrolling a user of a user device with a target domain, the method comprising:
 receiving a request for an address of a source identity provider, the request indicating 1) a source domain identity associated with the user, and 2) a target identity provider associated with the target domain;   in response to the request, determining the address of the source identity provider that corresponds to 1) the source domain identity associated with the user, and 2) the target identity provider associated with the target domain; and   sending the address of the source identity provider to the target identity provider associated with the target domain, such that the source domain identity can be enrolled in the target domain.   
     
     
         2 . The method as recited in  claim 1 , wherein determining the address comprises performing a database lookup of the address that corresponds to the source domain identity and the target identity provider associated with the target domain. 
     
     
         3 . The method as recited in  claim 2 , wherein performing the database lookup comprises determining that the source domain identity is not enrolled with the target domain. 
     
     
         4 . The method as recited in  claim 2 , wherein performing the database lookup comprises determining a trust relationship between the source identity provider and the target identity provider, such that the source domain identity is permitted to be enrolled in the target domain. 
     
     
         5 . The method as recited in  claim 1 , wherein the address is determined using an aggregator function that resides locally on the user device. 
     
     
         6 . The method as recited in  claim 1 , wherein the address is determined using an aggregator function that resides within a domain of a mobile network operator. 
     
     
         7 . A method for authenticating a user of a user device, the method comprising:
 sending a source domain identity associated with the user to a service provider of a target domain, wherein the source domain identity enables the user to access a source domain service at a source domain;   based on the source domain identity and the service provider, determining an address of an identity provider for the target domain; and   sending the address of the identity provider, such that the service provider and identity provider can associate with each other, thereby allowing the user to access the target domain using its source domain identity.   
     
     
         8 . The method as recited in  claim 7 , the method further comprising:
 after the user is enrolled with the target domain, storing, for future use, a mapping of the source domain identity to the service provider of the target domain.   
     
     
         9 . The method as recited in  claim 7 , wherein the address is determined using an aggregator function that resides locally on the user device. 
     
     
         10 . The method as recited in  claim 7 , wherein the address is determined using an aggregator function that resides within a domain of a mobile network operator. 
     
     
         11 . A node comprising communication circuitry such that the node is communicatively coupled with a network via its communication circuitry, wherein the node entity further comprises:
 a processor and a memory, the memory containing computer-executable instructions that when executed by the processor, cause the processor to perform operations comprising:
 receiving a request for an address of a source identity provider, the request indicating 1) a source domain identity associated with a user, and 2) a target identity provider associated with a target domain; 
 in response to the request, determining the address of the source identity provider that corresponds to 1) the source domain identity associated with the user, and 2) the target identity provider associated with the target domain; and 
 sending the address of the source identity provider to the target identity provider associated with the target domain, such that the source domain identity can be enrolled in the target domain. 
   
     
     
         12 . The node as recited in  claim 11 , wherein determining the address comprises performing a datasbase lookup of the address that corresponds to the source domain identity and the target identity provider associated with the target domain. 
     
     
         13 . The node as recited in  claim 12 , wherein performing the database lookup comprises determining that the source domain identity is not enrolled with the target domain. 
     
     
         14 . The node as recited in  claim 12 , wherein performing the database lookup comprises determining a trust relationship between the source identity provider and the target identity provider, such that the source domain identity is permitted to be enrolled in the target domain. 
     
     
         15 . The node as recited in  claim 11 , wherein the node is a user device of the user, and the address is determined using an aggregator function that resides locally on the user device. 
     
     
         16 . The node as recited in  claim 11 , wherein the node is a network node, and the address is determined using an aggregator function that resides within the network of a mobile network operator.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.