公开(公告)号：US10230723B2

公开(公告)日：2019-03-12

申请号：US15142432

申请日：2016-04-29

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： Michael F. Korus ,  Alejandro G. Blanco ,  Anthony R. Metke ,  George Popovich

IPC: H04L29/06 ,  G06F21/32 ,  H04W12/06

Abstract: Method and system for authenticating a session on a communication device. One method includes determining a use context of the communication device and an authentication status of the communication device. The method further includes determining a predetermined period of time based on at least one of the use context and the authentication status. The method further includes generating biometric templates based on at least one of the use context and the authentication status. The method further includes selecting a matching threshold for the biometric templates based on at least one of the use context and the authentication status. The method further includes comparing a match score of each of the biometric templates to the matching threshold to determine a passing amount of biometric templates with match scores that meet or exceed the matching threshold. The method further includes authenticating the session on the communication device.

公开(公告)号：US09344455B2

公开(公告)日：2016-05-17

申请号：US14447257

申请日：2014-07-30

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： Erwin Himawan ,  Anthony R Metke ,  George Popovich ,  Shanthi E Thomas

IPC: H04L29/06 ,  H04L9/00 ,  H04W12/08 ,  H04W12/04 ,  H04L9/32 ,  H04L12/46 ,  G06F21/62

CPC classification number: H04L63/20 ,  H04L9/3234 ,  H04L12/4633 ,  H04L63/04 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/10 ,  H04L63/104 ,  H04L63/205

Abstract: A first communication device having a secure access to a security module establishes a collaborative network by forming a collaborative security association with a second communication device associated with a user of the first communication device. The first communication device (a) sends an advertisement of services associated with the security module to the second communication device and receives an advertisement response from the second communication device or (b) receives a solicitation request for services associated with the security module from the second communication device. Responsive to receiving one of the advertisement response and the solicitation request, the first communication device determines whether the second communication device is authorized to access the security module. The first communication device processes and forwards security service messages between the second communication device and the security module, in response to determining that the second communication device is authorized to access the security module.

Abstract translation: 具有对安全模块的安全访问的第一通信设备通过与与第一通信设备的用户相关联的第二通信设备形成协作安全关联来建立协作网络。 第一通信设备（a）向第二通信设备发送与安全模块相关联的服务的广告，并从第二通信设备接收广告响应，或（b）从第二通信设备接收与安全模块相关联的服务的请求请求 通讯装置 响应于接收广告响应和请求请求之一，第一通信设备确定第二通信设备是否被授权访问安全模块。 响应于确定第二通信设备被授权访问安全模块，第一通信设备在第二通信设备和安全模块之间处理和转发安全服务消息。

公开(公告)号：US20140189834A1

公开(公告)日：2014-07-03

申请号：US13728521

申请日：2012-12-27

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： Anthony R. Metke ,  Katrin Reitsma ,  Adam C. Lewis ,  George Popovich ,  Steven D. Upp

IPC: H04L29/06

CPC classification number: H04L63/0884 ,  G06F21/41 ,  H04L63/0815 ,  H04W12/06 ,  H04W88/04

Abstract: An apparatus for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration key to the first device based on the first identity token or user authentication. The first device generates and sends a collaboration credential based on the collaboration key to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract translation: 用于多个移动设备之间的单点登录协作的装置和方法包括用于发布第一身份令牌以随后向服务提供商认证第一移动设备的用户的服务器，以及用于生成和 基于第一身份令牌或用户认证向第一设备发送协作密钥。 第一设备基于协作密钥生成并发送与第一设备配对的第二设备的协作凭证。 服务器还发出第二身份令牌，以随后基于从第一设备接收到的协作凭证向服务提供商验证第二设备的用户，以支持跨多个移动设备的用户的单点登录协作。

公开(公告)号：US09578023B2

公开(公告)日：2017-02-21

申请号：US14541599

申请日：2014-11-14

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： George Popovich ,  Michael F Korus ,  Anthony R Metke

IPC: H04L29/06 ,  H04W12/12

CPC classification number: H04L63/0861 ,  H04L63/0815 ,  H04L63/108 ,  H04L63/123 ,  H04W12/06 ,  H04W12/08 ,  H04W12/12

Abstract: A method and apparatus for providing a lifetime extension to an identity assertion is provided herein. During operation a user will authenticate to an identity management server (also known as an authorization server or an authentication server) to obtain an identity assertion. An identity assertion will be provided upon successful authentication. The lifetime of the identity assertion will be based on whether or not biometric information of the user will be used by the device to which the assertion is being issued to identify the user prior to allowing the use of the identity assertion.

Abstract translation: 本文提供了一种用于向身份断言提供终身延长的方法和装置。 在操作期间，用户将对身份管理服务器（也称为授权服务器或认证服务器）进行身份验证以获得身份断言。 验证成功后将提供身份认证。 身份声明的生命周期将基于用户的生物特征信息是否将由要发出断言的设备使用，以便在允许使用身份断言之前识别用户。

公开(公告)号：US20140189840A1

公开(公告)日：2014-07-03

申请号：US13728422

申请日：2012-12-27

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： ANTHONY R. METKE ,  Katrin Reitsma ,  Adam C. Lewis ,  George Popovich ,  Steven D. Upp

IPC: H04W12/06

CPC classification number: H04L63/0884 ,  G06F21/41 ,  H04L63/08 ,  H04L63/0815 ,  H04W12/06

Abstract: A system for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration credential to the first device based on the first identity token or user authentication. The first device sends the collaboration credential generated by the server to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract translation: 用于多个移动设备之间的单点登录协作的系统和方法包括用于发出第一身份令牌以随后向服务提供商认证第一移动设备的用户的服务器，以及用于生成和 基于第一身份令牌或用户认证向第一设备发送协作凭证。 第一个设备将由服务器生成的协作凭证发送到与第一个设备配对的第二个设备。 服务器还发出第二身份令牌，以随后基于从第一设备接收到的协作凭证向服务提供商验证第二设备的用户，以支持跨多个移动设备的用户的单点登录协作。

公开(公告)号：US20170318014A1

公开(公告)日：2017-11-02

申请号：US15142432

申请日：2016-04-29

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： Michael F. Korus ,  Alejandro G. Blanco ,  Anthony R. Metke ,  George Popovich

IPC: H04L29/06 ,  H04W12/06 ,  G06F21/32

CPC classification number: H04L63/0861 ,  G06F21/32 ,  G06F2221/2139 ,  H04L63/105 ,  H04W12/06

Abstract: Method and system for authenticating a session on a communication device. One method includes determining a use context of the communication device and an authentication status of the communication device. The method further includes determining a predetermined period of time based on at least one of the use context and the authentication status. The method further includes generating biometric templates based on at least one of the use context and the authentication status. The method further includes selecting a matching threshold for the biometric templates based on at least one of the use context and the authentication status. The method further includes comparing a match score of each of the biometric templates to the matching threshold to determine a passing amount of biometric templates with match scores that meet or exceed the matching threshold. The method further includes authenticating the session on the communication device.

公开(公告)号：US08782766B1

公开(公告)日：2014-07-15

申请号：US13728422

申请日：2012-12-27

Applicant: Motorola Solutions, Inc.

Inventor： Anthony R. Metke ,  Katrin Reitsma ,  Adam C. Lewis ,  George Popovich ,  Steven D. Upp

IPC: G06F7/04 ,  H04L29/06 ,  H04W12/06 ,  G06F21/41 ,  G06F17/30

CPC classification number: H04L63/0884 ,  G06F21/41 ,  H04L63/08 ,  H04L63/0815 ,  H04W12/06

Abstract: A system for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration credential to the first device based on the first identity token or user authentication. The first device sends the collaboration credential generated by the server to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract translation: 用于多个移动设备之间的单点登录协作的系统和方法包括用于发出第一身份令牌以随后向服务提供商认证第一移动设备的用户的服务器，以及用于生成和 基于第一身份令牌或用户认证向第一设备发送协作凭证。 第一个设备将由服务器生成的协作凭证发送到与第一个设备配对的第二个设备。 服务器还发出第二身份令牌，以随后基于从第一设备接收到的协作凭证向服务提供商验证第二设备的用户，以支持跨多个移动设备的用户的单点登录协作。

公开(公告)号：US08955081B2

公开(公告)日：2015-02-10

申请号：US13728521

申请日：2012-12-27

Applicant: Motorola Solutions, Inc.

Inventor： Anthony R. Metke ,  Katrin Reitsma ,  Adam C. Lewis ,  George Popovich ,  Steven D. Upp

IPC: G06F7/04 ,  H04L29/06 ,  H04W12/06 ,  G06F21/41 ,  G06F17/30 ,  H04W88/04

CPC classification number: H04L63/0884 ,  G06F21/41 ,  H04L63/0815 ,  H04W12/06 ,  H04W88/04

Abstract: An apparatus for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration key to the first device based on the first identity token or user authentication. The first device generates and sends a collaboration credential based on the collaboration key to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract translation: 用于多个移动设备之间的单点登录协作的装置和方法包括用于发布第一身份令牌以随后向服务提供商认证第一移动设备的用户的服务器，以及用于生成和 基于第一身份令牌或用户认证向第一设备发送协作密钥。 第一设备基于协作密钥生成并发送与第一设备配对的第二设备的协作凭证。 服务器还发出第二身份令牌，以随后基于从第一设备接收到的协作凭证向服务提供商验证第二设备的用户，以支持跨多个移动设备的用户的单点登录协作。

公开(公告)号：US20140189827A1

公开(公告)日：2014-07-03

申请号：US13728752

申请日：2012-12-27

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： George Popovich ,  Adam C. Lewis ,  Anthony R. Metke ,  Steven D. Upp

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/0815 ,  H04W12/06

Abstract: A system and method for enabling a primary and a secondary communication device to share a user identity assertion is presented. The user identity assertion enables the devices to access an application system. The primary and secondary devices are paired to place them in collaboration with each other. The primary device requests an identity provider system to issue a user identity assertion scoped to the primary and secondary communication device. The identity provider system authenticates the primary device and generates the user identity assertion scoped to the primary device and the secondary device identified in the request. The primary communication device receives the user identity assertion and communicates the user identity assertion to the secondary device. The primary device may request the user identity assertion by communicating a user identity assertion scoped to the primary device and a single sign on session cookie or a request for an extension assertion.

Abstract translation: 提出了一种能够使主要和次要通信设备共享用户身份断言的系统和方法。 用户身份断言使设备能够访问应用系统。 主设备和辅助设备配对，使它们彼此协作。 主设备请求身份提供者系统发布对主要和次要通信设备的用户身份断言。 身份提供者系统对主设备进行身份验证，并生成范围为主设备的用户身份断言和请求中标识的辅助设备。 主要通信设备接收用户身份断言，并将用户身份声明传达给辅助设备。 主设备可以通过传送作用于主设备的用户身份断言和会话cookie上的单一登录或扩展断言的请求来请求用户身份断言。