System and method for identity management for mobile devices

摘要

Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile device. The user agent is configured to communicate with the identity provider and retrieve the user identity for the client application, and the client application is configured to transmit the user identity to the client service.

主权项

1. A method performed by a mobile device for secure communication of data to a client service in communication with an untrusted client application on the mobile device for enabling a user to utilize the client service, the method comprising:
generating a request for user profile data stored externally at an identity provider; sending the request to the identity provider; obtaining, in response to the request, a token secret and an encrypted token provided to the untrusted client application and the client service, the encrypted token comprising the user profile data specified in the request and the token secret, the encrypted token being decryptable by the client service; the untrusted client application, unable to decrypt the encrypted token to obtain the user profile data, communicating the encrypted token to the client service for authentication; and the untrusted client application providing the token secret to the client service as proof of ownership of the encrypted token; and wherein the client service verifies that the token secret from the untrusted client application matches the token secret of the encrypted token as proof that the token secret includes the requested user profile data.