| 发明名称 | System and method for secure identity service | ||
| 摘要 | A system and method for securely processing identity information. For example, in one embodiment of the invention, a first user is registered on an identity service with one or more identification (ID) codes and a token. In response to a query from a second user to connect with the first user, a query signature is generated using the one or more ID codes and token of the first and second users, and a timestamp. The query signature is usable by network services to authenticate communication between the first and second users on the network over a specified period of time. In another embodiment, user ID codes and tokens are cached on mobile devices and/or a system cache to improve performance. The validity of the cached data is determined by calculating a fingerprint which, in one embodiment, is a hash of the ID code, token and a timestamp. | ||
| 申请公布号 | US9078128(B2) | 申请公布日期 | 2015.07.07 |
| 申请号 | US201113224626 | 申请日期 | 2011.09.02 |
| 申请人 | Apple Inc. | 发明人 | Medina Alexander A.;Vyrros Andrew H.;Bleau Darryl N.;Davey Jeffrey T.;Santamaria Justin E.;Wood Justin N.;Devanneaux Thomas |
| 分类号 | G06F21/31;G06F21/83;G06F21/34;G06F21/36;H04W12/06;H04L29/06;G06F21/33 | 主分类号 | G06F21/31 |
| 代理机构 | Blakely, Sokoloff, Taylor & Zafman LLP | 代理人 | Blakely, Sokoloff, Taylor & Zafman LLP |
| 主权项 | 1. A method for managing user identities on a network comprising: receiving, by an identity service executing on a processor in a server on the network, a request to register an identity for a first user, the request including a token containing a notification service account identifier for a mobile device of the first user that uniquely identifies the mobile device of the first user to a push notification service, the push notification service executing on a processor in a server on the network to transmit data to mobile devices identified by tokens, the request further including one or more authenticated identification (ID) codes uniquely identifying the first user; storing, by the identity service, an entry for the first user within a registration database, the entry associating the token with the authenticated ID codes of the first user; receiving, by the identity service, a query from a second user to communicate with the first user, the query including at least one of the authenticated ID codes of the first user, the query further including at least one authenticated ID code of the second user and a token containing a notification service account identifier for a mobile device of the second user that uniquely identifies the mobile device of the second user to the push notification service on the network; generating, by the identity service, a first query signature over one or more of the authenticated ID codes and tokens of the first and second users, and a timestamp, the query signature usable by application-specific network services to authenticate communication between the first and second users on the network; and transmitting, by the identity service, the first query signature and the first user's token to the mobile device of second user, the mobile device of the second user subsequently sending a message to the push notification service for delivery to the first user upon verification by a first application-specific network service using the first query signature sent to the first application-specific network service by the push notification service. | ||
| 地址 | Cupertino CA US | ||