In recent years, people have been accessing Internet services more and more frequently from their mobile devices. For example, smart phones, tablets, personal digital assistants (PDAs) and other handheld computers have now become almost fully integrated with most Web sites and can access a wide variety of services on the Internet. Many of these services require the subscriber of a mobile device to be authenticated, such as by assigning a username, password to the user. However, due to the compact size and limited keyboard capabilities of such devices, it can be quite unpleasant for a subscriber to enter a username and password or other authentication information using the device.
There have been numerous standards proposed, some of which attempt to at least partially address the authentication issues for mobile devices. One such existing standard is Generic Bootstrapping Architecture (GBA), which allows applications on the handset to authenticate themselves to a network service, using the SIM card to provide authentication. Under this standard, users can be authenticated if they own a valid identity on a Home Location Register (HLR) or a Home Subscriber Server (HSS). The authentication is based on a shared secret key, where one key is located in the user's mobile phone and the other is on the HLR/HSS.
Another standard entitled OpenID has attempted to reduce the number of identities that each owner possesses by allowing users to consolidate their digital identities. Under this open standard, users can be authenticated in a decentralized manner. For example, when a user agent (UA) invokes a particular service, that service can query an open ID provider (OP) which will authenticate the user agent on behalf of the service that is relying on the OP. In this manner, the relying party or service can ensure that the user is authenticated based on a shared secret, which has been previously established between the relying party and the OP.
Even in light of such standards, a number of limitations and shortcomings are still left unaddressed. For example, most common authentication mechanism for OpenID implementations remains a username and password combination, which can be burdensome on mobile subscribers due to the reasons previously mentioned. At least one solution integrating OpenID with GBA has been proposed, however it is quite likely that such a solution would require the telecommunication companies to buy additional network hardware, require application developers to modify their code and also require the handset unit to change as well. Not surprisingly, solutions that require such a change in the entire ecosystem of the telecommunications network have not been able to gain significant traction.
Telecommunications companies and mobile network operators (MNOs) already have a trust relationship with the mobile device and the subscriber. It would be desirable to export that trust relationship from the handset to Internet services. It would also be advantageous to export this trust while minimizing the number changes among the numerous entities that are involved and while addressing the deficiencies mentioned above. Applicant has identified these, as well as other needs that currently exist in the art in coming to conceive the subject matter of the present disclosure.