Samsung · Filed Mar 5, 2026 · Published Jul 9, 2026 · verified — real USPTO data

Samsung Patents a Way to Stop Login Tokens from Oversharing Your Personal Data

Every time you log into an app using a 'Sign in with Google' style button, that app gets a token packed with claims about who you are. Samsung is patenting a way to strip out the parts of that token the app probably doesn't need before it ever arrives.

Samsung Patent: Trimming Login Tokens Before They Reach Apps — figure from US 2026/0197172 A1
Figure from the official USPTO publication.
See all 7 drawings from this filing ↓
Publication number US 2026/0197172 A1
Applicant Samsung Electronics Co., Ltd.
Filing date Mar 5, 2026
Publication date Jul 9, 2026
Inventors Seungchul KO
CPC classification 713/172
Grant likelihood Medium
Examiner CENTRAL, DOCKET (Art Unit OPAP)
Status Docketed New Case - Ready for Examination (Apr 16, 2026)
Parent application is a Continuation of PCTKR2024012227 (filed 2024-08-16)
Document 20 claims

What Samsung's token-trimming system actually does

Imagine you show a bouncer your full driver's license to prove you're over 21. They now know your name, address, birthday, and height, even though all they actually needed was your age. Digital login systems work the same way: when an app asks to verify your identity, it often receives a token containing far more personal information than it actually needs.

Samsung's patent describes a middleman device that sits between the app and the authentication server. When a login token comes back from the server, this device checks whether all the details inside are truly necessary. If the app only needs to know you're a valid user, but the token also contains your email, name, or account tier, the device can remove the extra claims before sending the trimmed-down token along.

The result is that the app receives just enough to do its job, and nothing more. You still log in normally; you just share less of your data in the process.

How the device intercepts and reduces a token's claims

The patent describes an authentication token claim-reduction system. In identity and security systems, an authentication token is a short, cryptographically signed packet that proves who you are. Tokens contain claims, which are individual pieces of asserted information like your user ID, email address, account role, or subscription status.

Here is how the described process works:

  • A terminal (an app or a connected device) sends a request for a login token to Samsung's intermediary electronic device.
  • That device forwards the request to a full authentication server, which issues a complete token with all the claims it normally would.
  • The Samsung device then evaluates whether all those claims are actually necessary for the requesting terminal.
  • If they are not, it generates a reduced authentication token by stripping out the unnecessary claims, then sends only the slimmed-down version to the terminal.

The key design choice here is that the reduction happens at the intermediary layer, not at the server. The server still issues a full token; the device acts as a policy-enforcement filter. This approach could be applied to smart home hubs, enterprise gateways, or any device that manages authentication on behalf of multiple connected apps or services.

What this means for app privacy and data minimization

The concept of data minimization is central to modern privacy regulations, including GDPR in Europe and CCPA in California. Both require that systems collect only the personal data actually needed for a given purpose. Right now, enforcing that rule at the token level is largely left to individual app developers, which means it often doesn't happen consistently.

A system that automatically trims tokens at the network or device layer would shift that enforcement out of the app and into the infrastructure, making it harder to accidentally (or deliberately) over-collect identity data. For Samsung's ecosystem of connected devices, including phones, smart TVs, and home appliances, this could become a built-in privacy layer that operates below the level of any individual app.

Editorial take

This is a quiet but genuinely useful privacy patent. The idea of enforcing data minimization at the token layer rather than trusting each app to do it correctly is practical and aligns with where regulators are pushing the industry. It is not flashy, but it is the kind of infrastructure work that, if it ships, actually changes how much personal information leaks into third-party apps every day.

The drawings

7 drawing sheets from US 2026/0197172 A1 · click any drawing to enlarge

Patent filing page

Which company should we read for you?

We track 17 companies here. Pro is the same weekly breakdown for any company you choose, delivered privately. Type a name and we'll scope it and send you a quote.

Get one Big Tech patent every Sunday

Plain English, intelligent commentary, no hype. Free.

Source. Full patent text and figures from the official USPTO publication PDF.

Editorial commentary on a publicly published patent application. Not legal advice.