Methods and apparatus for authenticating a remote service to another service on behalf of a user

US 20070005964A1
Filed: 06/30/2005
Published: 01/04/2007
Est. Priority Date: 06/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method performed by a user client to provide authorization to a remote application client that performs one or more actions for said user client, comprising:

providing one or more keys to a remote authentication service;

receiving an identifier of said remote application client; and

notifying said remote authentication service that said remote application client is authorized to obtain a response based on at least one of said one or more keys using said identifier.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are provided for authenticating a remote service to another service on behalf of a user. A user client authorizes a remote application client to perform one or more actions on behalf of the user client. The user client provides one or more keys to a remote authentication service; receives an identifier of the remote application client; and notifies the remote authentication service that the remote application client is authorized to obtain a response based on at least one of the one or more keys using the identifier. The remote application client provides a challenge that is received from a server that the remote application client is attempting to access for the user client and an identifier of the user client to a remote authentication service; and receives a response to the challenge from the remote authentication service that is based on one or more keys stored by the remote authentication service on behalf of the user client.

28 Citations

View as Search Results

22 Claims

1. A method performed by a user client to provide authorization to a remote application client that performs one or more actions for said user client, comprising:
- providing one or more keys to a remote authentication service;
  
  receiving an identifier of said remote application client; and
  
  notifying said remote authentication service that said remote application client is authorized to obtain a response based on at least one of said one or more keys using said identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising the step of creating an account with said remote authentication service.
  - 3. The method of claim 1, wherein said response is a response to a challenge issued by a remote server.
  - 4. The method of claim 1, further comprising the step of establishing an identity to said remote authentication service.
  - 5. The method of claim 1, wherein said user client is not required to participate in a transaction performed by said remote application client on behalf of said user client.
  - 6. The method of claim 1, wherein said remote application client can perform said actions on behalf of said user client without obtaining said one or more keys.
  - 7. The method of claim 1, further comprising the step of notifying said user client when said remote application client obtains said response.

8. A method performed by a remote application client that performs one or more actions for a user client, comprising:
- receiving a challenge from a server that said remote application client is attempting to access for said user client;
  
  providing said challenge and an identifier of said user client to a remote authentication service;
  
  receiving a response to said challenge from said remote authentication service, wherein said response is based on one or more keys stored by said remote authentication service on behalf of said user client; and
  
  providing said response to said server.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, further comprising the step of creating an account with said remote authentication service.
  - 10. The method of claim 8, further comprising the step of establishing an identity to said remote authentication service.
  - 11. The method of claim 8, wherein said user client is not required to participate in a transaction performed by said remote application client on behalf of said user client.
  - 12. The method of claim 8, wherein said remote application client can perform said actions on behalf of said user client without obtaining said one or more keys.

13. A method for managing one or more keys for a user client, comprising:
- receiving said one or more keys from said user client;
  
  receiving a notification from said user client that a remote application client that performs one or more actions for said user client is authorized to obtain a response based on at least one of said one or more keys;
  
  receiving a challenge and an identifier of said user client from said remote application client; and
  
  providing said response to said challenge to said remote application client.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, further comprising the step of establishing an identity of said user client.
  - 15. The method of claim 13, further comprising the step of establishing an identity of said remote application client.
  - 16. The method of claim 13, wherein said user client is not required to participate in a transaction performed by said remote application client on behalf of said user client.
  - 17. The method of claim 13, wherein said remote application client can perform said actions on behalf of said user client without obtaining said one or more keys.
  - 18. The method of claim 13, further comprising the step of notifying said user client when said response is provided to said remote application client.

19. An apparatus for managing one or more keys for a user client, the apparatus comprising:
- a memory; and
  
  at least one processor, coupled to the memory, operative to;
  
  receive said one or more keys from said user client;
  
  receive a notification from said user client that a remote application client that performs one or more actions for said user client is authorized to obtain a response based on at least one of said one or more keys;
  
  receive a challenge and an identifier of said user client from said remote application client; and
  
  provide said response to said challenge to said remote application client.
- View Dependent Claims (20, 21, 22)
- - 20. The system of claim 19, further comprising the step of establishing an identity of said user client and said remote application client.
  - 21. The system of claim 19, wherein said user client is not required to participate in a transaction performed by said remote application client on behalf of said user client.
  - 22. The system of claim 19, wherein said remote application client can perform said actions on behalf of said user client without obtaining said one or more keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing Xiaomi Mobile Software Co., Ltd. (Xiaomi Corp.)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Zandy, Victor, Grosse, Eric

Granted Patent

US 8,112,790 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/083 using passwords cryptograph...

H04L 63/0884 by delegation of authentica...

Methods and apparatus for authenticating a remote service to another service on behalf of a user

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for authenticating a remote service to another service on behalf of a user

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links