Customizable sign-on service

US 20070233540A1
Filed: 03/31/2006
Published: 10/04/2007
Est. Priority Date: 03/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method for a computing system of an access manager to provide sign-on capabilities in a customizable manner to each of a plurality of services, the method comprising:

for each of a plurality of services, registering the service as a customer of the access manager in a configurable manner, by automatically determining for the service a level of permission to be granted for customizing operation of sign-on capabilities to be provided to that service by the access manager;

displaying indications to the service of multiple types of customization of sign-on capabilities that are identified as being available to the service based at least in part on the determined level of permission granted to the service, the identified types of customization including one or more predefined types of co-branding of the sign-on capabilities and one or more predefined types of information gathering that the access manager can perform from users of the service during sign-on; and

receiving from the service one or more selections of customizations of the sign-on capabilities for that service that include one or more co-branding customizations of one or more of the identified co-branding types and one or more of the identified information gathering types to be used;

so that the access manager provides customizable sign-on services to users of services as configured.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services'"'"' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc., and with the customizations that are available being determined specifically for that service.

Citations

53 Claims

1. A method for a computing system of an access manager to provide sign-on capabilities in a customizable manner to each of a plurality of services, the method comprising:
- for each of a plurality of services, registering the service as a customer of the access manager in a configurable manner, by automatically determining for the service a level of permission to be granted for customizing operation of sign-on capabilities to be provided to that service by the access manager;
  
  displaying indications to the service of multiple types of customization of sign-on capabilities that are identified as being available to the service based at least in part on the determined level of permission granted to the service, the identified types of customization including one or more predefined types of co-branding of the sign-on capabilities and one or more predefined types of information gathering that the access manager can perform from users of the service during sign-on; and
  
  receiving from the service one or more selections of customizations of the sign-on capabilities for that service that include one or more co-branding customizations of one or more of the identified co-branding types and one or more of the identified information gathering types to be used;
  
  so that the access manager provides customizable sign-on services to users of services as configured.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the access manager provides a single sign-on service to multiple third-party Web site operators who provide the plurality of services, and wherein the method further comprises, in response to each of multiple sign-on requests that are each from a user of one of the plurality of services, providing a customized sign-on experience to the user on behalf of the one service by presenting information to the user to obtain sign-on information from the user and to obtain information from the user based on one or more of the information gathering types that were indicated by the one service, the presented information including one or more of the co-branding customizations that were indicated by the one service.
  - 3. The method of claim 2 wherein the providing of a customized sign-on experience to a user on behalf of a service includes, after the sign-on information has been obtained from the user and has been authenticated to reflect a valid account of the user with the access manager, providing to the service a credential that represents the user so as to enable the service to use the credential to take further actions on behalf of the user involving the account of the user with the access manager.
  - 4. The method of claim 2 wherein the access manager provides accounts for multiple users, and wherein the providing of a customized sign-on experience to one of the multiple users on behalf of a service includes:
    - after the service displays to the one user a user-selectable control to initiate sign-on for a Web site of the service and after the one user selects the control, receiving a sign-on request that contains an indication of the service;
      
      generating a sign-on page that includes the selected customizations for the indicated service and that allows the one user to supply a username and a password corresponding to the account of the one user, and sending the generated sign-on page to the one user;
      
      receiving from the one user a username and a password;
      
      authenticating the one user based at least in part on a match between information for the account of the one user and the received username and password; and
      
      sending to the service an indication that the one user has been authenticated.
  - 5. The method of claim 4 wherein the generating of the sign-on page for the user to include the selected customizations for the indicated service includes, if the one user is signing on for the indicated service for a first time, including information on the generated sign-on page to prompt the one user to provide information corresponding to the information gathering type customizations selected by the indicated service, and wherein the providing of the customized sign-on experience to the one user on behalf of the indicated service further includes receiving information from the one user corresponding to the information gathering type customizations selected by the indicated service and making the received information from the one user available to the indicated service.
  - 6. The method of claim 1 wherein the one or more predefined types of co-branding customizations of the access manager that are made available to one of the services for use in providing customized sign-on experiences to users of the one service include a customization to allow an indicated image of the one service to be displayed to the users of the one service, a customization to allow text indicated by the one service to be displayed to the users of the one service, a customization to allow a link indicated by the one service to be displayed to the users of the one service, and a customization to allow new user-selectable functionality indicated by the one service to be made available to the users of the one service.
  - 7. The method of claim 6 wherein the one or more predefined types of information gathering customization of the access manager that are made available to one of the services for use in providing customized sign-on experiences to users of the one service include a customization to allow a set of one or more questions selected by the one service to be asked of the users of the one service, and a customization to allow a user activity selected by the one service to be requested of the users of the one service.
  - 8. The method of claim 1 wherein the automatic determining of a level of permission to be granted to a service includes selecting one of multiple predefined levels of permission that each correspond to a distinct level of trust, the selecting being based on an automatically assessed level of trust in the service using multiple types of information obtained about the service.
  - 9. The method of claim 1 wherein the identified types of customization that are available to one of the services based at least in part on the determined level of permission granted to the one service includes one or more types of authority that the one service can delegate to another service via the access manager, wherein the received customization selections from the one service includes one or more selected authority delegations for an indicated other service, and wherein the method further comprises, in response to each of one or more requests that are each from the other service on behalf of a user of the one service, performing the request if the request is authorized by the one or more selected authority delegations.
  - 10. The method of claim 9 wherein the one or more types of delegation of authority that are made available to the one service include at least one of an authority for an indicated other service to clone a credential of a user of the one service, authority for an indicated other service to refresh a credential of a user of the one service, and authority for an indicated other service to obtain access to at least some information about a user of the one service.

11. A computer-implemented method for an access manager to provide customizable sign-on capabilities to users of other services, the method comprising:
- for each of multiple services that are provided by operators distinct from an operator of the access manager and that are each available to multiple users, enabling a customized sign-on process for the users of the service, by determining multiple types of customization that are to be made available for use with the service based at least in part on information specific to the service, the customization types being for use as part of a sign-on process for users of the service and including one or more types of co-branding customizations and one or more types of other customizations;
  
  providing indications to the operator of the service of the multiple determined types of sign-on process customization that are available for use with the service;
  
  receiving from the service operator one or more indications of one or more customizations of the sign-on process for the service, the indicated customizations each being of one of the determined types for the service; and
  
  after the receiving of the indications of the customizations, providing to each of multiple users of the service a customized sign-on process on behalf of the service, the customized sign-on process being customized in accordance with the customizations indicated by the service operator.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 12. The method of claim 11 wherein the access manager provides a single sign-on service to the multiple services, and wherein the providing of the customized sign-on process to a user of a service is in response to a sign-on request from the user and includes presenting information to the user to obtain sign-on information from the user, the presented information including one or more co-branding customizations indicated by the operator of the service.
  - 13. The method of claim 12 further comprising, after sign-on information has been obtained from a user of a service and has been authenticated, providing to the operator of the service a credential that represents the user so as to enable the service operator to use the credential to take further actions on behalf of the user.
  - 14. The method of claim 13 wherein the access manager maintains accounts for multiple users, and wherein the sign-on information obtained from a user of a service is sign-on information for an account of the user with the access manager.
  - 15. The method of claim 14 further comprising providing a sign-on process to users to sign onto the access manager, the sign-on process of the access manager being distinct from the customized sign-on processes performed on behalf of the multiple services but using the same sign-on information for the users.
  - 16. The method of claim 15 wherein, before the enabling of the customized sign-on process for users of a service, at least some of those users have provided sign-on information to the access manager that is used during the customized sign-on process for those users.
  - 17. The method of claim 11 wherein the determining of the multiple types of customizations for a service is performed automatically based at least in part on information specific to the service.
  - 18. The method of claim 17 wherein the determining of the multiple types of customizations for a service is further based at least in part on information about the operator of the service.
  - 19. The method of claim 11 wherein the one or more types of other customizations for at least one of the services include one or more predefined types of gathering of information from users during the sign-on process.
  - 20. The method of claim 19 wherein at least one of the predefined information gathering types includes information to be gathered from users that is configurable by a service operator.
  - 21. The method of claim 19 wherein the one or more predefined types of gathering of information from users of a service during the providing of the customized sign-on process to those users on behalf of the service include at least one of a set of one or more predefined questions to be asked such that answers from users are stored and made available to the operator of the service, and a user activity to be made available such that information regarding whether the user performs the activity is stored and made available to the operator of the service, and wherein the one or more types of other customizations for at least one of the services further include capabilities for an operator of a service to specify a set of one or more custom questions to be asked such that answers from users are stored and made available to the operator of the service.
  - 22. The method of claim 11 wherein the one or more types of other customizations for at least one of the services include one or more predefined types of delegation of authority that the service operator provide to other service via the access manager, and wherein the method further comprises, in response to each of one or more requests that are each on behalf of a service using delegated authority from another service, performing the request if the delegated authority of the request has been authorized.
  - 23. The method of claim 22 wherein the access manager provides credentials to services to represent users who have performed the customized sign-on processes for the services such that a service can use a credential representing a user to take further actions on behalf of the user, and wherein one predefined type of delegation of authority that a first service can provide to a second service is to allow the second service to use a credential representing a user that is provided to the first service in order to take one or more further actions on behalf of the user.
  - 24. The method of claim 23 wherein the credentials each have a limited period of validity such that after the period of validity a credential representing a user can no longer be used to take further actions on behalf of the user, and wherein the predefined type of delegation of authority that a first service can provide to a second service to use a credential provided to the first service is further to allow the second service to interact with the access manager to refresh the credential so as to extend the period of validity for the credential.
  - 25. The method of claim 23 wherein the credentials provided to the services are each specific to the service to which it is provided such that other services cannot use the credential, and wherein the predefined type of delegation of authority that a first service can provide to a second service to use a credential provided to the first service is further to allow the second service to interact with the access manager to clone the credential so as to obtain a copy of the credential that is specific to the second service.
  - 26. The method of claim 25 further comprising receiving a request from a second service to clone a credential representing a user that was issued to a first service, interacting with the user to obtain at least a portion of the sign-on information for the user, and issuing a cloned credential representing the user to the second service if the first service has authorized the cloning and the at least portion of the sign-on information from the user is valid.
  - 27. The method of claim 11 wherein an operator of a service has a pre-existing relationship with the access manager, and wherein the determining of the multiple types of customizations for the service is based at least in part on past experience with the service operator during the pre-existing relationship.
  - 28. The method of claim 11 wherein the one or more types of co-branding customizations of the sign-on process that are made available for one of the services include multiple predefined types of co-branding customizations.
  - 29. The method of claim 11 wherein the one or more types of co-branding customizations of the sign-on process that are made available for one of the services include at least one of a customization to allow an image selected by the operator of the one service to be displayed to users, a customization to allow text selected by the operator of the one service to be displayed to users, a customization to allow a link selected by the operator of the one service to be displayed to users, and a customization to allow addition of new functionality selected by the operator of the one service to be made available to users.
  - 30. The method of claim 11 wherein one operator of a service has multiple brands, and wherein the receiving from the one service operator of the indications of the customizations of the sign-on process for the service includes receiving one or more indications of the multiple brands and an indication of each of one or more customizations specific to one of the brands for use in the providing of the customized sign-on process on behalf of the service for that brand.
  - 31. The method of claim 11 wherein one of the operators of a service offers the service in multiple locales, and wherein the receiving from the one service operator of the indications of the customizations of the sign-on process for the service includes receiving one or more indications of the multiple locales and an indication of each of one or more customizations specific to one of the locales for use in the providing of the customized sign-on process on behalf of the service for that locale.
  - 32. The method of claim 11 wherein the customized sign-on process for one of the services contains multiple distinct groups of information to be presented at distinct times, and wherein the receiving from the operator of the one service of the indications of the customizations of the sign-on process for the service includes receiving an indication of each of one more customizations specific to one of the groups of information for use in presenting that group of information during the providing of the customized sign-on process.
  - 33. The method of claim 11 further comprising, after sign-on information has been obtained from a user during the customized sign-on process on behalf of a service, providing to the service information about the user that is distinct from the sign-on information.
  - 34. The method of claim 33 wherein the information provided to the service includes at least one of an indication of the user'"'"'s name, a persistent ID for a user that is used for the user each time that the user signs in, and an indication of one or more unsuccessful sign-on attempts by the user for the service.
  - 35. The method of claim 11 further comprising receiving an indication from at least one operator of a service to track information about actions of users of the service separate from other users, and making available to the service information about those actions of the users.
  - 36. The method of claim 35 further comprising tracking actions of the users of the service that include actions distinct from sign-on and sign-off activities.

37. A computer-readable medium whose contents cause a computing device to enable customized interactions with users, by performing a method comprising:
- receiving one or more indications of multiple types of customization that are available to a requester for use with a process involving interactions with users, the indicated customization types being identified based at least in part on information specific to the requester;
  
  providing one or more indications of one or more customizations of the sign-on process that are selected for use with the users, the selected customizations each being of one of the indicated customization types; and
  
  after each of the users successfully completes a process involving one or more interactions that are customized in accordance with the indicated customizations, receiving an indication of the successful completion of the process by the user.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 38. The computer-readable medium of claim 37 wherein the requester is an operator of a service, wherein the interactions with the users involve access to the service, and wherein the indicated customization types are identified based at least in part on information specific to the service.
  - 39. The computer-readable medium of claim 37 wherein the indicated customization types include one or more types of co-branding customizations and one or more types of other customizations.
  - 40. The computer-readable medium of claim 37 wherein the process involving interactions with users is a process of gathering indicated types of information from the users.
  - 41. The computer-readable medium of claim 37 wherein the computing system operates on behalf of a sign-on service that provides sign-on capabilities to users of multiple services, and wherein the process involving interactions with users is a process of performing sign-on of the users to the sign-on service.
  - 42. The computer-readable medium of claim 41 wherein the requester is a first service distinct from the sign-on service, and wherein the method further comprises:
    - receiving an indication that customized use of the sign-on service is requested on behalf of the first service;
      
      determining the multiple types of customization that are available for the customized sign-on process of the first service based at least in part on information specific to the service;
      
      sending the one or more indications of the multiple customization types that are received; and
      
      after receiving the provided one or more indications of the one or more selected customizations of the sign-on process, providing to each of multiple users of the first service a sign-on process on behalf of the first service that is customized in accordance with the selected customizations.
  - 43. The computer-readable medium of claim 37 wherein the process involving interactions with users includes providing one or more customized Web pages to the users.
  - 44. The computer-readable medium of claim 37 wherein the process involving interactions with users includes providing one or more customized email messages to the users.
  - 45. The computer-readable medium of claim 37 wherein the computer-readable medium is a memory of a computing device.
  - 46. The computer-readable medium of claim 37 wherein the computer-readable medium is a data transmission medium transmitting a generated data signal containing the contents.
  - 47. The computer-readable medium of claim 37 wherein the contents are instructions that when executed cause the computing device to perform the method.
  - 48. The computer-readable medium of claim 37 wherein the contents include one or more data structures for use in customizing the interactions with the users, the data structure comprising multiple entries that each correspond to one of the multiple indicated customization types and contain information comprising one or more customization options of the customization type.

49. A computing system configured to provide customizable capabilities to users of multiple services comprising:
- a memory; and
  
  a first module configured to, for each of multiple services, enable a customized process for managing access by users of the service, by determining multiple types of customization that are to be made available for use in managing a process of providing access for users of the service, the determining being based at least in part on information specific to an operator of the service; and
  
  receiving from the service operator one or more indications of one or more customizations of the access process for the users of the service, the indicated customizations each being of one of the determined types for the service, so that the access process provided to the users of the service is customized in accordance with the indicated customizations.
- View Dependent Claims (50, 51, 52, 53)
- - 50. The computing system of claim 49 further comprising a second module configured to, after receiving from a service operator one or more indications of one or more customizations of an access process for users of a service, providing to each of multiple users of the service a customized sign-on process on behalf of the service, the customized sign-on process being customized in accordance with the customizations indicated by the service operator.
  - 51. The computing system of claim 49 wherein the multiple determined types include one or more types of co-branding customizations and one or more types of other customizations.
  - 52. The computing system of claim 49 wherein the first module includes software instructions for execution in the memory of the computing system.
  - 53. The computing system of claim 49 wherein the first module consists of a means for, for each of multiple services, enabling a customized process for managing access by users of the service, by determining multiple types of customization that are to be made available for use in managing a process of providing access for users of the service, the determining being based at least in part on information specific to an operator of the service;
    - and receiving from the service operator one or more indications of one or more customizations of the access process for the users of the service, the indicated customizations each being of one of the determined types for the service, so that the access process provided to the users of the service is customized in accordance with the indicated customizations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Sirota, Peter

Granted Patent

US 7,912,762 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/8
CPC Class Codes

G06Q 10/06315   Needs-based resource requir...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 30/0201   Market modelling; Market an...

G06Q 30/0203   Market surveys; Market polls

G06Q 30/0621   Item configuration or custo...

H04L 63/06   for supporting key manageme...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Customizable sign-on service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

53 Claims

Specification

Solutions

Use Cases

Quick Links

Customizable sign-on service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

53 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links