SYSTEM AND METHOD FOR POOL-BASED IDENTITY AUTHENTICATION FOR SERVICE ACCESS WITHOUT USE OF STORED CREDENTIALS

US 20090288149A1
Filed: 05/13/2008
Published: 11/19/2009
Est. Priority Date: 05/13/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing provisioning information for storage in a provisioning repository;

receiving a service request from a service consumer, the service request including requestor identifying information;

generating an authentication request to send to an authentication authority, the authentication request including requestor identifying information;

receiving validation of an authenticated service request from the authentication authority; and

providing the requested service to the service consumer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented system and method for pool-based identity authentication for service access without use of stored credentials is disclosed. The method in an example embodiment includes providing provisioning information for storage in a provisioning repository; receiving a service request from a service consumer, the service request including requester identifying information; generating an authentication request to send to an authentication authority, the authentication request including requester identifying information; receiving validation of an authenticated service request from the authentication authority; and providing the requested service to the service consumer.

26 Citations

View as Search Results

21 Claims

1. A method comprising:
- providing provisioning information for storage in a provisioning repository;
  
  receiving a service request from a service consumer, the service request including requestor identifying information;
  
  generating an authentication request to send to an authentication authority, the authentication request including requestor identifying information;
  
  receiving validation of an authenticated service request from the authentication authority; and
  
  providing the requested service to the service consumer.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as claimed in claim 1 including verifying the requestor identifying information using independently verifiable data corresponding to a service consumer.
  - 3. The method as claimed in claim 2 wherein the independently verifiable data includes an IP address of the service consumer.
  - 4. The method as claimed in claim 1 wherein the requestor identifying information includes an IP address of the service consumer.
  - 5. The method as claimed in claim 1 wherein the service request is sent using a protocol compatible with the security assertion markup language (SAML).
  - 6. The method as claimed in claim 1 wherein providing provisioning information is performed at initial system/service deployment time.
  - 7. The method as claimed in claim 1 including comparing the provisioning information with the requestor identifying information.

8. A method comprising:
- providing provisioning information for storage in a provisioning repository;
  
  receiving an authentication request from a service provider, the authentication request including service request and requestor identifying information that identifies a service consumer that requested a service;
  
  matching the service request and requestor identifying information with the provisioning information stored in the provisioning repository; and
  
  sending validation of an authenticated service request to the service provider.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method as claimed in claim 8 including verifying the requestor identifying information using independently verifiable data corresponding to a service consumer.
  - 10. The method as claimed in claim 9 wherein the independently verifiable data includes an IP address of the service consumer.
  - 11. The method as claimed in claim 8 wherein the requestor identifying information includes an IP address of the service consumer.
  - 12. The method as claimed in claim 8 wherein the authentication request is sent using a protocol compatible with the security assertion markup language (SAML).
  - 13. The method as claimed in claim 8 wherein providing provisioning information is performed at initial system/service deployment time.

14. A pool-based identity authentication apparatus for service access comprising:
- a provisioning repository for storing provisioning information; and
  
  a service provider to receive a service request from a service consumer, the service request including requestor identifying information;
  
  to generate an authentication request to send to an authentication authority, the authentication request including requestor identifying information;
  
  to receive validation of an authenticated service request from the authentication authority; and
  
  to provide the requested service to the service consumer.
- View Dependent Claims (15, 16, 17)
- - 15. The pool-based identity authentication apparatus as claimed in claim 14 wherein the service provider being further configured to verify the requestor identifying information using independently verifiable data corresponding to a service consumer.
  - 16. The pool-based identity authentication apparatus as claimed in claim 15 wherein the independently verifiable data includes an IP address of the service consumer.
  - 17. The pool-based identity authentication apparatus as claimed in claim 14 wherein the requestor identifying information includes an IP address of the service consumer.

18. A pool-based identity authentication apparatus for service access comprising:
- a provisioning repository for storing provisioning information; and
  
  an authentication authority to receive an authentication request from a service provider, the authentication request including service request and requester identifying information that identifies a service consumer that requested a service;
  
  to match the service request and requestor identifying information with the provisioning information stored in the provisioning repository; and
  
  to send validation of an authenticated service request to the service provider.
- View Dependent Claims (19, 20, 21)
- - 19. The pool-based identity authentication apparatus as claimed in claim 18 wherein the authentication authority being further configured to verify the requestor identifying information using independently verifiable data corresponding to a service consumer.
  - 20. The pool-based identity authentication apparatus as claimed in claim 19 wherein the independently verifiable data includes an IP address of the service consumer.
  - 21. The pool-based identity authentication apparatus as claimed in claim 18 wherein the requestor identifying information includes an IP address of the service consumer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
eBay Inc.
Inventors
Kolluru, Raju Venkata, Kleinpeter, Michael Dean

Granted Patent

US 8,132,238 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 9/321   involving a third party or ...

SYSTEM AND METHOD FOR POOL-BASED IDENTITY AUTHENTICATION FOR SERVICE ACCESS WITHOUT USE OF STORED CREDENTIALS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR POOL-BASED IDENTITY AUTHENTICATION FOR SERVICE ACCESS WITHOUT USE OF STORED CREDENTIALS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others