DEVOLVED AUTHENTICATION

US 20110030043A1
Filed: 02/19/2009
Published: 02/03/2011
Est. Priority Date: 03/28/2008
Status: Active Grant

First Claim

Patent Images

1. A method of operating an authentication provisioning unit for authenticating a user to a service provider, the method comprising:

in a first stage of the method;

a) receiving credentials from a user;

b) determining whether the credentials received from the user represent a valid logon; and

if that determination is positive, thenc) generating at least one network address comprising a domain address and at least one instance parameter, the instance parameter uniquely identifying the user and the instance of generation of the network address;

d) providing the network address to the user;

e) receiving a parameter from a service provider;

f) determining whether the received parameter indicates a valid attempt to log on to the service provider by checking that the received parameter matches an instance parameter that has previously been provided to a user and that has not previously been received from a service provider; and

if that determination is positive, signalling to the service provider over a secure channel a message indicating that the received parameter represents a valid logon attempt, the message including credentials of the user to whom the instance parameter that matches the received parameter had been issued.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating a user to a service provider by means of an authentication provision unit, the method comprising: in a first stage of the method: receiving credentials from a user; determining whether the credentials received from the user represent a valid logon; and if that determination is positive: generating at least one network address comprising a domain address and at least one instance parameter, the instance parameter uniquely identifying the user and the instance of generation of the network address; and providing the network address to the user; and in a second stage of the method: receiving a parameter from a service provider; determining whether the received parameter indicates a valid attempt to log on to the service provider by checking that the received parameter matches an instance parameter that has previously been issued to a user and that has not previously been received from a service provider; and if that determination is positive: signalling to the service provider over a secure channel a message indicating that the received parameter represents a valid logon attempt, the message including credentials of the user to whom the instance parameter that matches the received parameter had been issued.

Citations

12 Claims

1. A method of operating an authentication provisioning unit for authenticating a user to a service provider, the method comprising:
- in a first stage of the method;
  
  a) receiving credentials from a user;
  
  b) determining whether the credentials received from the user represent a valid logon; and
  
  if that determination is positive, thenc) generating at least one network address comprising a domain address and at least one instance parameter, the instance parameter uniquely identifying the user and the instance of generation of the network address;
  
  d) providing the network address to the user;
  
  e) receiving a parameter from a service provider;
  
  f) determining whether the received parameter indicates a valid attempt to log on to the service provider by checking that the received parameter matches an instance parameter that has previously been provided to a user and that has not previously been received from a service provider; and
  
  if that determination is positive, signalling to the service provider over a secure channel a message indicating that the received parameter represents a valid logon attempt, the message including credentials of the user to whom the instance parameter that matches the received parameter had been issued.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as claimed in claim 1, wherein in the step of providing the network address to the user, the network address is provided to the user over a secure channel.
  - 3. A method as claimed in claim 2, wherein the secure channel over which the network address is provided is an encrypted channel.
  - 4. A method as claimed in claim 1, wherein the secure channel over which the message is signalled to the service provider is an encrypted channel.
  - 5. A method as claimed in claim 1, wherein the network address is provided to the user in the form of a web page having a link to the network address.
  - 6. A method as claimed in claim 5, wherein the instance parameter is an HTTP querystring parameter to the network address.
  - 7. A method as claimed in claim 1, wherein the step of determining whether the received parameter indicates a valid attempt to log on to the service provider comprises checking that user to whom the instance parameter that matches the received parameter had been issued has not logged off from the authentication provision unit since the instance parameter was issued.
  - 8. A method as claimed in claim 1, wherein the step of determining whether the received parameter indicates a valid attempt to log on to the service provider comprises checking that the instance parameter that matches the received parameter was issued to a user as part of a network address that included a domain address corresponding to the service provider.
  - 9. A method as claimed in claim 1, wherein a plurality of network addresses is generated and provided to the user.
  - 10. A method as claimed in claim 9, wherein the network addresses are provided to the user in the form of iconised links to the network addresses.
  - 11. A method as claimed in claim 1, wherein the instance parameter identifies the time at which it was generated and the step of determining whether the received parameter indicates a valid attempt to log on to the service provider comprises checking that the difference between the time at which the instance parameter that matches the received parameter was generated and the current time is less than a predetermined value.

12. An authentication provision unit for authenticating a user to a service provider, the authentication unit being configured to:
- a) receive credentials from a user;
  
  b) determine whether the credentials received from the user represent a valid logon; and
  
  if that determination is positive, thenc) generate at least one network address comprising a domain address and at least one instance parameter, the instance parameter uniquely identifying the user and the instance of generation of the network addressd) provide the network address to the user;
  
  e) receive a parameter from a service provider;
  
  f) determine whether the received parameter indicates a valid attempt to log on to the service provider by checking that the received parameter matches an instance parameter that has previously been provided to a user and that has not previously been received from a service provider; and
  
  if that determination is positive, signal to the service provider over a secure channel a message indicating that the received parameter represents a valid logon attempt, the message including credentials of the user to whom the instance parameter that matches the received parameter had been issued.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
Jones, James E., Herwono, Ian

Granted Patent

US 8,800,013 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/168 above the transport layer

DEVOLVED AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

DEVOLVED AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links