METHOD FOR PROVIDING ACCESS TO A SERVICE

US 20110179475A1
Filed: 10/08/2008
Published: 07/21/2011
Est. Priority Date: 10/08/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising the steps of:

receiving a request from a user for access to a service; and

sending an authentication request to an identity provider in order to obtain credentials for said user, wherein said authentication request includes details of a plurality of acceptable authentication formats for said credentials.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is described comprising a service provider and an identity provider. A user requests access to the service provider and the service provider seeks user credentials from the identity provider. In use, the service provider issues an authentication request, which request specifies details of a plurality of acceptable authentication formats. The identity provider responds to the request either by providing authentication details for said user in one of the formats specified in the request, or by returning an error message indicating that it cannot support any of the specified authentication formats.

Citations

22 Claims

1. A method comprising the steps of:
- receiving a request from a user for access to a service; and
  
  sending an authentication request to an identity provider in order to obtain credentials for said user, wherein said authentication request includes details of a plurality of acceptable authentication formats for said credentials.
- View Dependent Claims (2, 3, 21, 22)
- - 2. A method as claimed in claim 1, further comprising the step of providing the user with access to the service in the event that the identity provider provides credentials for the user in one of the plurality of acceptable formats.
  - 3. A method as claimed in claim 1, further comprising the step of said identity provider returning credentials for the user in response to the authentication request in the event that credentials for the user are available in one of the said acceptable authentication formats.
  - 21. A method as claimed in claim 1, wherein the authentication request includes details of all acceptable authentication formats for said credentials.
  - 22. A method as claimed in claim 1, wherein the plurality of acceptable authentication formats are provided in an ordered list.

4. A method comprising the steps of:
- receiving an authentication request from a service provider requesting credentials for a user, wherein the request includes details of a plurality of acceptable authentication formats for said credentials; and
  
  returning credentials for the user in response to the authentication request in the event that credentials for the user are available in one of the plurality of acceptable authentication formats.
- View Dependent Claims (5, 6, 7, 8)
- - 5. A method as claimed in claim 4, further comprising the step of considering whether credentials for a user are available in an acceptable authentication format in the order in which the plurality of acceptable authentication formats are presented in the authentication request.
  - 6. A method as claimed in claim 4, further comprising the step of returning an error message to the service provider in the event that credentials for the user are not available in any of the plurality of acceptable authentication formats.
  - 7. A method as claimed in claim 4, wherein the authentication request includes details of all acceptable authentication formats for said credentials.
  - 8. A method as claimed in claim 4, wherein the plurality of acceptable authentication formats are provided in an ordered list.

9. (canceled)

10. A service provider adapted to:
- receive a request from a user for access to a service; and
  
  send an authentication request to an identity provider in order to obtain credentials for said user, wherein said authentication request includes details of a plurality of acceptable authentication formats for said credentials.

11. An identity provider adapted to:
- receive an authentication request from a service provider requesting credentials for a user, wherein the request includes details of a plurality of acceptable authentication formats for the credentials; and
  
  return credentials for the user to the service provider in response to the request in the event that credentials for the user are available in one of the plurality of acceptable authentication formats.
- View Dependent Claims (12, 13)
- - 12. An identity provider as claimed in claim 11, wherein the identity provider is further adapted to return an error message to the service provider in the event that credentials for the user are not available in any of the plurality of acceptable authentication formats.
  - 13. An identity provider as claimed in claim 11, wherein the identity provider is adapted to consider whether user credentials are available in an acceptable authentication format in the order in which the plurality of acceptable authentication formats are presented in the authentication request.

14. (canceled)

15. A system comprising a service provider and an identity provider, wherein:
- the service provider is adapted to send an authentication request to the identity provider requesting credentials for a user in response to said user requesting access to a service provided by the service provider;
  
  the authentication request specifies a plurality of acceptable authentication formats for said credentials; and
  
  the identity provider is adapted to respond to the request by providing credentials for said user in the event that credentials for the user are available in one of the plurality of acceptable formats.

16. A computer program product adapted to:
- receive a request from a user for access to a service; and
  
  send an authentication request to an identity provider in order to obtain credentials for said user, wherein said authentication request includes details of a plurality of acceptable authentication formats for the credentials.

17. A computer program product adapted to:
- receive an authentication request from a service provider requesting credentials for a user, wherein the request includes details of a plurality of acceptable authentication formats for the credentials; and
  
  return credentials for the user in response to the request in the event that authentication details are available in one of the said plurality of acceptable authentication formats.

18. A data structure comprising an authentication request for requesting credentials for a user, which user is requesting access to a service, the authentication request including details of a plurality of acceptable authentication formats for the credentials for the user.
- View Dependent Claims (19, 20)
- - 19. A data structure as claimed in claim 18, wherein the plurality of acceptable authentication formats are presented as an ordered list.
  - 20. A data structure as claimed in claim 18 or claim 19, wherein the data structure is in an enhanced Security Assertion Markup Language format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Solutions and Networks US LLC (Nokia Corporation)
Original Assignee
Nokia Solutions and Networks US LLC (Nokia Corporation)
Inventors
Liu, Jin, Foell, Uwe

Granted Patent

US 8,739,256 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

METHOD FOR PROVIDING ACCESS TO A SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR PROVIDING ACCESS TO A SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links