METHOD AND APPARATUS FOR IDENTITY FEDERATION GATEWAY

US 20110209202A1
Filed: 02/19/2010
Published: 08/25/2011
Est. Priority Date: 02/19/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising facilitating access, including granting access rights, to an interface to allow access to a service via a network, the service comprising:

determining whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party;

if the user is to be identified by the different party, then causing the different party to provide identification data that indicates an identity for the user; and

if the data indicates that the user is successfully identified, then causing user credentials data based on the identification data to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for an ID federation gateway include determining whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party. The service also comprises causing the different party to provide identification data that indicates an identity for the user, if the user is to be identified by the different party. The method further comprises causing user credentials data, based on the identification data, to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user, if the data indicates that the user is successfully identified.

78 Citations

View as Search Results

20 Claims

1. A method comprising facilitating access, including granting access rights, to an interface to allow access to a service via a network, the service comprising:
- determining whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party;
  
  if the user is to be identified by the different party, then causing the different party to provide identification data that indicates an identity for the user; and
  
  if the data indicates that the user is successfully identified, then causing user credentials data based on the identification data to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method of claim 1, wherein determining whether the user is to be identified by the provider further comprises:
    - determining user equipment associated with identification by the different party;
      
      determining when the user equipment connects to the network; and
      
      if the user equipment connects to the network, then causing provisioning data that indicates the different party to be sent to the user equipment such that the provisioning data is included in the request for the particular service.
  - 3. A method of claim 2, wherein determining when the user equipment connects to the network further comprises:
    - causing an initial message directed to the authentication process of the provider to be diverted away from the authentication process; and
      
      ,parsing the initial message to determine the user equipment.
  - 4. A method of claim 1, wherein the different party is a network access provider.
  - 5. A method of claim 1, wherein causing the different party to provide identification data that indicates the identity for the user further comprises:
    - forming a redirected request that is redirected to the different party and includes a separate redirect of a response from the different party to the service; and
      
      causing the redirected request to be sent to the user equipment.
  - 6. A method of claim 5, wherein causing the different party to provide identification data that indicates the identity for the user further comprises receiving the identification data in response to sending to the user equipment a redirected request that is redirected to the different party.
  - 7. A method of claim 1, wherein causing the different party to provide identification data that indicates the identity for the user further comprises:
    - causing to be sent, to the user equipment, a user interface that presents prompts for input from a user for the different party to identify the user; and
      
      ,causing to be sent, to the different party, data based on user responses to the prompts of the user interface.
  - 8. A method of claim 7, wherein causing the different party to provide identification data that indicates the identity for the user further comprises receiving the identification data in response to sending to the different party the data based on user responses.

9. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following;
  
  determine whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party;
  
  if the user is to be identified by the different party, then cause the different party to provide identification data that indicates an identity for the user; and
  
  if the data indicates that the user is successfully identified, then cause user credentials data based on the identification data to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. An apparatus of claim 9, wherein to determine whether the user is to be identified by the provider further comprises:
    - determine user equipment associated with identification by the different party;
      
      determine when the user equipment connects to the network; and
      
      if the user equipment connects to the network, then cause provisioning data that indicates the different party to be sent to the user equipment such that the provisioning data is included in the request for the particular service.
  - 11. An apparatus of claim 10, wherein to determine when the user equipment connects to the network further comprises:
    - cause an initial message directed to the authentication process of the provider to be diverted away from the authentication process; and
      
      ,parse the initial message to determine the user equipment.
  - 12. An apparatus of claim 9, wherein the different party is a network access provider.
  - 13. An apparatus of claim 9, wherein to cause the different party to provide identification data that indicates the identity for the user further comprises:
    - form a redirected request that is redirected to the different party and includes a separate redirect of a response from the different part to the apparatus; and
      
      cause the redirected request to be sent to the user equipment.
  - 14. An apparatus of claim 9, wherein to cause the different party to provide identification data that indicates the identity for the user further comprises:
    - cause to be sent, to the user equipment, a user interface that presents prompts for input from a user for the different party to identify the user; and
      
      ,cause to be sent, to the different party, data based on user responses to the prompts of the user interface.
  - 15. An apparatus of claim 10, wherein the user equipment is a mobile phone further comprising:
    - user interface circuitry and user interface software configured to facilitate user control of at least some functions of the mobile phone through use of a display and configured to respond to user input; and
      
      a display and display circuitry configured to display at least a portion of a user interface of the mobile phone, the display and display circuitry configured to facilitate user control of at least some functions of the mobile phone.

16. A computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause an apparatus to at least perform the following steps:
- determine whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party;
  
  if the user is to be identified by the different party, then cause the different party to provide identification data that indicates an identity for the user; and
  
  if the data indicates that the user is successfully identified, then cause user credentials data based on the identification data to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user.
- View Dependent Claims (17, 18, 19, 20)
- - 17. A computer-readable storage medium of claim 16, wherein to determine whether the user is to be identified by the provider further comprises:
    - determine user equipment associated with identification by the different party;
      
      determine when the user equipment connects to the network; and
      
      if the user equipment connects to the network, then cause provisioning data that indicates the different party to be sent to the user equipment such that the provisioning data is included in the request for the particular service.
  - 18. A computer-readable storage medium of claim 16, wherein the different party is a network access provider.
  - 19. A computer-readable storage medium of claim 16, wherein to cause the different party to provide identification data that indicates the identity for the user further comprises:
    - form a redirected request that is redirected to the different party and includes a separate redirect of a response from the different part to the apparatus; and
      
      cause the redirected request to be sent to the user equipment.
  - 20. A computer-readable storage medium of claim 16, wherein to cause the different party to provide identification data that indicates the identity for the user further comprises:
    - cause to be sent, to the user equipment, a user interface that presents prompts for input from a user for the different party to identify the user; and
      
      ,cause to be sent, to the different party, data based on user responses to the prompts of the user interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Otranen, Jari

Granted Patent

US 8,984,588 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 2209/80   Wireless network architectu...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

H04L 9/3213   using tickets or tokens, e....

H04L 9/3271   using challenge-response

METHOD AND APPARATUS FOR IDENTITY FEDERATION GATEWAY

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR IDENTITY FEDERATION GATEWAY

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links