AUTHENTICATION TO AN IDENTITY PROVIDER
1 Assignment
0 Petitions
Accused Products
Abstract
An arrangement for authenticating a user at a service provider is described. The arrangement makes use of the fact that a user of a mobile communication device can be readily and securely identified by a telecommunications provider and re-uses that authentication to identify the same user when accessing the service provider from a different client. The client instructs the mobile communication device to contact an identity provider at the telecommunications provider and shared secrets are exchanged between the identity provider, mobile communication device and client to confirm that the same user is at the client and the mobile communication device.
-
Citations
39 Claims
-
1-17. -17. (canceled)
-
18. A method comprising:
-
receiving, at an identity provider provided by a telecommunications network provider, a request from a client for user credentials required to access a service provider; sending an authentication request from the identity provider to the client, the authentication request including a first reference; receiving a request from a mobile communication device to identify a user at the client, the request including a second reference, wherein the mobile communication device makes use of the network provided by the telecommunication network provider and is known to an authentication server provided by the telecommunication network provider; and comparing the first and second references and, if they are the same, obtaining identification information for a user of the mobile communication device from the authentication server provided by the telecommunication network provider. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
-
26. A method comprising:
-
sending a request from a client to an identity provider requesting user credentials required to access a service provider; receiving, at the client, an authentication request from the identity provider, wherein the authentication request includes a first reference; using the client to send a request to a mobile communication device that is also being used by the user of the client to identify the client at the identity provider, wherein the identity provider is provided by a provider of a telecommunications network to the mobile communications device, and wherein the mobile communication device is known to an authentication server provided by the provider of the telecommunications network; using the mobile communication device to send a request to identify the user of the client, the request to identify the user including the first reference; comparing the reference sent to the client and the reference received from the mobile communication device; and using the identity provider to obtain identification information for the user of the mobile communication device from the authentication server in the event that the reference received at the identity provider from the mobile communication device is the same as the reference provided by the identity provider to the client. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. An apparatus, comprising:
-
a first input adapted to receive a request from a client for access to a service provider; a first output adapted to send an authentication response to the client, the authentication response including a first reference; and a second output for providing user credentials for the requested service provider to the client in the event that the first reference is the same as a second reference sent by a mobile communication device known to an authentication service associated with the identity provider. - View Dependent Claims (38)
-
-
39. A computer program product, comprising:
-
means for receiving, at an identity provider provided by a telecommunications network provider, a request from a client for user credentials required to access a service provider; means for sending an authentication request from the identity provider to the client, the authentication request including a first reference; means for receiving a request from a mobile communication device to identify a user at the client, the request including a second reference, wherein the mobile communication device makes use of the network provided by the telecommunication network provider and is known to an authentication server provided by the telecommunication network provider; and means for comparing the first and second references and, if they are the same, obtaining identification information for the user of the mobile communication device from the authentication server provided by the telecommunication network provider.
-
Specification