AUTHENTICATION TO AN IDENTITY PROVIDER

US 20110289573A1
Filed: 02/05/2010
Published: 11/24/2011
Est. Priority Date: 02/19/2009
Status: Active Grant

First Claim

Patent Images

1-17. -17. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An arrangement for authenticating a user at a service provider is described. The arrangement makes use of the fact that a user of a mobile communication device can be readily and securely identified by a telecommunications provider and re-uses that authentication to identify the same user when accessing the service provider from a different client. The client instructs the mobile communication device to contact an identity provider at the telecommunications provider and shared secrets are exchanged between the identity provider, mobile communication device and client to confirm that the same user is at the client and the mobile communication device.

41 Citations

View as Search Results

39 Claims

1-17. -17. (canceled)

18. A method comprising:
- receiving, at an identity provider provided by a telecommunications network provider, a request from a client for user credentials required to access a service provider;
  
  sending an authentication request from the identity provider to the client, the authentication request including a first reference;
  
  receiving a request from a mobile communication device to identify a user at the client, the request including a second reference, wherein the mobile communication device makes use of the network provided by the telecommunication network provider and is known to an authentication server provided by the telecommunication network provider; and
  
  comparing the first and second references and, if they are the same, obtaining identification information for a user of the mobile communication device from the authentication server provided by the telecommunication network provider.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. A method as claimed in claim 18, wherein the first reference is encoded as a telephone number.
  - 20. A method as claimed in claim 18, wherein the second reference is received as a DTMF sequence.
  - 21. A method as claimed in claim 18, wherein the comparing of the reference sent to the client and the reference received from the mobile communication device is carried out at the identity provider.
  - 22. A method as claimed in claim 18, wherein the identity provider provides the requested user credentials required to access the service provider on the basis of the identification information obtained from the authentication server.
  - 23. A method as claimed in claim 18, further comprising forwarding the requested user credentials to the client.
  - 24. A method as claimed in claim 23, wherein the user credentials are forwarded to the client in response to a second request from the client.
  - 25. A method as claimed in claim 24, wherein the second request includes the first reference.

26. A method comprising:
- sending a request from a client to an identity provider requesting user credentials required to access a service provider;
  
  receiving, at the client, an authentication request from the identity provider, wherein the authentication request includes a first reference;
  
  using the client to send a request to a mobile communication device that is also being used by the user of the client to identify the client at the identity provider, wherein the identity provider is provided by a provider of a telecommunications network to the mobile communications device, and wherein the mobile communication device is known to an authentication server provided by the provider of the telecommunications network;
  
  using the mobile communication device to send a request to identify the user of the client, the request to identify the user including the first reference;
  
  comparing the reference sent to the client and the reference received from the mobile communication device; and
  
  using the identity provider to obtain identification information for the user of the mobile communication device from the authentication server in the event that the reference received at the identity provider from the mobile communication device is the same as the reference provided by the identity provider to the client.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 27. A method as claimed in claim 26, wherein the request sent from the client to the mobile communication device is sent via a direct local connection.
  - 28. A method as claimed in claim 26, wherein the request sent from the client to the mobile communication device is sent via a wireless connection.
  - 29. A method as claimed in claim 26, wherein the first reference includes a URL that is included in the request sent from the client to the mobile communication device.
  - 30. A method as claimed in claim 26, wherein the first reference is encoded as a telephone number.
  - 31. A method as claimed in claim 26, wherein the second reference is received as a DTMF sequence.
  - 32. A method as claimed in claim 26, wherein the comparing of the reference sent to the client and the reference received from the mobile communication device is carried out at the identity provider.
  - 33. A method as claimed in claim 26, wherein the identity provider provides the requested user credentials required to access the service provider on the basis of the identification information obtained from the authentication server.
  - 34. A method as claimed in claim 26, further comprising forwarding the requested user credentials to the client.
  - 35. A method as claimed in claim 34, wherein the user credentials are forwarded to the client in response to a second request from the client.
  - 36. A method as claimed in claim 35, wherein the second request includes the first reference.

37. An apparatus, comprising:
- a first input adapted to receive a request from a client for access to a service provider;
  
  a first output adapted to send an authentication response to the client, the authentication response including a first reference; and
  
  a second output for providing user credentials for the requested service provider to the client in the event that the first reference is the same as a second reference sent by a mobile communication device known to an authentication service associated with the identity provider.
- View Dependent Claims (38)
- - 38. An apparatus as claimed in claim 37, further comprising a second input for receiving a request from the mobile communication device to identify the user at the client, the request including the second reference.

39. A computer program product, comprising:
- means for receiving, at an identity provider provided by a telecommunications network provider, a request from a client for user credentials required to access a service provider;
  
  means for sending an authentication request from the identity provider to the client, the authentication request including a first reference;
  
  means for receiving a request from a mobile communication device to identify a user at the client, the request including a second reference, wherein the mobile communication device makes use of the network provided by the telecommunication network provider and is known to an authentication server provided by the telecommunication network provider; and
  
  means for comparing the first and second references and, if they are the same, obtaining identification information for the user of the mobile communication device from the authentication server provided by the telecommunication network provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Solutions and Networks US LLC (Nokia Corporation)
Original Assignee
Nokia Solutions and Networks US LLC (Nokia Corporation)
Inventors
Marton, Gabor, Bauer-Hermann, Markus, Seidl, Robert

Granted Patent

US 8,806,596 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

AUTHENTICATION TO AN IDENTITY PROVIDER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION TO AN IDENTITY PROVIDER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links