CLOUD SERVICE AUTHENTICATION

US 20130024919A1
Filed: 07/21/2011
Published: 01/24/2013
Est. Priority Date: 07/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method for providing access to a cloud service, comprising:

receiving a request from an application hosted by an operating system (OS) to access a cloud service;

sending a token request to an identity provider, the token request comprising at least one of an application ID identifying the application, a cloud service ID associated with the cloud service, and OS cloud credentials of a user for the operating system;

receiving a token from the identity provider based upon the identity provider verifying the token request, the token signed with an identity provider signature; and

providing the token to the application for submission to a cloud service provider for access to the cloud service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more techniques and/or systems are provided for obtaining access to a cloud service. In particular, a user may log into a client device using an operating system (OS) cloud login ID. The user may access cloud services (e.g., a music streaming service, a data storage service, etc.) through applications executing on the client device using merely the OS cloud login ID without providing additional login credentials specific to the cloud services. A client side application may request a token to access a cloud service. The token may be generated by an identity provider based upon the identity provider verifying an application ID identifying the application, a cloud service ID identifying the cloud service and/or OS cloud credentials. In this way, the application may present the token to a cloud service provider for verification to gain access to the cloud service hosted by the cloud service provider.

123 Citations

20 Claims

1. A method for providing access to a cloud service, comprising:
- receiving a request from an application hosted by an operating system (OS) to access a cloud service;
  
  sending a token request to an identity provider, the token request comprising at least one of an application ID identifying the application, a cloud service ID associated with the cloud service, and OS cloud credentials of a user for the operating system;
  
  receiving a token from the identity provider based upon the identity provider verifying the token request, the token signed with an identity provider signature; and
  
  providing the token to the application for submission to a cloud service provider for access to the cloud service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, the receiving a token signed by the identity provider comprising:
    - receiving the token based upon the identity provider determining the application is authorized to access the cloud service based upon the application ID.
  - 3. The method of claim 1, comprising:
    - facilitating submission of the token to the cloud service provider to obtain access to the cloud service, the token comprising at least one of the application ID, the cloud service ID, and a user assigned ID computed based upon the cloud service ID and a user identification associating the user with the identity provider.
  - 4. The method of claim 3, the user assigned ID comprising a user pairwise ID computed based upon a pairwise function of the cloud service ID and the user identification.
  - 5. The method of claim 1, comprising:
    - obtaining access to the cloud service based upon the cloud service provider validating the identity provider signature as a signature of the identity provider.
  - 6. The method of claim 4, comprising:
    - obtaining access to the cloud service based upon the cloud service provider determining the application is authorized to access the cloud service based upon the application ID.
  - 7. The method of claim 4, comprising:
    - providing the application with access to data associated with the user pairwise ID from the cloud service.
  - 8. The method of claim 7, comprising:
    - providing the application with access to the data without requesting login credentials specific to the cloud service.
  - 9. The method of claim 1, the OS cloud credentials associating the user with a plurality of cloud services.

10. A method for obtaining access to a cloud service, comprising:
- submitting a request for a token generated by an identity provider, the request associated with at least one of an application ID identifying an application with an operating system (OS) hosting the application, a cloud service ID associated with a cloud service, and OS cloud credentials of a user for the operating system; and
  
  receiving the token comprising at least one of an identity provider signature, the application ID, the cloud service ID, and a user assigned ID computed from the cloud service ID and a user identification associating the user with the identity provider.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, comprising:
    - submitting the token to a cloud service provider to obtain access to data associated with the user assigned ID from the cloud service.
  - 12. The method of claim 11, comprising:
    - obtaining access to the cloud service based upon the cloud service provider validating the identity provider signature as a signature of the identity provider.
  - 13. The method of claim 11, comprising:
    - obtaining access to the cloud service based upon the cloud service provider determining the application is authorized to access the cloud service based upon the application ID.
  - 14. The method of claim 11, comprising:
    - obtaining the data without submitting login credentials specific to the cloud service.

15. A system for providing access to a cloud service, comprising:
- a token provider component configured to;
  
  receive a request from an application hosted by an operating system (OS) to access a cloud service;
  
  send a token request to an identity provider, the token request comprising at least one of an application ID identifying the application, a cloud service ID associated with the cloud service, and OS cloud credentials of a user for the operating system;
  
  receive a token from the identity provider based upon the identity provider verifying the token request, the token signed with an identity provider signature; and
  
  provide the token to the application for submission to a cloud service provider for access to the cloud service.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, comprising:
    - a cloud access component configured to;
      
      facilitate submission of the token to the cloud service provider to obtain access to the cloud service, the token comprising at least one of the application ID, the cloud service ID, and a user assigned ID computed based upon the cloud service ID and a user identification associating the user with the identity provider.
  - 17. The system of claim 16, the cloud access component configured to:
    - obtain access to the cloud service based upon the cloud service provider validating the identity provider signature as a signature of the identity provider.
  - 18. The system of claim 16, the cloud access component configured to:
    - obtain access to the cloud service based upon the cloud service provider determining the application is authorized to access the cloud service based upon the application ID.
  - 19. The system of claim 16, the cloud access component configured to:
    - provide the application with access to data associated with the user assigned ID from the cloud service.
  - 20. The system of claim 19, the cloud access component configured to:
    - provide the application with access to the data without requesting login credentials specific to the cloud service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rouskov, Yordan, Wetter, Allan Edwin, Frei, Adrian, Tsang, Peter M.

Granted Patent

US 9,418,216 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

G06F 2221/2115   Third party

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

CLOUD SERVICE AUTHENTICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

123 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CLOUD SERVICE AUTHENTICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links