TRUSTED THIRD PARTY CLIENT AUTHENTICATION
First Claim
1. A computer-implemented method comprising:
- receiving, at a video service provider system, a request for an online video session from a third party device with a security markup assertion language (SAML) token as an input, wherein the SAML token is encrypted for the video service provider system and signed by a third party security token service (STS) device, and the third party device is associated with a third party user account;
decrypting a SAML assertion in the SAML token with a private key associated with the video service provider system;
validating the SAML assertion based on a third party public key associated with the third party STS device;
retrieving a third party account user identifier and a device type;
identifying a link time based on the third party account user identifier, wherein the link time is a time that the third party user account was linked with a service provider user account associated with the video service provider system;
identifying a password change time (PCT) stamp associated with the service provider user account; and
providing the online video session to the third party device in response to determining that the PCT stamp is not later than the link time.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes receiving, at a video service provider system, a request for an online video session from a third party device with a security markup assertion language (SAML) token as an input, decrypting a SAML assertion in the SAML token with a private key associated with the video service provider system, validating the SAML assertion based on a third party public key associated with the third party STS, and retrieving a third party account user identifier and a device type. The method also includes identifying a link time based on the third party account user identifier, identifying a password change time (PCT) stamp associated with the service provider user account, and providing the online video session to the third party device in response to determining that the PCT stamp is not later than the link time.
37 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, at a video service provider system, a request for an online video session from a third party device with a security markup assertion language (SAML) token as an input, wherein the SAML token is encrypted for the video service provider system and signed by a third party security token service (STS) device, and the third party device is associated with a third party user account; decrypting a SAML assertion in the SAML token with a private key associated with the video service provider system; validating the SAML assertion based on a third party public key associated with the third party STS device; retrieving a third party account user identifier and a device type; identifying a link time based on the third party account user identifier, wherein the link time is a time that the third party user account was linked with a service provider user account associated with the video service provider system; identifying a password change time (PCT) stamp associated with the service provider user account; and providing the online video session to the third party device in response to determining that the PCT stamp is not later than the link time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method comprising:
-
sending, from a third party device, a simple object access protocol (SOAP) web services (WS) trust request including service provider login credentials associated with a service provider user account to a partner identity (ID) STS device, wherein the partner ID STS device is associated with a partner entity of a service provider entity that manages a video service provider system; receiving a SOAP response including an SAML assertion signed by the partner ID STS device and encrypted for a partner federated STS (FSTS) device after the partner ID STS device validates the service provider login credentials; sending a request for an online video session to the video service provider system; and receiving a success response and a session cookie. - View Dependent Claims (11, 12, 13)
-
-
14. A video service provider device, comprising:
-
a memory to store a plurality of instructions; and a processor configured to execute instructions in the memory to; receive a request for an online video session from a third party device, wherein the request for an online video session includes a security markup assertion language (SAML) assertion signed by a partner identity (ID) security token service (STS) device and encrypted for a partner federated STS (FSTS) device; send a simple object access protocol (SOAP) web services (WS) trust request including the SAML assertion signed by the partner ID STS device and encrypted for the partner FSTS device to the partner FSTS device; receive a SAML response from the partner FSTS device, wherein the SAML response includes the SAML assertion; decrypt the SAML assertion with a private key associated with the video service provider device; validate the SAML assertion based on a third party public key associated with a third party STS device; retrieve a party account number associated with a third party account; create the online video session; associate the online video session with the party account number; and send a success response with a session cookie to the third party device. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A system, comprising:
-
a third party security token service (STS) device that provides security tokens associated with a third party entity; and a video service provider system that provides an online video service and is associated with a service provider entity; and wherein the third party STS device is configured to receive a simple object access protocol (SOAP) web services (WS) trust request for a security markup assertion language (SAML) token with a third party authorization token from a third party device, wherein the third party device is associated with a third party user account and a third party entity; and validate the authorization token and provide a SOAP response including a requested SAML token signed by the third party STS device and encrypted for the video service provider system; and wherein the video service provider system is configured to receive a request for an online video session from the third party device; and return a success response and a session cookie to the third party device if the video service provider system determines that the third party user account is associated with a currently linked service provider user account. - View Dependent Claims (20)
-
Specification