CREDENTIAL LINKING ACROSS MULTIPLE SERVICES

US 20150172261A1
Filed: 12/16/2013
Published: 06/18/2015
Est. Priority Date: 12/16/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a first server device and from a user device, a request to authenticate the user device for a first service using authentication credentials for a second service that is different than the first service;

providing, by the first server device, the authentication credentials to a second server device that provides the second service;

receiving, by the first server device, from the second server device, and when the authentication credentials are valid for the second service, user information relating to a user of the user device;

generating, by the first server device and in response to receiving the user information, a token that logically associates the user of the user device, the authentication credentials for the second service, and the user information; and

providing, by the first server device and to the user device, an authentication response, associated with the user information, that provides authentication of the user device for the first service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first server device may receive, from a user device, a request to authenticate the user device for a first service using authentication credentials for a second service that is different than the first service; provide the authentication credentials to a second server device that provides the second service; receive from the second server device, and when the authentication credentials are valid for the second service, user information relating to a user of the user device; and provide, to the user device, an authentication response, associated with the user information, that provides authentication of the user device for the first service.

23 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a first server device and from a user device, a request to authenticate the user device for a first service using authentication credentials for a second service that is different than the first service;
  
  providing, by the first server device, the authentication credentials to a second server device that provides the second service;
  
  receiving, by the first server device, from the second server device, and when the authentication credentials are valid for the second service, user information relating to a user of the user device;
  
  generating, by the first server device and in response to receiving the user information, a token that logically associates the user of the user device, the authentication credentials for the second service, and the user information; and
  
  providing, by the first server device and to the user device, an authentication response, associated with the user information, that provides authentication of the user device for the first service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - providing the token as part of the authentication response;
      
      receiving the token from a third server device that provides the first service; and
      
      providing the user information to the third server device to cause the third server device to provide the user device with access to the first service.
  - 3. The method of claim 2, further comprising:
    - validating the token based on receiving the token from the third server device,wherein validating the token includes;
      
      determining that the token is unexpired, ordetermining that a signature, included in the token, matches a signature inserted in the token by the first server device.
  - 4. The method of claim 2, further comprising:
    - generating an association between the authentication credentials and the token after generating the token; and
      
      identifying the token based on receiving the authentication credentials;
      
      wherein providing the token is based on identifying the token.
  - 5. The method of claim 2, wherein the authentication credentials are first authentication credentials,the method further comprising:
    - receiving, from the third server device, second authentication credentials, associated with the second service, based on providing the user information to the third server device;
      
      associating the second authentication credentials with the token;
      
      receiving the second authentication credentials from the user device;
      
      identifying the token based on receiving the second authentication credentials from the user device;
      
      providing the token to the user device based on identifying the token;
      
      receiving the token from the second server device based on providing the token; and
      
      providing the user information to the second server device to cause the second server device to provide the user device with access to the first service.
  - 6. The method of claim 1, further comprising:
    - identifying the second server device based on a format of the authentication credentials,wherein providing the authentication credentials to the second server device is based on identifying the second server device.
  - 7. The method of claim 1, wherein the second server device is one of a plurality of second server devices,wherein providing the authentication credentials includes providing the authentication credentials to the plurality of second server devices,wherein receiving the user information includes receiving the user information from the one of the plurality of second server devices when the authentication credentials are stored by the one of the plurality of second server devices.
  - 8. The method of claim 1, wherein the first service or the second service includes an account management service or a content delivery service.

9. A system comprising:
- a first server device to;
  
  receive, from a user device, a request to authenticate the user device for a first service using authentication credentials for a second service that is different than the first service;
  
  provide the authentication credentials to a second server device that provides the second service;
  
  receive from the second server device, and when the authentication credentials are valid for the second service, user information relating to a user of the user device;
  
  generate, in response to receiving the user information, a token that logically associates the user of the user device, the authentication credentials for the second service, and the user information; and
  
  provide, to the user device, an authentication response, associated with the user information, that provides authentication of the user device for the first service.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the first server device is further to:
    - provide the token as part of the authentication response;
      
      receive the token from a third server device that provides the first service; and
      
      provide the user information to the third server device to cause the third server device to provide the user device with access to the first service.
  - 11. The system of claim 10, wherein the first server device is further to:
    - validate the token based on receiving the token from the third server device,wherein when validating the token, the first server device is to;
      
      determine that the token is unexpired, ordetermine that a signature, included in the token, matches a signature inserted in the token by the first server device.
  - 12. The system of claim 10, wherein the first server device is further to:
    - generate an association between the authentication credentials and the token after generating the token; and
      
      identify the token based on receiving the authentication credentials;
      
      wherein when providing the token, the first server device is to provide the token based on identifying the token.
  - 13. The system of claim 10, wherein the authentication credentials are first authentication credentials,wherein the first server device is further to:
    - receive, from the third server device, second authentication credentials, associated with the second service, based on providing the user information to the third server device;
      
      associate the second authentication credentials with the token;
      
      receive the second authentication credentials from the user device;
      
      identify the token based on receiving the second authentication credentials from the user device;
      
      provide the token to the user device based on identifying the token;
      
      receive the token from the second server device based on providing the token; and
      
      provide the user information to the second server device to cause the second server device to provide the user device with access to the first service.
  - 14. The system of claim 9, wherein the first server device is further to:
    - identify the second server device based on a format of the authentication credentials,wherein when providing the authentication credentials to the second server device, the first server device is to provide the authentication credentials based on identifying the second server device.
  - 15. The system of claim 9, wherein the second server device is one of a plurality of second server devices,wherein when providing the authentication credentials, the first server device is to provide the authentication credentials to the plurality of second server devices,wherein when receiving the user information the first server device is to receive the user information from the one of the plurality of second server devices when the authentication credentials are stored by the one of the plurality of second server devices.

16. A system comprising:
- a first server device to;
  
  receive, from a user device, an enrollment request including user information regarding a user;
  
  authenticate an identity of the user associated with the enrollment request;
  
  generate universal credentials, for the user, based on authenticating the identity, the universal credentials including a logical association between credentials for a first service provided by a second server, credentials for a second service provided by a third server, and the identity of the user;
  
  provide, to the user device and in response to the enrollment request, an authentication response, based on the generated user credentials, that provides authentication of the user device for the first service provided by the second server device and for the second service that is different from the first service and that is provided by the third server device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the first server device is further to:
    - receive the universal credentials after generating the universal credentials;
      
      identify the user information associated with the universal credentials,wherein when providing the authentication response, the first server device is to provide the authentication response based on identifying the user information.
  - 18. The system of claim 16, wherein the first server device is further to:
    - generate a token based on generating the universal credentials;
      
      generate an association between the universal credentials and the token;
      
      receive the universal credentials from the user device after generating the association between the universal credentials and the token;
      
      identify the token associated with the universal credentials;
      
      provide, based on identifying the token, the token to the user device as part of the authentication response;
      
      receive the token from the second server device or the third server device;
      
      identify the user information associated with the token; and
      
      provide the user information to the second server device or the third server device to cause the second server device to provide the user device with access to the first service or the third server device to provide the user device with access to the second service.
  - 19. The system of claim 18, wherein the first server device is further to:
    - validate the token based on receiving the token from the second server or the third server,wherein when validating the token, the first server device is further to;
      
      determine that the token is unexpired, ordetermine that a signature, included in the token, matches a signature inserted in the token by the first server device.
  - 20. The system of claim 16, wherein when authenticating the identity of the user, the first server device is further to authenticate the identity based on responses to one or more challenge questions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Counterman, Raymond C.

Granted Patent

US 9,231,940 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

CREDENTIAL LINKING ACROSS MULTIPLE SERVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CREDENTIAL LINKING ACROSS MULTIPLE SERVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links