SYSTEM AND METHODS FOR USER AUTHENTICATION ACROSS MULTIPLE DOMAINS

US 20160241536A1
Filed: 02/11/2016
Published: 08/18/2016
Est. Priority Date: 02/13/2015
Status: Abandoned Application

First Claim

Patent Images

1. A system to support cross-domain user authentication, comprising:

a first authentication agent associated with a first website/domain, which in operation, is configured tosend a request for additional authentication information for a user attempting to login to the first website/domain to an authentication platform;

return the additional authentication information provided to and entered by the user at the first website/domain to the authentication platform for verification;

provide a signed cookie of authentication state of the user to a second web site/domain when the user is redirected to the second website/domain;

a second authentication agent associated with said second website/domain, which in operation, is configured toparse the signed cookie for the additional authentication information and provide the additional authentication information to the authentication platform for verification;

said authentication platform running on a computing unit, which in operation, is configured tocreate and return the signed cookie to be stored at the first website/domain once the additional authentication information received from the first website/domain is verified;

verify the additional authentication information from the second website/domain and allow the user to access the second website/domain without entering any additional authentication information once verified.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A new approach is proposed that contemplates systems and methods to support verification of a user'"'"'s authentication information across multiple websites/domains owned and/or operated by different entities, which share users during a single session. When the user attempts to login to a first website/domain, he/she is required to provide authentication information in addition to user-id/password. An authentication platform is configured to generate and communicate the additional authentication information to the user and verify the additional authentication information the user provided to the first website/domain. When the user later attempts to access a second/unrelated website/domain, the verified additional authentication information is provided by the first website/domain to the second website/domain in the form of a signed cookie. The second website/domain parses the cookie and provides the additional authentication information to the authentication platform for verification without requiring the user to input it again at the second website/domain.

28 Citations

View as Search Results

26 Claims

1. A system to support cross-domain user authentication, comprising:
- a first authentication agent associated with a first website/domain, which in operation, is configured tosend a request for additional authentication information for a user attempting to login to the first website/domain to an authentication platform;
  
  return the additional authentication information provided to and entered by the user at the first website/domain to the authentication platform for verification;
  
  provide a signed cookie of authentication state of the user to a second web site/domain when the user is redirected to the second website/domain;
  
  a second authentication agent associated with said second website/domain, which in operation, is configured toparse the signed cookie for the additional authentication information and provide the additional authentication information to the authentication platform for verification;
  
  said authentication platform running on a computing unit, which in operation, is configured tocreate and return the signed cookie to be stored at the first website/domain once the additional authentication information received from the first website/domain is verified;
  
  verify the additional authentication information from the second website/domain and allow the user to access the second website/domain without entering any additional authentication information once verified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, wherein:
    - the additional authentication information is a Multi-factor Authentication (MFA) code.
  - 3. The system of claim 1, wherein:
    - the user is required to enter the additional authentication information only once.
  - 4. The system of claim 1, wherein:
    - the first authentication agent is configured toprompt the user to enter the additional authentication information on the first website/domain;
      
      ask the user for his/her preferred way to receive the additional authentication information.
  - 5. The system of claim 4, wherein:
    - the authentication platform is configured to generate the additional authentication information and provide it to the user via his/her preferred way of communication as specified in the request.
  - 6. The system of claim 1, wherein:
    - the first authentication agent is configured to send the request by invoking an Application Program Interface (API) provided by the authentication platform as part of an authentication service.
  - 7. The system of claim 1, wherein:
    - the first authentication agent is configured to return the additional authentication information to the authentication platform via an API call.
  - 8. The system of claim 7, wherein:
    - the authentication platform is configured to return the signed cookie as one of the returning parameters/payload of the API call.
  - 9. The system of claim 1, wherein:
    - the authentication platform is configured to verify and authenticate the user at the first website/domain by comparing the received information with the additional authentication information it provided to the user.
  - 10. The system of claim 1, wherein:
    - the cookie is cryptographically signed so that its content cannot be tampered with without breaking the signature.
  - 11. The system of claim 1, wherein:
    - the signed cookie is not domain-specific and is accessible by a website/domain other than the first website/domain.
  - 12. The system of claim 1, wherein:
    - the first authentication agent is configured to include the signed cookie as a parameter of the redirect link/URL.
  - 13. The system of claim 1, wherein:
    - the first website/domain also includes the authentication platform, wherein the first website/domain is configured toallow the user to directly verify and authenticate him/herself on its web site;
      
      allow the second website/domain to make use of the authentication platform on the first website/domain via an API to authenticate the user on the second web site/domain as well.
  - 14. The system of claim 1, wherein:
    - the second website/domain also includes the authentication platform, wherein the first authentication agent is configured toauthenticate the user by invoking an API call to the authentication platform at the second website/domain;
      
      store the signed cookie for the user and include the signed cookie as a GET parameter in the redirect HTTP request when the user is later redirected to the second website/domain.

15. A computer-implemented method to support cross-domain user authentication, comprising:
- sending a request for additional authentication information for a user attempting to login to a first website/domain to an authentication platform;
  
  returning the additional authentication information provided to and entered by the user at the first website/domain to the authentication platform for verification;
  
  creating and returning a signed cookie of authentication state of the user to be stored at the first website/domain once the additional authentication information received from the first website/domain is verified;
  
  providing the signed cookie to a second website/domain when the user is redirected to the second website/domain;
  
  parsing the signed cookie for the additional authentication information and providing the additional authentication information to the authentication platform for verification;
  
  verifying the additional authentication information from the second website/domain by the authentication platform and allowing the user to access the second website/domain without entering any additional authentication information once verified.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 16. The computer-implemented method of claim 15, wherein:
    - the user is required to enter the additional authentication information only once.
  - 17. The computer-implemented method of claim 15, wherein:
    - the signed cookie is not domain-specific and is accessible by a website/domain other than the first website/domain.
  - 18. The computer-implemented method of claim 15, further comprising:
    - prompting the user to enter the additional authentication information on the first web site/domain;
      
      asking the user for his/her preferred way to receive the additional authentication information.
  - 19. The computer-implemented method of claim 18, further comprising:
    - generating the additional authentication information and provide it to the user via his/her preferred way of communication as specified in the request.
  - 20. The computer-implemented method of claim 15, further comprising:
    - sending the request by invoking an Application Program Interface (API) provided by the authentication platform as part of an authentication service.
  - 21. The computer-implemented method of claim 15, further comprising:
    - returning the additional authentication information to the authentication platform via an API call;
      
      returning the signed cookie as one of the returning parameters/payload of the API call.
  - 22. The computer-implemented method of claim 15, further comprising:
    - verifying and authenticating the user at the first website/domain by comparing the received information with the additional authentication information it provided to the user.
  - 23. The computer-implemented method of claim 15, further comprising:
    - cryptographically signing the cookie so that its content cannot be tampered with without breaking the signature.
  - 24. The computer-implemented method of claim 15, further comprising:
    - including the signed cookie as a parameter of the redirect link/URL.
  - 25. The computer-implemented method of claim 15, further comprising:
    - including the authentication platform with the first website/domain, wherein the first website/domain is configured toallow the user to directly verify and authenticate him/herself on its website;
      
      allow the second website/domain to make use of the authentication platform on the first website/domain via an API to authenticate the user on the second web site/domain as well.
  - 26. The computer-implemented method of claim 15, further comprising:
    - including the authentication platform with the second website/domain, wherein the first website/domain is configured toauthenticate the user by invoking an API call to the authentication platform at the second website/domain;
      
      store the signed cookie for the user and include the signed cookie as a GET parameter in the redirect HTTP request when the user is later redirected to the second website/domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WePay, Inc. (JP Morgan Chase & Co)
Original Assignee
WePay, Inc. (JP Morgan Chase & Co)
Inventors
Parman, Ryan, LeBlanc, Andrew, Lin, Amy, Ramos, Facundo, Patil, Vasusen, Zarmer, Craig Lee

Application Number

US15/042,104
Publication Number

US 20160241536A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 21/64   Protecting data integrity, ...

H04L 63/0815   providing single-sign-on or...

H04L 67/02   based on web technology, e....

SYSTEM AND METHODS FOR USER AUTHENTICATION ACROSS MULTIPLE DOMAINS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHODS FOR USER AUTHENTICATION ACROSS MULTIPLE DOMAINS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others