×

Method and apparatus for handling user identities under single sign-on services

  • US 7,296,290 B2
  • Filed: 02/28/2003
  • Issued: 11/13/2007
  • Est. Priority Date: 02/28/2002
  • Status: Active Grant
First Claim
Patent Images

1. A method of handling and correlating a plurality of user-identities for a user having a plurality of local user-identities utilized to access a plurality of Service Providers, said method providing Single Sign-On services to the user when accessing a selected Service Provider from the plurality of Service Providers, the method comprising the steps of:

  • authenticating the user at an Authentication Provider with a user-identity used for authentication purposes;

    providing the user with a token as proof that the user has already been authenticated by the Authentication Provider;

    attempting a first access by the user at the selected Service Provider, said attempting step including presenting the token to the selected Service Provider along with a local user-identity valid for the selected Service Provider;

    assigning at the Authentication Provider, a temporary alias-identity to the user to be utilized for a subsequent access of the user at the selected Service Provider identified by a given Service Provider identifier;

    respectively linking the user-identity used for authentication purposes and the assigned alias-identity at the Authentication Provider and the local user-identity and the assigned alias-identity at the selected Service Provider, both Providers sharing and uniquely exchanging the alias-identity to identify the user at respective sites, said linking being performed on a permanent basis if allowed by the user or on a temporary basis if not allowed by the user;

    providing the user with access by the selected Service Provider based on the shared alias-identity;

    determining at a later time, that the user is attempting a subsequent access at the selected Service Provider; and

    identifying the user by the shared alias-identity and providing access, if permanent linking was allowed by the user;

    orrepeating the steps of assigning a temporary alias-identity, linking on a temporary basis, and providing access, if permanent linking was not allowed by the user.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×