Methods, apparatuses and systems facilitating seamless, virtual integration of online membership models and services

US 7,337,468 B2
Filed: 02/13/2004
Issued: 02/26/2008
Est. Priority Date: 02/13/2003
Status: Active Grant

First Claim

Patent Images

1. An apparatus facilitating integration of separate online services, comprisinga session state module operative togenerate session identifiers in response to requests for a session identifier;

maintain session state information in association with the session identifiers, wherein the session state information comprises a user identifier;

a server module operative toreceive requests for session identifiers from a third-party site, wherein the third-party requests include user identifiers;

authenticate the requests for session identifiers;

access the session state module to obtain session identifiers for authenticated requests;

transmit the session identifiers to the third-party site in response to the requests for session identifiers;

receive requests from users, wherein the requests include session identifiers transmitted to the third-party sites;

control access to resources available to the users by validating the session identifiers in the requests from users against the session state information maintained by the session state module;

wherein the requests for a session identifier are transmitted indirectly via a host system corresponding to a user of the third-party site; and

wherein the requests for session identifiers include a digital signatures created with an encryption key associated with the third-party site; and

wherein the server module is operative to authenticate the requests for session identifiers by validating the digital signature.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses and systems facilitating integration of the functionality associated with a first on-line service entity with the functionality associated with a second on-line service entity. Embodiments of the present invention allow a first on-line service entity having its own membership model to efficiently collaborate with a second on-line service entity to offer its users the services of the second on-line service entity in a seamless and consistently branded manner. One implementation obviates the need for synchronization of the membership models between the first and second on-line service entities. One implementation allows the second on-line service entity to provide services to the users associated with the first on-line service entity in a seamless manner without the first on-line service entity having to proxy the session between the second on-line service entity and the users.

94 Citations

View as Search Results

15 Claims

1. An apparatus facilitating integration of separate online services, comprisinga session state module operative togenerate session identifiers in response to requests for a session identifier;
- maintain session state information in association with the session identifiers, wherein the session state information comprises a user identifier;
  
  a server module operative toreceive requests for session identifiers from a third-party site, wherein the third-party requests include user identifiers;
  
  authenticate the requests for session identifiers;
  
  access the session state module to obtain session identifiers for authenticated requests;
  
  transmit the session identifiers to the third-party site in response to the requests for session identifiers;
  
  receive requests from users, wherein the requests include session identifiers transmitted to the third-party sites;
  
  control access to resources available to the users by validating the session identifiers in the requests from users against the session state information maintained by the session state module;
  
  wherein the requests for a session identifier are transmitted indirectly via a host system corresponding to a user of the third-party site; and
  
  wherein the requests for session identifiers include a digital signatures created with an encryption key associated with the third-party site; and
  
  wherein the server module is operative to authenticate the requests for session identifiers by validating the digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1 further comprisingan application module operative to provide an application service to at least one user;
    - and wherein the server module is operative to control access to the application module.
  - 3. The apparatus of claim 1 wherein the requests for session identifiers include a digital signatures created with an encryption key associated with the third-party site;
    - and wherein the server module is operative to authenticate the requests for session identifiers by validating the digital signature.
  - 4. The apparatus of claim 1 wherein the requests for a session identifier are encrypted;
    - and wherein the server module is further operative to decrypt the requests for a session identifier.
  - 5. The apparatus of claim 4 wherein the requests for a session identifier are encrypted;
    - and wherein the server module is further operative to decrypt the requests for a session identifier if the digital signature of the third-party web site is valid.
  - 6. The apparatus of claim 1 wherein the requests for a session identifier further comprise a third-party site identifier, and wherein the state information maintained by state management module further comprises the third-party site identifier.
  - 7. The apparatus of claim 1 wherein the requests for a session identifier are transmitted directly by the third-party site.
  - 8. The apparatus of claim 1 wherein the requests for a session identifier are encrypted;
    - and wherein the server module is further operative to decrypt the requests for a session identifier.
  - 9. The apparatus of claim 1 wherein the requests for a session identifier are encrypted;
    - and wherein the server module is further operative to decrypt the requests for a session identifier if the digital signature of the third-party web site is valid.

10. A method facilitating integration of separate online services, comprisingreceiving, at a server, a request for a session identifier from a third-party site, wherein the request includes a user identifier and a third-party site identifier;
- validating the request for a session identifier;
  
  if the request for a session identifier is valid, creating a session and a session identifier in a session state database;
  
  returning the session identifier to the third-party web sites;
  
  receiving a request from a host system corresponding to a user, the request including the session identifier returned to the third-party web site;
  
  verifying the session identifier against the session information maintained in the session state database; and
  
  allowing the user access to functionality available through the server, if the session identifier is valid wherein allowing the user access comprises creating a user account corresponding to the user, wherein the user account is tagged with the third party site identifier.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10 wherein the session is represented in a data structure stored on a computer readable medium, and wherein the information associated with the session includes the user identifier and the session identifier.
  - 12. The method of claim 10 wherein the request for a session identifier includes a digital signature created with an encryption key associated with the third-party web site;
    - and wherein the validating step comprises validating the digital signature.
  - 13. The method of claim 10 wherein the request for a session identifier is encrypted;
    - and wherein the method further comprises decrypting the request for a session identifier.
  - 14. The method of claim 12 wherein the request for a session identifier is encrypted;
    - and wherein the method further comprises decrypting the request for a session identifier if the digital signature of the third-party web site is valid.
  - 15. The method of claim 10 further comprisingreceiving a request from a host system corresponding to a user, the request including the session identifier returned to the third-party web site;
    - verifying the session identifier against the session information maintained in the session state database;
      
      allowing the user access to functionality available through the server, if the session identifier is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Transunion Interactive, Inc. (TransUnion Corporation)
Original Assignee
Truelink, Inc.
Inventors
Metzger, Scott
Primary Examiner(s)
Barrón, Jr.; Gilberto
Assistant Examiner(s)
KIM, JUNG W

Application Number

US10/778,532
Publication Number

US 20040162986A1
Time in Patent Office

1,474 Days
Field of Search

726 5- 6, 713/185
US Class Current

726/6
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 67/14   Session management for real...

Methods, apparatuses and systems facilitating seamless, virtual integration of online membership models and services

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, apparatuses and systems facilitating seamless, virtual integration of online membership models and services

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links