Multiple credentials in a distributed system
First Claim
1. In a system including a service that is accessed by a user from one or more devices with varying input capabilities, a method for associating multiple credentials with a single user account such that the user may be authenticated with any one of the multiple credentials, the method comprising an authentication system performing acts of:
- receiving an authentication request at the authentication system from a desktop computer, wherein the authentication request includes a first set of credentials of the user, the first set of credentials comprising a username and a password;
determining based on the first set of credentials being a username and password that a first credential store is to be accessed to validate the authentication request from the desktop computer, the first credential store storing sets of credentials that each comprise a username and password;
validating the first set of credentials provided by the user by accessing the first credential store to determine whether the username and password are associated with a single unique user identifier, wherein each set of credentials in the first credential store is associated with a single unique user identifier of a user, a single unique user account, and a single unique user profile such that upon determining that the first set of credentials is associated with a unique user identifier, the unique user identifier is returned to the desktop computer such that the desktop computer may use the unique user identifier to access a service;
receiving a second authentication request at the authentication system from a cellular phone, wherein the authentication request includes a second set of credentials of the user, the second set of credentials comprising a numeric username and a numeric pin, wherein the numeric username is distinct from the username;
determining based on the second set of credentials being a numeric username and a numeric pin that a second credential store is to be accessed to validate the authentication request from the cellular phone, the second credential store storing sets of credentials that each comprise a numeric username and a numeric pin; and
validating the second set of credentials provided by the user by accessing the second credential store to determine whether the numeric username and numeric pin are associated with a single unique user identifier, wherein each set of credentials in the second credential store is also associated with a single unique user identifier of a user, a single unique user account, and a single unique user profile such that upon determining that the second set of credentials is associated with the same unique user identifier as the first set of credentials, the unique user identifier is returned to the cellular phone such that the cellular phone may use the unique user identifier to access the service.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for associating multiple credentials with a single user account in a distributed authentication system. A user can be authenticated to a service by providing any one of the multiple credentials to the authentication system. Thus, a user can provide credentials that are more easily entered or supplied on a given device. All of the credentials are associated with a single user account. The credentials can be associated symmetrically, where the user account is independent of each credential, or asymmetrically, where the user account is stored with a primary credential and the other credentials are secondary credentials that reference the primary credential.
93 Citations
25 Claims
-
1. In a system including a service that is accessed by a user from one or more devices with varying input capabilities, a method for associating multiple credentials with a single user account such that the user may be authenticated with any one of the multiple credentials, the method comprising an authentication system performing acts of:
-
receiving an authentication request at the authentication system from a desktop computer, wherein the authentication request includes a first set of credentials of the user, the first set of credentials comprising a username and a password; determining based on the first set of credentials being a username and password that a first credential store is to be accessed to validate the authentication request from the desktop computer, the first credential store storing sets of credentials that each comprise a username and password; validating the first set of credentials provided by the user by accessing the first credential store to determine whether the username and password are associated with a single unique user identifier, wherein each set of credentials in the first credential store is associated with a single unique user identifier of a user, a single unique user account, and a single unique user profile such that upon determining that the first set of credentials is associated with a unique user identifier, the unique user identifier is returned to the desktop computer such that the desktop computer may use the unique user identifier to access a service; receiving a second authentication request at the authentication system from a cellular phone, wherein the authentication request includes a second set of credentials of the user, the second set of credentials comprising a numeric username and a numeric pin, wherein the numeric username is distinct from the username; determining based on the second set of credentials being a numeric username and a numeric pin that a second credential store is to be accessed to validate the authentication request from the cellular phone, the second credential store storing sets of credentials that each comprise a numeric username and a numeric pin; and validating the second set of credentials provided by the user by accessing the second credential store to determine whether the numeric username and numeric pin are associated with a single unique user identifier, wherein each set of credentials in the second credential store is also associated with a single unique user identifier of a user, a single unique user account, and a single unique user profile such that upon determining that the second set of credentials is associated with the same unique user identifier as the first set of credentials, the unique user identifier is returned to the cellular phone such that the cellular phone may use the unique user identifier to access the service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. In a system including a service that is accessed by a user from one or more devices with varying input capabilities, a computer program product for implementing a method for associating multiple credentials with a user account such that the user may be authenticated with anyone of the multiple credentials, the computer program product comprising:
a computer readable storage medium storing computer readable instructions for performing a method comprising; receiving an authentication request at the authentication system from a desktop computer, wherein the authentication request includes a first set of credentials of the user, the first set of credentials comprising a username and a password; determining based on the first set of credentials being a username and password that a first credential store is to be accessed to validate the authentication request from the desktop computer, the first credential store storing sets of credentials that each comprise a username and password; validating the first set of credentials provided by the user by accessing the first credential store to determine whether the username and password are associated with a single unique user identifier, wherein the each set of credentials in the first credential store is associated with a single unique user identifier of a user, a single unique user account, and a single unique user profile such that upon determining that the first set of credentials is associated with a unique user identifier, the unique user identifier is returned to the desktop computer such that the desktop computer may use the unique user identifier to access a service; receiving a second authentication request at the authentication system from a cellular phone, wherein the authentication request includes a second set of credentials of the user, the second set of credentials comprising a numeric username and a numeric pin, wherein the numeric username is distinct from the username; determining based on the second set of credentials being a numeric username and a numeric pin that the second credential store is to be accessed to validate the authentication request from the cellular phone, the second credential store storing sets of credentials that each comprise a numeric username and a numeric pin; and validating the second set of credentials provided by the user by accessing a second credential store to determine whether the numeric username and numeric pin are associated with a single unique user identifier, wherein the each set of credentials in the second credential store is also associated with a single unique user identifier of a user, a single unique user account, and a single unique user profile such that upon determining that the second set of credentials is associated with the same unique user identifier as the first set of credentials, the unique user identifier is returned to the cellular phone such that the cellular phone may use the unique user identifier to access the service. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
23. In a system including a service that is accessed by a user from one or more devices with varying input capabilities, a method for associating multiple credentials with a single user account such that the user may be authenticated with any one of the multiple credentials, the method comprising an authentication system performing acts of:
-
receiving an authentication request at the authentication system from a first computer, wherein the authentication request includes a first set of credentials of the user; determining based on a format of the first set of credentials that a first credential store is to be accessed to validate the authentication request from the first computer, the first credential store storing sets of credentials that have the same format; validating the first set of credentials provided by the user by accessing the first credential store to determine whether the first set of credentials is associated with a single unique user identifier, wherein each set of credentials in the first credential store is associated with a single unique user identifier of a user, a single unique user account, and a single unique user profile such that upon determining that the first set of credentials is associated with a unique user identifier, the unique user identifier is returned to the first computer such that the desktop computer may use the unique user identifier to access a service; receiving a second authentication request at the authentication system from a second computer, wherein the authentication request includes a second set of credentials of the user, the second set of credentials having a format that is different than the format of the first set of credentials; determining based on the format of the second set of credentials that a second credential store is to be accessed to validate the authentication request from the second computer, the second credential store storing sets of credentials that each have the same format; and validating the second set of credentials provided by the user by accessing the second credential store to determine whether the second set of credentials is associated with a single unique user identifier, wherein each set of credentials in the second credential store is also associated with a single unique user identifier of a user, a single unique user account, and a single unique user profile such that upon determining that the second set of credentials is associated with the same unique user identifier as the first set of credentials, the unique user identifier is returned to the second computer such that the second computer may use the unique user identifier to access the service. - View Dependent Claims (24, 25)
-
Specification