E-mail based user authentication

US 7,921,456 B2
Filed: 12/30/2005
Issued: 04/05/2011
Est. Priority Date: 12/30/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving at least one e-mail address from a given user in connection with a request submitted by the given user to access resources of a service provider, the e-mail address corresponding to one of a plurality of email addresses, each email address corresponding to a different third-party e-mail server to which the given user has access, wherein each e-mail address is associated with a different level of trust relative to the other e-mail addresses;

sending at least one authentication ticket to a third-party e-mail server corresponding to the at least one e-mail address, the third-party e-mail server being chosen based upon the at least one e-mail address received from the given user, wherein sending the at least one authentication ticket includes;

sending a key, a pass code, and an associated predefined time interval with the at least one authentication ticket, wherein the key uniquely identifies the at least one authentication ticket, and wherein the at least one authentication ticket is sent as header-level information to the third-party e-mail server and the third party e-mail server processes authentication tickets sent as header-level information with a high priority as compared to e-mail messages that enable the authentication ticket to be acted upon prior to an end of the associated predefined time interval; and

referencing a first field for the identification of the given user and a second field for the identification of the service provider;

receiving at least one of an additional key and an additional pass code, from a user device, after sending the at least one authentication ticket to the third-party e-mail server corresponding to the at least one e-mail address;

dispositioning the authentication ticket; and

dispositioning the request submitted by the user device based upon the disposition of the authentication ticket, wherein dispositioning the authentication request includes approving the authentication ticket when the at least one of the additional key and pass code matches one of the key and the pass code of the at least one authentication ticket sent to the third-party e-mail server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

E-mail based user authentication is described herein. A user can access resources of a service provider by submitting only an e-mail address to which the user has access. The service provider generates an authentication ticket corresponding to the user'"'"'s login request, and transmits the authentication ticket to the e-mail service provider indicated by the submitted e-mail address. The e-mail service provider processes the authentication ticket, and enables either approval or denial of the authentication ticket, whether by explicit user action or by automated processing.

Citations

10 Claims

1. A method comprising:
- receiving at least one e-mail address from a given user in connection with a request submitted by the given user to access resources of a service provider, the e-mail address corresponding to one of a plurality of email addresses, each email address corresponding to a different third-party e-mail server to which the given user has access, wherein each e-mail address is associated with a different level of trust relative to the other e-mail addresses;
  
  sending at least one authentication ticket to a third-party e-mail server corresponding to the at least one e-mail address, the third-party e-mail server being chosen based upon the at least one e-mail address received from the given user, wherein sending the at least one authentication ticket includes;
  
  sending a key, a pass code, and an associated predefined time interval with the at least one authentication ticket, wherein the key uniquely identifies the at least one authentication ticket, and wherein the at least one authentication ticket is sent as header-level information to the third-party e-mail server and the third party e-mail server processes authentication tickets sent as header-level information with a high priority as compared to e-mail messages that enable the authentication ticket to be acted upon prior to an end of the associated predefined time interval; and
  
  referencing a first field for the identification of the given user and a second field for the identification of the service provider;
  
  receiving at least one of an additional key and an additional pass code, from a user device, after sending the at least one authentication ticket to the third-party e-mail server corresponding to the at least one e-mail address;
  
  dispositioning the authentication ticket; and
  
  dispositioning the request submitted by the user device based upon the disposition of the authentication ticket, wherein dispositioning the authentication request includes approving the authentication ticket when the at least one of the additional key and pass code matches one of the key and the pass code of the at least one authentication ticket sent to the third-party e-mail server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 10)
- - 2. The method of claim 1, wherein receiving at least one e-mail address includes receiving the e-mail address in connection with a request to login to a website associated with the service provider.
  - 3. The method of claim 1, wherein dispositioning the authentication request includes denying the authentication request when neither of the additional key and pass code matches the key and pass code of the authentication ticket.
  - 4. The method of claim 1, wherein dispositioning the authentication request includes denying the authentication request when no additional key or pass code is received within the predefined time interval.
  - 5. The method of claim 1, wherein dispositioning the request includes granting the request when the authentication ticket is approved.
  - 6. The method of claim 1, wherein dispositioning the request includes denying the request when the authentication ticket is denied.
  - 7. The method of claim 1, wherein dispositioning the request is performed without obtaining a password from the given user.
  - 10. The method of claim 1, wherein each of the plurality of email addresses is composed differently to conform to use in different environments and contexts of different service providers.

8. A method comprising:
- presenting an interface on a computing device to a given user;
  
  receiving, through the interface, a request for access to a resource of a service provider;
  
  obtaining, through the interface, an e-mail address from a plurality of e-mail addresses associated with the given user, and wherein each e-mail address corresponds to a different third-party e-mail server and is associated with a different level of trust relative to the other email addresses;
  
  authenticating, by the computing device, with an e-mail server associated with the e-mail address;
  
  sending the request for access and the e-mail address to the service provider;
  
  receiving, by the computing device, an authentication ticket from the e-mail server, the receiving comprising polling the email server about every second for about 5 seconds by querying the email server for the authentication ticket, the authentication ticket comprising;
  
  a key,a pass code,an associated expiration period, anda first field referencing the identification of the given user and a second field referencing the identification of the service provider;
  
  sending, by the interface, at least a portion of the authentication ticket to the service provider, wherein the at least a portion of the authentication ticket is sent as header-level information to the service provider and the service provider processes the at least a portion of the authentication ticket sent as header-level information with a high priority as compared to an e-mail message, enabling the authentication ticket to be acted upon prior to an end of the associated expiration period;
  
  receiving, by the interface, an indication of a disposition of the request for access, wherein the disposition is based on the at least a portion of the authentication ticket; and
  
  receiving, by the computing device, access to the resource of the service provider.
- View Dependent Claims (9)
- - 9. The method of claim 8, further comprising after receiving the authentication ticket from the e-mail server, providing an interface element that allows a user to either grant permission to the computing device to send the at least a portion of the authentication ticket to the service provider or deny permission to the interface to send the at least a portion of the authentication ticket to the service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Chua, Fei
Primary Examiner(s)
Arani; Taghi T.
Assistant Examiner(s)
CHANG, KENNETH W

Application Number

US11/275,429
Publication Number

US 20070157291A1
Time in Patent Office

1,922 Days
Field of Search

726/2, 726/3, 726/4, 726/5, 726/6, 726/7, 726/9, 726/10, 726/14, 726/17, 726/18, 726/21, 726/25, 726/26, 726/27, 726/28, 726/29, 713/152, 713/153, 713/155, 713/156, 713/165, 713/166, 713/167, 713/168, 713/169, 713/170, 713/175, 709/203, 709/216, 709/225, 709/226, 709/237, 705/51, 705/67, 705/404, 705/405
US Class Current

726/10
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/3213   using tickets or tokens, e....

E-mail based user authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

E-mail based user authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links