Invocation of a third party's service
First Claim
1. A method for invoking a computer implemented service on a computer system including at least one processor, the method comprising:
- receiving a request from a first user to access a service associated with a second user that is different than the first user, the request including a security token specific to the first user and including at least one of an identity token specific to the second user and a pointer to the identity token specific to the second user, wherein one of the first and second users is a guardian of the other user, wherein receiving the request from the first user to invoke a service associated with the second user comprises receiving the request from the first user to invoke a service for which the second user is a registered user and for which the first user cannot otherwise independently access, and wherein the identity token comprises a Security Assertions Mark-up Language (SAML) assertion;
accessing the security token;
determining, using the at least one processor, the acceptability of the security token to authenticate the first user;
accessing the identity token;
determining, using the at least one processor, the acceptability of the identity token to securely identify the second user; and
enabling the first user to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable.
9 Assignments
0 Petitions
Accused Products
Abstract
Invoking a computer implemented service includes receiving a request from a first user to access a service associated with a second user. The request is associated with a security token for the first user and an identity token for the second user. The acceptability of the security token is determined to authenticate the first user, and the acceptability of the identity token is determined to securely identify the second user. The first user is able to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable.
30 Citations
38 Claims
-
1. A method for invoking a computer implemented service on a computer system including at least one processor, the method comprising:
-
receiving a request from a first user to access a service associated with a second user that is different than the first user, the request including a security token specific to the first user and including at least one of an identity token specific to the second user and a pointer to the identity token specific to the second user, wherein one of the first and second users is a guardian of the other user, wherein receiving the request from the first user to invoke a service associated with the second user comprises receiving the request from the first user to invoke a service for which the second user is a registered user and for which the first user cannot otherwise independently access, and wherein the identity token comprises a Security Assertions Mark-up Language (SAML) assertion; accessing the security token; determining, using the at least one processor, the acceptability of the security token to authenticate the first user; accessing the identity token; determining, using the at least one processor, the acceptability of the identity token to securely identify the second user; and enabling the first user to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 33, 34, 35, 36, 37, 38)
-
-
31. A computer system including:
-
at least one non-transient memory that stores instructions; at least one microprocessor for invoking a computer implemented service, the at least one microprocessor executing the instructions to perform steps comprising; receive a request from a first user to access a service associated with a second user that is different than the first user, the request including with a security token specific to the first user and including at least one of an identity token specific to the second user and a pointer to the identity token specific to the second user, wherein one of the first and second users is a guardian of the other user, wherein receiving the request from the first user to invoke a service associated with the second user comprises receiving the request from the first user to invoke a service for which the second user is a registered user and for which the first user cannot otherwise independently access, and wherein the identity token comprises a SAML assertion; determine the acceptability of the security token to authenticate the first user; and determine the acceptability of the identity token to securely identify the second user; and enable the first user to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable.
-
-
32. A non-transient computer readable storage medium containing instructions that, when executed by a microprocessor, cause the microprocessor to perform steps comprising:
-
receiving a request from a first user to access a service associated with a second user that is different than the first user, the request including a security token specific to the first user and including at least one of an identity token specific to the second user and a pointer to the identity token specific to the second user, wherein one of the first and second users is a guardian of the other user, wherein receiving the request from the first user to invoke a service associated with the second user comprises receiving the request from the first user to invoke a service for which the second user is a registered user and for which the first user cannot otherwise independently access, and wherein the identity token comprises a SAML assertion; determining the acceptability of the security token to authenticate the first user; determining the acceptability of the identity token to securely identify the second user; and enabling the first user to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable.
-
Specification