Multiple security token transactions

US 8,225,385 B2
Filed: 03/23/2006
Issued: 07/17/2012
Est. Priority Date: 03/23/2006
Status: Expired due to Fees

First Claim

Patent Images

1. One or more computer-readable storage media, wherein the computer-readable storage media exclude propagating carrier waves, the computer-readable storage media storing computer-executable instructions that, when executed, cause one or more processors to perform operations for transferring a plurality of security tokens comprising:

receiving a request from at least one client for communication by an authentication service requesting the plurality of security tokens, each security token configured to prove an identity of the at least one client at a respective service provider, the request configured according to a web service trust protocol that is extended with syntax to support a multiple security token transaction and to enable inclusion of multiple error nodes in a response to the request by separately handling authentication errors for each security token of the plurality of security tokens, each of the multiple error nodes indicating an authorization state and a request state associated with a respective security token of the plurality of security tokens;

generating the plurality of security tokens by the authentication service;

sending the plurality of security tokens to the at least one client via a single transaction between the authentication service and the at least one client, the plurality of security tokens comprising an authentication token configured to prove the identity of the at least one client at the authentication service;

receiving the authentication token by the authentication service to prove the identity of the at least one client to provide one or more other security tokens;

confirming the identity of the at least one client based on the authentication token;

determining one or more service providers that the at least one client is authorized to access, the one or more service providers configured to provide a suite of resources based on the identity of the at least one client; and

generating the one or more other security tokens, each of the one or more other security tokens configured to prove identity of the at least one client at the one or more service providers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of multiple security token transactions are described herein. One or more of the described techniques may be utilized to provide, in a single request and response, an authentication token and a plurality security tokens for proof of identity at respective service providers.

260 Citations

12 Claims

1. One or more computer-readable storage media, wherein the computer-readable storage media exclude propagating carrier waves, the computer-readable storage media storing computer-executable instructions that, when executed, cause one or more processors to perform operations for transferring a plurality of security tokens comprising:
- receiving a request from at least one client for communication by an authentication service requesting the plurality of security tokens, each security token configured to prove an identity of the at least one client at a respective service provider, the request configured according to a web service trust protocol that is extended with syntax to support a multiple security token transaction and to enable inclusion of multiple error nodes in a response to the request by separately handling authentication errors for each security token of the plurality of security tokens, each of the multiple error nodes indicating an authorization state and a request state associated with a respective security token of the plurality of security tokens;
  
  generating the plurality of security tokens by the authentication service;
  
  sending the plurality of security tokens to the at least one client via a single transaction between the authentication service and the at least one client, the plurality of security tokens comprising an authentication token configured to prove the identity of the at least one client at the authentication service;
  
  receiving the authentication token by the authentication service to prove the identity of the at least one client to provide one or more other security tokens;
  
  confirming the identity of the at least one client based on the authentication token;
  
  determining one or more service providers that the at least one client is authorized to access, the one or more service providers configured to provide a suite of resources based on the identity of the at least one client; and
  
  generating the one or more other security tokens, each of the one or more other security tokens configured to prove identity of the at least one client at the one or more service providers.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The one or more computer-readable storage media as recited in claim 1, wherein the request includes credentials for verification by the authentication service and a single verification of the credentials permits issuance of the plurality of security tokens and the one or more security tokens.
  - 3. The one or more computer-readable storage media as recited in claim 1, wherein at least one of the plurality of security tokens and the one or more security tokens obtained by the at least one client is presentable to a corresponding service provider to prove identity of the at least one client without submitting user credentials.
  - 4. The one or more computer-readable storage media as recited in claim 1, the operations further comprising:
    - forming the response to the request including the multiple error nodes; and
      
      sending the response to the at least one client.
  - 5. The one or more computer-readable storage media as recited in claim 1, wherein the web service trust protocol is extended with syntax that permits the request for the plurality of security tokens and the one or more security tokens.

6. A method of transferring a plurality of security tokens comprising:
- receiving, at an authentication server comprising a processor and a computer-readable storage media to store instructions that are executable by the processor, a single request from a client over a network seeking the plurality of security tokens, the plurality of security tokens comprising one or more service tokens;
  
  determining one or more resources of the at least one service provider that the client is authorized to access, each of the one or more service tokens configured to be provided to at least one service provider as proof of the client'"'"'s identity to access the one or more resources of the at least one service provider;
  
  communicating to the client, in response to the single request, the plurality of security tokens, the plurality of security tokens comprising at least one authentication token configured to be provided to the authentication server as proof of the client'"'"'s identity to receive another service token;
  
  receiving at the authentication server the at least one authentication token with a second request for the another service token, the another service token configured to be provided to another service provider as proof of the client'"'"'s identity to access resources of the another service provider;
  
  confirming proof of the client'"'"'s identity with the at least one authentication token;
  
  providing to the client the another service token; and
  
  forming a response to the single request, the response compliant with a web service trust protocol that is extended with syntax to enable inclusion of multiple error nodes in the response, each of the multiple error nodes providing an authorization state and a request state associated with a corresponding security token of the one or more service tokens.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the communicating occurs upon verification of client credentials indicated in the single request.
  - 8. The method of claim 6, wherein the resources of the service providers and the another service provider are selected from the group consisting of:
    - instant messaging service;
      
      web search service;
      
      e-mail service;
      
      productivity applications;
      
      multimedia content;
      
      andblogs.
  - 9. The method of claim 6, wherein the web service trust protocol is further extended to support a multiple security token transaction and wherein the single request is configured according to the extended web service trust protocol.
  - 10. The method of claim 6, wherein extending the web service trust protocol with syntax to permit the inclusion of the multiple error nodes in the response to the single request comprises separately handling authentication errors for each security token of the plurality of security tokens.

11. One or more computer-readable storage media, wherein the computer-readable storage media exclude propagating carrier waves, the computer-readable storage media storing computer-executable instructions that, when executed, cause one or more processors to perform operations for transferring a plurality of security tokens comprising:
- communicating to an authentication service a request having credentials to authenticate a client and requesting the plurality of security tokens, the authentication service to determine a plurality of resources that the client is authorized to access, the request configured according to a web service trust protocol that is extended to support a multiple security token transaction and to separately handle authentication errors for each security token requested in the multiple security token transaction by embedding an error node in a response to the request, each error node indicating an authorization state and a request state associated with each security token of the plurality of security tokens;
  
  sending, in the response to the request, the plurality of security tokens comprising an authentication token and one or more service tokens, each of the one or more service tokens corresponding to a respective service provider;
  
  accepting the authentication token as proof of identity by the authentication server without submitting user credentials to obtain at least one other service token corresponding to another service provider;
  
  confirming the proof of identity based on the authentication token;
  
  sending the at least one other service token to the client; and
  
  providing without submitting user credentials the one or more service tokens or the at least one service token to the respective service provider or the another service provider as proof of identity to access one or more resources from the plurality of resources, the one or more resources associated with the respective service provider or the another service provider.
- View Dependent Claims (12)
- - 12. The one or more computer-readable storage media as recited in claim 11, wherein the request includes a plurality of request nodes corresponding to each requested security token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Chow, Trevin M, Chow, Colin, Wong, Pui-Yin Winfred, Pai, Dilip K., Jiang, Wei, Nagvekar, Sanjeev M, Rouskov, Yordan I
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Durham, Imhotep

Application Number

US11/277,317
Publication Number

US 20070226785A1
Time in Patent Office

2,308 Days
Field of Search

None
US Class Current

726/8
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/08   for authentication of entit...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3271   using challenge-response

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/084   using delegated authorisati...

Multiple security token transactions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

260 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple security token transactions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

260 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links