Authenticating linked accounts
First Claim
Patent Images
1. A method comprising:
- receiving one or more inputs from a client that define a link between a plurality of user accounts at a plurality of service providers;
forming a link identifier that identifies a plurality of account identifiers corresponding to the plurality of user accounts as a set of linked accounts;
storing the link identifier at an authentication service;
forming an authentication token for communication to a client, the authentication token including the link identifier to reference the set of linked accounts; and
managing authentication of the client to the set of linked accounts, such that the client, upon providing to the authentication service credentials corresponding to one account in the set of linked accounts, receives an access to each account in the set of linked accounts,wherein the link identifier permits the plurality of service providers presented with the authentication token to use the authentication token as proof of the client'"'"'s identity to identify the set of linked accounts.
3 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.
-
Citations
22 Claims
-
1. A method comprising:
-
receiving one or more inputs from a client that define a link between a plurality of user accounts at a plurality of service providers; forming a link identifier that identifies a plurality of account identifiers corresponding to the plurality of user accounts as a set of linked accounts; storing the link identifier at an authentication service; forming an authentication token for communication to a client, the authentication token including the link identifier to reference the set of linked accounts; and managing authentication of the client to the set of linked accounts, such that the client, upon providing to the authentication service credentials corresponding to one account in the set of linked accounts, receives an access to each account in the set of linked accounts, wherein the link identifier permits the plurality of service providers presented with the authentication token to use the authentication token as proof of the client'"'"'s identity to identify the set of linked accounts. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 19, 20, 21, 22)
-
-
13. One or more computer readable memory devices comprising computer executable instructions which, when executed, direct an authentication server to:
-
expose an interface accessible by a client over a network; receive an input from the client via the interface that defines a link between a plurality of user accounts at a plurality of service providers; form a link identifier that identifies the plurality of user accounts as a set of linked accounts; store the link identifier; receive a single sign-in of the client to one account in the set of linked accounts; form an authentication token that includes the link identifier to reference the set of linked accounts; and manage authentication of the client to the set of linked accounts, such that the client, upon providing to the authentication service the single sign-in corresponding to the one account in the set of linked accounts, receives access to each account in the set of linked accounts, wherein the link identifier permits the plurality of service providers presented with the authentication token to use the authentication token as proof of the client'"'"'s identity to identify the set of linked accounts. - View Dependent Claims (14, 15)
-
-
16. A method comprising:
-
receiving, via a network from a client, an authentication token issued by an authentication service to the client, the authentication token including a link identifier that identifies a plurality of user accounts at a plurality of service providers as a set of linked accounts via the authentication service, the authentication token further corresponding to a first account in the set of linked accounts, each of the plurality of user accounts corresponding to a service with which the client is permitted to interact, each of the plurality of user accounts including a user profile, the link identifier permitting the plurality of service providers presented with the authentication token to use the authentication token as proof of the client'"'"'s identity to identify the set of linked accounts; outputting an indication of services corresponding to the first account;
providing a selectable portion in a user interface permitting selection of a second account in the set of linked accounts identifiable via the link identifier;receiving a selection of the second account via the selectable portion; communicating the selection of the second account to the authentication service; receiving an indication that the authentication token has a change to correspond to the second account, the change including an account identifier of the first account in the authentication token overwritten with an account identifier of the second account; and outputting an indication of services corresponding to the second account. - View Dependent Claims (17, 18)
-
Specification