System and method of authenticating a user to a service provider

US 8,499,153 B2
Filed: 06/24/2004
Issued: 07/30/2013
Est. Priority Date: 06/24/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a first authentication request from a service provider at a terminal, wherein the first authentication request identifies a first acceptable identity provider;

receiving first user input comprising an identity provider application access code;

subsequent to receiving the first user input, comparing, by the terminal, the first acceptable identity provider with a supported identity provider;

determining that the first acceptable identity provider matches the supported identity provider;

displaying, by the terminal, the first acceptable identity provider;

receiving second user input comprising a selection of the first acceptable identity provider;

sending the first authentication request from the terminal to the first acceptable identity provider;

receiving a second authentication request at the terminal, wherein the second authentication request identifies a second acceptable identity provider;

subsequent to receiving the second authentication request, comparing, by the terminal, the second acceptable identity provider with the supported identity provider;

determining that the second acceptable identity provider does not match the supported identity provider; and

sending the second authentication request from the terminal to the second acceptable identity provider.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, device, computer program product, and method provide authentication of a user to a service provider. The system includes a service provider, a terminal, and a network that allows communication between the service provider and the terminal. The terminal includes a memory, a communication interface, a processor, and an Identity Provider (IDP) application. The communication interface is configured to receive an authentication request from a service provider wherein the authentication request includes an acceptable identity provider and to send the authentication request to the acceptable identity provider if the acceptable identity provider matches a supported identity provider stored in the memory of the terminal. The processor is coupled to the communication interface and to the memory and executes the IDP application. The IDP application is configured to compare the acceptable identity provider with the supported identity provider stored in the memory.

Citations

17 Claims

1. A method comprising:
- receiving a first authentication request from a service provider at a terminal, wherein the first authentication request identifies a first acceptable identity provider;
  
  receiving first user input comprising an identity provider application access code;
  
  subsequent to receiving the first user input, comparing, by the terminal, the first acceptable identity provider with a supported identity provider;
  
  determining that the first acceptable identity provider matches the supported identity provider;
  
  displaying, by the terminal, the first acceptable identity provider;
  
  receiving second user input comprising a selection of the first acceptable identity provider;
  
  sending the first authentication request from the terminal to the first acceptable identity provider;
  
  receiving a second authentication request at the terminal, wherein the second authentication request identifies a second acceptable identity provider;
  
  subsequent to receiving the second authentication request, comparing, by the terminal, the second acceptable identity provider with the supported identity provider;
  
  determining that the second acceptable identity provider does not match the supported identity provider; and
  
  sending the second authentication request from the terminal to the second acceptable identity provider.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising storing the supported identity provider in a cache of the terminal.
  - 3. The method of claim 1, wherein the supported identity provider comprises a default identity provider.
  - 4. The method of claim 3, further comprising selecting the default identity provider.
  - 5. The method of claim 1, further comprising:
    - sending an authentication response from the terminal to the service provider.
  - 6. The method of claim 5, further comprising:
    - receiving, by the terminal, the authentication response from the first acceptable identity provider; and
      
      storing, by the terminal, data identifying the first acceptable identity provider responsive to receiving the authentication response at the terminal.

7. A non-transitory computer-readable medium comprising executable instructions that, when executed, cause a device at least to:
- receive a first authentication request from a service provider, wherein the first authentication request identifies a first acceptable identity provider;
  
  receive first user input comprising an identity provider application access code;
  
  subsequent to receiving the first user input, compare the first acceptable identity provider with a supported identity provider;
  
  determine that the first acceptable identity provider matches the supported identity provider;
  
  display the first acceptable identity provider;
  
  receive second user input comprising a selection of the first acceptable identity provider;
  
  send the first authentication request to the first acceptable identity provider;
  
  receive a second authentication request, wherein the second authentication request identifies a second acceptable identity provider;
  
  subsequent to receiving the second authentication request, compare the second acceptable identity provider with the supported identity provider;
  
  determine that the second acceptable identity provider does not match the supported identity provider; and
  
  send the second authentication request to the second acceptable identity provider.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The non-transitory computer-readable medium of claim 7, wherein the supported identity provider comprises a default identity provider.
  - 9. The non-transitory computer-readable medium of claim 8, wherein the executable instructions, when executed, further cause the device to select the default identity provider.
  - 10. The non-transitory computer-readable medium of claim 7, wherein the executable instructions, when executed, further cause the device to:
    - receive an authentication response from the first acceptable identity provider; and
      
      send the authentication response to the service provider.
  - 11. The non-transitory computer-readable medium of claim 10, wherein the executable instructions, when executed, further cause the device to store data identifying the first acceptable identity provider responsive to receiving the authentication response.

12. An apparatus comprising:
- a processor; and
  
  memory storing executable instructions configured to, with the processor, cause the apparatus at least to;
  
  receive a first authentication request from a service provider, wherein the first authentication request identifies a first acceptable identity provider;
  
  receive first user input comprising an identity provider application access code;
  
  after receiving the first user input, compare the first acceptable identity provider with a supported identity provider;
  
  determine that the first acceptable identity provider matches the supported identity provider;
  
  display the first acceptable identity provider;
  
  receive second user input comprising a selection of the first acceptable identity provider;
  
  send the first authentication request to the first acceptable identity provider;
  
  receive a second authentication request, wherein the second authentication request identifies a second acceptable identity provider;
  
  subsequent to receiving the second authentication request, compare the second acceptable identity provider with the supported identity provider;
  
  determine that the second acceptable identity provider does not match the supported identity provider; and
  
  send the second authentication request to the second acceptable identity provider.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The apparatus of claim 12, wherein the executable instructions are further configured to, with the processor, cause the apparatus to store the first acceptable identity provider.
  - 14. The apparatus of claim 12, wherein the supported identity provider comprises a default identity provider.
  - 15. The apparatus of claim 14, wherein the executable instructions are further configured to, with the processor, cause the apparatus to select the default identity provider.
  - 16. The apparatus of claim 12, wherein the executable instructions are further configured to, with the processor, cause the apparatus to:
    - receive an authentication response from the first acceptable identity provider; and
      
      send the authentication response to the service provider.
  - 17. The apparatus of claim 16, wherein the executable instructions are further configured to, with the processor, cause the apparatus to store the first acceptable identity provider responsive to receiving the authentication response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Nokia Corporation
Inventors
Ritola, Timo, Somero, Mika
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Debnath, Suman

Application Number

US10/875,974
Publication Number

US 20050289341A1
Time in Patent Office

3,323 Days
Field of Search

713/150, 713/158, 713/164, 713/168
US Class Current

713/168
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/205 involving negotiation or de...

System and method of authenticating a user to a service provider

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of authenticating a user to a service provider

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links