E-mail based user authentication

US 8,533,792 B2
Filed: 02/17/2011
Issued: 09/10/2013
Est. Priority Date: 12/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at an e-mail server, a Simple Mail Transfer Protocol (SMTP) message that includes header-level information that identifies the SMTP message as a message relating to e-mail based user authentication, wherein the SMTP message includes an authentication ticket from a third-party service provider, and wherein the authentication ticket is received in response to an access request relating to resources of the third-party service provider;

processing, at the e-mail server, the header-level information to give the message relating to e-mail based user authentication additional priority compared to an e-mail message received at the e-mail server, to cause the authentication ticket to be acted upon prior to an end of an expiration period associated with the authentication ticket; and

forwarding the authentication ticket from the e-mail server to a user name associated with an e-mail address included in the access request, the authentication ticket including an identification of the third-party service provider that is to be presented to a user via a user interface after the user has logged into an e-mail account associated with the e-mail address via the e-mail server, wherein the user interface allows the user to either grant permission to send the authentication ticket to the third-party service provider or deny permission to send the authentication ticket to the third-party service provider.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

E-mail based user authentication is described herein. A user can access resources of a service provider by submitting only an e-mail address to which the user has access. The service provider generates an authentication ticket corresponding to the user'"'"'s login request, and transmits the authentication ticket to the e-mail service provider indicated by the submitted e-mail address. The e-mail service provider processes the authentication ticket, and enables either approval or denial of the authentication ticket, whether by explicit user action or by automated processing.

49 Citations

View as Search Results

16 Claims

1. A method comprising:
- receiving, at an e-mail server, a Simple Mail Transfer Protocol (SMTP) message that includes header-level information that identifies the SMTP message as a message relating to e-mail based user authentication, wherein the SMTP message includes an authentication ticket from a third-party service provider, and wherein the authentication ticket is received in response to an access request relating to resources of the third-party service provider;
  
  processing, at the e-mail server, the header-level information to give the message relating to e-mail based user authentication additional priority compared to an e-mail message received at the e-mail server, to cause the authentication ticket to be acted upon prior to an end of an expiration period associated with the authentication ticket; and
  
  forwarding the authentication ticket from the e-mail server to a user name associated with an e-mail address included in the access request, the authentication ticket including an identification of the third-party service provider that is to be presented to a user via a user interface after the user has logged into an e-mail account associated with the e-mail address via the e-mail server, wherein the user interface allows the user to either grant permission to send the authentication ticket to the third-party service provider or deny permission to send the authentication ticket to the third-party service provider.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the authentication ticket is transmitted from the e-mail server as an e-mail message to the e-mail address included in the access request.
  - 3. The method of claim 1, wherein the authentication ticket is transmitted from the e-mail server as an instant message to the user name associated with the e-mail address included in the access request.

4. A method comprising:
- receiving, from a computing device, an e-mail address in connection with a request to access resources of a service provider;
  
  identifying a third party e-mail server associated with the e-mail address;
  
  sending an electronic message to the third party e-mail server, wherein the electronic message includes;
  
  header-level information that identifies the electronic message as a message relating to e-mail based user authentication, the header-level information to be processed by the third party e-mail server to give the message relating to e-mail based user authentication additional priority compared to an e-mail message received at the third party e-mail server; and
  
  an authentication ticket, the authentication ticket to be forwarded from the third party e-mail server to the computing device after the third party e-mail server has received one or more authentication credentials required to log into an e-mail account associated with the e-mail address;
  
  receiving disposition data from the computing device, wherein the disposition data does not include the one or more authentication credentials submitted to the third party e-mail server to log into the e-mail account;
  
  dispositioning the authentication ticket based on the disposition data received from the computing device; and
  
  dispositioning the request based upon at least the disposition of the authentication ticket, wherein;
  
  the request is denied when the authentication ticket is not approved within a predefined time interval; and
  
  the request is granted when the authentication ticket is approved within the predefined time interval.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 5. The method of claim 4, wherein the e-mail address is received in connection with a request to login to a website associated with the service provider.
  - 6. The method of claim 4, wherein the authentication ticket comprises a key and a pass code.
  - 7. The method of claim 6, wherein the disposition data received from the computing device includes an additional key and an additional pass code.
  - 8. The method of claim 7, wherein the authentication ticket is approved when the additional key matches the key included in the authentication ticket and the additional pass code matches the pass code included in the authentication ticket.
  - 9. The method of claim 4, wherein the dispositioning the request is performed without receiving a password from the computing device.
  - 10. The method of claim 4, wherein the e-mail address is received via a user interface presented by the service provider.
  - 11. The method of claim 10, wherein the user interface includes a username field, a password field, and an e-mail address field, and wherein the username field and the password field are grayed-out so as not to accept user input in response to receiving user input into the e-mail address field.
  - 12. The method of claim 6, wherein the key is a globally unique identifier (GUID) or a hash that is generated in response to receiving the e-mail address in connection with the request.
  - 13. The method of claim 4, wherein the predefined time interval is determined based on one or more security considerations, network performance, or a combination thereof.

14. A method comprising:
- submitting one or more authentication credentials to an e-mail server to log into an e-mail account associated with an e-mail address;
  
  receiving, via a web browser, a request for access to resources of a service provider, wherein the request includes the e-mail address but does not include the one or more authentication credentials submitted to the e-mail server to log into the e-mail account;
  
  polling the e-mail server about every second for about five seconds by querying the e-mail server for an authentication ticket generated by the service provider; and
  
  automatically forwarding disposition data that includes the authentication ticket received from the e-mail server to the service provider for disposition of the request for access to resources of the service provider, wherein;
  
  the disposition data does not include the one or more authentication credentials submitted to the e-mail server to log into the e-mail account;
  
  at least a portion of the authentication ticket is sent as header-level information to the service provider; and
  
  the service provider processes the at least a portion of the authentication ticket sent as header-level information with a higher priority than an e-mail message, to cause the authentication ticket to be acted upon prior to an end of an expiration period associated with the authentication ticket.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14, wherein the request is received via a web browser.
  - 16. The method of claim 14, wherein the e-mail server is determined based on a domain name included in the e-mail address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Chua, Fei
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
CHANG, KENNETH W

Application Number

US13/029,563
Publication Number

US 20110145907A1
Time in Patent Office

936 Days
Field of Search

726/5
US Class Current

726/5
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/3213   using tickets or tokens, e....

E-mail based user authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

E-mail based user authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others