Customizable sign-on service

US 8,627,435 B2
Filed: 01/13/2012
Issued: 01/07/2014
Est. Priority Date: 03/31/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a sign-on service effectuated by one or more computer systems, a sign-on request to a web site for a user interacting with the web site, wherein the sign-on request identifies the user, and wherein the user is associated with a user account of the sign-on service;

authenticating, by the sign-on service, the user based at least in part on the sign-on request and on sign-on information for the user account;

determining, by the sign-on service, that the web site is authorized to access at least a portion of account information associated with the user account and stored by the sign-on service;

causing, by the sign-on service in response to determining that the web site is authorized, a credential that represents the user to be sent from the sign-on service to the web site;

authorizing, by the sign-on service in response to receipt of the credential in a subsequent request from the web site to access at least the portion of the account information, the subsequent request based at least in part on the credential; and

sending at least the portion of the account information to the web site in response to the authorizing of the subsequent request.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services'"'"' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc., and with the customizations that are available being determined specifically for that service.

41 Citations

View as Search Results

36 Claims

1. A computer-implemented method comprising:
- receiving, by a sign-on service effectuated by one or more computer systems, a sign-on request to a web site for a user interacting with the web site, wherein the sign-on request identifies the user, and wherein the user is associated with a user account of the sign-on service;
  
  authenticating, by the sign-on service, the user based at least in part on the sign-on request and on sign-on information for the user account;
  
  determining, by the sign-on service, that the web site is authorized to access at least a portion of account information associated with the user account and stored by the sign-on service;
  
  causing, by the sign-on service in response to determining that the web site is authorized, a credential that represents the user to be sent from the sign-on service to the web site;
  
  authorizing, by the sign-on service in response to receipt of the credential in a subsequent request from the web site to access at least the portion of the account information, the subsequent request based at least in part on the credential; and
  
  sending at least the portion of the account information to the web site in response to the authorizing of the subsequent request.
- View Dependent Claims (2, 3, 4, 5, 31, 32, 33, 34)
- - 2. The method of claim 1 further comprising customizing, by the sign-on service, a sign-on process provided by the sign-on service for the web site by including one or more types of customizations.
  - 3. The method of claim 1 wherein the sign-on service is operated by a first entity and the web site is operated by a second entity.
  - 4. The method of claim 2 wherein the one or more types of customizations include one or more types of co-branding customizations.
  - 5. The method of claim 2 wherein the one or more types of customizations include a customized type of information that is specified for the web site and is to be gathered from users who sign on to interact with the web site, and wherein the method further comprises gathering, by the sign-on service, information of the customized type from the user as part of the sign-on request.
  - 31. The method of claim 1 wherein the credential sent to the web site that represents the user is issued by the sign-on service to be valid for a specified period of time, and wherein the authorizing of the subsequent request in response to receipt of the credential includes verifying that the specified period of time has not elapsed.
  - 32. The method of claim 1 wherein the credential sent to the web site that represents the user is valid for one or more specified types of activities, and wherein the authorizing of the subsequent request in response to receipt of the credential includes verifying that the subsequent request corresponds to at least one of the specified types of activities.
  - 33. The method of claim 1 wherein the credential sent to the web site that represents the user is valid for one or more specified types of operations on behalf of the user, and wherein the authorizing of the subsequent request in response to receipt of the credential includes verifying that the subsequent request corresponds to at least one of the specified types of operations on behalf of the user.
  - 34. The method of claim 1 wherein the credential sent to the web site that represents the user is issued by the sign-on service to indicate that the user is an authorized user for the web site, and wherein the authorizing of the subsequent request in response to receipt of the credential is based at least in part on being for the authorized user.

6. A configured computing system comprising:
- one or more processors; and
  
  a memory including instructions that, upon execution by the one or more processors, implement a sign-on service configured to;
  
  receive, from a second service, a sign-on request for a user of the second service;
  
  authenticate the user based at least in part on the sign-on request by matching sign-on information provided for the user with the sign-on request to stored sign-on information associated with an account of the user with the sign-on service;
  
  determine that the second service is authorized by verifying information that is provided by the second service with the sign-on request and that is specific to the second service, the verifying being based at least in part on secret information for the second service stored by the sign-on service;
  
  provide to the second service, in response to authenticating the user and determining that the second service is authorized, a credential associated with the user; and
  
  in response to a subsequent request from the second service that includes the credential, provide to the second service access to information associated with the account of the user.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 7. The computing system of claim 6 wherein the sign-on service is further configured to receive the sign-on request using a sign-on process customized by the sign-on service in a manner specific to the second service.
  - 8. The computing system of claim 7 wherein the sign-on process is customized to include one or more customizations that are selected by an operator of the second service.
  - 9. The computing system of claim 6 wherein the memory further includes instructions that upon execution further configure the sign-on service to, before providing to the second service the access to the information associated with the account of the user, determine that a specified level of permission associated with the information is satisfied.
  - 10. The computing system of claim 6 wherein the subsequent request from the second service is to perform one or more modifications to stored information associated with the account of the user, and wherein the memory further includes instructions that upon execution further configure the sign-on service to:
    - determine to perform the one or more modifications based at least in part on the credential included with the subsequent request, andwherein the providing to the second service of the access to the information associated with the account of the user includes performing the one or more modifications in response to the subsequent request.
  - 11. The computing system of claim 6 wherein the subsequent request from the second service is for one or more types of stored information associated with the account of the user that are distinct from the stored sign-on information used for authenticating the user, and wherein the providing to the second service of access to the information associated with the account of the user includessending the one or more types of stored information to the second service in response to the received request.
  - 12. The computing system of claim 6 wherein the subsequent request from the second service includes an instruction to make an indicated payment on behalf of the user using stored financial information for the user, and wherein the memory further includes instructions that upon execution further configure the sign-on service to:
    - determine to make the indicated payment based at least in part on the credential included with the subsequent request, andwherein the providing to the second service of the access to the information associated with the account of the user includes performing one or more actions to make the indicated payment using the stored financial information.
  - 13. The computing system of claim 6 wherein the memory further includes instructions that upon execution further configure the sign-on service to:
    - receive a request from the second service to provide one or more types of information about prior activities of multiple users of the second service; and
      
      send the one or more types of information about the prior activities to the second service in response to the received request.
  - 14. The computing system of claim 13 wherein the memory further includes instructions that upon execution further configure the sign-on service to track the prior activities of the multiple users, and wherein the tracked activities include one or more of a group including user sign-on attempts, user sign-off attempts, and user agreements obtained to indicated terms and conditions.
  - 15. The computing system of claim 13 wherein the prior activities include at least one of tracked user purchases, viewing of products by the multiple users, user logins, and user modifications to information.
  - 16. The computing system of claim 13 wherein the sign-on service is operated by a service provider configured to offer at least one of shopping functionality, messaging services functionality, and information access functionality.
  - 17. The computing system of claim 6 wherein the secret information for the second service that is stored by the sign-on service is associated with a customer account of the second service with the sign-on service.
  - 18. The computing system of claim 6 wherein the second service is provided by at least one of a group including an application program executing on a general-purpose computing device, a Web site, and a mobile application executing on a mobile device.
  - 19. The computing system of claim 6 wherein the memory further includes instructions that upon execution further configure the sign-on service to:
    - determine, before the providing of the credential associated with the user to the second service, an authentication of the second service to access at least a portion of the information associated with the account of the user, andwherein the provided credential is associated with determined authentication of the second service and is for use in representing the user in later request to the sign-on service.
  - 20. The computing system of claim 6 wherein the providing of the credential includes generating a browser cookie that is sent to the user.
  - 21. The computing system of claim 6 wherein the provided credential has associated expiration information, and wherein the providing to the second service of the access to the information includes determining that the provided credential has not expired.
  - 22. The computing system of claim 6 wherein the provided credential includes identifying information for the user and information gathered from the user.

23. A non-transitory computer-readable medium having stored contents that configure a computing device to:
- receive, by the configured computing device, a credential associated with a user that is generated by a sign-on service and that reflects the user being authenticated by the sign-on service, wherein the configured computing device is part of a second service with which the user is interacting;
  
  send, by the configured computing device, an access request to the sign-on service that includes the credential and is for obtaining, by the second service access, to confidential information from the sign-on service that is associated with the user;
  
  receive, by the configured computing device, the confidential, information associated with the user from the sign-on service, the information being received in response to the sent access request and being based at least in part on the credential included with the access request; and
  
  provide, by the configured computing device, functionality to the user from the second service that is based at least in part on the received information.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 35, 36)
- - 24. The non-transitory computer-readable medium of claim 23 wherein the stored contents include software instructions that, when executed, further configure the computing device to perform interactions with the user that include gathering second information from the user in a customized manner specific to the second service.
  - 25. The non-transitory computer-readable medium of claim 24 wherein the stored contents further configure the computing device to interact with the sign-on service to identify the second information for the second service prior to the receiving of the credential, to receive indications of one or more customization types that are automatically authorized for the second service by the sign-on service, and to select one or more customizations of at least one of the customization types that are used as part of the performing of the interactions with the user.
  - 26. The non-transitory computer-readable medium of claim 23 wherein the stored contents further configure the computing device to:
    - before the receiving of the credential, send to the sign-on service a sign-on request for the user, the sign-on request being initiated by one or more interactions of the user with the second service; and
      
      wherein the receiving of the credential is based on the user being authenticated by actions of the sign-on service to match sign-on information for the user that is associated with the sign-on request to stored sign-on information associated with an account of the user with the sign-on service.
  - 27. The non-transitory computer-readable medium of claim 26 wherein the received confidential information is associated with the account of the user with the sign-on service, wherein the stored contents further configure the computing device to register the second service with the sign-on service prior to the sending of the access request, and wherein the receiving of the confidential information associated with the account of the user is further based at least in part on the second service being determined by the sign-on service to be authorized for the access request by verifying information provided by the second service with the access request based on matching the provided information to secret information for the second service previously specified during registering of the second service with the sign-on service.
  - 28. The non-transitory computer-readable medium of claim 23 wherein the receiving of the credential includes obtaining a browser cookie from the user that is associated with the credential.
  - 29. The non-transitory computer-readable medium of claim 23 wherein the receiving of the confidential information associated with the account of the user is further based at least in part on a level of permission being determined by the sign-on service to be satisfied, the level of permission being associated with the received confidential information.
  - 30. The non-transitory computer-readable medium of claim 23 wherein the stored contents further configure the computing device to use the received credential to interact with the sign-on service to modify information associated with an account of the user that is stored by the sign-on service.
  - 35. The non-transitory computer-readable medium of claim 23 wherein the received credential represents the user and is valid for one or more specified types of activities, and wherein the receiving of the confidential information associated with the user is based at least in part on the sign-on service verifying that the access request corresponds to at least one of the specified types of activities.
  - 36. The non-transitory computer-readable medium of claim 23 wherein the received credential represents the user and is valid for one or more specified types of operations on behalf of the user, and wherein the receiving of the confidential information associated with the user is based at least in part on the sign-on service verifying that the access request corresponds to at least one of the specified types of operations on behalf of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Sirota, Peter
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US13/350,508
Publication Number

US 20120185391A1
Time in Patent Office

725 Days
Field of Search

None
US Class Current

726/8
CPC Class Codes

G06Q 10/06315   Needs-based resource requir...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 30/0201   Market modelling; Market an...

G06Q 30/0203   Market surveys; Market polls

G06Q 30/0621   Item configuration or custo...

H04L 63/06   for supporting key manageme...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Customizable sign-on service

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Customizable sign-on service

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links