Identity ownership migration

US 8,726,358 B2
Filed: 04/14/2008
Issued: 05/13/2014
Est. Priority Date: 04/14/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for establishing a direct authentication relationship between a user and a resource provider, the method comprising:

receiving an authentication token including identification of a user from an authentication server, such that the resource provider has requested authentication from the authentication server through a user agent;

utilizing data from the authentication token to establish a direct authentication relationship between the user and the resource provider;

storing the direct authentication relationship between the user and the resource provider;

discontinuing a relationship between the authentication server and the user;

maintaining the direct authentication relationship between the user and the resource provider utilizing the stored direct authentication relationship; and

allowing the user to continue to access one or more services of the resource provider while the relationship between the authentication server and the user remains discontinued.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, computer-implemented methods, and computer-readable media for establishing an online account with a resource provider are provided. An authentication token including identification of a user from an authentication server is received. The identification of the user from the authentication token is utilized to establish an online account for the user with the resource provider. Additional credentialing information from the user for the online account is received. The additional information received from the user is associated with the online account for the user with the resource provider.

49 Citations

View as Search Results

20 Claims

1. A computer-implemented method for establishing a direct authentication relationship between a user and a resource provider, the method comprising:
- receiving an authentication token including identification of a user from an authentication server, such that the resource provider has requested authentication from the authentication server through a user agent;
  
  utilizing data from the authentication token to establish a direct authentication relationship between the user and the resource provider;
  
  storing the direct authentication relationship between the user and the resource provider;
  
  discontinuing a relationship between the authentication server and the user;
  
  maintaining the direct authentication relationship between the user and the resource provider utilizing the stored direct authentication relationship; and
  
  allowing the user to continue to access one or more services of the resource provider while the relationship between the authentication server and the user remains discontinued.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - requesting credentialing information from the user for the direct authentication relationship.
  - 3. The method of claim 1, wherein the direct authentication relationship between the user and the resource provider is an online account of the user with the resource provider.
  - 4. The method of claim 3, wherein the authentication server and the resource provider exist in a federated relationship.
  - 5. The method of claim 4, wherein the authentication server and the resource provider reside on different service ecosystems.
  - 6. The method of claim 1, wherein requesting additional information from the user comprises displaying a graphical user interface to the user for the entry of the user information when the user accesses one or more resources of the resource provider.
  - 7. The method of claim 6, wherein the electronic mail account of the user is parsed from the authentication token received from the authentication provider.
  - 8. The method of claim 1, wherein requesting additional information from the user comprises communicating a graphical user interface to the user for the entry of user information to an electronic mail account of the user.
  - 9. The method of claim 1, wherein the direct authentication relationship between the user and the resource provider is established by confirming an already existing relationship between the user and the resource provider.
  - 10. The method of claim 1, wherein the direct authentication relationship is established by creating a new account for the user with the resource provider.

11. A computer-implemented method for associating an authenticated user and an existing account for a user with a resource provider, the method comprising:
- receiving an authentication token including identification of a user from an authentication server, such that the resource provider has requested authentication from the authentication server through a user agent;
  
  requesting from the user whether the user has an existing online account with the resource provider;
  
  associating the existing account of the user with the authenticated user;
  
  storing the association of the authenticated user and the existing account for the userdiscontinuing a relationship between the authentication server and the user;
  
  maintaining the existing account for the user utilizing the stored direct authentication relationship between the user and the resource provider; and
  
  allowing the user to continue to access one or more services of the resource provider while the relationship between the authentication server and the user remains discontinued.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein the authentication token is for authenticating a user with the resource provider.
  - 13. The method of claim 11, further comprising:
    - requesting additional credentialing information from the user comprising displaying a graphical user interface to the user for the entry of the user information when the user accesses one or more resources of the resource provider.
  - 14. The method of claim 13, further comprising:
    - requesting additional credentialing information from the user comprising communicating a graphical user interface to the user for the entry of user information to an electronic mail account of the user.
  - 15. The method of claim 14, wherein the electronic mail account of the user is parsed from the authentication token received from the authentication provider.
  - 16. The method of claim 11, wherein the authentication server and the resource provider exist in a federated relationship.
  - 17. The method of claim 16, wherein the authentication server and the resource provider reside on different service ecosystems.
  - 18. The method of claim 17, wherein the association of the authenticated user and the existing account for the user is stored such that the user can access an authenticated account and the existing account with the service provider at the same time.

19. One or more computer storage device having computer-executable instructions embodied thereon that, when executed perform a method for creating an online account for a user with a resource provider, the method comprising:
- receiving at a resource provider an authentication token including identification of a user from an authentication server, the authentication server and the resource provider each residing on a different service ecosystem, such that the resource provider has requested authentication from the authentication server through a user agent;
  
  determining whether the user may access the one or more services provided by the resource provider based on the identification of the user carried in the authentication token;
  
  utilizing data from the authentication token to establish an online account for the user with the resource provider; and
  
  storing the online account for the user with the resource providerdiscontinuing a relationship between the authentication server and the user;
  
  maintaining the online account for the user utilizing the stored online account; and
  
  allowing the user to continue to access one or more services of the resource provider while the relationship between the authentication server and the user remains discontinued.
- View Dependent Claims (20)
- - 20. The device of claim 19, further comprising:
    - requesting additional credentialing information from the user, the credentialing information comprising a password; and
      
      storing the credentialing information and online account for the user with the resource provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rouskov, Yordan I., Sundelin, Tore, Fotedar, Mrigankka, Faulkner, Sarah, Wong, Pui-Yin Winfred, Guo, Wei-Quiang Michael, Ayres, Lynn
Primary Examiner(s)
KOSOWSKI, CAROLYN M

Application Number

US12/102,541
Publication Number

US 20090260072A1
Time in Patent Office

2,220 Days
Field of Search

726/8
US Class Current

726/8
CPC Class Codes

G06F 21/335 for accessing specific reso...

H04L 63/0807 using tickets, e.g. Kerbero...

Identity ownership migration

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identity ownership migration

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links