Authentication management services

US 8,776,194 B2
Filed: 02/01/2012
Issued: 07/08/2014
Est. Priority Date: 02/01/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying at least one program executable in a client computing device, the at least one program comprising:

code that decrypts a security credential associated with a user account stored by a first authentication management client in response to receiving a master security credential from an input device of the client computing device, wherein the security credential is stored in the client computing device in an encrypted form;

code that sends a first authentication request using the first authentication management client by way of an authentication protocol to an authentication service associated with a first secured resource of a network site, the first authentication request specifying the security credential associated with the user account;

code that accesses the first secured resource after being authenticated by the authentication service in response to the first authentication request;

code that imports the user account and the decrypted security credential associated with the user account from the first authentication management client into a second authentication management client configured to interact with a second secured resource;

code that sends a second authentication request using the second authentication management client by way of the authentication protocol to the authentication service, the second authentication request specifying the decrypted security credential;

code that accesses the second secured resource after being authenticated by the authentication service in response to the second authentication request;

code that, in response to receiving a denial of an access request to another secured resource, sends an account upgrade request for the user account using the second authentication management client to the authentication service, wherein the account upgrade request seeks a permission for the user account associated with the user to access the another secured resource and specifies a set of information about the user; and

code that accesses the another secured resource of the network site after the user account receives the permission to access the another secured resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for authentication management services, where authentication services of network sites may support authentication management clients associated with different authentication management services. An authentication request is obtained by way of an authentication protocol from an authentication management client executed in a client computing device. The authentication request specifies a security credential associated with a user account. The user account at the client computing device is authenticated for access to at least one secured resource of a network site in response to the authentication request and in response to the authentication management client being supported.

44 Citations

View as Search Results

17 Claims

1. A non-transitory computer-readable medium embodying at least one program executable in a client computing device, the at least one program comprising:
- code that decrypts a security credential associated with a user account stored by a first authentication management client in response to receiving a master security credential from an input device of the client computing device, wherein the security credential is stored in the client computing device in an encrypted form;
  
  code that sends a first authentication request using the first authentication management client by way of an authentication protocol to an authentication service associated with a first secured resource of a network site, the first authentication request specifying the security credential associated with the user account;
  
  code that accesses the first secured resource after being authenticated by the authentication service in response to the first authentication request;
  
  code that imports the user account and the decrypted security credential associated with the user account from the first authentication management client into a second authentication management client configured to interact with a second secured resource;
  
  code that sends a second authentication request using the second authentication management client by way of the authentication protocol to the authentication service, the second authentication request specifying the decrypted security credential;
  
  code that accesses the second secured resource after being authenticated by the authentication service in response to the second authentication request;
  
  code that, in response to receiving a denial of an access request to another secured resource, sends an account upgrade request for the user account using the second authentication management client to the authentication service, wherein the account upgrade request seeks a permission for the user account associated with the user to access the another secured resource and specifies a set of information about the user; and
  
  code that accesses the another secured resource of the network site after the user account receives the permission to access the another secured resource.
- View Dependent Claims (2)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the first authentication management client and the second authentication management client are deployed by different providers of authentication management services.

3. A method, comprising:
- obtaining, in at least one computing device, a first authentication request by way of an authentication protocol from a first authentication management client application executed in a first client computing device, the first authentication request specifying a first security credential associated with a first user account;
  
  authenticating, in the at least one computing device, the first user account submitted by the first client computing device for access to at least one secured resource of a network site hosted by at least one other computing device in response to the first authentication request;
  
  obtaining, in the at least one computing device, a second authentication request by way of the authentication protocol from a second authentication management client application executed in a second client computing device, the second authentication request specifying a second security credential associated with a second user account;
  
  authenticating, in the at least one computing device, the second user account submitted by the second client computing device for access to the at least one secured resource of the network site in response to the second authentication request; and
  
  wherein the first authentication management client application and the second authentication management client application are different authentication management client applications deployed by different providers of authentication management services.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10)
- - 4. The method of claim 3, further comprising:
    - sending, in the at least one computing device, branded experience data to the first authentication management client application and the second authentication management client application; and
      
      wherein the first authentication management client application is configured to customize a first user interface in the first client computing device based at least in part on the branded experience data, and the second authentication management client application is configured to customize a second user interface in the second client computing device based at least in part on the branded experience data.
  - 5. The method of claim 3, further comprising:
    - determining, in the at least one computing device, whether the first authentication management client application is supported in response to the first authentication request; and
      
      determining, in the at least one computing device, whether the second authentication management client application is supported in response to the second authentication request.
  - 6. The method of claim 3, further comprising:
    - obtaining, in the at least one computing device, a request to change the first security credential for the first user account after authentication, the request to change the first security credential originating automatically in the first authentication management client application; and
      
      establishing, in the at least one computing device, a new security credential for the first user account in response to the request to change the first security credential.
  - 7. The method of claim 6, wherein the new security credential corresponds to a symmetric key employed by a transport layer security (TLS) session between the first client computing device and the at least one computing device.
  - 8. The method of claim 3, further comprising:
    - obtaining, in the at least one computing device, an account upgrade request from the first authentication management client after authentication, the account upgrade request specifying a set of information about a user;
      
      upgrading, in the at least one computing device, the first user account according to the account upgrade request; and
      
      authenticating, in the at least one computing device, the first user account at the first client computing device for access to another secured resource of the network site after upgrading.
  - 9. The method of claim 8, wherein the first authentication management client is configured to send the account upgrade request to the at least one computing device in response to the user attempting to access the another secured resource in the first client computing device and in response to obtaining a consent indication from the user.
  - 10. The method of claim 8, wherein the account upgrade request seeks a permission for the first user account associated with the user to access the another secure resource.

11. A system comprising:
- a computing device; and
  
  an application executable in the computing device, the application comprising;
  
  logic that obtains a first authentication request by way of an authentication protocol from a first authentication management client application executed in a first client computing device, the first authentication request specifying a first security credential associated with a first user account;
  
  logic that authenticates the first user account submitted by the first client computing device for access to at least one secured resource of a network site hosted by at least one other computing device in response to the first authentication request;
  
  logic that obtains a second authentication request by way of the authentication protocol from a second authentication management client application executed in a second client computing device, the second authentication request specifying a second security credential associated with a second user account;
  
  logic that authenticates the second user account submitted by the second client computing device for access to the at least one secured resource of the network site in response to the second authentication request; and
  
  wherein the first authentication management client application and the second authentication management client application are different authentication management client applications deployed by different providers of authentication management services.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein the application further comprises:
    - logic that sends branded experience data to the first authentication management client application and the second authentication management client application.
  - 13. The system of claim 12, wherein the first authentication management client application is configured to customize a first user interface in the first client computing device based at least in part on the branded experience data, and the second authentication management client application is configured to customize a second user interface in the second client computing device based at least in part on the branded experience data.
  - 14. The system of claim 11, wherein the application further comprises:
    - logic that determines whether the first authentication management client application is supported in response to the first authentication request.
  - 15. The system of claim 11, wherein the application further comprises:
    - logic that determines whether the second authentication management client application is supported in response to the second authentication request.
  - 16. The system of claim 11, wherein the application further comprises:
    - logic that obtains a request to change the first security credential for the first user account after authentication, the request to change the first security credential originating automatically in the first authentication management client application; and
      
      logic that establishes a new security credential for the first user account in response to the request to change the first security credential.
  - 17. The system of claim 16, wherein the new security credential corresponds to a symmetric key employed by a transport layer security (TLS) session between the first client computing device and the at least one computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Hitchcock, Daniel W., Campbell, Brad Lee
Primary Examiner(s)
Le, Chau
Assistant Examiner(s)
ZHAO, DON GORDON

Application Number

US13/363,664
Publication Number

US 20130198822A1
Time in Patent Office

888 Days
Field of Search

726 1- 21
US Class Current

726/6
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/335   for accessing specific reso...

G06F 21/34   involving the use of extern...

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

Authentication management services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication management services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links