Authentication to an identity provider

US 8,806,596 B2
Filed: 02/05/2010
Issued: 08/12/2014
Est. Priority Date: 02/19/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at an identity provider provided by a telecommunications network provider, a request from a client for user credentials required to access a service provider;

sending an authentication request from the identity provider to the client, the authentication request including a first reference;

receiving a request from a mobile communication device to identify a user at the client, the request from the mobile communication device including a second reference provided to the mobile communication device by the client, wherein the mobile communication device utilizes a network provided by the telecommunication network provider and is known to an authentication server provided by the telecommunication network provider; and

comparing the first and second references and, when they are the same, obtaining identification information for the user of the mobile communication device from the authentication server provided by the telecommunication network provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An arrangement for authenticating a user at a service provider is described. The arrangement makes use of the fact that a user of a mobile communication device can be readily and securely identified by a telecommunications provider and re-uses that authentication to identify the same user when accessing the service provider from a different client. The client instructs the mobile communication device to contact an identity provider at the telecommunications provider and shared secrets are exchanged between the identity provider, mobile communication device and client to confirm that the same user is at the client and the mobile communication device.

Citations

21 Claims

1. A method comprising:
- receiving, at an identity provider provided by a telecommunications network provider, a request from a client for user credentials required to access a service provider;
  
  sending an authentication request from the identity provider to the client, the authentication request including a first reference;
  
  receiving a request from a mobile communication device to identify a user at the client, the request from the mobile communication device including a second reference provided to the mobile communication device by the client, wherein the mobile communication device utilizes a network provided by the telecommunication network provider and is known to an authentication server provided by the telecommunication network provider; and
  
  comparing the first and second references and, when they are the same, obtaining identification information for the user of the mobile communication device from the authentication server provided by the telecommunication network provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as claimed in claim 1, wherein the first reference is encoded as a telephone number.
  - 3. A method as claimed in claim 1, wherein the second reference is received as a dual-tone multi-frequency (DTMF) sequence.
  - 4. A method as claimed in claim 1, wherein the comparing of the first reference sent to the client and the second reference received from the mobile communication device is carried out at the identity provider.
  - 5. A method as claimed in claim 1, wherein the identity provider provides the requested user credentials required to access the service provider on the basis of the identification information obtained from the authentication server.
  - 6. A method as claimed in claim 1, further comprising forwarding the requested user credentials to the client.
  - 7. A method as claimed in claim 6, wherein the user credentials are forwarded to the client in response to a second request from the client.
  - 8. A method as claimed in claim 7, wherein the second request includes the first reference.

9. A method comprising:
- sending a request from a client to an identity provider requesting user credentials required to access a service provider;
  
  receiving, at the client, an authentication request from the identity provider, wherein the authentication request includes a first reference;
  
  using the client to send a request to a mobile communication device that is also being used by a user of the client to identify the client at the identity provider, wherein the identity provider is provided by a provider of a telecommunications network to the mobile communications device, and wherein the mobile communication device is known to an authentication server provided by the provider of the telecommunications network;
  
  using the mobile communication device to send a request to the identity provider to identify the user of the client, the request to identify the user including the first reference;
  
  comparing the first reference sent to the client and a second reference received from the mobile communication device; and
  
  using the identity provider to obtain identification information for the user of the mobile communication device from the authentication server when the second reference received at the identity provider from the mobile communication device is the same as the first reference provided by the identity provider to the client.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. A method as claimed in claim 9, wherein the request sent from the client to the mobile communication device is sent via a direct local connection.
  - 11. A method as claimed in claim 9, wherein the request sent from the client to the mobile communication device is sent via a wireless connection.
  - 12. A method as claimed in claim 9, wherein the first reference includes a Uniform Resource Locator (URL) that is included in the request sent from the client to the mobile communication device.
  - 13. A method as claimed in claim 9, wherein the first reference is encoded as a telephone number.
  - 14. A method as claimed in claim 9, wherein the second reference is received as a dual-tone multi-frequency (DTMF) sequence.
  - 15. A method as claimed in claim 9, wherein the comparing of the first reference sent to the client and the second reference received from the mobile communication device is compared at the identity provider.
  - 16. A method as claimed in claim 9, wherein the requested user credentials required to access the service provider on the basis of the identification information is obtained from the authentication server, via the identity provider.
  - 17. A method as claimed in claim 9, further comprising receiving the requested user credentials at the client.
  - 18. A method as claimed in claim 17, wherein the user credentials are received at the client in response to a second request from the client.
  - 19. A method as claimed in claim 18, wherein the second request includes the first reference.

20. An apparatus, comprising:
- a first input configured to receive a request at an identity provider provided by a telecommunications network provider from a client for user credentials required to access a service provider;
  
  a first output configured to send an authentication response from the identity provider to the client, the authentication response including a first reference;
  
  a second input configured to receive a request from a mobile communication device to identify a user at the client, the request from the mobile communication device including a second reference provided to the mobile communication device by the client, wherein the mobile communication device is configured to utilize a network provided by the telecommunication network provider; and
  
  a second output configured to provide user credentials, for the user of the mobile communication device and from an authentication server provided by the telecommunication network provider, for the requested service provider to the client when, compared with the second reference provided by the client to the mobile communication device and sent by the mobile communication device known to an authentication server associated with the identity provider provided by the telecommunications network provider, the first reference is the same as the second reference.

21. A computer program product, comprising:
- means for receiving, at an identity provider provided by a telecommunications network provider, a request from a client for user credentials required to access a service provider;
  
  means for sending an authentication request from the identity provider to the client, the authentication request including a first reference;
  
  means for receiving a request from a mobile communication device to identify a user at the client, the request from the mobile communication device including a second reference provided to the mobile communication device by the client, wherein the mobile communication device utilizes a network provided by the telecommunication network provider and is known to an authentication server provided by the telecommunication network provider; and
  
  means for comparing the first and second references and, when they are the same, obtaining identification information for the user of the mobile communication device from the authentication server provided by the telecommunication network provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Solutions and Networks US LLC (Nokia Corporation)
Original Assignee
Nokia Solutions and Networks US LLC (Nokia Corporation)
Inventors
Seidl, Robert, Marton, Gabor, Bauer-Hermann, Markus
Primary Examiner(s)
LE, CHAU D

Application Number

US13/144,970
Publication Number

US 20110289573A1
Time in Patent Office

1,649 Days
Field of Search

726 4- 7, 726/21, 726 27- 29
US Class Current

726/7
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

Authentication to an identity provider

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication to an identity provider

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links