Authentication to an identity provider
First Claim
Patent Images
1. A method comprising:
- receiving, at an identity provider provided by a telecommunications network provider, a request from a client for user credentials required to access a service provider;
sending an authentication request from the identity provider to the client, the authentication request including a first reference;
receiving a request from a mobile communication device to identify a user at the client, the request from the mobile communication device including a second reference provided to the mobile communication device by the client, wherein the mobile communication device utilizes a network provided by the telecommunication network provider and is known to an authentication server provided by the telecommunication network provider; and
comparing the first and second references and, when they are the same, obtaining identification information for the user of the mobile communication device from the authentication server provided by the telecommunication network provider.
1 Assignment
0 Petitions
Accused Products
Abstract
An arrangement for authenticating a user at a service provider is described. The arrangement makes use of the fact that a user of a mobile communication device can be readily and securely identified by a telecommunications provider and re-uses that authentication to identify the same user when accessing the service provider from a different client. The client instructs the mobile communication device to contact an identity provider at the telecommunications provider and shared secrets are exchanged between the identity provider, mobile communication device and client to confirm that the same user is at the client and the mobile communication device.
-
Citations
21 Claims
-
1. A method comprising:
-
receiving, at an identity provider provided by a telecommunications network provider, a request from a client for user credentials required to access a service provider; sending an authentication request from the identity provider to the client, the authentication request including a first reference; receiving a request from a mobile communication device to identify a user at the client, the request from the mobile communication device including a second reference provided to the mobile communication device by the client, wherein the mobile communication device utilizes a network provided by the telecommunication network provider and is known to an authentication server provided by the telecommunication network provider; and comparing the first and second references and, when they are the same, obtaining identification information for the user of the mobile communication device from the authentication server provided by the telecommunication network provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
sending a request from a client to an identity provider requesting user credentials required to access a service provider; receiving, at the client, an authentication request from the identity provider, wherein the authentication request includes a first reference; using the client to send a request to a mobile communication device that is also being used by a user of the client to identify the client at the identity provider, wherein the identity provider is provided by a provider of a telecommunications network to the mobile communications device, and wherein the mobile communication device is known to an authentication server provided by the provider of the telecommunications network; using the mobile communication device to send a request to the identity provider to identify the user of the client, the request to identify the user including the first reference; comparing the first reference sent to the client and a second reference received from the mobile communication device; and using the identity provider to obtain identification information for the user of the mobile communication device from the authentication server when the second reference received at the identity provider from the mobile communication device is the same as the first reference provided by the identity provider to the client. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An apparatus, comprising:
-
a first input configured to receive a request at an identity provider provided by a telecommunications network provider from a client for user credentials required to access a service provider; a first output configured to send an authentication response from the identity provider to the client, the authentication response including a first reference; a second input configured to receive a request from a mobile communication device to identify a user at the client, the request from the mobile communication device including a second reference provided to the mobile communication device by the client, wherein the mobile communication device is configured to utilize a network provided by the telecommunication network provider; and a second output configured to provide user credentials, for the user of the mobile communication device and from an authentication server provided by the telecommunication network provider, for the requested service provider to the client when, compared with the second reference provided by the client to the mobile communication device and sent by the mobile communication device known to an authentication server associated with the identity provider provided by the telecommunications network provider, the first reference is the same as the second reference.
-
-
21. A computer program product, comprising:
-
means for receiving, at an identity provider provided by a telecommunications network provider, a request from a client for user credentials required to access a service provider; means for sending an authentication request from the identity provider to the client, the authentication request including a first reference; means for receiving a request from a mobile communication device to identify a user at the client, the request from the mobile communication device including a second reference provided to the mobile communication device by the client, wherein the mobile communication device utilizes a network provided by the telecommunication network provider and is known to an authentication server provided by the telecommunication network provider; and means for comparing the first and second references and, when they are the same, obtaining identification information for the user of the mobile communication device from the authentication server provided by the telecommunication network provider.
-
Specification